VPN连接 #631

ghost · 2019-09-15T05:26:15Z

L2TP-VPN 服务器没有响应。请尝试重新连接。如果仍然有问题，请验证您的设置并与管理员联系。

hwdsl2 · 2019-09-16T06:36:33Z

@Regis2000 你好！检查一下 Libreswan 和 xl2tpd 日志 [1] 是否有错误？另外你的 VPN 客户端是什么系统以及什么系统版本？

[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#%E9%A2%9D%E5%A4%96%E7%9A%84%E6%AD%A5%E9%AA%A4

ghost · 2019-09-17T02:48:58Z

您好，下面是我按照您链接操作的之后的代码，请问OS X 网络里面自带的那个是VPN客户端吗？ [email protected]'s password: Last login: Sun Sep 15 13:31:08 2019 from 143.246.164.31 Welcome to Huawei Cloud Service

…

-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory [root@ecs-s6-medium-2-linux-20190915000804 ~]# service ipsec restart Shutting down pluto IKE daemon 002 shutting down Starting pluto IKE daemon for IPsec: . [root@ecs-s6-medium-2-linux-20190915000804 ~]# service xl2tpd restart Stopping xl2tpd: [ OK ] Starting xl2tpd: [ OK ] [root@ecs-s6-medium-2-linux-20190915000804 ~]# # Ubuntu & Debian [root@ecs-s6-medium-2-linux-20190915000804 ~]# grep pluto /var/log/auth.log grep: /var/log/auth.log: No such file or directory [root@ecs-s6-medium-2-linux-20190915000804 ~]# grep xl2tpd /var/log/syslog grep: /var/log/syslog: No such file or directory [root@ecs-s6-medium-2-linux-20190915000804 ~]# [root@ecs-s6-medium-2-linux-20190915000804 ~]# # CentOS & RHEL [root@ecs-s6-medium-2-linux-20190915000804 ~]# grep pluto /var/log/secure Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 ipsec__plutorun: Starting Pluto Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: NSS DB directory: sql:/etc/ipsec.d Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Initializing NSS Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: NSS initialized Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: NSS crypto library initialized Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: FIPS HMAC integrity support [disabled] Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: libcap-ng support [enabled] Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Linux audit support [disabled] Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (AVA copy) LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8685 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: core dump dir: /run/pluto Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: secrets file: /etc/ipsec.secrets Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: leak-detective disabled Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: NSS crypto [enabled] Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: XAUTH PAM support [enabled] Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500) Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: NAT-Traversal support [enabled] Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Encryption algorithms: Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: NULL IKEv1: ESP IKEv2: ESP [] Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Hash algorithms: Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: MD5 IKEv1: IKE IKEv2: Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: PRF algorithms: Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Integrity algorithms: Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: DH algorithms: Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: 1 CPU cores online Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: starting up 1 crypto helpers Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: started thread for crypto helper 0 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Using Linux XFRM/NETKEY IPsec interface code on 2.6.32-754.15.3.el6.x86_64 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: selinux support is NOT enabled. Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: seccomp security not supported Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: seccomp security for crypto helper not supported Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: added connection description "l2tp-psk" Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: added connection description "xauth-psk" Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: listening for IKE messages Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: ERROR: can't offload to eth0 because SIOCETHTOOL ETHTOOL_GSSET_INFO failed. Errno 95: Operation not supported Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Kernel does not support NIC esp-hw-offload Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: adding interface eth0/eth0 (esp-hw-offload=no) 192.168.0.163:500 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: adding interface eth0/eth0 192.168.0.163:4500 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Kernel does not support NIC esp-hw-offload Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: adding interface lo/lo 127.0.0.1:4500 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: Kernel does not support NIC esp-hw-offload Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: adding interface lo/lo (esp-hw-offload=no) ::1:500 Sep 15 12:57:22 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: loading secrets from "/etc/ipsec.secrets" Sep 15 13:04:21 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: shutting down Sep 15 13:04:21 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: forgetting secrets Sep 15 13:04:21 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: shutting down interface lo/lo ::1:500 Sep 15 13:04:21 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: shutting down interface lo/lo 127.0.0.1:4500 Sep 15 13:04:21 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: shutting down interface lo/lo 127.0.0.1:500 Sep 15 13:04:21 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: shutting down interface eth0/eth0 192.168.0.163:4500 Sep 15 13:04:21 ecs-s6-medium-2-linux-20190915000804 pluto[8685]: shutting down interface eth0/eth0 192.168.0.163:500 Sep 15 13:04:21 ecs-s6-medium-2-linux-20190915000804 ipsec__plutorun: pluto killed by SIGTERM, terminating without restart Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 ipsec__plutorun: Starting Pluto Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: NSS DB directory: sql:/etc/ipsec.d Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Initializing NSS Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: NSS initialized Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: NSS crypto library initialized Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: FIPS HMAC integrity support [disabled] Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: libcap-ng support [enabled] Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Linux audit support [disabled] Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (AVA copy) LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8987 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: core dump dir: /run/pluto Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: secrets file: /etc/ipsec.secrets Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: leak-detective disabled Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: NSS crypto [enabled] Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: XAUTH PAM support [enabled] Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500) Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: NAT-Traversal support [enabled] Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Encryption algorithms: Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: NULL IKEv1: ESP IKEv2: ESP [] Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Hash algorithms: Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: MD5 IKEv1: IKE IKEv2: Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: PRF algorithms: Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Integrity algorithms: Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: DH algorithms: Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: 1 CPU cores online Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: starting up 1 crypto helpers Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: started thread for crypto helper 0 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Using Linux XFRM/NETKEY IPsec interface code on 2.6.32-754.15.3.el6.x86_64 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: selinux support is NOT enabled. Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: seccomp security not supported Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: seccomp security for crypto helper not supported Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: added connection description "l2tp-psk" Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: added connection description "xauth-psk" Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: listening for IKE messages Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: ERROR: can't offload to eth0 because SIOCETHTOOL ETHTOOL_GSSET_INFO failed. Errno 95: Operation not supported Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Kernel does not support NIC esp-hw-offload Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: adding interface eth0/eth0 (esp-hw-offload=no) 192.168.0.163:500 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: adding interface eth0/eth0 192.168.0.163:4500 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Kernel does not support NIC esp-hw-offload Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: adding interface lo/lo 127.0.0.1:4500 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: Kernel does not support NIC esp-hw-offload Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: adding interface lo/lo (esp-hw-offload=no) ::1:500 Sep 15 13:04:22 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: loading secrets from "/etc/ipsec.secrets" Sep 15 13:23:43 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: forgetting secrets Sep 15 13:23:43 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: loading secrets from "/etc/ipsec.secrets" Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: shutting down Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: forgetting secrets Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: shutting down interface lo/lo ::1:500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: shutting down interface lo/lo 127.0.0.1:4500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: shutting down interface lo/lo 127.0.0.1:500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: shutting down interface eth0/eth0 192.168.0.163:4500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[8987]: shutting down interface eth0/eth0 192.168.0.163:500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 ipsec__plutorun: pluto killed by SIGTERM, terminating without restart Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 ipsec__plutorun: Starting Pluto Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: NSS DB directory: sql:/etc/ipsec.d Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Initializing NSS Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: NSS initialized Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: NSS crypto library initialized Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: FIPS HMAC integrity support [disabled] Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: libcap-ng support [enabled] Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Linux audit support [disabled] Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (AVA copy) LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:29806 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: core dump dir: /run/pluto Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: secrets file: /etc/ipsec.secrets Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: leak-detective disabled Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: NSS crypto [enabled] Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: XAUTH PAM support [enabled] Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500) Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: NAT-Traversal support [enabled] Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Encryption algorithms: Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: NULL IKEv1: ESP IKEv2: ESP [] Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Hash algorithms: Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: MD5 IKEv1: IKE IKEv2: Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: PRF algorithms: Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Integrity algorithms: Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: DH algorithms: Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: 1 CPU cores online Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: starting up 1 crypto helpers Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: started thread for crypto helper 0 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Using Linux XFRM/NETKEY IPsec interface code on 2.6.32-754.15.3.el6.x86_64 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: selinux support is NOT enabled. Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: seccomp security not supported Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: seccomp security for crypto helper not supported Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: added connection description "l2tp-psk" Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: added connection description "xauth-psk" Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: listening for IKE messages Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: ERROR: can't offload to eth0 because SIOCETHTOOL ETHTOOL_GSSET_INFO failed. Errno 95: Operation not supported Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Kernel does not support NIC esp-hw-offload Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: adding interface eth0/eth0 (esp-hw-offload=no) 192.168.0.163:500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: adding interface eth0/eth0 192.168.0.163:4500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Kernel does not support NIC esp-hw-offload Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: adding interface lo/lo 127.0.0.1:4500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: Kernel does not support NIC esp-hw-offload Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: adding interface lo/lo (esp-hw-offload=no) ::1:500 Sep 15 13:32:54 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: loading secrets from "/etc/ipsec.secrets" Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: shutting down Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: forgetting secrets Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: shutting down interface lo/lo ::1:500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: shutting down interface lo/lo 127.0.0.1:4500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: shutting down interface lo/lo 127.0.0.1:500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: shutting down interface eth0/eth0 192.168.0.163:4500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[29806]: shutting down interface eth0/eth0 192.168.0.163:500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 ipsec__plutorun: pluto killed by SIGTERM, terminating without restart Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 ipsec__plutorun: Starting Pluto Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: NSS DB directory: sql:/etc/ipsec.d Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Initializing NSS Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: NSS initialized Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: NSS crypto library initialized Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: FIPS HMAC integrity support [disabled] Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: libcap-ng support [enabled] Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Linux audit support [disabled] Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (AVA copy) LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:31257 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: core dump dir: /run/pluto Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: secrets file: /etc/ipsec.secrets Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: leak-detective disabled Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: NSS crypto [enabled] Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: XAUTH PAM support [enabled] Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500) Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: NAT-Traversal support [enabled] Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Encryption algorithms: Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: NULL IKEv1: ESP IKEv2: ESP [] Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Hash algorithms: Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: MD5 IKEv1: IKE IKEv2: Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: PRF algorithms: Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Integrity algorithms: Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: DH algorithms: Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: 1 CPU cores online Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: starting up 1 crypto helpers Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: started thread for crypto helper 0 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Using Linux XFRM/NETKEY IPsec interface code on 2.6.32-754.15.3.el6.x86_64 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: selinux support is NOT enabled. Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: seccomp security not supported Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: seccomp security for crypto helper not supported Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: added connection description "l2tp-psk" Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: added connection description "xauth-psk" Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: listening for IKE messages Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: ERROR: can't offload to eth0 because SIOCETHTOOL ETHTOOL_GSSET_INFO failed. Errno 95: Operation not supported Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Kernel does not support NIC esp-hw-offload Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: adding interface eth0/eth0 (esp-hw-offload=no) 192.168.0.163:500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: adding interface eth0/eth0 192.168.0.163:4500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Kernel does not support NIC esp-hw-offload Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: adding interface lo/lo 127.0.0.1:4500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: Kernel does not support NIC esp-hw-offload Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: adding interface lo/lo (esp-hw-offload=no) ::1:500 Sep 17 10:43:46 ecs-s6-medium-2-linux-20190915000804 pluto[31257]: loading secrets from "/etc/ipsec.secrets" [root@ecs-s6-medium-2-linux-20190915000804 ~]# grep xl2tpd /var/log/messages Sep 15 12:55:35 ecs-s6-medium-2-linux-20190915000804 yum[3317]: Installed: xl2tpd-1.3.8-1.el6.x86_64 Sep 15 12:57:23 ecs-s6-medium-2-linux-20190915000804 xl2tpd[8712]: setsockopt recvref[30]: Protocol not available Sep 15 12:57:23 ecs-s6-medium-2-linux-20190915000804 xl2tpd[8712]: Using l2tp kernel support. Sep 15 12:57:23 ecs-s6-medium-2-linux-20190915000804 xl2tpd[8713]: xl2tpd version xl2tpd-1.3.8 started on ecs-s6-medium-2-linux-20190915000804 PID:8713 Sep 15 12:57:23 ecs-s6-medium-2-linux-20190915000804 xl2tpd[8713]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Sep 15 12:57:23 ecs-s6-medium-2-linux-20190915000804 xl2tpd[8713]: Forked by Scott Balmos and David Stipp, (C) 2001 Sep 15 12:57:23 ecs-s6-medium-2-linux-20190915000804 xl2tpd[8713]: Inherited by Jeff McAdams, (C) 2002 Sep 15 12:57:23 ecs-s6-medium-2-linux-20190915000804 xl2tpd[8713]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Sep 15 12:57:23 ecs-s6-medium-2-linux-20190915000804 xl2tpd[8713]: Listening on IP address 0.0.0.0, port 1701 Sep 15 13:04:27 ecs-s6-medium-2-linux-20190915000804 xl2tpd[8713]: death_handler: Fatal signal 15 received Sep 15 13:04:27 ecs-s6-medium-2-linux-20190915000804 xl2tpd[9013]: setsockopt recvref[30]: Protocol not available Sep 15 13:04:27 ecs-s6-medium-2-linux-20190915000804 xl2tpd[9013]: Using l2tp kernel support. Sep 15 13:04:27 ecs-s6-medium-2-linux-20190915000804 xl2tpd[9014]: xl2tpd version xl2tpd-1.3.8 started on ecs-s6-medium-2-linux-20190915000804 PID:9014 Sep 15 13:04:27 ecs-s6-medium-2-linux-20190915000804 xl2tpd[9014]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Sep 15 13:04:27 ecs-s6-medium-2-linux-20190915000804 xl2tpd[9014]: Forked by Scott Balmos and David Stipp, (C) 2001 Sep 15 13:04:27 ecs-s6-medium-2-linux-20190915000804 xl2tpd[9014]: Inherited by Jeff McAdams, (C) 2002 Sep 15 13:04:27 ecs-s6-medium-2-linux-20190915000804 xl2tpd[9014]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Sep 15 13:04:27 ecs-s6-medium-2-linux-20190915000804 xl2tpd[9014]: Listening on IP address 0.0.0.0, port 1701 Sep 17 10:44:00 ecs-s6-medium-2-linux-20190915000804 xl2tpd[9014]: death_handler: Fatal signal 15 received Sep 17 10:44:00 ecs-s6-medium-2-linux-20190915000804 xl2tpd[31283]: setsockopt recvref[30]: Protocol not available Sep 17 10:44:00 ecs-s6-medium-2-linux-20190915000804 xl2tpd[31283]: Using l2tp kernel support. Sep 17 10:44:00 ecs-s6-medium-2-linux-20190915000804 xl2tpd[31284]: xl2tpd version xl2tpd-1.3.8 started on ecs-s6-medium-2-linux-20190915000804 PID:31284 Sep 17 10:44:00 ecs-s6-medium-2-linux-20190915000804 xl2tpd[31284]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Sep 17 10:44:00 ecs-s6-medium-2-linux-20190915000804 xl2tpd[31284]: Forked by Scott Balmos and David Stipp, (C) 2001 Sep 17 10:44:00 ecs-s6-medium-2-linux-20190915000804 xl2tpd[31284]: Inherited by Jeff McAdams, (C) 2002 Sep 17 10:44:00 ecs-s6-medium-2-linux-20190915000804 xl2tpd[31284]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Sep 17 10:44:00 ecs-s6-medium-2-linux-20190915000804 xl2tpd[31284]: Listening on IP address 0.0.0.0, port 1701 [root@ecs-s6-medium-2-linux-20190915000804 ~]# ipsec status 000 using kernel interface: netkey 000 interface lo/lo ::1@500 000 interface lo/lo 127.0.0.1@4500 000 interface lo/lo 127.0.0.1@500 000 interface eth0/eth0 192.168.0.163@4500 000 interface eth0/eth0 192.168.0.163@500 000 000 000 fips mode=disabled; 000 SElinux=disabled 000 seccomp=unsupported 000 000 config setup options: 000 000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d 000 nssdir=/etc/ipsec.d, dumpdir=/run/pluto, statsbin=unset 000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec 000 pluto_version=3.29, pluto_vendorid=OE-Libreswan-3.29 000 nhelpers=-1, uniqueids=no, dnssec-enable=no, perpeerlog=no, logappend=yes, logip=yes, shuntlifetime=900s, xfrmlifetime=30s 000 ddos-cookies-threshold=50000, ddos-max-halfopen=25000, ddos-mode=auto 000 ikeport=500, ikebuf=0, msg_errqueue=yes, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>, nflog-all=0 000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset> 000 ocsp-trust-name=<unset> 000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get 000 global-redirect=no, global-redirect-to=<unset> 000 secctx-attr-type=32001 000 debug: 000 000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500 000 virtual-private (%priv): 000 - allowed subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 000 - excluded subnets: 192.168.42.0/24, 192.168.43.0/24 000 000 Kernel algorithms supported: 000 000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CTR, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CAMELLIA_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CHACHA20_POLY1305, keysizemin=256, keysizemax=256 000 algorithm ESP encrypt: name=NULL, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: name=NULL_AUTH_AES_GMAC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=SERPENT_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=TWOFISH_CBC, keysizemin=128, keysizemax=256 000 algorithm AH/ESP auth: name=AES_CMAC_96, key-length=128 000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384 000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512 000 algorithm AH/ESP auth: name=NONE, key-length=0 000 000 IKE algorithms supported: 000 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28, v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256 000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16 000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20 000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32 000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48 000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64 000 algorithm IKE PRF: name=AES_XCBC, hashlen=16 000 algorithm IKE DH Key Exchange: name=MODP1024, bits=1024 000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536 000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048 000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072 000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096 000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144 000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192 000 algorithm IKE DH Key Exchange: name=DH19, bits=512 000 algorithm IKE DH Key Exchange: name=DH20, bits=768 000 algorithm IKE DH Key Exchange: name=DH21, bits=1056 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 Connection list: 000 000 "l2tp-psk": 192.168.0.163[114.116.235.147]:17/1701---192.168.0.1...%any:17/%any; unrouted; eroute owner: #0 000 "l2tp-psk": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "l2tp-psk": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "l2tp-psk": our auth:secret, their auth:secret 000 "l2tp-psk": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "l2tp-psk": labeled_ipsec:no; 000 "l2tp-psk": policy_label:unset; 000 "l2tp-psk": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 5; 000 "l2tp-psk": retransmit-interval: 500ms; retransmit-timeout: 60s; 000 "l2tp-psk": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "l2tp-psk": policy: PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "l2tp-psk": conn_prio: 32,32; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "l2tp-psk": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "l2tp-psk": our idtype: ID_IPV4_ADDR; our id=114.116.235.147; their idtype: %none; their id=(none) 000 "l2tp-psk": dpd: action:clear; delay:30; timeout:120; nat-t: encaps:yes; nat_keepalive:yes; ikev1_natt:both 000 "l2tp-psk": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "l2tp-psk": IKE algorithms: AES_CBC_256-HMAC_SHA2_256-MODP2048, AES_CBC_256-HMAC_SHA2_256-MODP1536, AES_CBC_128-HMAC_SHA2_256-MODP2048, AES_CBC_128-HMAC_SHA2_256-MODP1536, AES_CBC_256-HMAC_SHA1-MODP2048, AES_CBC_256-HMAC_SHA1-MODP1536, AES_CBC_128-HMAC_SHA1-MODP2048, AES_CBC_128-HMAC_SHA1-MODP1536, AES_CBC_256-HMAC_SHA2_256-MODP1024, AES_CBC_128-HMAC_SHA1-MODP1024 000 "l2tp-psk": ESP algorithms: AES_GCM_16-NONE, AES_CBC_128-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA2_512_256, AES_CBC_128-HMAC_SHA2_256_128, AES_CBC_256-HMAC_SHA2_256_128 000 "xauth-psk": 0.0.0.0/0===192.168.0.163[114.116.235.147,MS+XS+S=C]---192.168.0.1...%any[+MC+XC+S=C]; unrouted; eroute owner: #0 000 "xauth-psk": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "xauth-psk": xauth us:server, xauth them:client, xauthby:file; my_username=[any]; their_username=[any] 000 "xauth-psk": our auth:secret, their auth:secret 000 "xauth-psk": modecfg info: us:server, them:client, modecfg policy:pull, dns:8.8.8.8 8.8.4.4, domains:unset, banner:unset, cat:unset; 000 "xauth-psk": labeled_ipsec:no; 000 "xauth-psk": policy_label:unset; 000 "xauth-psk": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 5; 000 "xauth-psk": retransmit-interval: 500ms; retransmit-timeout: 60s; 000 "xauth-psk": initial-contact:no; cisco-unity:yes; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "xauth-psk": policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "xauth-psk": conn_prio: 0,32; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "xauth-psk": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "xauth-psk": our idtype: ID_IPV4_ADDR; our id=114.116.235.147; their idtype: %none; their id=(none) 000 "xauth-psk": dpd: action:clear; delay:30; timeout:120; nat-t: encaps:yes; nat_keepalive:yes; ikev1_natt:both 000 "xauth-psk": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "xauth-psk": IKE algorithms: AES_CBC_256-HMAC_SHA2_256-MODP2048, AES_CBC_256-HMAC_SHA2_25

hwdsl2 · 2019-09-19T05:35:54Z

@Regis2000 你的日志显示连接请求没有到达 VPN 服务器。如果你的服务器有外部防火墙，比如 EC2
Security Group 或 GCP Firewall，检查一下是否打开了端口 UDP 500 和 UDP 4500。请参见你的服务器提供商的相关文档。阿里云用户参见 #433。

hwdsl2 closed this as completed Sep 16, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VPN连接 #631

VPN连接 #631

ghost commented Sep 15, 2019

hwdsl2 commented Sep 16, 2019

ghost commented Sep 17, 2019 via email

hwdsl2 commented Sep 19, 2019 •

edited

Loading

VPN连接 #631

VPN连接 #631

Comments

ghost commented Sep 15, 2019

hwdsl2 commented Sep 16, 2019

ghost commented Sep 17, 2019 via email

hwdsl2 commented Sep 19, 2019 • edited Loading

hwdsl2 commented Sep 19, 2019 •

edited

Loading