starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-27 02:25:51 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #462] 连不上vpn #432

New issue
Closed
opened 2026-03-02 08:18:54 +03:00 by kerem · 13 comments
kerem commented 2026-03-02 08:18:54 +03:00
Owner
Copy link

Originally created by @guobinzhao on GitHub (Dec 3, 2024).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/462

Checklist

Describe the issue
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

docker logs -f ipsec-vpn-server

docker logs -f ipsec-vpn-server

Trying to auto discover IP of this server...

Enabling modp1024 in ipsec.conf...

Starting IPsec service...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: xxxxx
IPsec PSK: xxxxx
Username: xxx
Password: xxxx

Write these down. You'll need them to connect!

VPN client setup: https://vpnsetup.net/clients2

================================================

xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on 12748469552c PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701

output for uname&&lsb_release -a

uname&&lsb_release -a
Linux
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 24.04.1 LTS
Release:	24.04
Codename:	noble

iptables output

sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  142 34487 DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0
  142 34487 DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0
   64 20803 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   10  3016 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0
   68 10668 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    2  1632 ACCEPT     17   --  !docker0 docker0  0.0.0.0/0            172.17.0.2           udp dpt:500
    1   124 ACCEPT     17   --  !docker0 docker0  0.0.0.0/0            172.17.0.2           udp dpt:4500

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
   68 10668 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
  142 34487 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0
   68 10668 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
  142 34487 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

docker ps output

docker ps
CONTAINER ID   IMAGE                     COMMAND             CREATED         STATUS         PORTS                                                                              NAMES
12748469552c   hwdsl2/ipsec-vpn-server   "/opt/src/run.sh"   8 minutes ago   Up 8 minutes   0.0.0.0:500->500/udp, :::500->500/udp, 0.0.0.0:4500->4500/udp, :::4500->4500/udp   ipsec-vpn-server

我在微软的两台虚拟机上应该是相同的配置,一台机器配置的vpn正常work(这台是去年配置的,但这台就快要被回收了)。所以又创建了一个新的虚拟机,做了相同的配置,但就是连不上vpn。删除虚拟机后又创建了一个新的,然后拉取hwdsl2/ipsec-vpn-server,run之后vpn就是死活连不上,反复试了几次都不行。请大神帮忙给看看。

另外,为了测试是否azure开放500和4500端口是否生效,我在500和4500端口起了两个nginx服务,外部可以正常访问500和4500端口,然后我把这两个nginx服务停掉了。

Expected behavior
A clear and concise description of what you expected to happen.

Logs
Enable logs, check VPN status, and add error logs to help explain the problem, if applicable.

Server (please complete the following information)

  • Docker host OS: [e.g. Ubuntu 20.04]
  • Hosting provider (if applicable): [e.g. GCP, AWS]

Client (please complete the following information)

  • Device: [e.g. iPhone 12]
  • OS: [e.g. iOS 15]
  • VPN mode: [IPsec/L2TP, IPsec/XAuth ("Cisco IPsec") or IKEv2]

Additional context
Add any other context about the problem here.

Originally created by @guobinzhao on GitHub (Dec 3, 2024). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/462 **Checklist** - [ x] I read the [README](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md) - [x ] I read the [Important notes](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#important-notes) - [ x] I followed instructions to [configure VPN clients](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#next-steps) - [x ] I checked [IKEv1 troubleshooting](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#ikev1-troubleshooting), [IKEv2 troubleshooting](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#ikev2-troubleshooting), [enabled logs](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#enable-libreswan-logs) and checked [VPN status](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#check-logs-and-vpn-status) - [ x] I searched existing [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue) - [x ] This bug is about the IPsec VPN server Docker image, and not IPsec VPN itself <!--- If you found a reproducible bug for the IPsec VPN, open a bug report at https://github.com/libreswan/libreswan. Ask VPN-related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) users mailing list, or search e.g. [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn). ---> **Describe the issue** A clear and concise description of what the bug is. **To Reproduce** Steps to reproduce the behavior: **docker logs -f ipsec-vpn-server** ``` docker logs -f ipsec-vpn-server Trying to auto discover IP of this server... Enabling modp1024 in ipsec.conf... Starting IPsec service... ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: xxxxx IPsec PSK: xxxxx Username: xxx Password: xxxx Write these down. You'll need them to connect! VPN client setup: https://vpnsetup.net/clients2 ================================================ xl2tpd[1]: Not looking for kernel SAref support. xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp) xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on 12748469552c PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 ``` **output for uname&&lsb_release -a** ``` uname&&lsb_release -a Linux No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 24.04.1 LTS Release: 24.04 Codename: noble ``` **iptables output** ``` sudo iptables -L -n -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 142 34487 DOCKER-USER 0 -- * * 0.0.0.0/0 0.0.0.0/0 142 34487 DOCKER-ISOLATION-STAGE-1 0 -- * * 0.0.0.0/0 0.0.0.0/0 64 20803 ACCEPT 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 10 3016 DOCKER 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 68 10668 ACCEPT 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain DOCKER (1 references) pkts bytes target prot opt in out source destination 2 1632 ACCEPT 17 -- !docker0 docker0 0.0.0.0/0 172.17.0.2 udp dpt:500 1 124 ACCEPT 17 -- !docker0 docker0 0.0.0.0/0 172.17.0.2 udp dpt:4500 Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 68 10668 DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 142 34487 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 68 10668 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 142 34487 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 ``` **docker ps output** ``` docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 12748469552c hwdsl2/ipsec-vpn-server "/opt/src/run.sh" 8 minutes ago Up 8 minutes 0.0.0.0:500->500/udp, :::500->500/udp, 0.0.0.0:4500->4500/udp, :::4500->4500/udp ipsec-vpn-server ``` 我在微软的两台虚拟机上应该是相同的配置,一台机器配置的vpn正常work(这台是去年配置的,但这台就快要被回收了)。所以又创建了一个新的虚拟机,做了相同的配置,但就是连不上vpn。删除虚拟机后又创建了一个新的,然后拉取hwdsl2/ipsec-vpn-server,run之后vpn就是死活连不上,反复试了几次都不行。请大神帮忙给看看。 另外,为了测试是否azure开放500和4500端口是否生效,我在500和4500端口起了两个nginx服务,外部可以正常访问500和4500端口,然后我把这两个nginx服务停掉了。 **Expected behavior** A clear and concise description of what you expected to happen. **Logs** [Enable logs](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#enable-libreswan-logs), check [VPN status](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#check-logs-and-vpn-status), and add error logs to help explain the problem, if applicable. **Server (please complete the following information)** - Docker host OS: [e.g. Ubuntu 20.04] - Hosting provider (if applicable): [e.g. GCP, AWS] **Client (please complete the following information)** - Device: [e.g. iPhone 12] - OS: [e.g. iOS 15] - VPN mode: [IPsec/L2TP, IPsec/XAuth ("Cisco IPsec") or IKEv2] **Additional context** Add any other context about the problem here.
kerem closed this issue 2026-03-02 08:18:54 +03:00
kerem commented 2026-03-02 08:18:55 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Dec 3, 2024):

@guobinzhao 你好!对于你的用例,你的 Docker 容器日志和主机的 IPTables 看起来正常,具体导致该问题的原因不太清楚。你好像没有启用 IKEv2 模式(参见运行 IPsec VPN 服务器),IKEv2 模式是比较推荐的连接方式。

你可以在容器内启用 Libreswan 日志,再次尝试连接客户端,然后检查日志是否有错误。如果没有新的日志,说明客户端的连接请求没有到达容器。如果有 retransmission 相关错误,可能是客户端和服务器之间的网络问题。另外,你也可以尝试一下其他解决方案。

<!-- gh-comment-id:2514802258 --> @hwdsl2 commented on GitHub (Dec 3, 2024): @guobinzhao 你好!对于你的用例,你的 Docker 容器日志和主机的 IPTables 看起来正常,具体导致该问题的原因不太清楚。你好像没有启用 IKEv2 模式(参见[运行 IPsec VPN 服务器](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#%E8%BF%90%E8%A1%8C-ipsec-vpn-%E6%9C%8D%E5%8A%A1%E5%99%A8)),[IKEv2 模式](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#%E9%85%8D%E7%BD%AE%E5%B9%B6%E4%BD%BF%E7%94%A8-ikev2-vpn)是比较推荐的连接方式。 你可以在容器内[启用 Libreswan 日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#%E5%90%AF%E7%94%A8-libreswan-%E6%97%A5%E5%BF%97),再次尝试连接客户端,然后检查日志是否有错误。如果没有新的日志,说明客户端的连接请求没有到达容器。如果有 retransmission 相关错误,可能是客户端和服务器之间的网络问题。另外,你也可以尝试一下其他解决方案。
kerem commented 2026-03-02 08:18:55 +03:00
Author
Owner
Copy link

@guobinzhao commented on GitHub (Dec 4, 2024):

@hwdsl2 非常感谢您的回复,我按照步骤启用 Libreswan 日志,然后再次尝试连接,这个是tail -f /var/log/auth.log新的log,还是连接不上。帮忙给看看哪里出了问题,感谢。

2024-12-04T12:55:29.432589+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: responding to Main Mode from unknown peer 125.33.197.79:500
2024-12-04T12:55:29.432704+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: sent Main Mode R1
2024-12-04T12:55:29.728043+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: sent Main Mode R2
2024-12-04T12:55:30.005152+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: Peer ID is ID_IPV4_ADDR: '192.168.31.128'
2024-12-04T12:55:30.005550+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
2024-12-04T12:55:33.193340+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-04T12:55:36.363277+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-04T12:55:39.559010+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-04T12:55:51.608529+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3

以下是/var/log/auth.log全部的日志
auth.log

<!-- gh-comment-id:2517292620 --> @guobinzhao commented on GitHub (Dec 4, 2024): @hwdsl2 非常感谢您的回复,我按照步骤[启用 Libreswan 日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#%E5%90%AF%E7%94%A8-libreswan-%E6%97%A5%E5%BF%97),然后再次尝试连接,这个是`tail -f /var/log/auth.log`新的log,还是连接不上。帮忙给看看哪里出了问题,感谢。 ``` 2024-12-04T12:55:29.432589+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: responding to Main Mode from unknown peer 125.33.197.79:500 2024-12-04T12:55:29.432704+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: sent Main Mode R1 2024-12-04T12:55:29.728043+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: sent Main Mode R2 2024-12-04T12:55:30.005152+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: Peer ID is ID_IPV4_ADDR: '192.168.31.128' 2024-12-04T12:55:30.005550+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 2024-12-04T12:55:33.193340+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-04T12:55:36.363277+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-04T12:55:39.559010+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-04T12:55:51.608529+00:00 a6e2c4e0cde9 pluto[4057]: "l2tp-psk"[2] 125.33.197.79 #2: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 ``` 以下是/var/log/auth.log全部的日志 [auth.log](https://github.com/user-attachments/files/18008637/auth.log)
kerem commented 2026-03-02 08:18:55 +03:00
Author
Owner
Copy link

@guobinzhao commented on GitHub (Dec 4, 2024):

另外我也启用了 IKEv2 模式,以下是容器的输出。我也把/etc/ipsec.d/vpnclient.sswan copy出来放到andirod手机,也还是连不上。

docker logs ipsec-vpn-server

Trying to auto discover IP of this server...

Starting IPsec service...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: 4xxx
IPsec PSK: xxxx
Username: xxx
Password: xxx

Write these down. You'll need them to connect!

VPN client setup: https://vpnsetup.net/clients2

================================================

================================================

IKEv2 is already set up. Details for IKEv2 mode:

VPN server address: xxxx
VPN client name: vpnclient

Client configuration is available inside the
Docker container at:
/etc/ipsec.d/vpnclient.p12 (for Windows & Linux)
/etc/ipsec.d/vpnclient.sswan (for Android)
/etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)

Next steps: Configure IKEv2 clients. See:
https://vpnsetup.net/clients2

================================================

xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on a6e2c4e0cde9 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
<!-- gh-comment-id:2517304996 --> @guobinzhao commented on GitHub (Dec 4, 2024): 另外我也启用了 IKEv2 模式,以下是容器的输出。我也把/etc/ipsec.d/vpnclient.sswan copy出来放到andirod手机,也还是连不上。 ``` docker logs ipsec-vpn-server Trying to auto discover IP of this server... Starting IPsec service... ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: 4xxx IPsec PSK: xxxx Username: xxx Password: xxx Write these down. You'll need them to connect! VPN client setup: https://vpnsetup.net/clients2 ================================================ ================================================ IKEv2 is already set up. Details for IKEv2 mode: VPN server address: xxxx VPN client name: vpnclient Client configuration is available inside the Docker container at: /etc/ipsec.d/vpnclient.p12 (for Windows & Linux) /etc/ipsec.d/vpnclient.sswan (for Android) /etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS) Next steps: Configure IKEv2 clients. See: https://vpnsetup.net/clients2 ================================================ xl2tpd[1]: Not looking for kernel SAref support. xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp) xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on a6e2c4e0cde9 PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 ```
kerem commented 2026-03-02 08:18:55 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Dec 4, 2024):

@guobinzhao 你好!从你的日志来看,可能是客户端和服务器之间的网络问题,导致连接不稳定。你可以另外尝试一下 IPsec VPN 以外的其他解决方案。

<!-- gh-comment-id:2517470079 --> @hwdsl2 commented on GitHub (Dec 4, 2024): @guobinzhao 你好!从你的日志来看,可能是客户端和服务器之间的网络问题,导致连接不稳定。你可以另外尝试一下 IPsec VPN 以外的其他解决方案。
kerem commented 2026-03-02 08:18:55 +03:00
Author
Owner
Copy link

@guobinzhao commented on GitHub (Dec 5, 2024):

@hwdsl2 问题应该不是网络不稳定导致的,我另外一台虚拟机能正常work。

<!-- gh-comment-id:2519035046 --> @guobinzhao commented on GitHub (Dec 5, 2024): @hwdsl2 问题应该不是网络不稳定导致的,我另外一台虚拟机能正常work。
kerem commented 2026-03-02 08:18:55 +03:00
Author
Owner
Copy link

@guobinzhao commented on GitHub (Dec 5, 2024):

@hwdsl2 Any way, thanks for looking into this.

<!-- gh-comment-id:2519035401 --> @guobinzhao commented on GitHub (Dec 5, 2024): @hwdsl2 Any way, thanks for looking into this.
kerem commented 2026-03-02 08:18:55 +03:00
Author
Owner
Copy link

@guobinzhao commented on GitHub (Dec 6, 2024):

@hwdsl2 is there any other help you can provide? anything? 我被这个问题困扰好久了。

<!-- gh-comment-id:2523135872 --> @guobinzhao commented on GitHub (Dec 6, 2024): @hwdsl2 is there any other help you can provide? anything? 我被这个问题困扰好久了。
kerem commented 2026-03-02 08:18:56 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Dec 6, 2024):

@guobinzhao 对于你的用例,可以再创建一个新的虚拟机配置一下试试看?日志中 retransmission 相关的错误说明有可能是客户端和服务器之间的网络问题,或者连接被屏蔽或干扰了。你也可以试一下 IPsec VPN 以外的其他解决方案。

<!-- gh-comment-id:2523315015 --> @hwdsl2 commented on GitHub (Dec 6, 2024): @guobinzhao 对于你的用例,可以再创建一个新的虚拟机配置一下试试看?日志中 retransmission 相关的错误说明有可能是客户端和服务器之间的网络问题,或者连接被屏蔽或干扰了。你也可以试一下 IPsec VPN 以外的其他解决方案。
kerem commented 2026-03-02 08:18:56 +03:00
Author
Owner
Copy link

@guobinzhao commented on GitHub (Dec 9, 2024):

@hwdsl2 感谢,这应该是我重试的第三个虚拟机了。

<!-- gh-comment-id:2527876535 --> @guobinzhao commented on GitHub (Dec 9, 2024): @hwdsl2 感谢,这应该是我重试的第三个虚拟机了。
kerem commented 2026-03-02 08:18:56 +03:00
Author
Owner
Copy link

@guobinzhao commented on GitHub (Dec 11, 2024):

@hwdsl2 我又创建了一个虚拟机,第一次能登录,但是访问google没办法访问,链接会断开,然后尝试再次登录就登录不了了,第一次能看到登录成功的日志,第二次啥日志都没有了。

这是包含第一次成功登录但访问google失败的日志。麻烦给看一下

 docker logs -f ipsec-vpn-server

Trying to auto discover IP of this server...

Starting IPsec service...

================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: xxx
IPsec PSK: xxx
Username: xxx
Password: xxx

Write these down. You'll need them to connect!

VPN client setup: https://vpnsetup.net/clients2

================================================

Setting up IKEv2. This may take a few moments...

================================================

IKEv2 setup successful. Details for IKEv2 mode:

VPN server address: xxx
VPN client name: vpnclient

Client configuration is available inside the
Docker container at:
/etc/ipsec.d/vpnclient.p12 (for Windows & Linux)
/etc/ipsec.d/vpnclient.sswan (for Android)
/etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS)

Next steps: Configure IKEv2 clients. See:
https://vpnsetup.net/clients2

================================================

xl2tpd[1]: Not looking for kernel SAref support.
xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on 98bb14a32b98 PID:1
xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[1]: check_control: Received out of order control packet on tunnel 15 (got 3, expected 1)
xl2tpd[1]: handle_control: bad control packet!
xl2tpd[1]: Connection established to 114.255.230.30, 1701.  Local: 33434, Remote: 15 (ref=0/0).  LNS session is 'default'
xl2tpd[1]: Call established with 114.255.230.30, PID: 438, Local: 54543, Remote: 1, Serial: 0
xl2tpd[1]: Maximum retries exceeded for tunnel 33434.  Closing.
xl2tpd[1]: Connection 15 closed to 114.255.230.30, port 1701 (Timeout)
xl2tpd[1]: Unable to deliver closing message for tunnel 33434. Destroying anyway.
<!-- gh-comment-id:2533397183 --> @guobinzhao commented on GitHub (Dec 11, 2024): @hwdsl2 我又创建了一个虚拟机,第一次能登录,但是访问google没办法访问,链接会断开,然后尝试再次登录就登录不了了,第一次能看到登录成功的日志,第二次啥日志都没有了。 这是包含第一次成功登录但访问google失败的日志。麻烦给看一下 ``` docker logs -f ipsec-vpn-server Trying to auto discover IP of this server... Starting IPsec service... ================================================ IPsec VPN server is now ready for use! Connect to your new VPN with these details: Server IP: xxx IPsec PSK: xxx Username: xxx Password: xxx Write these down. You'll need them to connect! VPN client setup: https://vpnsetup.net/clients2 ================================================ Setting up IKEv2. This may take a few moments... ================================================ IKEv2 setup successful. Details for IKEv2 mode: VPN server address: xxx VPN client name: vpnclient Client configuration is available inside the Docker container at: /etc/ipsec.d/vpnclient.p12 (for Windows & Linux) /etc/ipsec.d/vpnclient.sswan (for Android) /etc/ipsec.d/vpnclient.mobileconfig (for iOS & macOS) Next steps: Configure IKEv2 clients. See: https://vpnsetup.net/clients2 ================================================ xl2tpd[1]: Not looking for kernel SAref support. xl2tpd[1]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp) xl2tpd[1]: xl2tpd version xl2tpd-1.3.18 started on 98bb14a32b98 PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 xl2tpd[1]: check_control: Received out of order control packet on tunnel 15 (got 3, expected 1) xl2tpd[1]: handle_control: bad control packet! xl2tpd[1]: Connection established to 114.255.230.30, 1701. Local: 33434, Remote: 15 (ref=0/0). LNS session is 'default' xl2tpd[1]: Call established with 114.255.230.30, PID: 438, Local: 54543, Remote: 1, Serial: 0 xl2tpd[1]: Maximum retries exceeded for tunnel 33434. Closing. xl2tpd[1]: Connection 15 closed to 114.255.230.30, port 1701 (Timeout) xl2tpd[1]: Unable to deliver closing message for tunnel 33434. Destroying anyway. ```
kerem commented 2026-03-02 08:18:56 +03:00
Author
Owner
Copy link

@guobinzhao commented on GitHub (Dec 11, 2024):

这是/var/log/auth.log,可以看到在尝试连接,但失败了。

cat  /var/log/auth.log
2024-12-11T01:21:07.043850+00:00 98bb14a32b98 pluto[255]: Pluto is shutting down
2024-12-11T01:21:07.043954+00:00 98bb14a32b98 pluto[255]: "l2tp-psk": deleting template instances
2024-12-11T01:21:07.043963+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30: terminating SAs using this connection
2024-12-11T01:21:07.043973+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #16: deleting ISAKMP SA (MAIN_R3) aged 442.689257s and NOT sending notification
2024-12-11T01:21:07.044047+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #14: deleting ISAKMP SA (MAIN_R3) aged 475.213882s and NOT sending notification
2024-12-11T01:21:07.044080+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #13: deleting ISAKMP SA (MAIN_R3) aged 485.467326s and NOT sending notification
2024-12-11T01:21:07.044134+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #12: deleting ISAKMP SA (MAIN_R3) aged 497.789138s and NOT sending notification
2024-12-11T01:21:07.044197+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #10: deleting ISAKMP SA (MAIN_R3) aged 510.45167s and NOT sending notification
2024-12-11T01:21:07.044495+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #9: deleting ISAKMP SA (MAIN_R3) aged 522.820381s and NOT sending notification
2024-12-11T01:21:07.044561+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #17: deleting ISAKMP SA (MAIN_R3) aged 394.64437s and sending notification
2024-12-11T01:21:07.045420+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30: deleting connection instance with peer 114.255.230.30
2024-12-11T01:21:07.045545+00:00 98bb14a32b98 pluto[255]: forgetting secrets
2024-12-11T01:21:07.045614+00:00 98bb14a32b98 pluto[255]: shutting down interface lo [::1]:4500
2024-12-11T01:21:07.045620+00:00 98bb14a32b98 pluto[255]: shutting down interface lo [::1]:500
2024-12-11T01:21:07.045625+00:00 98bb14a32b98 pluto[255]: shutting down interface lo 127.0.0.1:4500
2024-12-11T01:21:07.045630+00:00 98bb14a32b98 pluto[255]: shutting down interface lo 127.0.0.1:500
2024-12-11T01:21:07.045635+00:00 98bb14a32b98 pluto[255]: shutting down interface eth0 172.17.0.2:4500
2024-12-11T01:21:07.045641+00:00 98bb14a32b98 pluto[255]: shutting down interface eth0 172.17.0.2:500
2024-12-11T01:21:07.127241+00:00 98bb14a32b98 pluto[705]: Starting Pluto (Libreswan Version 5.1 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-KDF) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS) NFTABLES CAT NFLOG) pid:705
2024-12-11T01:21:07.127350+00:00 98bb14a32b98 pluto[705]: operating system: Linux 6.5.0-1025-azure #26~22.04.1-Ubuntu SMP Thu Jul 11 22:33:04 UTC 2024 x86_64
2024-12-11T01:21:07.127405+00:00 98bb14a32b98 pluto[705]: core dump dir: /run/pluto
2024-12-11T01:21:07.127476+00:00 98bb14a32b98 pluto[705]: secrets file: /etc/ipsec.secrets
2024-12-11T01:21:07.127648+00:00 98bb14a32b98 pluto[705]: Initializing NSS using read-only database "sql:/etc/ipsec.d"
2024-12-11T01:21:07.132177+00:00 98bb14a32b98 pluto[705]: FIPS Mode: OFF
2024-12-11T01:21:07.132716+00:00 98bb14a32b98 pluto[705]: NSS crypto library initialized
2024-12-11T01:21:07.132825+00:00 98bb14a32b98 pluto[705]: FIPS mode disabled for pluto daemon
2024-12-11T01:21:07.132882+00:00 98bb14a32b98 pluto[705]: FIPS HMAC integrity support [not required]
2024-12-11T01:21:07.133160+00:00 98bb14a32b98 pluto[705]: libcap-ng support [enabled]
2024-12-11T01:21:07.133218+00:00 98bb14a32b98 pluto[705]: Linux audit support [disabled]
2024-12-11T01:21:07.133266+00:00 98bb14a32b98 pluto[705]: leak-detective disabled
2024-12-11T01:21:07.133312+00:00 98bb14a32b98 pluto[705]: NSS crypto [enabled]
2024-12-11T01:21:07.133358+00:00 98bb14a32b98 pluto[705]: XAUTH PAM support [enabled]
2024-12-11T01:21:07.133415+00:00 98bb14a32b98 pluto[705]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
2024-12-11T01:21:07.133493+00:00 98bb14a32b98 pluto[705]: NAT-Traversal: keep-alive period 20s
2024-12-11T01:21:07.133667+00:00 98bb14a32b98 pluto[705]: Encryption algorithms:
2024-12-11T01:21:07.133870+00:00 98bb14a32b98 pluto[705]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
2024-12-11T01:21:07.133934+00:00 98bb14a32b98 pluto[705]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
2024-12-11T01:21:07.133986+00:00 98bb14a32b98 pluto[705]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
2024-12-11T01:21:07.134321+00:00 98bb14a32b98 pluto[705]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
2024-12-11T01:21:07.134402+00:00 98bb14a32b98 pluto[705]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
2024-12-11T01:21:07.134498+00:00 98bb14a32b98 pluto[705]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
2024-12-11T01:21:07.134569+00:00 98bb14a32b98 pluto[705]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(AEAD)    aes_gcm, aes_gcm_c
2024-12-11T01:21:07.134634+00:00 98bb14a32b98 pluto[705]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(AEAD)    aes_gcm_b
2024-12-11T01:21:07.134690+00:00 98bb14a32b98 pluto[705]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(AEAD)    aes_gcm_a
2024-12-11T01:21:07.134781+00:00 98bb14a32b98 pluto[705]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
2024-12-11T01:21:07.134837+00:00 98bb14a32b98 pluto[705]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
2024-12-11T01:21:07.134904+00:00 98bb14a32b98 pluto[705]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
2024-12-11T01:21:07.134952+00:00 98bb14a32b98 pluto[705]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP          NULL
2024-12-11T01:21:07.135000+00:00 98bb14a32b98 pluto[705]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
2024-12-11T01:21:07.135047+00:00 98bb14a32b98 pluto[705]: Hash algorithms:
2024-12-11T01:21:07.135095+00:00 98bb14a32b98 pluto[705]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
2024-12-11T01:21:07.135745+00:00 98bb14a32b98 pluto[705]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
2024-12-11T01:21:07.135826+00:00 98bb14a32b98 pluto[705]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
2024-12-11T01:21:07.135889+00:00 98bb14a32b98 pluto[705]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
2024-12-11T01:21:07.135950+00:00 98bb14a32b98 pluto[705]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
2024-12-11T01:21:07.136036+00:00 98bb14a32b98 pluto[705]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
2024-12-11T01:21:07.136085+00:00 98bb14a32b98 pluto[705]: PRF algorithms:
2024-12-11T01:21:07.136134+00:00 98bb14a32b98 pluto[705]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              NSS          md5
2024-12-11T01:21:07.136184+00:00 98bb14a32b98 pluto[705]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
2024-12-11T01:21:07.136233+00:00 98bb14a32b98 pluto[705]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
2024-12-11T01:21:07.136344+00:00 98bb14a32b98 pluto[705]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
2024-12-11T01:21:07.136396+00:00 98bb14a32b98 pluto[705]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
2024-12-11T01:21:07.136474+00:00 98bb14a32b98 pluto[705]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
2024-12-11T01:21:07.136525+00:00 98bb14a32b98 pluto[705]: Integrity algorithms:
2024-12-11T01:21:07.136575+00:00 98bb14a32b98 pluto[705]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS          md5, hmac_md5
2024-12-11T01:21:07.136624+00:00 98bb14a32b98 pluto[705]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
2024-12-11T01:21:07.136673+00:00 98bb14a32b98 pluto[705]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
2024-12-11T01:21:07.136722+00:00 98bb14a32b98 pluto[705]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
2024-12-11T01:21:07.136771+00:00 98bb14a32b98 pluto[705]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
2024-12-11T01:21:07.136827+00:00 98bb14a32b98 pluto[705]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
2024-12-11T01:21:07.136881+00:00 98bb14a32b98 pluto[705]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
2024-12-11T01:21:07.136931+00:00 98bb14a32b98 pluto[705]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
2024-12-11T01:21:07.136979+00:00 98bb14a32b98 pluto[705]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
2024-12-11T01:21:07.137026+00:00 98bb14a32b98 pluto[705]: DH algorithms:
2024-12-11T01:21:07.137075+00:00 98bb14a32b98 pluto[705]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
2024-12-11T01:21:07.137123+00:00 98bb14a32b98 pluto[705]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
2024-12-11T01:21:07.137172+00:00 98bb14a32b98 pluto[705]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
2024-12-11T01:21:07.137220+00:00 98bb14a32b98 pluto[705]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
2024-12-11T01:21:07.137268+00:00 98bb14a32b98 pluto[705]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
2024-12-11T01:21:07.137316+00:00 98bb14a32b98 pluto[705]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
2024-12-11T01:21:07.137364+00:00 98bb14a32b98 pluto[705]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
2024-12-11T01:21:07.137412+00:00 98bb14a32b98 pluto[705]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
2024-12-11T01:21:07.137460+00:00 98bb14a32b98 pluto[705]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
2024-12-11T01:21:07.137508+00:00 98bb14a32b98 pluto[705]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
2024-12-11T01:21:07.137555+00:00 98bb14a32b98 pluto[705]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
2024-12-11T01:21:07.137602+00:00 98bb14a32b98 pluto[705]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
2024-12-11T01:21:07.137648+00:00 98bb14a32b98 pluto[705]: IPCOMP algorithms:
2024-12-11T01:21:07.137695+00:00 98bb14a32b98 pluto[705]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
2024-12-11T01:21:07.137742+00:00 98bb14a32b98 pluto[705]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
2024-12-11T01:21:07.137795+00:00 98bb14a32b98 pluto[705]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
2024-12-11T01:21:07.137844+00:00 98bb14a32b98 pluto[705]: testing CAMELLIA_CBC:
2024-12-11T01:21:07.137891+00:00 98bb14a32b98 pluto[705]:   Camellia: 16 bytes with 128-bit key
2024-12-11T01:21:07.138034+00:00 98bb14a32b98 pluto[705]:   Camellia: 16 bytes with 128-bit key
2024-12-11T01:21:07.138270+00:00 98bb14a32b98 pluto[705]:   Camellia: 16 bytes with 256-bit key
2024-12-11T01:21:07.138402+00:00 98bb14a32b98 pluto[705]:   Camellia: 16 bytes with 256-bit key
2024-12-11T01:21:07.138507+00:00 98bb14a32b98 pluto[705]: testing AES_GCM_16:
2024-12-11T01:21:07.138567+00:00 98bb14a32b98 pluto[705]:   empty string
2024-12-11T01:21:07.138651+00:00 98bb14a32b98 pluto[705]:   one block
2024-12-11T01:21:07.138761+00:00 98bb14a32b98 pluto[705]:   two blocks
2024-12-11T01:21:07.138853+00:00 98bb14a32b98 pluto[705]:   two blocks with associated data
2024-12-11T01:21:07.138915+00:00 98bb14a32b98 pluto[705]: testing AES_CTR:
2024-12-11T01:21:07.138948+00:00 98bb14a32b98 pluto[705]:   Encrypting 16 octets using AES-CTR with 128-bit key
2024-12-11T01:21:07.139017+00:00 98bb14a32b98 pluto[705]:   Encrypting 32 octets using AES-CTR with 128-bit key
2024-12-11T01:21:07.139070+00:00 98bb14a32b98 pluto[705]:   Encrypting 36 octets using AES-CTR with 128-bit key
2024-12-11T01:21:07.139158+00:00 98bb14a32b98 pluto[705]:   Encrypting 16 octets using AES-CTR with 192-bit key
2024-12-11T01:21:07.139220+00:00 98bb14a32b98 pluto[705]:   Encrypting 32 octets using AES-CTR with 192-bit key
2024-12-11T01:21:07.139271+00:00 98bb14a32b98 pluto[705]:   Encrypting 36 octets using AES-CTR with 192-bit key
2024-12-11T01:21:07.139322+00:00 98bb14a32b98 pluto[705]:   Encrypting 16 octets using AES-CTR with 256-bit key
2024-12-11T01:21:07.139370+00:00 98bb14a32b98 pluto[705]:   Encrypting 32 octets using AES-CTR with 256-bit key
2024-12-11T01:21:07.139419+00:00 98bb14a32b98 pluto[705]:   Encrypting 36 octets using AES-CTR with 256-bit key
2024-12-11T01:21:07.139469+00:00 98bb14a32b98 pluto[705]: testing AES_CBC:
2024-12-11T01:21:07.139496+00:00 98bb14a32b98 pluto[705]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
2024-12-11T01:21:07.139542+00:00 98bb14a32b98 pluto[705]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
2024-12-11T01:21:07.139594+00:00 98bb14a32b98 pluto[705]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
2024-12-11T01:21:07.139645+00:00 98bb14a32b98 pluto[705]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
2024-12-11T01:21:07.139700+00:00 98bb14a32b98 pluto[705]: testing AES_XCBC:
2024-12-11T01:21:07.139727+00:00 98bb14a32b98 pluto[705]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
2024-12-11T01:21:07.139866+00:00 98bb14a32b98 pluto[705]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
2024-12-11T01:21:07.140003+00:00 98bb14a32b98 pluto[705]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
2024-12-11T01:21:07.140121+00:00 98bb14a32b98 pluto[705]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
2024-12-11T01:21:07.140411+00:00 98bb14a32b98 pluto[705]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
2024-12-11T01:21:07.140558+00:00 98bb14a32b98 pluto[705]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
2024-12-11T01:21:07.140879+00:00 98bb14a32b98 pluto[705]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
2024-12-11T01:21:07.141171+00:00 98bb14a32b98 pluto[705]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
2024-12-11T01:21:07.141298+00:00 98bb14a32b98 pluto[705]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
2024-12-11T01:21:07.141423+00:00 98bb14a32b98 pluto[705]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
2024-12-11T01:21:07.141607+00:00 98bb14a32b98 pluto[705]: testing HMAC_MD5:
2024-12-11T01:21:07.141645+00:00 98bb14a32b98 pluto[705]:   RFC 2104: MD5_HMAC test 1
2024-12-11T01:21:07.141739+00:00 98bb14a32b98 pluto[705]:   RFC 2104: MD5_HMAC test 2
2024-12-11T01:21:07.141832+00:00 98bb14a32b98 pluto[705]:   RFC 2104: MD5_HMAC test 3
2024-12-11T01:21:07.141925+00:00 98bb14a32b98 pluto[705]: testing HMAC_SHA1:
2024-12-11T01:21:07.141953+00:00 98bb14a32b98 pluto[705]:   CAVP: IKEv2 key derivation with HMAC-SHA1
2024-12-11T01:21:07.142388+00:00 98bb14a32b98 pluto[705]: 1 CPU cores online
2024-12-11T01:21:07.142444+00:00 98bb14a32b98 pluto[705]: starting up 1 helper threads
2024-12-11T01:21:07.142521+00:00 98bb14a32b98 pluto[705]: started thread for helper 0
2024-12-11T01:21:07.142564+00:00 98bb14a32b98 pluto[705]: using Linux xfrm kernel support code on #26~22.04.1-Ubuntu SMP Thu Jul 11 22:33:04 UTC 2024
2024-12-11T01:21:07.143554+00:00 98bb14a32b98 pluto[705]: seccomp security not supported
2024-12-11T01:21:07.144031+00:00 98bb14a32b98 pluto[705]: helper(1): seccomp security for helper not supported
2024-12-11T01:21:07.144593+00:00 98bb14a32b98 pluto[705]: addconn: ipsec addconn: /etc/ipsec.conf:19: warning: obsolete keyword ignored: dpdaction=clear
2024-12-11T01:21:07.145251+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.145296+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.145550+00:00 98bb14a32b98 pluto[705]: addconn: ipsec addconn: /etc/ipsec.d/ikev2.conf:16: warning: obsolete keyword ignored: dpdaction=clear
2024-12-11T01:21:07.145606+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.145612+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.146246+00:00 98bb14a32b98 pluto[705]: "l2tp-psk": ikev2=no has been replaced by keyexchange=ikev1
2024-12-11T01:21:07.146387+00:00 98bb14a32b98 pluto[705]: "l2tp-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN
2024-12-11T01:21:07.146412+00:00 98bb14a32b98 pluto[705]: "l2tp-psk": added IKEv1 connection
2024-12-11T01:21:07.146505+00:00 98bb14a32b98 pluto[705]: addconn: "l2tp-psk": ikev2=no has been replaced by keyexchange=ikev1
2024-12-11T01:21:07.146511+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.146564+00:00 98bb14a32b98 pluto[705]: addconn: "l2tp-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN
2024-12-11T01:21:07.146569+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.146651+00:00 98bb14a32b98 pluto[705]: addconn: "l2tp-psk": added IKEv1 connection
2024-12-11T01:21:07.146656+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.146884+00:00 98bb14a32b98 pluto[705]: "xauth-psk": ikev2=no has been replaced by keyexchange=ikev1
2024-12-11T01:21:07.147003+00:00 98bb14a32b98 pluto[705]: "xauth-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN
2024-12-11T01:21:07.147021+00:00 98bb14a32b98 pluto[705]: "xauth-psk": added IKEv1 connection
2024-12-11T01:21:07.147103+00:00 98bb14a32b98 pluto[705]: addconn: "xauth-psk": ikev2=no has been replaced by keyexchange=ikev1
2024-12-11T01:21:07.147108+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.147159+00:00 98bb14a32b98 pluto[705]: addconn: "xauth-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN
2024-12-11T01:21:07.147164+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.147210+00:00 98bb14a32b98 pluto[705]: addconn: "xauth-psk": added IKEv1 connection
2024-12-11T01:21:07.147214+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:21:07.147435+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": ikev2=yes has been replaced by keyexchange=ikev2
2024-12-11T01:21:07.147513+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": IKE SA proposals (connection add):
2024-12-11T01:21:07.147520+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   1:IKE=AES_GCM_16_256-HMAC_SHA2_256-NONE-ECP_256
2024-12-11T01:21:07.147526+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
2024-12-11T01:21:07.147532+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   3:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
2024-12-11T01:21:07.147537+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   4:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
2024-12-11T01:21:07.147542+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   5:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
2024-12-11T01:21:07.147600+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": Child SA proposals (connection add):
2024-12-11T01:21:07.147606+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   1:ESP=AES_GCM_16_128+AES_GCM_16_256-NONE-NONE-ESN:YES+NO
2024-12-11T01:21:07.147611+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ESN:YES+NO
2024-12-11T01:21:07.147616+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ESN:YES+NO
2024-12-11T01:21:07.147700+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ESN:YES+NO
2024-12-11T01:21:07.147710+00:00 98bb14a32b98 pluto[705]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ESN:YES+NO
2024-12-11T01:21:07.153969+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": loaded private key matching left certificate '52.151.22.117'
2024-12-11T01:21:07.154063+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": added IKEv2 connection
2024-12-11T01:21:07.154171+00:00 98bb14a32b98 pluto[705]: listening for IKE messages
2024-12-11T01:21:07.154260+00:00 98bb14a32b98 pluto[705]: Kernel supports NIC esp-hw-offload
2024-12-11T01:21:07.154368+00:00 98bb14a32b98 pluto[705]: adding interface eth0 172.17.0.2:UDP/500
2024-12-11T01:21:07.154448+00:00 98bb14a32b98 pluto[705]: adding interface eth0 172.17.0.2:UDP/4500 (NAT)
2024-12-11T01:21:07.154508+00:00 98bb14a32b98 pluto[705]: adding interface lo 127.0.0.1:UDP/500
2024-12-11T01:21:07.154565+00:00 98bb14a32b98 pluto[705]: adding interface lo 127.0.0.1:UDP/4500 (NAT)
2024-12-11T01:21:07.154628+00:00 98bb14a32b98 pluto[705]: adding interface lo [::1]:UDP/500
2024-12-11T01:21:07.154695+00:00 98bb14a32b98 pluto[705]: adding interface lo [::1]:UDP/4500 (NAT)
2024-12-11T01:21:07.154750+00:00 98bb14a32b98 pluto[705]: "l2tp-psk": oriented IKEv1 connection (local: left=172.17.0.2  remote: right=0.0.0.0)
2024-12-11T01:21:07.154799+00:00 98bb14a32b98 pluto[705]: "xauth-psk": oriented IKEv1 connection (local: left=172.17.0.2  remote: right=0.0.0.0)
2024-12-11T01:21:07.154846+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": oriented IKEv2 connection (local: left=172.17.0.2  remote: right=0.0.0.0)
2024-12-11T01:21:07.156904+00:00 98bb14a32b98 pluto[705]: forgetting secrets
2024-12-11T01:21:07.157014+00:00 98bb14a32b98 pluto[705]: loading secrets from "/etc/ipsec.secrets"
2024-12-11T01:21:07.157195+00:00 98bb14a32b98 pluto[705]: addconn: "ikev2-cp": ikev2=yes has been replaced by keyexchange=ikev2
2024-12-11T01:21:07.157239+00:00 98bb14a32b98 pluto[705]: addconn: "ikev2-cp": added IKEv2 connection
2024-12-11T01:21:07.157264+00:00 98bb14a32b98 pluto[705]: addconn: listening for IKE messages
2024-12-11T01:21:07.157287+00:00 98bb14a32b98 pluto[705]: addconn: Kernel supports NIC esp-hw-offload
2024-12-11T01:21:07.157309+00:00 98bb14a32b98 pluto[705]: addconn: adding interface eth0 172.17.0.2:UDP/500
2024-12-11T01:21:07.157332+00:00 98bb14a32b98 pluto[705]: addconn: adding interface eth0 172.17.0.2:UDP/4500 (NAT)
2024-12-11T01:21:07.157353+00:00 98bb14a32b98 pluto[705]: addconn: adding interface lo 127.0.0.1:UDP/500
2024-12-11T01:21:07.157375+00:00 98bb14a32b98 pluto[705]: addconn: adding interface lo 127.0.0.1:UDP/4500 (NAT)
2024-12-11T01:21:07.157396+00:00 98bb14a32b98 pluto[705]: addconn: adding interface lo [::1]:UDP/500
2024-12-11T01:21:07.157418+00:00 98bb14a32b98 pluto[705]: addconn: adding interface lo [::1]:UDP/4500 (NAT)
2024-12-11T01:21:07.157441+00:00 98bb14a32b98 pluto[705]: addconn: "l2tp-psk": oriented IKEv1 connection (local: left=172.17.0.2  remote: right=0.0.0.0)
2024-12-11T01:21:07.157470+00:00 98bb14a32b98 pluto[705]: addconn: "xauth-psk": oriented
2024-12-11T01:21:07.157518+00:00 98bb14a32b98 pluto[705]: addconn:  IKEv1 connection (local: left=172.17.0.2  remote: right=0.0.0.0)
2024-12-11T01:21:07.157561+00:00 98bb14a32b98 pluto[705]: addconn: "ikev2-cp": oriented IKEv2 connection (local: left=172.17.0.2  remote: right=0.0.0.0)
2024-12-11T01:21:07.157584+00:00 98bb14a32b98 pluto[705]: addconn: forgetting secrets
2024-12-11T01:21:07.157606+00:00 98bb14a32b98 pluto[705]: addconn: loading secrets from "/etc/ipsec.secrets"
2024-12-11T01:21:07.157627+00:00 98bb14a32b98 pluto[705]: addconn:
2024-12-11T01:22:40.982711+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: responding to Main Mode from unknown peer 172.203.235.188:500
2024-12-11T01:22:40.982777+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
2024-12-11T01:22:40.982786+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
2024-12-11T01:22:40.982853+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: sent Main Mode R1
2024-12-11T01:22:41.340933+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: sent Main Mode R2
2024-12-11T01:22:41.719108+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: Peer ID is ID_IPV4_ADDR: '192.168.42.10'
2024-12-11T01:22:41.719270+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: switched to "l2tp-psk"[2] 172.203.235.188
2024-12-11T01:22:41.719310+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188: deleting connection instance with peer 172.203.235.188
2024-12-11T01:22:41.719495+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
2024-12-11T01:22:41.719539+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #1: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
2024-12-11T01:22:42.110486+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #1: the peer proposed: 52.151.22.117/32/UDP/1701===192.168.42.10/32/UDP/1701
2024-12-11T01:22:42.110607+00:00 98bb14a32b98 pluto[705]: |   checking hostpair 172.17.0.2/32:1701 -> 172.203.235.188/32:0
2024-12-11T01:22:42.110649+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #1: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
2024-12-11T01:22:42.110831+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #2: responding to Quick Mode proposal {msgid:00000001} using ISAKMP SA #1
2024-12-11T01:22:42.110876+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #2:     us: 172.17.0.2/32/UDP/1701===172.17.0.2[52.151.22.117]  them: 172.203.235.188[192.168.42.10]===172.203.235.188/32/UDP/1701
2024-12-11T01:22:42.111174+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #2: sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation transport mode {ESPinUDP=>0xe64d1ff6 <0x31b22e3a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.42.10 NATD=172.203.235.188:4500 DPD=unsupported}
2024-12-11T01:22:42.501822+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #2: IPsec SA established transport mode {ESPinUDP=>0xe64d1ff6 <0x31b22e3a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.42.10 NATD=172.203.235.188:4500 DPD=unsupported}
2024-12-11T01:23:48.262878+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: responding to Main Mode from unknown peer 114.255.230.30:500
2024-12-11T01:23:48.262917+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
2024-12-11T01:23:48.262926+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
2024-12-11T01:23:48.262990+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: sent Main Mode R1
2024-12-11T01:23:48.738557+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: sent Main Mode R2
2024-12-11T01:23:49.141251+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: Peer ID is ID_IPV4_ADDR: '10.191.120.128'
2024-12-11T01:23:49.141357+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: switched to "l2tp-psk"[4] 114.255.230.30
2024-12-11T01:23:49.141369+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30: deleting connection instance with peer 114.255.230.30
2024-12-11T01:23:49.141618+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
2024-12-11T01:23:49.141627+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
2024-12-11T01:23:50.155013+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:23:51.171704+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:23:54.178542+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:23:57.204326+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:00.203045+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:03.208496+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:06.219714+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:09.226498+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:12.233921+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:15.249039+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:18.249332+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:21.249501+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:24.265534+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:27.262465+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:30.261245+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:33.269725+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:36.391734+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: responding to Main Mode from unknown peer 114.255.230.30:500
2024-12-11T01:24:36.391866+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
2024-12-11T01:24:36.391903+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
2024-12-11T01:24:36.391983+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: sent Main Mode R1
2024-12-11T01:24:36.743957+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: sent Main Mode R2
2024-12-11T01:24:37.049519+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: Peer ID is ID_IPV4_ADDR: '10.191.120.128'
2024-12-11T01:24:37.049778+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
2024-12-11T01:24:37.049822+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
2024-12-11T01:24:38.844857+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: responding to Main Mode from unknown peer 114.255.230.30:500
2024-12-11T01:24:38.844996+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
2024-12-11T01:24:38.845033+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
2024-12-11T01:24:38.845117+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: sent Main Mode R1
2024-12-11T01:24:39.231374+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: sent Main Mode R2
2024-12-11T01:24:39.498904+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: Peer ID is ID_IPV4_ADDR: '10.191.120.128'
2024-12-11T01:24:39.499217+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
2024-12-11T01:24:39.499262+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
2024-12-11T01:24:40.506573+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:24:41.519482+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:24:44.527524+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:47.536394+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:50.548871+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:53.566876+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:56.575493+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:24:59.585022+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:02.587930+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:05.605949+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:08.613817+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:11.609479+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:14.621295+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:17.619961+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:20.634016+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:23.633626+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:26.941347+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: responding to Main Mode from unknown peer 114.255.230.30:500
2024-12-11T01:25:26.941478+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
2024-12-11T01:25:26.941514+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
2024-12-11T01:25:26.941597+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: sent Main Mode R1
2024-12-11T01:25:27.303687+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: sent Main Mode R2
2024-12-11T01:25:27.622795+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: Peer ID is ID_IPV4_ADDR: '10.191.120.128'
2024-12-11T01:25:27.623091+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
2024-12-11T01:25:27.623137+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
2024-12-11T01:25:28.634116+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:25:29.646694+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:25:32.662073+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:35.671177+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:38.673727+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:25:41.689389+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:07.521892+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: responding to Main Mode from unknown peer 114.255.230.30:500
2024-12-11T01:26:07.521931+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
2024-12-11T01:26:07.521940+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
2024-12-11T01:26:07.521999+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: sent Main Mode R1
2024-12-11T01:26:07.906962+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: sent Main Mode R2
2024-12-11T01:26:08.194590+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: Peer ID is ID_IPV4_ADDR: '10.191.120.128'
2024-12-11T01:26:08.194744+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
2024-12-11T01:26:08.194751+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
2024-12-11T01:26:09.197688+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:26:10.209501+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:26:13.214366+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:16.224397+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:19.232049+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:22.239729+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:25.243503+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:28.255431+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:31.263508+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:34.275295+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:37.283859+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:40.297590+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:43.307680+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:46.325429+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:49.329892+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:52.338207+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:26:55.441999+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: responding to Main Mode from unknown peer 114.255.230.30:500
2024-12-11T01:26:55.442135+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
2024-12-11T01:26:55.442171+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
2024-12-11T01:26:55.442255+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: sent Main Mode R1
2024-12-11T01:26:55.831964+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: sent Main Mode R2
2024-12-11T01:26:56.201418+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: Peer ID is ID_IPV4_ADDR: '10.191.120.128'
2024-12-11T01:26:56.201707+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
2024-12-11T01:26:56.201751+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
2024-12-11T01:26:57.207637+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:26:58.218833+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2024-12-11T01:27:01.234619+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:27:04.233355+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:27:07.247277+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2024-12-11T01:27:10.246066+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
<!-- gh-comment-id:2533414273 --> @guobinzhao commented on GitHub (Dec 11, 2024): 这是/var/log/auth.log,可以看到在尝试连接,但失败了。 ``` cat /var/log/auth.log 2024-12-11T01:21:07.043850+00:00 98bb14a32b98 pluto[255]: Pluto is shutting down 2024-12-11T01:21:07.043954+00:00 98bb14a32b98 pluto[255]: "l2tp-psk": deleting template instances 2024-12-11T01:21:07.043963+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30: terminating SAs using this connection 2024-12-11T01:21:07.043973+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #16: deleting ISAKMP SA (MAIN_R3) aged 442.689257s and NOT sending notification 2024-12-11T01:21:07.044047+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #14: deleting ISAKMP SA (MAIN_R3) aged 475.213882s and NOT sending notification 2024-12-11T01:21:07.044080+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #13: deleting ISAKMP SA (MAIN_R3) aged 485.467326s and NOT sending notification 2024-12-11T01:21:07.044134+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #12: deleting ISAKMP SA (MAIN_R3) aged 497.789138s and NOT sending notification 2024-12-11T01:21:07.044197+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #10: deleting ISAKMP SA (MAIN_R3) aged 510.45167s and NOT sending notification 2024-12-11T01:21:07.044495+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #9: deleting ISAKMP SA (MAIN_R3) aged 522.820381s and NOT sending notification 2024-12-11T01:21:07.044561+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30 #17: deleting ISAKMP SA (MAIN_R3) aged 394.64437s and sending notification 2024-12-11T01:21:07.045420+00:00 98bb14a32b98 pluto[255]: "l2tp-psk"[4] 114.255.230.30: deleting connection instance with peer 114.255.230.30 2024-12-11T01:21:07.045545+00:00 98bb14a32b98 pluto[255]: forgetting secrets 2024-12-11T01:21:07.045614+00:00 98bb14a32b98 pluto[255]: shutting down interface lo [::1]:4500 2024-12-11T01:21:07.045620+00:00 98bb14a32b98 pluto[255]: shutting down interface lo [::1]:500 2024-12-11T01:21:07.045625+00:00 98bb14a32b98 pluto[255]: shutting down interface lo 127.0.0.1:4500 2024-12-11T01:21:07.045630+00:00 98bb14a32b98 pluto[255]: shutting down interface lo 127.0.0.1:500 2024-12-11T01:21:07.045635+00:00 98bb14a32b98 pluto[255]: shutting down interface eth0 172.17.0.2:4500 2024-12-11T01:21:07.045641+00:00 98bb14a32b98 pluto[255]: shutting down interface eth0 172.17.0.2:500 2024-12-11T01:21:07.127241+00:00 98bb14a32b98 pluto[705]: Starting Pluto (Libreswan Version 5.1 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-KDF) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS) NFTABLES CAT NFLOG) pid:705 2024-12-11T01:21:07.127350+00:00 98bb14a32b98 pluto[705]: operating system: Linux 6.5.0-1025-azure #26~22.04.1-Ubuntu SMP Thu Jul 11 22:33:04 UTC 2024 x86_64 2024-12-11T01:21:07.127405+00:00 98bb14a32b98 pluto[705]: core dump dir: /run/pluto 2024-12-11T01:21:07.127476+00:00 98bb14a32b98 pluto[705]: secrets file: /etc/ipsec.secrets 2024-12-11T01:21:07.127648+00:00 98bb14a32b98 pluto[705]: Initializing NSS using read-only database "sql:/etc/ipsec.d" 2024-12-11T01:21:07.132177+00:00 98bb14a32b98 pluto[705]: FIPS Mode: OFF 2024-12-11T01:21:07.132716+00:00 98bb14a32b98 pluto[705]: NSS crypto library initialized 2024-12-11T01:21:07.132825+00:00 98bb14a32b98 pluto[705]: FIPS mode disabled for pluto daemon 2024-12-11T01:21:07.132882+00:00 98bb14a32b98 pluto[705]: FIPS HMAC integrity support [not required] 2024-12-11T01:21:07.133160+00:00 98bb14a32b98 pluto[705]: libcap-ng support [enabled] 2024-12-11T01:21:07.133218+00:00 98bb14a32b98 pluto[705]: Linux audit support [disabled] 2024-12-11T01:21:07.133266+00:00 98bb14a32b98 pluto[705]: leak-detective disabled 2024-12-11T01:21:07.133312+00:00 98bb14a32b98 pluto[705]: NSS crypto [enabled] 2024-12-11T01:21:07.133358+00:00 98bb14a32b98 pluto[705]: XAUTH PAM support [enabled] 2024-12-11T01:21:07.133415+00:00 98bb14a32b98 pluto[705]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00) 2024-12-11T01:21:07.133493+00:00 98bb14a32b98 pluto[705]: NAT-Traversal: keep-alive period 20s 2024-12-11T01:21:07.133667+00:00 98bb14a32b98 pluto[705]: Encryption algorithms: 2024-12-11T01:21:07.133870+00:00 98bb14a32b98 pluto[705]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c 2024-12-11T01:21:07.133934+00:00 98bb14a32b98 pluto[705]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b 2024-12-11T01:21:07.133986+00:00 98bb14a32b98 pluto[705]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a 2024-12-11T01:21:07.134321+00:00 98bb14a32b98 pluto[705]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des 2024-12-11T01:21:07.134402+00:00 98bb14a32b98 pluto[705]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP 2024-12-11T01:21:07.134498+00:00 98bb14a32b98 pluto[705]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia 2024-12-11T01:21:07.134569+00:00 98bb14a32b98 pluto[705]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(AEAD) aes_gcm, aes_gcm_c 2024-12-11T01:21:07.134634+00:00 98bb14a32b98 pluto[705]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(AEAD) aes_gcm_b 2024-12-11T01:21:07.134690+00:00 98bb14a32b98 pluto[705]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(AEAD) aes_gcm_a 2024-12-11T01:21:07.134781+00:00 98bb14a32b98 pluto[705]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr 2024-12-11T01:21:07.134837+00:00 98bb14a32b98 pluto[705]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes 2024-12-11T01:21:07.134904+00:00 98bb14a32b98 pluto[705]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac 2024-12-11T01:21:07.134952+00:00 98bb14a32b98 pluto[705]: NULL [] IKEv1: ESP IKEv2: ESP NULL 2024-12-11T01:21:07.135000+00:00 98bb14a32b98 pluto[705]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 2024-12-11T01:21:07.135047+00:00 98bb14a32b98 pluto[705]: Hash algorithms: 2024-12-11T01:21:07.135095+00:00 98bb14a32b98 pluto[705]: MD5 IKEv1: IKE IKEv2: NSS 2024-12-11T01:21:07.135745+00:00 98bb14a32b98 pluto[705]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha 2024-12-11T01:21:07.135826+00:00 98bb14a32b98 pluto[705]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 2024-12-11T01:21:07.135889+00:00 98bb14a32b98 pluto[705]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 2024-12-11T01:21:07.135950+00:00 98bb14a32b98 pluto[705]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 2024-12-11T01:21:07.136036+00:00 98bb14a32b98 pluto[705]: IDENTITY IKEv1: IKEv2: FIPS 2024-12-11T01:21:07.136085+00:00 98bb14a32b98 pluto[705]: PRF algorithms: 2024-12-11T01:21:07.136134+00:00 98bb14a32b98 pluto[705]: HMAC_MD5 IKEv1: IKE IKEv2: IKE NSS md5 2024-12-11T01:21:07.136184+00:00 98bb14a32b98 pluto[705]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 2024-12-11T01:21:07.136233+00:00 98bb14a32b98 pluto[705]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 2024-12-11T01:21:07.136344+00:00 98bb14a32b98 pluto[705]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 2024-12-11T01:21:07.136396+00:00 98bb14a32b98 pluto[705]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 2024-12-11T01:21:07.136474+00:00 98bb14a32b98 pluto[705]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc 2024-12-11T01:21:07.136525+00:00 98bb14a32b98 pluto[705]: Integrity algorithms: 2024-12-11T01:21:07.136575+00:00 98bb14a32b98 pluto[705]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS md5, hmac_md5 2024-12-11T01:21:07.136624+00:00 98bb14a32b98 pluto[705]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 2024-12-11T01:21:07.136673+00:00 98bb14a32b98 pluto[705]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 2024-12-11T01:21:07.136722+00:00 98bb14a32b98 pluto[705]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 2024-12-11T01:21:07.136771+00:00 98bb14a32b98 pluto[705]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 2024-12-11T01:21:07.136827+00:00 98bb14a32b98 pluto[705]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH 2024-12-11T01:21:07.136881+00:00 98bb14a32b98 pluto[705]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 2024-12-11T01:21:07.136931+00:00 98bb14a32b98 pluto[705]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac 2024-12-11T01:21:07.136979+00:00 98bb14a32b98 pluto[705]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null 2024-12-11T01:21:07.137026+00:00 98bb14a32b98 pluto[705]: DH algorithms: 2024-12-11T01:21:07.137075+00:00 98bb14a32b98 pluto[705]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 2024-12-11T01:21:07.137123+00:00 98bb14a32b98 pluto[705]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2 2024-12-11T01:21:07.137172+00:00 98bb14a32b98 pluto[705]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 2024-12-11T01:21:07.137220+00:00 98bb14a32b98 pluto[705]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 2024-12-11T01:21:07.137268+00:00 98bb14a32b98 pluto[705]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 2024-12-11T01:21:07.137316+00:00 98bb14a32b98 pluto[705]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 2024-12-11T01:21:07.137364+00:00 98bb14a32b98 pluto[705]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 2024-12-11T01:21:07.137412+00:00 98bb14a32b98 pluto[705]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 2024-12-11T01:21:07.137460+00:00 98bb14a32b98 pluto[705]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 2024-12-11T01:21:07.137508+00:00 98bb14a32b98 pluto[705]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 2024-12-11T01:21:07.137555+00:00 98bb14a32b98 pluto[705]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 2024-12-11T01:21:07.137602+00:00 98bb14a32b98 pluto[705]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 2024-12-11T01:21:07.137648+00:00 98bb14a32b98 pluto[705]: IPCOMP algorithms: 2024-12-11T01:21:07.137695+00:00 98bb14a32b98 pluto[705]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS 2024-12-11T01:21:07.137742+00:00 98bb14a32b98 pluto[705]: LZS IKEv1: IKEv2: ESP AH FIPS 2024-12-11T01:21:07.137795+00:00 98bb14a32b98 pluto[705]: LZJH IKEv1: IKEv2: ESP AH FIPS 2024-12-11T01:21:07.137844+00:00 98bb14a32b98 pluto[705]: testing CAMELLIA_CBC: 2024-12-11T01:21:07.137891+00:00 98bb14a32b98 pluto[705]: Camellia: 16 bytes with 128-bit key 2024-12-11T01:21:07.138034+00:00 98bb14a32b98 pluto[705]: Camellia: 16 bytes with 128-bit key 2024-12-11T01:21:07.138270+00:00 98bb14a32b98 pluto[705]: Camellia: 16 bytes with 256-bit key 2024-12-11T01:21:07.138402+00:00 98bb14a32b98 pluto[705]: Camellia: 16 bytes with 256-bit key 2024-12-11T01:21:07.138507+00:00 98bb14a32b98 pluto[705]: testing AES_GCM_16: 2024-12-11T01:21:07.138567+00:00 98bb14a32b98 pluto[705]: empty string 2024-12-11T01:21:07.138651+00:00 98bb14a32b98 pluto[705]: one block 2024-12-11T01:21:07.138761+00:00 98bb14a32b98 pluto[705]: two blocks 2024-12-11T01:21:07.138853+00:00 98bb14a32b98 pluto[705]: two blocks with associated data 2024-12-11T01:21:07.138915+00:00 98bb14a32b98 pluto[705]: testing AES_CTR: 2024-12-11T01:21:07.138948+00:00 98bb14a32b98 pluto[705]: Encrypting 16 octets using AES-CTR with 128-bit key 2024-12-11T01:21:07.139017+00:00 98bb14a32b98 pluto[705]: Encrypting 32 octets using AES-CTR with 128-bit key 2024-12-11T01:21:07.139070+00:00 98bb14a32b98 pluto[705]: Encrypting 36 octets using AES-CTR with 128-bit key 2024-12-11T01:21:07.139158+00:00 98bb14a32b98 pluto[705]: Encrypting 16 octets using AES-CTR with 192-bit key 2024-12-11T01:21:07.139220+00:00 98bb14a32b98 pluto[705]: Encrypting 32 octets using AES-CTR with 192-bit key 2024-12-11T01:21:07.139271+00:00 98bb14a32b98 pluto[705]: Encrypting 36 octets using AES-CTR with 192-bit key 2024-12-11T01:21:07.139322+00:00 98bb14a32b98 pluto[705]: Encrypting 16 octets using AES-CTR with 256-bit key 2024-12-11T01:21:07.139370+00:00 98bb14a32b98 pluto[705]: Encrypting 32 octets using AES-CTR with 256-bit key 2024-12-11T01:21:07.139419+00:00 98bb14a32b98 pluto[705]: Encrypting 36 octets using AES-CTR with 256-bit key 2024-12-11T01:21:07.139469+00:00 98bb14a32b98 pluto[705]: testing AES_CBC: 2024-12-11T01:21:07.139496+00:00 98bb14a32b98 pluto[705]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key 2024-12-11T01:21:07.139542+00:00 98bb14a32b98 pluto[705]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key 2024-12-11T01:21:07.139594+00:00 98bb14a32b98 pluto[705]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key 2024-12-11T01:21:07.139645+00:00 98bb14a32b98 pluto[705]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key 2024-12-11T01:21:07.139700+00:00 98bb14a32b98 pluto[705]: testing AES_XCBC: 2024-12-11T01:21:07.139727+00:00 98bb14a32b98 pluto[705]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input 2024-12-11T01:21:07.139866+00:00 98bb14a32b98 pluto[705]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input 2024-12-11T01:21:07.140003+00:00 98bb14a32b98 pluto[705]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input 2024-12-11T01:21:07.140121+00:00 98bb14a32b98 pluto[705]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input 2024-12-11T01:21:07.140411+00:00 98bb14a32b98 pluto[705]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input 2024-12-11T01:21:07.140558+00:00 98bb14a32b98 pluto[705]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input 2024-12-11T01:21:07.140879+00:00 98bb14a32b98 pluto[705]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input 2024-12-11T01:21:07.141171+00:00 98bb14a32b98 pluto[705]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) 2024-12-11T01:21:07.141298+00:00 98bb14a32b98 pluto[705]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) 2024-12-11T01:21:07.141423+00:00 98bb14a32b98 pluto[705]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) 2024-12-11T01:21:07.141607+00:00 98bb14a32b98 pluto[705]: testing HMAC_MD5: 2024-12-11T01:21:07.141645+00:00 98bb14a32b98 pluto[705]: RFC 2104: MD5_HMAC test 1 2024-12-11T01:21:07.141739+00:00 98bb14a32b98 pluto[705]: RFC 2104: MD5_HMAC test 2 2024-12-11T01:21:07.141832+00:00 98bb14a32b98 pluto[705]: RFC 2104: MD5_HMAC test 3 2024-12-11T01:21:07.141925+00:00 98bb14a32b98 pluto[705]: testing HMAC_SHA1: 2024-12-11T01:21:07.141953+00:00 98bb14a32b98 pluto[705]: CAVP: IKEv2 key derivation with HMAC-SHA1 2024-12-11T01:21:07.142388+00:00 98bb14a32b98 pluto[705]: 1 CPU cores online 2024-12-11T01:21:07.142444+00:00 98bb14a32b98 pluto[705]: starting up 1 helper threads 2024-12-11T01:21:07.142521+00:00 98bb14a32b98 pluto[705]: started thread for helper 0 2024-12-11T01:21:07.142564+00:00 98bb14a32b98 pluto[705]: using Linux xfrm kernel support code on #26~22.04.1-Ubuntu SMP Thu Jul 11 22:33:04 UTC 2024 2024-12-11T01:21:07.143554+00:00 98bb14a32b98 pluto[705]: seccomp security not supported 2024-12-11T01:21:07.144031+00:00 98bb14a32b98 pluto[705]: helper(1): seccomp security for helper not supported 2024-12-11T01:21:07.144593+00:00 98bb14a32b98 pluto[705]: addconn: ipsec addconn: /etc/ipsec.conf:19: warning: obsolete keyword ignored: dpdaction=clear 2024-12-11T01:21:07.145251+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.145296+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.145550+00:00 98bb14a32b98 pluto[705]: addconn: ipsec addconn: /etc/ipsec.d/ikev2.conf:16: warning: obsolete keyword ignored: dpdaction=clear 2024-12-11T01:21:07.145606+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.145612+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.146246+00:00 98bb14a32b98 pluto[705]: "l2tp-psk": ikev2=no has been replaced by keyexchange=ikev1 2024-12-11T01:21:07.146387+00:00 98bb14a32b98 pluto[705]: "l2tp-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN 2024-12-11T01:21:07.146412+00:00 98bb14a32b98 pluto[705]: "l2tp-psk": added IKEv1 connection 2024-12-11T01:21:07.146505+00:00 98bb14a32b98 pluto[705]: addconn: "l2tp-psk": ikev2=no has been replaced by keyexchange=ikev1 2024-12-11T01:21:07.146511+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.146564+00:00 98bb14a32b98 pluto[705]: addconn: "l2tp-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN 2024-12-11T01:21:07.146569+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.146651+00:00 98bb14a32b98 pluto[705]: addconn: "l2tp-psk": added IKEv1 connection 2024-12-11T01:21:07.146656+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.146884+00:00 98bb14a32b98 pluto[705]: "xauth-psk": ikev2=no has been replaced by keyexchange=ikev1 2024-12-11T01:21:07.147003+00:00 98bb14a32b98 pluto[705]: "xauth-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN 2024-12-11T01:21:07.147021+00:00 98bb14a32b98 pluto[705]: "xauth-psk": added IKEv1 connection 2024-12-11T01:21:07.147103+00:00 98bb14a32b98 pluto[705]: addconn: "xauth-psk": ikev2=no has been replaced by keyexchange=ikev1 2024-12-11T01:21:07.147108+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.147159+00:00 98bb14a32b98 pluto[705]: addconn: "xauth-psk": warning: keyingtries=5 ignored, UP connection will attempt to establish until marked DOWN 2024-12-11T01:21:07.147164+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.147210+00:00 98bb14a32b98 pluto[705]: addconn: "xauth-psk": added IKEv1 connection 2024-12-11T01:21:07.147214+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:21:07.147435+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": ikev2=yes has been replaced by keyexchange=ikev2 2024-12-11T01:21:07.147513+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": IKE SA proposals (connection add): 2024-12-11T01:21:07.147520+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 1:IKE=AES_GCM_16_256-HMAC_SHA2_256-NONE-ECP_256 2024-12-11T01:21:07.147526+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192 2024-12-11T01:21:07.147532+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 3:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192 2024-12-11T01:21:07.147537+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 4:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192 2024-12-11T01:21:07.147542+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 5:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192 2024-12-11T01:21:07.147600+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": Child SA proposals (connection add): 2024-12-11T01:21:07.147606+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 1:ESP=AES_GCM_16_128+AES_GCM_16_256-NONE-NONE-ESN:YES+NO 2024-12-11T01:21:07.147611+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ESN:YES+NO 2024-12-11T01:21:07.147616+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ESN:YES+NO 2024-12-11T01:21:07.147700+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ESN:YES+NO 2024-12-11T01:21:07.147710+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ESN:YES+NO 2024-12-11T01:21:07.153969+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": loaded private key matching left certificate '52.151.22.117' 2024-12-11T01:21:07.154063+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": added IKEv2 connection 2024-12-11T01:21:07.154171+00:00 98bb14a32b98 pluto[705]: listening for IKE messages 2024-12-11T01:21:07.154260+00:00 98bb14a32b98 pluto[705]: Kernel supports NIC esp-hw-offload 2024-12-11T01:21:07.154368+00:00 98bb14a32b98 pluto[705]: adding interface eth0 172.17.0.2:UDP/500 2024-12-11T01:21:07.154448+00:00 98bb14a32b98 pluto[705]: adding interface eth0 172.17.0.2:UDP/4500 (NAT) 2024-12-11T01:21:07.154508+00:00 98bb14a32b98 pluto[705]: adding interface lo 127.0.0.1:UDP/500 2024-12-11T01:21:07.154565+00:00 98bb14a32b98 pluto[705]: adding interface lo 127.0.0.1:UDP/4500 (NAT) 2024-12-11T01:21:07.154628+00:00 98bb14a32b98 pluto[705]: adding interface lo [::1]:UDP/500 2024-12-11T01:21:07.154695+00:00 98bb14a32b98 pluto[705]: adding interface lo [::1]:UDP/4500 (NAT) 2024-12-11T01:21:07.154750+00:00 98bb14a32b98 pluto[705]: "l2tp-psk": oriented IKEv1 connection (local: left=172.17.0.2 remote: right=0.0.0.0) 2024-12-11T01:21:07.154799+00:00 98bb14a32b98 pluto[705]: "xauth-psk": oriented IKEv1 connection (local: left=172.17.0.2 remote: right=0.0.0.0) 2024-12-11T01:21:07.154846+00:00 98bb14a32b98 pluto[705]: "ikev2-cp": oriented IKEv2 connection (local: left=172.17.0.2 remote: right=0.0.0.0) 2024-12-11T01:21:07.156904+00:00 98bb14a32b98 pluto[705]: forgetting secrets 2024-12-11T01:21:07.157014+00:00 98bb14a32b98 pluto[705]: loading secrets from "/etc/ipsec.secrets" 2024-12-11T01:21:07.157195+00:00 98bb14a32b98 pluto[705]: addconn: "ikev2-cp": ikev2=yes has been replaced by keyexchange=ikev2 2024-12-11T01:21:07.157239+00:00 98bb14a32b98 pluto[705]: addconn: "ikev2-cp": added IKEv2 connection 2024-12-11T01:21:07.157264+00:00 98bb14a32b98 pluto[705]: addconn: listening for IKE messages 2024-12-11T01:21:07.157287+00:00 98bb14a32b98 pluto[705]: addconn: Kernel supports NIC esp-hw-offload 2024-12-11T01:21:07.157309+00:00 98bb14a32b98 pluto[705]: addconn: adding interface eth0 172.17.0.2:UDP/500 2024-12-11T01:21:07.157332+00:00 98bb14a32b98 pluto[705]: addconn: adding interface eth0 172.17.0.2:UDP/4500 (NAT) 2024-12-11T01:21:07.157353+00:00 98bb14a32b98 pluto[705]: addconn: adding interface lo 127.0.0.1:UDP/500 2024-12-11T01:21:07.157375+00:00 98bb14a32b98 pluto[705]: addconn: adding interface lo 127.0.0.1:UDP/4500 (NAT) 2024-12-11T01:21:07.157396+00:00 98bb14a32b98 pluto[705]: addconn: adding interface lo [::1]:UDP/500 2024-12-11T01:21:07.157418+00:00 98bb14a32b98 pluto[705]: addconn: adding interface lo [::1]:UDP/4500 (NAT) 2024-12-11T01:21:07.157441+00:00 98bb14a32b98 pluto[705]: addconn: "l2tp-psk": oriented IKEv1 connection (local: left=172.17.0.2 remote: right=0.0.0.0) 2024-12-11T01:21:07.157470+00:00 98bb14a32b98 pluto[705]: addconn: "xauth-psk": oriented 2024-12-11T01:21:07.157518+00:00 98bb14a32b98 pluto[705]: addconn: IKEv1 connection (local: left=172.17.0.2 remote: right=0.0.0.0) 2024-12-11T01:21:07.157561+00:00 98bb14a32b98 pluto[705]: addconn: "ikev2-cp": oriented IKEv2 connection (local: left=172.17.0.2 remote: right=0.0.0.0) 2024-12-11T01:21:07.157584+00:00 98bb14a32b98 pluto[705]: addconn: forgetting secrets 2024-12-11T01:21:07.157606+00:00 98bb14a32b98 pluto[705]: addconn: loading secrets from "/etc/ipsec.secrets" 2024-12-11T01:21:07.157627+00:00 98bb14a32b98 pluto[705]: addconn: 2024-12-11T01:22:40.982711+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: responding to Main Mode from unknown peer 172.203.235.188:500 2024-12-11T01:22:40.982777+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused 2024-12-11T01:22:40.982786+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused 2024-12-11T01:22:40.982853+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: sent Main Mode R1 2024-12-11T01:22:41.340933+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: sent Main Mode R2 2024-12-11T01:22:41.719108+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: Peer ID is ID_IPV4_ADDR: '192.168.42.10' 2024-12-11T01:22:41.719270+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188 #1: switched to "l2tp-psk"[2] 172.203.235.188 2024-12-11T01:22:41.719310+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[1] 172.203.235.188: deleting connection instance with peer 172.203.235.188 2024-12-11T01:22:41.719495+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048} 2024-12-11T01:22:41.719539+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #1: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support 2024-12-11T01:22:42.110486+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #1: the peer proposed: 52.151.22.117/32/UDP/1701===192.168.42.10/32/UDP/1701 2024-12-11T01:22:42.110607+00:00 98bb14a32b98 pluto[705]: | checking hostpair 172.17.0.2/32:1701 -> 172.203.235.188/32:0 2024-12-11T01:22:42.110649+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #1: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others 2024-12-11T01:22:42.110831+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #2: responding to Quick Mode proposal {msgid:00000001} using ISAKMP SA #1 2024-12-11T01:22:42.110876+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #2: us: 172.17.0.2/32/UDP/1701===172.17.0.2[52.151.22.117] them: 172.203.235.188[192.168.42.10]===172.203.235.188/32/UDP/1701 2024-12-11T01:22:42.111174+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #2: sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation transport mode {ESPinUDP=>0xe64d1ff6 <0x31b22e3a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.42.10 NATD=172.203.235.188:4500 DPD=unsupported} 2024-12-11T01:22:42.501822+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[2] 172.203.235.188 #2: IPsec SA established transport mode {ESPinUDP=>0xe64d1ff6 <0x31b22e3a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.42.10 NATD=172.203.235.188:4500 DPD=unsupported} 2024-12-11T01:23:48.262878+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: responding to Main Mode from unknown peer 114.255.230.30:500 2024-12-11T01:23:48.262917+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused 2024-12-11T01:23:48.262926+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused 2024-12-11T01:23:48.262990+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: sent Main Mode R1 2024-12-11T01:23:48.738557+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: sent Main Mode R2 2024-12-11T01:23:49.141251+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: Peer ID is ID_IPV4_ADDR: '10.191.120.128' 2024-12-11T01:23:49.141357+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30 #3: switched to "l2tp-psk"[4] 114.255.230.30 2024-12-11T01:23:49.141369+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[3] 114.255.230.30: deleting connection instance with peer 114.255.230.30 2024-12-11T01:23:49.141618+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048} 2024-12-11T01:23:49.141627+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support 2024-12-11T01:23:50.155013+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:23:51.171704+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:23:54.178542+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:23:57.204326+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:00.203045+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:03.208496+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:06.219714+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:09.226498+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:12.233921+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:15.249039+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:18.249332+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:21.249501+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:24.265534+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:27.262465+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:30.261245+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:33.269725+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:36.391734+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: responding to Main Mode from unknown peer 114.255.230.30:500 2024-12-11T01:24:36.391866+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused 2024-12-11T01:24:36.391903+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused 2024-12-11T01:24:36.391983+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: sent Main Mode R1 2024-12-11T01:24:36.743957+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: sent Main Mode R2 2024-12-11T01:24:37.049519+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: Peer ID is ID_IPV4_ADDR: '10.191.120.128' 2024-12-11T01:24:37.049778+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048} 2024-12-11T01:24:37.049822+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #4: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support 2024-12-11T01:24:38.844857+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: responding to Main Mode from unknown peer 114.255.230.30:500 2024-12-11T01:24:38.844996+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused 2024-12-11T01:24:38.845033+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused 2024-12-11T01:24:38.845117+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: sent Main Mode R1 2024-12-11T01:24:39.231374+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: sent Main Mode R2 2024-12-11T01:24:39.498904+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: Peer ID is ID_IPV4_ADDR: '10.191.120.128' 2024-12-11T01:24:39.499217+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048} 2024-12-11T01:24:39.499262+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support 2024-12-11T01:24:40.506573+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:24:41.519482+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:24:44.527524+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:47.536394+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:50.548871+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:53.566876+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:56.575493+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:24:59.585022+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:02.587930+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:05.605949+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:08.613817+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:11.609479+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:14.621295+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:17.619961+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:20.634016+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:23.633626+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #5: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:26.941347+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: responding to Main Mode from unknown peer 114.255.230.30:500 2024-12-11T01:25:26.941478+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused 2024-12-11T01:25:26.941514+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused 2024-12-11T01:25:26.941597+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: sent Main Mode R1 2024-12-11T01:25:27.303687+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: sent Main Mode R2 2024-12-11T01:25:27.622795+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: Peer ID is ID_IPV4_ADDR: '10.191.120.128' 2024-12-11T01:25:27.623091+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048} 2024-12-11T01:25:27.623137+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support 2024-12-11T01:25:28.634116+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:25:29.646694+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:25:32.662073+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:35.671177+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:38.673727+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:25:41.689389+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #6: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:07.521892+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: responding to Main Mode from unknown peer 114.255.230.30:500 2024-12-11T01:26:07.521931+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused 2024-12-11T01:26:07.521940+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused 2024-12-11T01:26:07.521999+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: sent Main Mode R1 2024-12-11T01:26:07.906962+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: sent Main Mode R2 2024-12-11T01:26:08.194590+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: Peer ID is ID_IPV4_ADDR: '10.191.120.128' 2024-12-11T01:26:08.194744+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048} 2024-12-11T01:26:08.194751+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support 2024-12-11T01:26:09.197688+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:26:10.209501+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:26:13.214366+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:16.224397+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:19.232049+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:22.239729+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:25.243503+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:28.255431+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:31.263508+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:34.275295+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:37.283859+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:40.297590+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:43.307680+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:46.325429+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:49.329892+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:52.338207+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #7: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:26:55.441999+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: responding to Main Mode from unknown peer 114.255.230.30:500 2024-12-11T01:26:55.442135+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused 2024-12-11T01:26:55.442171+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused 2024-12-11T01:26:55.442255+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: sent Main Mode R1 2024-12-11T01:26:55.831964+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: sent Main Mode R2 2024-12-11T01:26:56.201418+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: Peer ID is ID_IPV4_ADDR: '10.191.120.128' 2024-12-11T01:26:56.201707+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048} 2024-12-11T01:26:56.201751+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support 2024-12-11T01:26:57.207637+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:26:58.218833+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: retransmitting in response to duplicate packet; already STATE_MAIN_R3 2024-12-11T01:27:01.234619+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:27:04.233355+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:27:07.247277+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 2024-12-11T01:27:10.246066+00:00 98bb14a32b98 pluto[705]: "l2tp-psk"[4] 114.255.230.30 #8: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3 ```
kerem commented 2026-03-02 08:18:56 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Dec 11, 2024):

@guobinzhao 你好!从日志来看,可能是连接被屏蔽或干扰了。建议你尝试 IPsec VPN 以外的其他解决方案,比如 Shadowsocks。

<!-- gh-comment-id:2533416628 --> @hwdsl2 commented on GitHub (Dec 11, 2024): @guobinzhao 你好!从日志来看,可能是连接被屏蔽或干扰了。建议你尝试 IPsec VPN 以外的其他解决方案,比如 Shadowsocks。
kerem commented 2026-03-02 08:18:56 +03:00
Author
Owner
Copy link

@guobinzhao commented on GitHub (Dec 12, 2024):

好吧,感谢,我换了好几个vpn,也换了region都不行,不知道是否有人和我一样。any way,thanks a lot for looking into this issue. @hwdsl2

<!-- gh-comment-id:2537522169 --> @guobinzhao commented on GitHub (Dec 12, 2024): 好吧,感谢,我换了好几个vpn,也换了region都不行,不知道是否有人和我一样。any way,thanks a lot for looking into this issue. @hwdsl2
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#432
No description provided.