Message Regular expression reference Precede with exclamation (!) to exclude match. Invalid or potentially dangerous patterns will be ignored. 5000 Matched IPsec Log Entries. (Maximum 5000) Jun 8 04:32:55 charon 49573 05[CFG] selected peer config 'con2' Jun 8 04:32:55 charon 49573 05[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:32:55 charon 49573 05[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:32:55 charon 49573 05[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:32:55 charon 49573 05[IKE] successfully created shared key MAC Jun 8 04:32:55 charon 49573 05[IKE] IKE_SA con2[613] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:32:55 charon 49573 05[IKE] IKE_SA con2[613] state change: CONNECTING => ESTABLISHED Jun 8 04:32:55 charon 49573 05[IKE] scheduling rekeying in 25282s Jun 8 04:32:55 charon 49573 05[IKE] maximum IKE_SA lifetime 28162s Jun 8 04:32:55 charon 49573 05[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:32:55 charon 49573 05[CFG] proposing traffic selectors for us: Jun 8 04:32:55 charon 49573 05[CFG] 192.168.0.0/22|/0 Jun 8 04:32:55 charon 49573 05[CFG] 10.8.0.0/24|/0 Jun 8 04:32:55 charon 49573 05[CFG] proposing traffic selectors for other: Jun 8 04:32:55 charon 49573 05[CFG] 172.16.100.0/24|/0 Jun 8 04:32:55 charon 49573 05[CFG] 172.16.100.0/24|/0 Jun 8 04:32:55 charon 49573 05[CFG] candidate "con2" with prio 15+5 Jun 8 04:32:55 charon 49573 05[CFG] found matching child config "con2" with prio 20 Jun 8 04:32:55 charon 49573 05[CFG] selecting proposal: Jun 8 04:32:55 charon 49573 05[CFG] proposal matches Jun 8 04:32:55 charon 49573 05[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:32:55 charon 49573 05[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:32:55 charon 49573 05[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:32:55 charon 49573 05[CFG] selecting traffic selectors for us: Jun 8 04:32:55 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:32:55 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:32:55 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:32:55 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:32:55 charon 49573 05[CFG] selecting traffic selectors for other: Jun 8 04:32:55 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:32:55 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:32:55 charon 49573 05[CHD] CHILD_SA con2{1905} state change: CREATED => INSTALLING Jun 8 04:32:55 charon 49573 05[CHD] using AES_GCM_16 for encryption Jun 8 04:32:55 charon 49573 05[CHD] adding inbound ESP SA Jun 8 04:32:55 charon 49573 05[CHD] SPI 0xcc915277, src x.x.x.162 dst 192.168.177.22 Jun 8 04:32:55 charon 49573 05[CHD] adding outbound ESP SA Jun 8 04:32:55 charon 49573 05[CHD] SPI 0xc8c294cb, src 192.168.177.22 dst x.x.x.162 Jun 8 04:32:55 charon 49573 05[IKE] CHILD_SA con2{1905} established with SPIs cc915277_i c8c294cb_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:32:55 charon 49573 05[CHD] CHILD_SA con2{1905} state change: INSTALLING => INSTALLED Jun 8 04:32:55 charon 49573 05[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:32:55 charon 49573 05[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:33:00 charon 49573 10[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:33:00 charon 49573 10[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:33:00 charon 49573 10[IKE] received DELETE for IKE_SA con2[613] Jun 8 04:33:00 charon 49573 10[IKE] deleting IKE_SA con2[613] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:33:00 charon 49573 10[IKE] IKE_SA con2[613] state change: ESTABLISHED => DELETING Jun 8 04:33:00 charon 49573 10[IKE] IKE_SA deleted Jun 8 04:33:00 charon 49573 10[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:33:00 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:33:00 charon 49573 10[IKE] IKE_SA con2[613] state change: DELETING => DESTROYING Jun 8 04:33:00 charon 49573 10[CHD] CHILD_SA con2{1905} state change: INSTALLED => DESTROYING Jun 8 04:33:01 charon 49573 08[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:33:01 charon 49573 10[IKE] queueing IKE_VENDOR task Jun 8 04:33:01 charon 49573 10[IKE] queueing IKE_INIT task Jun 8 04:33:01 charon 49573 10[IKE] queueing IKE_NATD task Jun 8 04:33:01 charon 49573 10[IKE] queueing IKE_CERT_PRE task Jun 8 04:33:01 charon 49573 10[IKE] queueing IKE_AUTH task Jun 8 04:33:01 charon 49573 10[IKE] queueing IKE_CERT_POST task Jun 8 04:33:01 charon 49573 10[IKE] queueing IKE_CONFIG task Jun 8 04:33:01 charon 49573 10[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:33:01 charon 49573 10[IKE] queueing CHILD_CREATE task Jun 8 04:33:01 charon 49573 10[IKE] activating new tasks Jun 8 04:33:01 charon 49573 10[IKE] activating IKE_VENDOR task Jun 8 04:33:01 charon 49573 10[IKE] activating IKE_INIT task Jun 8 04:33:01 charon 49573 10[IKE] activating IKE_NATD task Jun 8 04:33:01 charon 49573 10[IKE] activating IKE_CERT_PRE task Jun 8 04:33:01 charon 49573 10[IKE] activating IKE_AUTH task Jun 8 04:33:01 charon 49573 10[IKE] activating IKE_CERT_POST task Jun 8 04:33:01 charon 49573 10[IKE] activating IKE_CONFIG task Jun 8 04:33:01 charon 49573 10[IKE] activating CHILD_CREATE task Jun 8 04:33:01 charon 49573 10[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:33:01 charon 49573 10[IKE] initiating IKE_SA con2[614] to x.x.x.162 Jun 8 04:33:01 charon 49573 10[IKE] IKE_SA con2[614] state change: CREATED => CONNECTING Jun 8 04:33:01 charon 49573 10[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:33:01 charon 49573 10[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:33:01 charon 49573 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:33:01 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:33:05 charon 49573 10[IKE] retransmit 1 of request with message ID 0 Jun 8 04:33:05 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:33:12 charon 49573 10[IKE] retransmit 2 of request with message ID 0 Jun 8 04:33:12 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:33:25 charon 49573 10[IKE] retransmit 3 of request with message ID 0 Jun 8 04:33:25 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:33:49 charon 49573 10[IKE] retransmit 4 of request with message ID 0 Jun 8 04:33:49 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:33:56 charon 49573 08[NET] <615> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:33:56 charon 49573 08[ENC] <615> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:33:56 charon 49573 08[CFG] <615> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:33:56 charon 49573 08[CFG] <615> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:33:56 charon 49573 08[CFG] <615> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:33:56 charon 49573 08[CFG] <615> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:33:56 charon 49573 08[IKE] <615> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:33:56 charon 49573 08[IKE] <615> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:33:56 charon 49573 08[IKE] <615> x.x.x.162 is initiating an IKE_SA Jun 8 04:33:56 charon 49573 08[IKE] <615> IKE_SA (unnamed)[615] state change: CREATED => CONNECTING Jun 8 04:33:56 charon 49573 08[CFG] <615> selecting proposal: Jun 8 04:33:56 charon 49573 08[CFG] <615> proposal matches Jun 8 04:33:56 charon 49573 08[CFG] <615> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:33:56 charon 49573 08[CFG] <615> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:33:56 charon 49573 08[CFG] <615> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:33:56 charon 49573 08[CFG] <615> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:33:56 charon 49573 08[IKE] <615> local host is behind NAT, sending keep alives Jun 8 04:33:56 charon 49573 08[CFG] <615> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:33:56 charon 49573 08[IKE] <615> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:33:56 charon 49573 08[ENC] <615> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:33:56 charon 49573 08[NET] <615> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:33:56 charon 49573 08[NET] <615> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:33:56 charon 49573 08[ENC] <615> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:33:56 charon 49573 08[IKE] <615> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:33:56 charon 49573 08[IKE] <615> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:33:56 charon 49573 08[CFG] <615> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:33:56 charon 49573 08[CFG] <615> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:33:56 charon 49573 08[CFG] selected peer config 'con2' Jun 8 04:33:56 charon 49573 08[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:33:56 charon 49573 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:33:56 charon 49573 08[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:33:56 charon 49573 08[IKE] successfully created shared key MAC Jun 8 04:33:56 charon 49573 08[IKE] IKE_SA con2[615] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:33:56 charon 49573 08[IKE] IKE_SA con2[615] state change: CONNECTING => ESTABLISHED Jun 8 04:33:56 charon 49573 08[IKE] scheduling rekeying in 24857s Jun 8 04:33:56 charon 49573 08[IKE] maximum IKE_SA lifetime 27737s Jun 8 04:33:56 charon 49573 08[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:33:56 charon 49573 08[CFG] proposing traffic selectors for us: Jun 8 04:33:56 charon 49573 08[CFG] 192.168.0.0/22|/0 Jun 8 04:33:56 charon 49573 08[CFG] 10.8.0.0/24|/0 Jun 8 04:33:56 charon 49573 08[CFG] proposing traffic selectors for other: Jun 8 04:33:56 charon 49573 08[CFG] 172.16.100.0/24|/0 Jun 8 04:33:56 charon 49573 08[CFG] 172.16.100.0/24|/0 Jun 8 04:33:56 charon 49573 08[CFG] candidate "con2" with prio 15+5 Jun 8 04:33:56 charon 49573 08[CFG] found matching child config "con2" with prio 20 Jun 8 04:33:56 charon 49573 08[CFG] selecting proposal: Jun 8 04:33:56 charon 49573 08[CFG] proposal matches Jun 8 04:33:56 charon 49573 08[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:33:56 charon 49573 08[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:33:56 charon 49573 08[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:33:56 charon 49573 08[CFG] selecting traffic selectors for us: Jun 8 04:33:56 charon 49573 08[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:33:56 charon 49573 08[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:33:56 charon 49573 08[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:33:56 charon 49573 08[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:33:56 charon 49573 08[CFG] selecting traffic selectors for other: Jun 8 04:33:56 charon 49573 08[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:33:56 charon 49573 08[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:33:56 charon 49573 08[CHD] CHILD_SA con2{1906} state change: CREATED => INSTALLING Jun 8 04:33:56 charon 49573 08[CHD] using AES_GCM_16 for encryption Jun 8 04:33:56 charon 49573 08[CHD] adding inbound ESP SA Jun 8 04:33:56 charon 49573 08[CHD] SPI 0xcbe7eb0e, src x.x.x.162 dst 192.168.177.22 Jun 8 04:33:56 charon 49573 08[CHD] adding outbound ESP SA Jun 8 04:33:56 charon 49573 08[CHD] SPI 0xcd1efb90, src 192.168.177.22 dst x.x.x.162 Jun 8 04:33:56 charon 49573 08[IKE] CHILD_SA con2{1906} established with SPIs cbe7eb0e_i cd1efb90_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:33:56 charon 49573 08[CHD] CHILD_SA con2{1906} state change: INSTALLING => INSTALLED Jun 8 04:33:56 charon 49573 08[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:33:56 charon 49573 08[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:34:00 charon 49573 08[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:34:00 charon 49573 08[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:34:00 charon 49573 08[IKE] received DELETE for IKE_SA con2[615] Jun 8 04:34:00 charon 49573 08[IKE] deleting IKE_SA con2[615] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:34:00 charon 49573 08[IKE] IKE_SA con2[615] state change: ESTABLISHED => DELETING Jun 8 04:34:00 charon 49573 08[IKE] IKE_SA deleted Jun 8 04:34:00 charon 49573 08[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:34:00 charon 49573 08[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:34:00 charon 49573 08[IKE] IKE_SA con2[615] state change: DELETING => DESTROYING Jun 8 04:34:00 charon 49573 08[CHD] CHILD_SA con2{1906} state change: INSTALLED => DESTROYING Jun 8 04:34:01 charon 49573 08[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:34:01 charon 49573 01[CFG] ignoring acquire, connection attempt pending Jun 8 04:34:31 charon 49573 01[IKE] retransmit 5 of request with message ID 0 Jun 8 04:34:31 charon 49573 01[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:34:57 charon 49573 01[NET] <616> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:34:57 charon 49573 01[ENC] <616> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:34:57 charon 49573 01[CFG] <616> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:34:57 charon 49573 01[CFG] <616> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:34:57 charon 49573 01[CFG] <616> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:34:57 charon 49573 01[CFG] <616> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:34:57 charon 49573 01[IKE] <616> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:34:57 charon 49573 01[IKE] <616> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:34:57 charon 49573 01[IKE] <616> x.x.x.162 is initiating an IKE_SA Jun 8 04:34:57 charon 49573 01[IKE] <616> IKE_SA (unnamed)[616] state change: CREATED => CONNECTING Jun 8 04:34:57 charon 49573 01[CFG] <616> selecting proposal: Jun 8 04:34:57 charon 49573 01[CFG] <616> proposal matches Jun 8 04:34:57 charon 49573 01[CFG] <616> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:34:57 charon 49573 01[CFG] <616> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:34:57 charon 49573 01[CFG] <616> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:34:57 charon 49573 01[CFG] <616> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:34:57 charon 49573 01[IKE] <616> local host is behind NAT, sending keep alives Jun 8 04:34:57 charon 49573 01[CFG] <616> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:34:57 charon 49573 01[IKE] <616> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:34:57 charon 49573 01[ENC] <616> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:34:57 charon 49573 01[NET] <616> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:34:57 charon 49573 01[NET] <616> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:34:57 charon 49573 01[ENC] <616> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:34:57 charon 49573 01[IKE] <616> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:34:57 charon 49573 01[IKE] <616> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:34:57 charon 49573 01[CFG] <616> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:34:57 charon 49573 01[CFG] <616> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:34:57 charon 49573 01[CFG] selected peer config 'con2' Jun 8 04:34:57 charon 49573 01[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:34:57 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:34:57 charon 49573 01[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:34:57 charon 49573 01[IKE] successfully created shared key MAC Jun 8 04:34:57 charon 49573 01[IKE] IKE_SA con2[616] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:34:57 charon 49573 01[IKE] IKE_SA con2[616] state change: CONNECTING => ESTABLISHED Jun 8 04:34:57 charon 49573 01[IKE] scheduling rekeying in 23317s Jun 8 04:34:57 charon 49573 01[IKE] maximum IKE_SA lifetime 26197s Jun 8 04:34:57 charon 49573 01[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:34:57 charon 49573 01[CFG] proposing traffic selectors for us: Jun 8 04:34:57 charon 49573 01[CFG] 192.168.0.0/22|/0 Jun 8 04:34:57 charon 49573 01[CFG] 10.8.0.0/24|/0 Jun 8 04:34:57 charon 49573 01[CFG] proposing traffic selectors for other: Jun 8 04:34:57 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 04:34:57 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 04:34:57 charon 49573 01[CFG] candidate "con2" with prio 15+5 Jun 8 04:34:57 charon 49573 01[CFG] found matching child config "con2" with prio 20 Jun 8 04:34:57 charon 49573 01[CFG] selecting proposal: Jun 8 04:34:57 charon 49573 01[CFG] proposal matches Jun 8 04:34:57 charon 49573 01[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:34:57 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:34:57 charon 49573 01[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:34:57 charon 49573 01[CFG] selecting traffic selectors for us: Jun 8 04:34:57 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:34:57 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:34:57 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:34:57 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:34:57 charon 49573 01[CFG] selecting traffic selectors for other: Jun 8 04:34:57 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:34:57 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:34:57 charon 49573 01[CHD] CHILD_SA con2{1907} state change: CREATED => INSTALLING Jun 8 04:34:57 charon 49573 01[CHD] using AES_GCM_16 for encryption Jun 8 04:34:57 charon 49573 01[CHD] adding inbound ESP SA Jun 8 04:34:57 charon 49573 01[CHD] SPI 0xc16a2853, src x.x.x.162 dst 192.168.177.22 Jun 8 04:34:57 charon 49573 01[CHD] adding outbound ESP SA Jun 8 04:34:57 charon 49573 01[CHD] SPI 0xc3e8e014, src 192.168.177.22 dst x.x.x.162 Jun 8 04:34:57 charon 49573 01[IKE] CHILD_SA con2{1907} established with SPIs c16a2853_i c3e8e014_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:34:57 charon 49573 01[CHD] CHILD_SA con2{1907} state change: INSTALLING => INSTALLED Jun 8 04:34:57 charon 49573 01[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:34:57 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:35:00 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:35:00 charon 49573 01[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:35:00 charon 49573 01[IKE] received DELETE for IKE_SA con2[616] Jun 8 04:35:00 charon 49573 01[IKE] deleting IKE_SA con2[616] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:35:00 charon 49573 01[IKE] IKE_SA con2[616] state change: ESTABLISHED => DELETING Jun 8 04:35:00 charon 49573 01[IKE] IKE_SA deleted Jun 8 04:35:00 charon 49573 01[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:35:00 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:35:00 charon 49573 01[IKE] IKE_SA con2[616] state change: DELETING => DESTROYING Jun 8 04:35:00 charon 49573 01[CHD] CHILD_SA con2{1907} state change: INSTALLED => DESTROYING Jun 8 04:35:01 charon 49573 01[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:35:01 charon 49573 01[CFG] ignoring acquire, connection attempt pending Jun 8 04:35:16 charon 49573 01[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:35:16 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 04:35:46 charon 49573 13[IKE] giving up after 5 retransmits Jun 8 04:35:46 charon 49573 13[IKE] establishing IKE_SA failed, peer not responding Jun 8 04:35:46 charon 49573 13[IKE] IKE_SA con2[614] state change: CONNECTING => DESTROYING Jun 8 04:35:54 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:35:54 charon 49573 13[IKE] queueing IKE_VENDOR task Jun 8 04:35:54 charon 49573 13[IKE] queueing IKE_INIT task Jun 8 04:35:54 charon 49573 13[IKE] queueing IKE_NATD task Jun 8 04:35:54 charon 49573 13[IKE] queueing IKE_CERT_PRE task Jun 8 04:35:54 charon 49573 13[IKE] queueing IKE_AUTH task Jun 8 04:35:54 charon 49573 13[IKE] queueing IKE_CERT_POST task Jun 8 04:35:54 charon 49573 13[IKE] queueing IKE_CONFIG task Jun 8 04:35:54 charon 49573 13[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:35:54 charon 49573 13[IKE] queueing CHILD_CREATE task Jun 8 04:35:54 charon 49573 13[IKE] activating new tasks Jun 8 04:35:54 charon 49573 13[IKE] activating IKE_VENDOR task Jun 8 04:35:54 charon 49573 13[IKE] activating IKE_INIT task Jun 8 04:35:54 charon 49573 13[IKE] activating IKE_NATD task Jun 8 04:35:54 charon 49573 13[IKE] activating IKE_CERT_PRE task Jun 8 04:35:54 charon 49573 13[IKE] activating IKE_AUTH task Jun 8 04:35:54 charon 49573 13[IKE] activating IKE_CERT_POST task Jun 8 04:35:54 charon 49573 13[IKE] activating IKE_CONFIG task Jun 8 04:35:54 charon 49573 13[IKE] activating CHILD_CREATE task Jun 8 04:35:54 charon 49573 13[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:35:54 charon 49573 13[IKE] initiating IKE_SA con2[617] to x.x.x.162 Jun 8 04:35:54 charon 49573 13[IKE] IKE_SA con2[617] state change: CREATED => CONNECTING Jun 8 04:35:54 charon 49573 13[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:35:54 charon 49573 13[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:35:54 charon 49573 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:35:54 charon 49573 13[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:35:54 charon 49573 01[NET] received packet: from x.x.x.162[500] to 192.168.177.22[500] (36 bytes) Jun 8 04:35:54 charon 49573 01[ENC] parsed IKE_SA_INIT response 0 [ N(NO_PROP) ] Jun 8 04:35:54 charon 49573 01[IKE] received NO_PROPOSAL_CHOSEN notify error Jun 8 04:35:54 charon 49573 01[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:35:54 charon 49573 01[IKE] IKE_SA con2[617] state change: CONNECTING => DESTROYING Jun 8 04:35:55 charon 49573 01[NET] <618> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:35:55 charon 49573 01[ENC] <618> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:35:55 charon 49573 01[CFG] <618> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:35:55 charon 49573 01[CFG] <618> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:35:55 charon 49573 01[CFG] <618> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:35:55 charon 49573 01[CFG] <618> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:35:55 charon 49573 01[IKE] <618> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:35:55 charon 49573 01[IKE] <618> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:35:55 charon 49573 01[IKE] <618> x.x.x.162 is initiating an IKE_SA Jun 8 04:35:55 charon 49573 01[IKE] <618> IKE_SA (unnamed)[618] state change: CREATED => CONNECTING Jun 8 04:35:55 charon 49573 01[CFG] <618> selecting proposal: Jun 8 04:35:55 charon 49573 01[CFG] <618> proposal matches Jun 8 04:35:55 charon 49573 01[CFG] <618> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:35:55 charon 49573 01[CFG] <618> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:35:55 charon 49573 01[CFG] <618> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:35:55 charon 49573 01[CFG] <618> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:35:55 charon 49573 01[IKE] <618> local host is behind NAT, sending keep alives Jun 8 04:35:55 charon 49573 01[CFG] <618> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:35:55 charon 49573 01[IKE] <618> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:35:55 charon 49573 01[ENC] <618> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:35:55 charon 49573 01[NET] <618> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:35:55 charon 49573 01[NET] <618> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:35:55 charon 49573 01[ENC] <618> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:35:55 charon 49573 01[IKE] <618> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:35:55 charon 49573 01[IKE] <618> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:35:55 charon 49573 01[CFG] <618> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:35:55 charon 49573 01[CFG] <618> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:35:55 charon 49573 01[CFG] selected peer config 'con2' Jun 8 04:35:55 charon 49573 01[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:35:55 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:35:55 charon 49573 01[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:35:55 charon 49573 01[IKE] successfully created shared key MAC Jun 8 04:35:55 charon 49573 01[IKE] IKE_SA con2[618] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:35:55 charon 49573 01[IKE] IKE_SA con2[618] state change: CONNECTING => ESTABLISHED Jun 8 04:35:55 charon 49573 01[IKE] scheduling rekeying in 23859s Jun 8 04:35:55 charon 49573 01[IKE] maximum IKE_SA lifetime 26739s Jun 8 04:35:55 charon 49573 01[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:35:55 charon 49573 01[CFG] proposing traffic selectors for us: Jun 8 04:35:55 charon 49573 01[CFG] 192.168.0.0/22|/0 Jun 8 04:35:55 charon 49573 01[CFG] 10.8.0.0/24|/0 Jun 8 04:35:55 charon 49573 01[CFG] proposing traffic selectors for other: Jun 8 04:35:55 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 04:35:55 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 04:35:55 charon 49573 01[CFG] candidate "con2" with prio 15+5 Jun 8 04:35:55 charon 49573 01[CFG] found matching child config "con2" with prio 20 Jun 8 04:35:55 charon 49573 01[CFG] selecting proposal: Jun 8 04:35:55 charon 49573 01[CFG] proposal matches Jun 8 04:35:55 charon 49573 01[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:35:55 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:35:55 charon 49573 01[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:35:55 charon 49573 01[CFG] selecting traffic selectors for us: Jun 8 04:35:55 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:35:55 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:35:55 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:35:55 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:35:55 charon 49573 01[CFG] selecting traffic selectors for other: Jun 8 04:35:55 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:35:55 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:35:55 charon 49573 01[CHD] CHILD_SA con2{1908} state change: CREATED => INSTALLING Jun 8 04:35:55 charon 49573 01[CHD] using AES_GCM_16 for encryption Jun 8 04:35:55 charon 49573 01[CHD] adding inbound ESP SA Jun 8 04:35:55 charon 49573 01[CHD] SPI 0xc4efc21c, src x.x.x.162 dst 192.168.177.22 Jun 8 04:35:55 charon 49573 01[CHD] adding outbound ESP SA Jun 8 04:35:55 charon 49573 01[CHD] SPI 0xccd6d2cb, src 192.168.177.22 dst x.x.x.162 Jun 8 04:35:55 charon 49573 01[IKE] CHILD_SA con2{1908} established with SPIs c4efc21c_i ccd6d2cb_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:35:55 charon 49573 01[CHD] CHILD_SA con2{1908} state change: INSTALLING => INSTALLED Jun 8 04:35:55 charon 49573 01[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:35:55 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:36:00 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:36:00 charon 49573 01[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:36:00 charon 49573 01[IKE] received DELETE for IKE_SA con2[618] Jun 8 04:36:00 charon 49573 01[IKE] deleting IKE_SA con2[618] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:36:00 charon 49573 01[IKE] IKE_SA con2[618] state change: ESTABLISHED => DELETING Jun 8 04:36:00 charon 49573 01[IKE] IKE_SA deleted Jun 8 04:36:00 charon 49573 01[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:36:00 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:36:00 charon 49573 01[IKE] IKE_SA con2[618] state change: DELETING => DESTROYING Jun 8 04:36:00 charon 49573 01[CHD] CHILD_SA con2{1908} state change: INSTALLED => DESTROYING Jun 8 04:36:15 charon 49573 15[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:36:15 charon 49573 15[IKE] queueing IKE_VENDOR task Jun 8 04:36:15 charon 49573 15[IKE] queueing IKE_INIT task Jun 8 04:36:15 charon 49573 15[IKE] queueing IKE_NATD task Jun 8 04:36:15 charon 49573 15[IKE] queueing IKE_CERT_PRE task Jun 8 04:36:15 charon 49573 15[IKE] queueing IKE_AUTH task Jun 8 04:36:15 charon 49573 15[IKE] queueing IKE_CERT_POST task Jun 8 04:36:15 charon 49573 15[IKE] queueing IKE_CONFIG task Jun 8 04:36:15 charon 49573 15[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:36:15 charon 49573 15[IKE] queueing CHILD_CREATE task Jun 8 04:36:15 charon 49573 15[IKE] activating new tasks Jun 8 04:36:15 charon 49573 15[IKE] activating IKE_VENDOR task Jun 8 04:36:15 charon 49573 15[IKE] activating IKE_INIT task Jun 8 04:36:15 charon 49573 15[IKE] activating IKE_NATD task Jun 8 04:36:15 charon 49573 15[IKE] activating IKE_CERT_PRE task Jun 8 04:36:15 charon 49573 15[IKE] activating IKE_AUTH task Jun 8 04:36:15 charon 49573 15[IKE] activating IKE_CERT_POST task Jun 8 04:36:15 charon 49573 15[IKE] activating IKE_CONFIG task Jun 8 04:36:15 charon 49573 15[IKE] activating CHILD_CREATE task Jun 8 04:36:15 charon 49573 15[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:36:15 charon 49573 15[IKE] initiating IKE_SA con2[619] to x.x.x.162 Jun 8 04:36:15 charon 49573 15[IKE] IKE_SA con2[619] state change: CREATED => CONNECTING Jun 8 04:36:15 charon 49573 15[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:36:15 charon 49573 15[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:36:15 charon 49573 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:36:15 charon 49573 15[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:36:19 charon 49573 15[IKE] retransmit 1 of request with message ID 0 Jun 8 04:36:19 charon 49573 15[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:36:26 charon 49573 15[IKE] retransmit 2 of request with message ID 0 Jun 8 04:36:26 charon 49573 15[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:36:39 charon 49573 15[IKE] retransmit 3 of request with message ID 0 Jun 8 04:36:39 charon 49573 15[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:36:55 charon 49573 15[NET] <620> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:36:55 charon 49573 15[ENC] <620> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:36:55 charon 49573 15[CFG] <620> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:36:55 charon 49573 15[CFG] <620> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:36:55 charon 49573 15[CFG] <620> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:36:55 charon 49573 15[CFG] <620> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:36:55 charon 49573 15[IKE] <620> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:36:55 charon 49573 15[IKE] <620> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:36:55 charon 49573 15[IKE] <620> x.x.x.162 is initiating an IKE_SA Jun 8 04:36:55 charon 49573 15[IKE] <620> IKE_SA (unnamed)[620] state change: CREATED => CONNECTING Jun 8 04:36:55 charon 49573 15[CFG] <620> selecting proposal: Jun 8 04:36:55 charon 49573 15[CFG] <620> proposal matches Jun 8 04:36:55 charon 49573 15[CFG] <620> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:36:55 charon 49573 15[CFG] <620> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:36:55 charon 49573 15[CFG] <620> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:36:55 charon 49573 15[CFG] <620> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:36:55 charon 49573 15[IKE] <620> local host is behind NAT, sending keep alives Jun 8 04:36:55 charon 49573 15[CFG] <620> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:36:55 charon 49573 15[IKE] <620> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:36:55 charon 49573 15[ENC] <620> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:36:55 charon 49573 15[NET] <620> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:36:55 charon 49573 15[NET] <620> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:36:55 charon 49573 15[ENC] <620> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:36:55 charon 49573 15[IKE] <620> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:36:55 charon 49573 15[IKE] <620> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:36:55 charon 49573 15[CFG] <620> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:36:55 charon 49573 15[CFG] <620> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:36:55 charon 49573 15[CFG] selected peer config 'con2' Jun 8 04:36:55 charon 49573 15[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:36:55 charon 49573 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:36:55 charon 49573 15[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:36:55 charon 49573 15[IKE] successfully created shared key MAC Jun 8 04:36:55 charon 49573 15[IKE] IKE_SA con2[620] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:36:55 charon 49573 15[IKE] IKE_SA con2[620] state change: CONNECTING => ESTABLISHED Jun 8 04:36:55 charon 49573 15[IKE] scheduling rekeying in 23283s Jun 8 04:36:55 charon 49573 15[IKE] maximum IKE_SA lifetime 26163s Jun 8 04:36:55 charon 49573 15[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:36:55 charon 49573 15[CFG] proposing traffic selectors for us: Jun 8 04:36:55 charon 49573 15[CFG] 192.168.0.0/22|/0 Jun 8 04:36:55 charon 49573 15[CFG] 10.8.0.0/24|/0 Jun 8 04:36:55 charon 49573 15[CFG] proposing traffic selectors for other: Jun 8 04:36:55 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 04:36:55 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 04:36:55 charon 49573 15[CFG] candidate "con2" with prio 15+5 Jun 8 04:36:55 charon 49573 15[CFG] found matching child config "con2" with prio 20 Jun 8 04:36:55 charon 49573 15[CFG] selecting proposal: Jun 8 04:36:55 charon 49573 15[CFG] proposal matches Jun 8 04:36:55 charon 49573 15[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:36:55 charon 49573 15[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:36:55 charon 49573 15[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:36:55 charon 49573 15[CFG] selecting traffic selectors for us: Jun 8 04:36:55 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:36:55 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:36:55 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:36:55 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:36:55 charon 49573 15[CFG] selecting traffic selectors for other: Jun 8 04:36:55 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:36:55 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:36:55 charon 49573 15[CHD] CHILD_SA con2{1909} state change: CREATED => INSTALLING Jun 8 04:36:55 charon 49573 15[CHD] using AES_GCM_16 for encryption Jun 8 04:36:55 charon 49573 15[CHD] adding inbound ESP SA Jun 8 04:36:55 charon 49573 15[CHD] SPI 0xce225f73, src x.x.x.162 dst 192.168.177.22 Jun 8 04:36:55 charon 49573 15[CHD] adding outbound ESP SA Jun 8 04:36:55 charon 49573 15[CHD] SPI 0xc9f896bd, src 192.168.177.22 dst x.x.x.162 Jun 8 04:36:55 charon 49573 15[IKE] CHILD_SA con2{1909} established with SPIs ce225f73_i c9f896bd_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:36:55 charon 49573 15[CHD] CHILD_SA con2{1909} state change: INSTALLING => INSTALLED Jun 8 04:36:55 charon 49573 15[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:36:55 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:37:00 charon 49573 15[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:37:00 charon 49573 15[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:37:00 charon 49573 15[IKE] received DELETE for IKE_SA con2[620] Jun 8 04:37:00 charon 49573 15[IKE] deleting IKE_SA con2[620] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:37:00 charon 49573 15[IKE] IKE_SA con2[620] state change: ESTABLISHED => DELETING Jun 8 04:37:00 charon 49573 15[IKE] IKE_SA deleted Jun 8 04:37:00 charon 49573 15[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:37:00 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:37:00 charon 49573 15[IKE] IKE_SA con2[620] state change: DELETING => DESTROYING Jun 8 04:37:00 charon 49573 15[CHD] CHILD_SA con2{1909} state change: INSTALLED => DESTROYING Jun 8 04:37:01 charon 49573 15[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:37:01 charon 49573 14[CFG] ignoring acquire, connection attempt pending Jun 8 04:37:03 charon 49573 14[IKE] retransmit 4 of request with message ID 0 Jun 8 04:37:03 charon 49573 14[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:37:09 charon 49573 14[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:37:09 charon 49573 15[CFG] ignoring acquire, connection attempt pending Jun 8 04:37:45 charon 49573 14[IKE] retransmit 5 of request with message ID 0 Jun 8 04:37:45 charon 49573 14[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:37:55 charon 49573 14[NET] <621> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:37:55 charon 49573 14[ENC] <621> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:37:55 charon 49573 14[CFG] <621> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:37:55 charon 49573 14[CFG] <621> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:37:55 charon 49573 14[CFG] <621> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:37:55 charon 49573 14[CFG] <621> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:37:55 charon 49573 14[IKE] <621> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:37:55 charon 49573 14[IKE] <621> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:37:55 charon 49573 14[IKE] <621> x.x.x.162 is initiating an IKE_SA Jun 8 04:37:55 charon 49573 14[IKE] <621> IKE_SA (unnamed)[621] state change: CREATED => CONNECTING Jun 8 04:37:55 charon 49573 14[CFG] <621> selecting proposal: Jun 8 04:37:55 charon 49573 14[CFG] <621> proposal matches Jun 8 04:37:55 charon 49573 14[CFG] <621> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:37:55 charon 49573 14[CFG] <621> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:37:55 charon 49573 14[CFG] <621> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:37:55 charon 49573 14[CFG] <621> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:37:55 charon 49573 14[IKE] <621> local host is behind NAT, sending keep alives Jun 8 04:37:55 charon 49573 14[CFG] <621> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:37:55 charon 49573 14[IKE] <621> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:37:55 charon 49573 14[ENC] <621> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:37:55 charon 49573 14[NET] <621> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:37:55 charon 49573 14[NET] <621> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:37:55 charon 49573 14[ENC] <621> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:37:55 charon 49573 14[IKE] <621> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:37:55 charon 49573 14[IKE] <621> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:37:55 charon 49573 14[CFG] <621> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:37:55 charon 49573 14[CFG] <621> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:37:55 charon 49573 14[CFG] selected peer config 'con2' Jun 8 04:37:55 charon 49573 14[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:37:55 charon 49573 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:37:55 charon 49573 14[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:37:55 charon 49573 14[IKE] successfully created shared key MAC Jun 8 04:37:55 charon 49573 14[IKE] IKE_SA con2[621] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:37:55 charon 49573 14[IKE] IKE_SA con2[621] state change: CONNECTING => ESTABLISHED Jun 8 04:37:55 charon 49573 14[IKE] scheduling rekeying in 24295s Jun 8 04:37:55 charon 49573 14[IKE] maximum IKE_SA lifetime 27175s Jun 8 04:37:55 charon 49573 14[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:37:55 charon 49573 14[CFG] proposing traffic selectors for us: Jun 8 04:37:55 charon 49573 14[CFG] 192.168.0.0/22|/0 Jun 8 04:37:55 charon 49573 14[CFG] 10.8.0.0/24|/0 Jun 8 04:37:55 charon 49573 14[CFG] proposing traffic selectors for other: Jun 8 04:37:55 charon 49573 14[CFG] 172.16.100.0/24|/0 Jun 8 04:37:55 charon 49573 14[CFG] 172.16.100.0/24|/0 Jun 8 04:37:55 charon 49573 14[CFG] candidate "con2" with prio 15+5 Jun 8 04:37:55 charon 49573 14[CFG] found matching child config "con2" with prio 20 Jun 8 04:37:55 charon 49573 14[CFG] selecting proposal: Jun 8 04:37:55 charon 49573 14[CFG] proposal matches Jun 8 04:37:55 charon 49573 14[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:37:55 charon 49573 14[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:37:55 charon 49573 14[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:37:55 charon 49573 14[CFG] selecting traffic selectors for us: Jun 8 04:37:55 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:37:55 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:37:55 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:37:55 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:37:55 charon 49573 14[CFG] selecting traffic selectors for other: Jun 8 04:37:55 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:37:55 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:37:55 charon 49573 14[CHD] CHILD_SA con2{1910} state change: CREATED => INSTALLING Jun 8 04:37:55 charon 49573 14[CHD] using AES_GCM_16 for encryption Jun 8 04:37:55 charon 49573 14[CHD] adding inbound ESP SA Jun 8 04:37:55 charon 49573 14[CHD] SPI 0xcd564072, src x.x.x.162 dst 192.168.177.22 Jun 8 04:37:55 charon 49573 14[CHD] adding outbound ESP SA Jun 8 04:37:55 charon 49573 14[CHD] SPI 0xc9d9bb59, src 192.168.177.22 dst x.x.x.162 Jun 8 04:37:55 charon 49573 14[IKE] CHILD_SA con2{1910} established with SPIs cd564072_i c9d9bb59_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:37:55 charon 49573 14[CHD] CHILD_SA con2{1910} state change: INSTALLING => INSTALLED Jun 8 04:37:55 charon 49573 14[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:37:55 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:38:00 charon 49573 14[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:38:00 charon 49573 14[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:38:00 charon 49573 14[IKE] received DELETE for IKE_SA con2[621] Jun 8 04:38:00 charon 49573 14[IKE] deleting IKE_SA con2[621] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:38:00 charon 49573 14[IKE] IKE_SA con2[621] state change: ESTABLISHED => DELETING Jun 8 04:38:00 charon 49573 14[IKE] IKE_SA deleted Jun 8 04:38:00 charon 49573 14[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:38:00 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:38:00 charon 49573 14[IKE] IKE_SA con2[621] state change: DELETING => DESTROYING Jun 8 04:38:00 charon 49573 14[CHD] CHILD_SA con2{1910} state change: INSTALLED => DESTROYING Jun 8 04:38:01 charon 49573 06[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:38:01 charon 49573 06[CFG] ignoring acquire, connection attempt pending Jun 8 04:38:16 charon 49573 06[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:38:16 charon 49573 07[CFG] ignoring acquire, connection attempt pending Jun 8 04:38:55 charon 49573 07[NET] <622> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:38:55 charon 49573 07[ENC] <622> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:38:55 charon 49573 07[CFG] <622> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:38:55 charon 49573 07[CFG] <622> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:38:55 charon 49573 07[CFG] <622> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:38:55 charon 49573 07[CFG] <622> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:38:55 charon 49573 07[IKE] <622> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:38:55 charon 49573 07[IKE] <622> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:38:55 charon 49573 07[IKE] <622> x.x.x.162 is initiating an IKE_SA Jun 8 04:38:55 charon 49573 07[IKE] <622> IKE_SA (unnamed)[622] state change: CREATED => CONNECTING Jun 8 04:38:55 charon 49573 07[CFG] <622> selecting proposal: Jun 8 04:38:55 charon 49573 07[CFG] <622> proposal matches Jun 8 04:38:55 charon 49573 07[CFG] <622> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:38:55 charon 49573 07[CFG] <622> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:38:55 charon 49573 07[CFG] <622> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:38:55 charon 49573 07[CFG] <622> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:38:55 charon 49573 07[IKE] <622> local host is behind NAT, sending keep alives Jun 8 04:38:55 charon 49573 07[CFG] <622> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:38:55 charon 49573 07[IKE] <622> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:38:55 charon 49573 07[ENC] <622> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:38:55 charon 49573 07[NET] <622> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:38:55 charon 49573 07[NET] <622> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:38:55 charon 49573 07[ENC] <622> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:38:55 charon 49573 07[IKE] <622> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:38:55 charon 49573 07[IKE] <622> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:38:55 charon 49573 07[CFG] <622> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:38:55 charon 49573 07[CFG] <622> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:38:55 charon 49573 07[CFG] selected peer config 'con2' Jun 8 04:38:55 charon 49573 07[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:38:55 charon 49573 07[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:38:55 charon 49573 07[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:38:55 charon 49573 07[IKE] successfully created shared key MAC Jun 8 04:38:55 charon 49573 07[IKE] IKE_SA con2[622] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:38:55 charon 49573 07[IKE] IKE_SA con2[622] state change: CONNECTING => ESTABLISHED Jun 8 04:38:55 charon 49573 07[IKE] scheduling rekeying in 24733s Jun 8 04:38:55 charon 49573 07[IKE] maximum IKE_SA lifetime 27613s Jun 8 04:38:55 charon 49573 07[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:38:55 charon 49573 07[CFG] proposing traffic selectors for us: Jun 8 04:38:55 charon 49573 07[CFG] 192.168.0.0/22|/0 Jun 8 04:38:55 charon 49573 07[CFG] 10.8.0.0/24|/0 Jun 8 04:38:55 charon 49573 07[CFG] proposing traffic selectors for other: Jun 8 04:38:55 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 04:38:55 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 04:38:55 charon 49573 07[CFG] candidate "con2" with prio 15+5 Jun 8 04:38:55 charon 49573 07[CFG] found matching child config "con2" with prio 20 Jun 8 04:38:55 charon 49573 07[CFG] selecting proposal: Jun 8 04:38:55 charon 49573 07[CFG] proposal matches Jun 8 04:38:55 charon 49573 07[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:38:55 charon 49573 07[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:38:55 charon 49573 07[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:38:55 charon 49573 07[CFG] selecting traffic selectors for us: Jun 8 04:38:55 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:38:55 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:38:55 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:38:55 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:38:55 charon 49573 07[CFG] selecting traffic selectors for other: Jun 8 04:38:55 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:38:55 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:38:55 charon 49573 07[CHD] CHILD_SA con2{1911} state change: CREATED => INSTALLING Jun 8 04:38:55 charon 49573 07[CHD] using AES_GCM_16 for encryption Jun 8 04:38:55 charon 49573 07[CHD] adding inbound ESP SA Jun 8 04:38:55 charon 49573 07[CHD] SPI 0xc2823153, src x.x.x.162 dst 192.168.177.22 Jun 8 04:38:55 charon 49573 07[CHD] adding outbound ESP SA Jun 8 04:38:55 charon 49573 07[CHD] SPI 0xcdecfae0, src 192.168.177.22 dst x.x.x.162 Jun 8 04:38:55 charon 49573 07[IKE] CHILD_SA con2{1911} established with SPIs c2823153_i cdecfae0_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:38:55 charon 49573 07[CHD] CHILD_SA con2{1911} state change: INSTALLING => INSTALLED Jun 8 04:38:55 charon 49573 07[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:38:55 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:39:00 charon 49573 07[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:39:00 charon 49573 07[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:39:00 charon 49573 07[IKE] received DELETE for IKE_SA con2[622] Jun 8 04:39:00 charon 49573 07[IKE] deleting IKE_SA con2[622] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:39:00 charon 49573 07[IKE] IKE_SA con2[622] state change: ESTABLISHED => DELETING Jun 8 04:39:00 charon 49573 07[IKE] IKE_SA deleted Jun 8 04:39:00 charon 49573 07[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:39:00 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:39:00 charon 49573 07[IKE] IKE_SA con2[622] state change: DELETING => DESTROYING Jun 8 04:39:00 charon 49573 07[CHD] CHILD_SA con2{1911} state change: INSTALLED => DESTROYING Jun 8 04:39:00 charon 49573 07[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:39:00 charon 49573 07[CFG] ignoring acquire, connection attempt pending Jun 8 04:39:00 charon 49573 07[IKE] giving up after 5 retransmits Jun 8 04:39:00 charon 49573 07[IKE] establishing IKE_SA failed, peer not responding Jun 8 04:39:00 charon 49573 07[IKE] IKE_SA con2[619] state change: CONNECTING => DESTROYING Jun 8 04:39:07 charon 49573 07[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:39:07 charon 49573 07[IKE] queueing IKE_VENDOR task Jun 8 04:39:07 charon 49573 07[IKE] queueing IKE_INIT task Jun 8 04:39:07 charon 49573 07[IKE] queueing IKE_NATD task Jun 8 04:39:07 charon 49573 07[IKE] queueing IKE_CERT_PRE task Jun 8 04:39:07 charon 49573 07[IKE] queueing IKE_AUTH task Jun 8 04:39:07 charon 49573 07[IKE] queueing IKE_CERT_POST task Jun 8 04:39:07 charon 49573 07[IKE] queueing IKE_CONFIG task Jun 8 04:39:07 charon 49573 07[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:39:07 charon 49573 07[IKE] queueing CHILD_CREATE task Jun 8 04:39:07 charon 49573 07[IKE] activating new tasks Jun 8 04:39:07 charon 49573 07[IKE] activating IKE_VENDOR task Jun 8 04:39:07 charon 49573 07[IKE] activating IKE_INIT task Jun 8 04:39:07 charon 49573 07[IKE] activating IKE_NATD task Jun 8 04:39:07 charon 49573 07[IKE] activating IKE_CERT_PRE task Jun 8 04:39:07 charon 49573 07[IKE] activating IKE_AUTH task Jun 8 04:39:07 charon 49573 07[IKE] activating IKE_CERT_POST task Jun 8 04:39:07 charon 49573 07[IKE] activating IKE_CONFIG task Jun 8 04:39:07 charon 49573 07[IKE] activating CHILD_CREATE task Jun 8 04:39:07 charon 49573 07[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:39:07 charon 49573 07[IKE] initiating IKE_SA con2[623] to x.x.x.162 Jun 8 04:39:07 charon 49573 07[IKE] IKE_SA con2[623] state change: CREATED => CONNECTING Jun 8 04:39:07 charon 49573 07[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:39:07 charon 49573 07[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:39:07 charon 49573 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:39:07 charon 49573 07[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:39:11 charon 49573 09[IKE] retransmit 1 of request with message ID 0 Jun 8 04:39:11 charon 49573 09[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:39:18 charon 49573 09[IKE] retransmit 2 of request with message ID 0 Jun 8 04:39:18 charon 49573 09[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:39:31 charon 49573 09[IKE] retransmit 3 of request with message ID 0 Jun 8 04:39:31 charon 49573 09[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:39:54 charon 49573 09[NET] <624> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:39:54 charon 49573 09[ENC] <624> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:39:54 charon 49573 09[CFG] <624> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:39:54 charon 49573 09[CFG] <624> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:39:54 charon 49573 09[CFG] <624> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:39:54 charon 49573 09[CFG] <624> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:39:54 charon 49573 09[IKE] <624> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:39:54 charon 49573 09[IKE] <624> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:39:54 charon 49573 09[IKE] <624> x.x.x.162 is initiating an IKE_SA Jun 8 04:39:54 charon 49573 09[IKE] <624> IKE_SA (unnamed)[624] state change: CREATED => CONNECTING Jun 8 04:39:54 charon 49573 09[CFG] <624> selecting proposal: Jun 8 04:39:54 charon 49573 09[CFG] <624> proposal matches Jun 8 04:39:54 charon 49573 09[CFG] <624> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:39:54 charon 49573 09[CFG] <624> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:39:54 charon 49573 09[CFG] <624> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:39:54 charon 49573 09[CFG] <624> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:39:54 charon 49573 09[IKE] <624> local host is behind NAT, sending keep alives Jun 8 04:39:54 charon 49573 09[CFG] <624> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:39:54 charon 49573 09[IKE] <624> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:39:54 charon 49573 09[ENC] <624> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:39:54 charon 49573 09[NET] <624> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:39:54 charon 49573 09[NET] <624> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:39:54 charon 49573 09[ENC] <624> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:39:54 charon 49573 09[IKE] <624> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:39:54 charon 49573 09[IKE] <624> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:39:54 charon 49573 09[CFG] <624> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:39:54 charon 49573 09[CFG] <624> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:39:54 charon 49573 09[CFG] selected peer config 'con2' Jun 8 04:39:54 charon 49573 09[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:39:54 charon 49573 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:39:54 charon 49573 09[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:39:54 charon 49573 09[IKE] successfully created shared key MAC Jun 8 04:39:54 charon 49573 09[IKE] IKE_SA con2[624] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:39:54 charon 49573 09[IKE] IKE_SA con2[624] state change: CONNECTING => ESTABLISHED Jun 8 04:39:54 charon 49573 09[IKE] scheduling rekeying in 24638s Jun 8 04:39:54 charon 49573 09[IKE] maximum IKE_SA lifetime 27518s Jun 8 04:39:54 charon 49573 09[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:39:54 charon 49573 09[CFG] proposing traffic selectors for us: Jun 8 04:39:54 charon 49573 09[CFG] 192.168.0.0/22|/0 Jun 8 04:39:54 charon 49573 09[CFG] 10.8.0.0/24|/0 Jun 8 04:39:54 charon 49573 09[CFG] proposing traffic selectors for other: Jun 8 04:39:54 charon 49573 09[CFG] 172.16.100.0/24|/0 Jun 8 04:39:54 charon 49573 09[CFG] 172.16.100.0/24|/0 Jun 8 04:39:54 charon 49573 09[CFG] candidate "con2" with prio 15+5 Jun 8 04:39:54 charon 49573 09[CFG] found matching child config "con2" with prio 20 Jun 8 04:39:54 charon 49573 09[CFG] selecting proposal: Jun 8 04:39:54 charon 49573 09[CFG] proposal matches Jun 8 04:39:54 charon 49573 09[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:39:54 charon 49573 09[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:39:54 charon 49573 09[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:39:54 charon 49573 09[CFG] selecting traffic selectors for us: Jun 8 04:39:54 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:39:54 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:39:54 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:39:54 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:39:54 charon 49573 09[CFG] selecting traffic selectors for other: Jun 8 04:39:54 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:39:54 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:39:54 charon 49573 09[CHD] CHILD_SA con2{1912} state change: CREATED => INSTALLING Jun 8 04:39:54 charon 49573 09[CHD] using AES_GCM_16 for encryption Jun 8 04:39:54 charon 49573 09[CHD] adding inbound ESP SA Jun 8 04:39:54 charon 49573 09[CHD] SPI 0xc71e04e6, src x.x.x.162 dst 192.168.177.22 Jun 8 04:39:54 charon 49573 09[CHD] adding outbound ESP SA Jun 8 04:39:54 charon 49573 09[CHD] SPI 0xc554a646, src 192.168.177.22 dst x.x.x.162 Jun 8 04:39:54 charon 49573 09[IKE] CHILD_SA con2{1912} established with SPIs c71e04e6_i c554a646_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:39:54 charon 49573 09[CHD] CHILD_SA con2{1912} state change: INSTALLING => INSTALLED Jun 8 04:39:54 charon 49573 09[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:39:54 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:39:55 charon 49573 09[IKE] retransmit 4 of request with message ID 0 Jun 8 04:39:55 charon 49573 09[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:39:55 charon 49573 09[NET] received packet: from x.x.x.162[500] to 192.168.177.22[500] (344 bytes) Jun 8 04:39:55 charon 49573 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:39:55 charon 49573 09[IKE] received FRAGMENTATION_SUPPORTED notify Jun 8 04:39:55 charon 49573 09[IKE] received SIGNATURE_HASH_ALGORITHMS notify Jun 8 04:39:55 charon 49573 09[IKE] received CHILDLESS_IKEV2_SUPPORTED notify Jun 8 04:39:55 charon 49573 09[CFG] selecting proposal: Jun 8 04:39:55 charon 49573 09[CFG] proposal matches Jun 8 04:39:55 charon 49573 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:39:55 charon 49573 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:39:55 charon 49573 09[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:39:55 charon 49573 09[CFG] received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:39:55 charon 49573 09[IKE] local host is behind NAT, sending keep alives Jun 8 04:39:55 charon 49573 09[IKE] reinitiating already active tasks Jun 8 04:39:55 charon 49573 09[IKE] IKE_CERT_PRE task Jun 8 04:39:55 charon 49573 09[IKE] IKE_AUTH task Jun 8 04:39:55 charon 49573 09[IKE] sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:39:55 charon 49573 09[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:39:55 charon 49573 09[IKE] successfully created shared key MAC Jun 8 04:39:55 charon 49573 09[CFG] proposing traffic selectors for us: Jun 8 04:39:55 charon 49573 09[CFG] 192.168.0.0/22|/0 Jun 8 04:39:55 charon 49573 09[CFG] 10.8.0.0/24|/0 Jun 8 04:39:55 charon 49573 09[CFG] proposing traffic selectors for other: Jun 8 04:39:55 charon 49573 09[CFG] 172.16.100.0/24|/0 Jun 8 04:39:55 charon 49573 09[CFG] 172.16.100.0/24|/0 Jun 8 04:39:55 charon 49573 09[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:39:55 charon 49573 09[IKE] establishing CHILD_SA con2{1913} reqid 1 Jun 8 04:39:55 charon 49573 09[ENC] generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:39:55 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (288 bytes) Jun 8 04:39:55 charon 49573 05[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (240 bytes) Jun 8 04:39:55 charon 49573 05[ENC] parsed IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:39:55 charon 49573 05[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 04:39:55 charon 49573 05[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:39:55 charon 49573 05[IKE] IKE_SA con2[623] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:39:55 charon 49573 05[IKE] IKE_SA con2[623] state change: CONNECTING => ESTABLISHED Jun 8 04:39:55 charon 49573 05[IKE] scheduling rekeying in 23244s Jun 8 04:39:55 charon 49573 05[IKE] maximum IKE_SA lifetime 26124s Jun 8 04:39:55 charon 49573 05[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:39:55 charon 49573 05[CFG] selecting proposal: Jun 8 04:39:55 charon 49573 05[CFG] proposal matches Jun 8 04:39:55 charon 49573 05[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:39:55 charon 49573 05[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:39:55 charon 49573 05[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:39:55 charon 49573 05[CFG] selecting traffic selectors for us: Jun 8 04:39:55 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:39:55 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:39:55 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:39:55 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:39:55 charon 49573 05[CFG] selecting traffic selectors for other: Jun 8 04:39:55 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:39:55 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:39:55 charon 49573 05[CHD] CHILD_SA con2{1913} state change: CREATED => INSTALLING Jun 8 04:39:55 charon 49573 05[CHD] using AES_GCM_16 for encryption Jun 8 04:39:55 charon 49573 05[CHD] adding inbound ESP SA Jun 8 04:39:55 charon 49573 05[CHD] SPI 0xc7d60f51, src x.x.x.162 dst 192.168.177.22 Jun 8 04:39:55 charon 49573 05[CHD] adding outbound ESP SA Jun 8 04:39:55 charon 49573 05[CHD] SPI 0xc5ba30e8, src 192.168.177.22 dst x.x.x.162 Jun 8 04:39:55 charon 49573 05[IKE] CHILD_SA con2{1913} established with SPIs c7d60f51_i c5ba30e8_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:39:55 charon 49573 05[CHD] CHILD_SA con2{1913} state change: INSTALLING => INSTALLED Jun 8 04:39:55 charon 49573 05[IKE] activating new tasks Jun 8 04:39:55 charon 49573 05[IKE] nothing to initiate Jun 8 04:40:00 charon 49573 05[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:40:00 charon 49573 05[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:40:00 charon 49573 05[IKE] received DELETE for IKE_SA con2[624] Jun 8 04:40:00 charon 49573 05[IKE] deleting IKE_SA con2[624] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:40:00 charon 49573 10[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:40:00 charon 49573 05[IKE] IKE_SA con2[624] state change: ESTABLISHED => DELETING Jun 8 04:40:00 charon 49573 10[ENC] parsed INFORMATIONAL request 0 [ D ] Jun 8 04:40:00 charon 49573 05[IKE] IKE_SA deleted Jun 8 04:40:00 charon 49573 10[IKE] received DELETE for IKE_SA con2[623] Jun 8 04:40:00 charon 49573 10[IKE] deleting IKE_SA con2[623] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:40:00 charon 49573 05[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:40:00 charon 49573 10[IKE] IKE_SA con2[623] state change: ESTABLISHED => DELETING Jun 8 04:40:00 charon 49573 10[IKE] IKE_SA deleted Jun 8 04:40:00 charon 49573 10[ENC] generating INFORMATIONAL response 0 [ ] Jun 8 04:40:00 charon 49573 05[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:40:00 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:40:00 charon 49573 05[IKE] IKE_SA con2[624] state change: DELETING => DESTROYING Jun 8 04:40:00 charon 49573 10[IKE] IKE_SA con2[623] state change: DELETING => DESTROYING Jun 8 04:40:00 charon 49573 05[CHD] CHILD_SA con2{1912} state change: INSTALLED => DESTROYING Jun 8 04:40:00 charon 49573 10[CHD] CHILD_SA con2{1913} state change: INSTALLED => DESTROYING Jun 8 04:40:00 charon 49573 10[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:40:00 charon 49573 10[IKE] queueing IKE_VENDOR task Jun 8 04:40:00 charon 49573 10[IKE] queueing IKE_INIT task Jun 8 04:40:00 charon 49573 10[IKE] queueing IKE_NATD task Jun 8 04:40:00 charon 49573 10[IKE] queueing IKE_CERT_PRE task Jun 8 04:40:00 charon 49573 10[IKE] queueing IKE_AUTH task Jun 8 04:40:00 charon 49573 10[IKE] queueing IKE_CERT_POST task Jun 8 04:40:00 charon 49573 10[IKE] queueing IKE_CONFIG task Jun 8 04:40:00 charon 49573 10[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:40:00 charon 49573 10[IKE] queueing CHILD_CREATE task Jun 8 04:40:00 charon 49573 10[IKE] activating new tasks Jun 8 04:40:00 charon 49573 10[IKE] activating IKE_VENDOR task Jun 8 04:40:00 charon 49573 10[IKE] activating IKE_INIT task Jun 8 04:40:00 charon 49573 10[IKE] activating IKE_NATD task Jun 8 04:40:00 charon 49573 10[IKE] activating IKE_CERT_PRE task Jun 8 04:40:00 charon 49573 10[IKE] activating IKE_AUTH task Jun 8 04:40:00 charon 49573 10[IKE] activating IKE_CERT_POST task Jun 8 04:40:00 charon 49573 10[IKE] activating IKE_CONFIG task Jun 8 04:40:00 charon 49573 10[IKE] activating CHILD_CREATE task Jun 8 04:40:00 charon 49573 10[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:40:00 charon 49573 10[IKE] initiating IKE_SA con2[625] to x.x.x.162 Jun 8 04:40:00 charon 49573 10[IKE] IKE_SA con2[625] state change: CREATED => CONNECTING Jun 8 04:40:00 charon 49573 10[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:40:00 charon 49573 10[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:40:00 charon 49573 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:40:00 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:40:04 charon 49573 10[IKE] retransmit 1 of request with message ID 0 Jun 8 04:40:04 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:40:11 charon 49573 10[IKE] retransmit 2 of request with message ID 0 Jun 8 04:40:11 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:40:19 charon 49573 10[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:40:19 charon 49573 05[CFG] ignoring acquire, connection attempt pending Jun 8 04:40:24 charon 49573 05[IKE] retransmit 3 of request with message ID 0 Jun 8 04:40:24 charon 49573 05[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:40:47 charon 49573 05[IKE] retransmit 4 of request with message ID 0 Jun 8 04:40:47 charon 49573 05[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:40:56 charon 49573 05[NET] <626> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:40:56 charon 49573 05[ENC] <626> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:40:56 charon 49573 05[CFG] <626> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:40:56 charon 49573 05[CFG] <626> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:40:56 charon 49573 05[CFG] <626> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:40:56 charon 49573 05[CFG] <626> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:40:56 charon 49573 05[IKE] <626> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:40:56 charon 49573 05[IKE] <626> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:40:56 charon 49573 05[IKE] <626> x.x.x.162 is initiating an IKE_SA Jun 8 04:40:56 charon 49573 05[IKE] <626> IKE_SA (unnamed)[626] state change: CREATED => CONNECTING Jun 8 04:40:56 charon 49573 05[CFG] <626> selecting proposal: Jun 8 04:40:56 charon 49573 05[CFG] <626> proposal matches Jun 8 04:40:56 charon 49573 05[CFG] <626> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:40:56 charon 49573 05[CFG] <626> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:40:56 charon 49573 05[CFG] <626> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:40:56 charon 49573 05[CFG] <626> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:40:56 charon 49573 05[IKE] <626> local host is behind NAT, sending keep alives Jun 8 04:40:56 charon 49573 05[CFG] <626> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:40:56 charon 49573 05[IKE] <626> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:40:56 charon 49573 05[ENC] <626> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:40:56 charon 49573 05[NET] <626> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:40:56 charon 49573 05[NET] <626> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:40:56 charon 49573 05[ENC] <626> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:40:56 charon 49573 05[IKE] <626> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:40:56 charon 49573 05[IKE] <626> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:40:56 charon 49573 05[CFG] <626> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:40:56 charon 49573 05[CFG] <626> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:40:56 charon 49573 05[CFG] selected peer config 'con2' Jun 8 04:40:56 charon 49573 05[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:40:56 charon 49573 05[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:40:56 charon 49573 05[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:40:56 charon 49573 05[IKE] successfully created shared key MAC Jun 8 04:40:56 charon 49573 05[IKE] IKE_SA con2[626] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:40:56 charon 49573 05[IKE] IKE_SA con2[626] state change: CONNECTING => ESTABLISHED Jun 8 04:40:56 charon 49573 05[IKE] scheduling rekeying in 25604s Jun 8 04:40:56 charon 49573 05[IKE] maximum IKE_SA lifetime 28484s Jun 8 04:40:56 charon 49573 05[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:40:56 charon 49573 05[CFG] proposing traffic selectors for us: Jun 8 04:40:56 charon 49573 05[CFG] 192.168.0.0/22|/0 Jun 8 04:40:56 charon 49573 05[CFG] 10.8.0.0/24|/0 Jun 8 04:40:56 charon 49573 05[CFG] proposing traffic selectors for other: Jun 8 04:40:56 charon 49573 05[CFG] 172.16.100.0/24|/0 Jun 8 04:40:56 charon 49573 05[CFG] 172.16.100.0/24|/0 Jun 8 04:40:56 charon 49573 05[CFG] candidate "con2" with prio 15+5 Jun 8 04:40:56 charon 49573 05[CFG] found matching child config "con2" with prio 20 Jun 8 04:40:56 charon 49573 05[CFG] selecting proposal: Jun 8 04:40:56 charon 49573 05[CFG] proposal matches Jun 8 04:40:56 charon 49573 05[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:40:56 charon 49573 05[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:40:56 charon 49573 05[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:40:56 charon 49573 05[CFG] selecting traffic selectors for us: Jun 8 04:40:56 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:40:56 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:40:56 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:40:56 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:40:56 charon 49573 05[CFG] selecting traffic selectors for other: Jun 8 04:40:56 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:40:56 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:40:56 charon 49573 05[CHD] CHILD_SA con2{1914} state change: CREATED => INSTALLING Jun 8 04:40:56 charon 49573 05[CHD] using AES_GCM_16 for encryption Jun 8 04:40:56 charon 49573 05[CHD] adding inbound ESP SA Jun 8 04:40:56 charon 49573 05[CHD] SPI 0xc903d1e2, src x.x.x.162 dst 192.168.177.22 Jun 8 04:40:56 charon 49573 05[CHD] adding outbound ESP SA Jun 8 04:40:56 charon 49573 05[CHD] SPI 0xc7d670e0, src 192.168.177.22 dst x.x.x.162 Jun 8 04:40:56 charon 49573 05[IKE] CHILD_SA con2{1914} established with SPIs c903d1e2_i c7d670e0_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:40:56 charon 49573 05[CHD] CHILD_SA con2{1914} state change: INSTALLING => INSTALLED Jun 8 04:40:56 charon 49573 05[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:40:56 charon 49573 05[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:41:00 charon 49573 05[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:41:00 charon 49573 05[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:41:00 charon 49573 05[IKE] received DELETE for IKE_SA con2[626] Jun 8 04:41:00 charon 49573 05[IKE] deleting IKE_SA con2[626] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:41:00 charon 49573 05[IKE] IKE_SA con2[626] state change: ESTABLISHED => DELETING Jun 8 04:41:00 charon 49573 05[IKE] IKE_SA deleted Jun 8 04:41:00 charon 49573 05[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:41:00 charon 49573 05[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:41:00 charon 49573 05[IKE] IKE_SA con2[626] state change: DELETING => DESTROYING Jun 8 04:41:00 charon 49573 05[CHD] CHILD_SA con2{1914} state change: INSTALLED => DESTROYING Jun 8 04:41:01 charon 49573 08[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:41:01 charon 49573 08[CFG] ignoring acquire, connection attempt pending Jun 8 04:41:29 charon 49573 05[IKE] retransmit 5 of request with message ID 0 Jun 8 04:41:29 charon 49573 05[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:41:57 charon 49573 05[NET] <627> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:41:57 charon 49573 05[ENC] <627> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:41:57 charon 49573 05[CFG] <627> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:41:57 charon 49573 05[CFG] <627> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:41:57 charon 49573 05[CFG] <627> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:41:57 charon 49573 05[CFG] <627> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:41:57 charon 49573 05[IKE] <627> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:41:57 charon 49573 05[IKE] <627> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:41:57 charon 49573 05[IKE] <627> x.x.x.162 is initiating an IKE_SA Jun 8 04:41:57 charon 49573 05[IKE] <627> IKE_SA (unnamed)[627] state change: CREATED => CONNECTING Jun 8 04:41:57 charon 49573 05[CFG] <627> selecting proposal: Jun 8 04:41:57 charon 49573 05[CFG] <627> proposal matches Jun 8 04:41:57 charon 49573 05[CFG] <627> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:41:57 charon 49573 05[CFG] <627> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:41:57 charon 49573 05[CFG] <627> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:41:57 charon 49573 05[CFG] <627> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:41:57 charon 49573 05[IKE] <627> local host is behind NAT, sending keep alives Jun 8 04:41:57 charon 49573 05[CFG] <627> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:41:57 charon 49573 05[IKE] <627> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:41:57 charon 49573 05[ENC] <627> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:41:57 charon 49573 05[NET] <627> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:41:57 charon 49573 05[NET] <627> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:41:57 charon 49573 05[ENC] <627> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:41:57 charon 49573 05[IKE] <627> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:41:57 charon 49573 05[IKE] <627> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:41:57 charon 49573 05[CFG] <627> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:41:57 charon 49573 05[CFG] <627> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:41:57 charon 49573 05[CFG] selected peer config 'con2' Jun 8 04:41:57 charon 49573 05[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:41:57 charon 49573 05[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:41:57 charon 49573 05[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:41:57 charon 49573 05[IKE] successfully created shared key MAC Jun 8 04:41:57 charon 49573 05[IKE] IKE_SA con2[627] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:41:57 charon 49573 05[IKE] IKE_SA con2[627] state change: CONNECTING => ESTABLISHED Jun 8 04:41:57 charon 49573 05[IKE] scheduling rekeying in 23064s Jun 8 04:41:57 charon 49573 05[IKE] maximum IKE_SA lifetime 25944s Jun 8 04:41:57 charon 49573 05[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:41:57 charon 49573 05[CFG] proposing traffic selectors for us: Jun 8 04:41:57 charon 49573 05[CFG] 192.168.0.0/22|/0 Jun 8 04:41:57 charon 49573 05[CFG] 10.8.0.0/24|/0 Jun 8 04:41:57 charon 49573 05[CFG] proposing traffic selectors for other: Jun 8 04:41:57 charon 49573 05[CFG] 172.16.100.0/24|/0 Jun 8 04:41:57 charon 49573 05[CFG] 172.16.100.0/24|/0 Jun 8 04:41:57 charon 49573 05[CFG] candidate "con2" with prio 15+5 Jun 8 04:41:57 charon 49573 05[CFG] found matching child config "con2" with prio 20 Jun 8 04:41:57 charon 49573 05[CFG] selecting proposal: Jun 8 04:41:57 charon 49573 05[CFG] proposal matches Jun 8 04:41:57 charon 49573 05[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:41:57 charon 49573 05[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:41:57 charon 49573 05[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:41:57 charon 49573 05[CFG] selecting traffic selectors for us: Jun 8 04:41:57 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:41:57 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:41:57 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:41:57 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:41:57 charon 49573 05[CFG] selecting traffic selectors for other: Jun 8 04:41:57 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:41:57 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:41:57 charon 49573 05[CHD] CHILD_SA con2{1915} state change: CREATED => INSTALLING Jun 8 04:41:57 charon 49573 05[CHD] using AES_GCM_16 for encryption Jun 8 04:41:57 charon 49573 05[CHD] adding inbound ESP SA Jun 8 04:41:57 charon 49573 05[CHD] SPI 0xc132aa00, src x.x.x.162 dst 192.168.177.22 Jun 8 04:41:57 charon 49573 05[CHD] adding outbound ESP SA Jun 8 04:41:57 charon 49573 05[CHD] SPI 0xcd56f29e, src 192.168.177.22 dst x.x.x.162 Jun 8 04:41:57 charon 49573 05[IKE] CHILD_SA con2{1915} established with SPIs c132aa00_i cd56f29e_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:41:57 charon 49573 05[CHD] CHILD_SA con2{1915} state change: INSTALLING => INSTALLED Jun 8 04:41:57 charon 49573 05[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:41:57 charon 49573 05[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:42:00 charon 49573 05[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:42:00 charon 49573 05[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:42:00 charon 49573 05[IKE] received DELETE for IKE_SA con2[627] Jun 8 04:42:00 charon 49573 05[IKE] deleting IKE_SA con2[627] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:42:00 charon 49573 05[IKE] IKE_SA con2[627] state change: ESTABLISHED => DELETING Jun 8 04:42:00 charon 49573 05[IKE] IKE_SA deleted Jun 8 04:42:00 charon 49573 05[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:42:00 charon 49573 05[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:42:00 charon 49573 05[IKE] IKE_SA con2[627] state change: DELETING => DESTROYING Jun 8 04:42:00 charon 49573 05[CHD] CHILD_SA con2{1915} state change: INSTALLED => DESTROYING Jun 8 04:42:01 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:42:01 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 04:42:45 charon 49573 13[IKE] giving up after 5 retransmits Jun 8 04:42:45 charon 49573 13[IKE] establishing IKE_SA failed, peer not responding Jun 8 04:42:45 charon 49573 13[IKE] IKE_SA con2[625] state change: CONNECTING => DESTROYING Jun 8 04:42:55 charon 49573 13[NET] <628> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:42:55 charon 49573 13[ENC] <628> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:42:55 charon 49573 13[CFG] <628> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:42:55 charon 49573 13[CFG] <628> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:42:55 charon 49573 13[CFG] <628> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:42:55 charon 49573 13[CFG] <628> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:42:55 charon 49573 13[IKE] <628> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:42:55 charon 49573 13[IKE] <628> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:42:55 charon 49573 13[IKE] <628> x.x.x.162 is initiating an IKE_SA Jun 8 04:42:55 charon 49573 13[IKE] <628> IKE_SA (unnamed)[628] state change: CREATED => CONNECTING Jun 8 04:42:55 charon 49573 13[CFG] <628> selecting proposal: Jun 8 04:42:55 charon 49573 13[CFG] <628> proposal matches Jun 8 04:42:55 charon 49573 13[CFG] <628> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:42:55 charon 49573 13[CFG] <628> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:42:55 charon 49573 13[CFG] <628> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:42:55 charon 49573 13[CFG] <628> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:42:55 charon 49573 13[IKE] <628> local host is behind NAT, sending keep alives Jun 8 04:42:55 charon 49573 13[CFG] <628> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:42:55 charon 49573 13[IKE] <628> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:42:55 charon 49573 13[ENC] <628> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:42:55 charon 49573 13[NET] <628> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:42:55 charon 49573 13[NET] <628> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:42:55 charon 49573 13[ENC] <628> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:42:55 charon 49573 13[IKE] <628> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:42:55 charon 49573 13[IKE] <628> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:42:55 charon 49573 13[CFG] <628> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:42:55 charon 49573 13[CFG] <628> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:42:55 charon 49573 13[CFG] selected peer config 'con2' Jun 8 04:42:55 charon 49573 13[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:42:55 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:42:55 charon 49573 13[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:42:55 charon 49573 13[IKE] successfully created shared key MAC Jun 8 04:42:55 charon 49573 13[IKE] IKE_SA con2[628] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:42:55 charon 49573 13[IKE] IKE_SA con2[628] state change: CONNECTING => ESTABLISHED Jun 8 04:42:55 charon 49573 13[IKE] scheduling rekeying in 24258s Jun 8 04:42:55 charon 49573 13[IKE] maximum IKE_SA lifetime 27138s Jun 8 04:42:55 charon 49573 13[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:42:55 charon 49573 13[CFG] proposing traffic selectors for us: Jun 8 04:42:55 charon 49573 13[CFG] 192.168.0.0/22|/0 Jun 8 04:42:55 charon 49573 13[CFG] 10.8.0.0/24|/0 Jun 8 04:42:55 charon 49573 13[CFG] proposing traffic selectors for other: Jun 8 04:42:55 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:42:55 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:42:55 charon 49573 13[CFG] candidate "con2" with prio 15+5 Jun 8 04:42:55 charon 49573 13[CFG] found matching child config "con2" with prio 20 Jun 8 04:42:55 charon 49573 13[CFG] selecting proposal: Jun 8 04:42:55 charon 49573 13[CFG] proposal matches Jun 8 04:42:55 charon 49573 13[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:42:55 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:42:55 charon 49573 13[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:42:55 charon 49573 13[CFG] selecting traffic selectors for us: Jun 8 04:42:55 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:42:55 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:42:55 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:42:55 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:42:55 charon 49573 13[CFG] selecting traffic selectors for other: Jun 8 04:42:55 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:42:55 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:42:55 charon 49573 13[CHD] CHILD_SA con2{1916} state change: CREATED => INSTALLING Jun 8 04:42:55 charon 49573 13[CHD] using AES_GCM_16 for encryption Jun 8 04:42:55 charon 49573 13[CHD] adding inbound ESP SA Jun 8 04:42:55 charon 49573 13[CHD] SPI 0xcba42919, src x.x.x.162 dst 192.168.177.22 Jun 8 04:42:55 charon 49573 13[CHD] adding outbound ESP SA Jun 8 04:42:55 charon 49573 13[CHD] SPI 0xc3af1ae5, src 192.168.177.22 dst x.x.x.162 Jun 8 04:42:55 charon 49573 13[IKE] CHILD_SA con2{1916} established with SPIs cba42919_i c3af1ae5_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:42:55 charon 49573 13[CHD] CHILD_SA con2{1916} state change: INSTALLING => INSTALLED Jun 8 04:42:55 charon 49573 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:42:55 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:43:00 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:43:00 charon 49573 13[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:43:00 charon 49573 13[IKE] received DELETE for IKE_SA con2[628] Jun 8 04:43:00 charon 49573 13[IKE] deleting IKE_SA con2[628] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:43:00 charon 49573 13[IKE] IKE_SA con2[628] state change: ESTABLISHED => DELETING Jun 8 04:43:00 charon 49573 13[IKE] IKE_SA deleted Jun 8 04:43:00 charon 49573 13[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:43:00 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:43:00 charon 49573 13[IKE] IKE_SA con2[628] state change: DELETING => DESTROYING Jun 8 04:43:00 charon 49573 13[CHD] CHILD_SA con2{1916} state change: INSTALLED => DESTROYING Jun 8 04:43:00 charon 49573 12[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:43:00 charon 49573 12[IKE] queueing IKE_VENDOR task Jun 8 04:43:00 charon 49573 12[IKE] queueing IKE_INIT task Jun 8 04:43:00 charon 49573 12[IKE] queueing IKE_NATD task Jun 8 04:43:00 charon 49573 12[IKE] queueing IKE_CERT_PRE task Jun 8 04:43:00 charon 49573 12[IKE] queueing IKE_AUTH task Jun 8 04:43:00 charon 49573 12[IKE] queueing IKE_CERT_POST task Jun 8 04:43:00 charon 49573 12[IKE] queueing IKE_CONFIG task Jun 8 04:43:00 charon 49573 12[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:43:00 charon 49573 12[IKE] queueing CHILD_CREATE task Jun 8 04:43:00 charon 49573 12[IKE] activating new tasks Jun 8 04:43:00 charon 49573 12[IKE] activating IKE_VENDOR task Jun 8 04:43:00 charon 49573 12[IKE] activating IKE_INIT task Jun 8 04:43:00 charon 49573 12[IKE] activating IKE_NATD task Jun 8 04:43:00 charon 49573 12[IKE] activating IKE_CERT_PRE task Jun 8 04:43:00 charon 49573 12[IKE] activating IKE_AUTH task Jun 8 04:43:00 charon 49573 12[IKE] activating IKE_CERT_POST task Jun 8 04:43:00 charon 49573 12[IKE] activating IKE_CONFIG task Jun 8 04:43:00 charon 49573 12[IKE] activating CHILD_CREATE task Jun 8 04:43:00 charon 49573 12[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:43:00 charon 49573 12[IKE] initiating IKE_SA con2[629] to x.x.x.162 Jun 8 04:43:00 charon 49573 12[IKE] IKE_SA con2[629] state change: CREATED => CONNECTING Jun 8 04:43:00 charon 49573 12[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:43:00 charon 49573 12[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:43:00 charon 49573 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:43:00 charon 49573 12[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:43:04 charon 49573 12[IKE] retransmit 1 of request with message ID 0 Jun 8 04:43:04 charon 49573 12[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:43:08 charon 49573 12[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:43:08 charon 49573 12[CFG] ignoring acquire, connection attempt pending Jun 8 04:43:11 charon 49573 12[IKE] retransmit 2 of request with message ID 0 Jun 8 04:43:11 charon 49573 12[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:43:24 charon 49573 13[IKE] retransmit 3 of request with message ID 0 Jun 8 04:43:24 charon 49573 13[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:43:47 charon 49573 13[IKE] retransmit 4 of request with message ID 0 Jun 8 04:43:47 charon 49573 13[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:43:55 charon 49573 13[NET] <630> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:43:55 charon 49573 13[ENC] <630> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:43:55 charon 49573 13[CFG] <630> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:43:55 charon 49573 13[CFG] <630> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:43:55 charon 49573 13[CFG] <630> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:43:55 charon 49573 13[CFG] <630> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:43:55 charon 49573 13[IKE] <630> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:43:55 charon 49573 13[IKE] <630> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:43:55 charon 49573 13[IKE] <630> x.x.x.162 is initiating an IKE_SA Jun 8 04:43:55 charon 49573 13[IKE] <630> IKE_SA (unnamed)[630] state change: CREATED => CONNECTING Jun 8 04:43:55 charon 49573 13[CFG] <630> selecting proposal: Jun 8 04:43:55 charon 49573 13[CFG] <630> proposal matches Jun 8 04:43:55 charon 49573 13[CFG] <630> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:43:55 charon 49573 13[CFG] <630> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:43:55 charon 49573 13[CFG] <630> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:43:55 charon 49573 13[CFG] <630> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:43:55 charon 49573 13[IKE] <630> local host is behind NAT, sending keep alives Jun 8 04:43:55 charon 49573 13[CFG] <630> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:43:55 charon 49573 13[IKE] <630> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:43:55 charon 49573 13[ENC] <630> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:43:55 charon 49573 13[NET] <630> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:43:55 charon 49573 13[NET] <630> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:43:55 charon 49573 13[ENC] <630> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:43:55 charon 49573 13[IKE] <630> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:43:55 charon 49573 13[IKE] <630> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:43:55 charon 49573 13[CFG] <630> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:43:55 charon 49573 13[CFG] <630> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:43:55 charon 49573 13[CFG] selected peer config 'con2' Jun 8 04:43:55 charon 49573 13[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:43:55 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:43:55 charon 49573 13[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:43:55 charon 49573 13[IKE] successfully created shared key MAC Jun 8 04:43:55 charon 49573 13[IKE] IKE_SA con2[630] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:43:55 charon 49573 13[IKE] IKE_SA con2[630] state change: CONNECTING => ESTABLISHED Jun 8 04:43:55 charon 49573 13[IKE] scheduling rekeying in 23185s Jun 8 04:43:55 charon 49573 13[IKE] maximum IKE_SA lifetime 26065s Jun 8 04:43:55 charon 49573 13[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:43:55 charon 49573 13[CFG] proposing traffic selectors for us: Jun 8 04:43:55 charon 49573 13[CFG] 192.168.0.0/22|/0 Jun 8 04:43:55 charon 49573 13[CFG] 10.8.0.0/24|/0 Jun 8 04:43:55 charon 49573 13[CFG] proposing traffic selectors for other: Jun 8 04:43:55 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:43:55 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:43:55 charon 49573 13[CFG] candidate "con2" with prio 15+5 Jun 8 04:43:55 charon 49573 13[CFG] found matching child config "con2" with prio 20 Jun 8 04:43:55 charon 49573 13[CFG] selecting proposal: Jun 8 04:43:55 charon 49573 13[CFG] proposal matches Jun 8 04:43:55 charon 49573 13[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:43:55 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:43:55 charon 49573 13[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:43:55 charon 49573 13[CFG] selecting traffic selectors for us: Jun 8 04:43:55 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:43:55 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:43:55 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:43:55 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:43:55 charon 49573 13[CFG] selecting traffic selectors for other: Jun 8 04:43:55 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:43:55 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:43:55 charon 49573 13[CHD] CHILD_SA con2{1917} state change: CREATED => INSTALLING Jun 8 04:43:55 charon 49573 13[CHD] using AES_GCM_16 for encryption Jun 8 04:43:55 charon 49573 13[CHD] adding inbound ESP SA Jun 8 04:43:55 charon 49573 13[CHD] SPI 0xc2783165, src x.x.x.162 dst 192.168.177.22 Jun 8 04:43:55 charon 49573 13[CHD] adding outbound ESP SA Jun 8 04:43:55 charon 49573 13[CHD] SPI 0xc1acc0d9, src 192.168.177.22 dst x.x.x.162 Jun 8 04:43:55 charon 49573 13[IKE] CHILD_SA con2{1917} established with SPIs c2783165_i c1acc0d9_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:43:55 charon 49573 13[CHD] CHILD_SA con2{1917} state change: INSTALLING => INSTALLED Jun 8 04:43:55 charon 49573 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:43:55 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:44:00 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:44:00 charon 49573 13[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:44:00 charon 49573 13[IKE] received DELETE for IKE_SA con2[630] Jun 8 04:44:00 charon 49573 13[IKE] deleting IKE_SA con2[630] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:44:00 charon 49573 13[IKE] IKE_SA con2[630] state change: ESTABLISHED => DELETING Jun 8 04:44:00 charon 49573 13[IKE] IKE_SA deleted Jun 8 04:44:00 charon 49573 13[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:44:00 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:44:00 charon 49573 13[IKE] IKE_SA con2[630] state change: DELETING => DESTROYING Jun 8 04:44:00 charon 49573 13[CHD] CHILD_SA con2{1917} state change: INSTALLED => DESTROYING Jun 8 04:44:02 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:44:02 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 04:44:20 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:44:20 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 04:44:29 charon 49573 13[IKE] retransmit 5 of request with message ID 0 Jun 8 04:44:29 charon 49573 13[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:44:55 charon 49573 13[NET] <631> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:44:55 charon 49573 13[ENC] <631> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:44:55 charon 49573 13[CFG] <631> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:44:55 charon 49573 13[CFG] <631> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:44:55 charon 49573 13[CFG] <631> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:44:55 charon 49573 13[CFG] <631> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:44:55 charon 49573 13[IKE] <631> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:44:55 charon 49573 13[IKE] <631> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:44:55 charon 49573 13[IKE] <631> x.x.x.162 is initiating an IKE_SA Jun 8 04:44:55 charon 49573 13[IKE] <631> IKE_SA (unnamed)[631] state change: CREATED => CONNECTING Jun 8 04:44:55 charon 49573 13[CFG] <631> selecting proposal: Jun 8 04:44:55 charon 49573 13[CFG] <631> proposal matches Jun 8 04:44:55 charon 49573 13[CFG] <631> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:44:55 charon 49573 13[CFG] <631> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:44:55 charon 49573 13[CFG] <631> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:44:55 charon 49573 13[CFG] <631> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:44:55 charon 49573 13[IKE] <631> local host is behind NAT, sending keep alives Jun 8 04:44:55 charon 49573 13[CFG] <631> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:44:55 charon 49573 13[IKE] <631> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:44:55 charon 49573 13[ENC] <631> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:44:55 charon 49573 13[NET] <631> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:44:55 charon 49573 13[NET] <631> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:44:55 charon 49573 13[ENC] <631> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:44:55 charon 49573 13[IKE] <631> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:44:55 charon 49573 13[IKE] <631> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:44:55 charon 49573 13[CFG] <631> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:44:55 charon 49573 13[CFG] <631> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:44:55 charon 49573 13[CFG] selected peer config 'con2' Jun 8 04:44:55 charon 49573 13[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:44:55 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:44:55 charon 49573 13[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:44:55 charon 49573 13[IKE] successfully created shared key MAC Jun 8 04:44:55 charon 49573 13[IKE] IKE_SA con2[631] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:44:55 charon 49573 13[IKE] IKE_SA con2[631] state change: CONNECTING => ESTABLISHED Jun 8 04:44:55 charon 49573 13[IKE] scheduling rekeying in 23352s Jun 8 04:44:55 charon 49573 13[IKE] maximum IKE_SA lifetime 26232s Jun 8 04:44:55 charon 49573 13[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:44:55 charon 49573 13[CFG] proposing traffic selectors for us: Jun 8 04:44:55 charon 49573 13[CFG] 192.168.0.0/22|/0 Jun 8 04:44:55 charon 49573 13[CFG] 10.8.0.0/24|/0 Jun 8 04:44:55 charon 49573 13[CFG] proposing traffic selectors for other: Jun 8 04:44:55 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:44:55 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:44:55 charon 49573 13[CFG] candidate "con2" with prio 15+5 Jun 8 04:44:55 charon 49573 13[CFG] found matching child config "con2" with prio 20 Jun 8 04:44:55 charon 49573 13[CFG] selecting proposal: Jun 8 04:44:55 charon 49573 13[CFG] proposal matches Jun 8 04:44:55 charon 49573 13[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:44:55 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:44:55 charon 49573 13[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:44:55 charon 49573 13[CFG] selecting traffic selectors for us: Jun 8 04:44:55 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:44:55 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:44:55 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:44:55 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:44:55 charon 49573 13[CFG] selecting traffic selectors for other: Jun 8 04:44:55 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:44:55 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:44:55 charon 49573 13[CHD] CHILD_SA con2{1918} state change: CREATED => INSTALLING Jun 8 04:44:55 charon 49573 13[CHD] using AES_GCM_16 for encryption Jun 8 04:44:55 charon 49573 13[CHD] adding inbound ESP SA Jun 8 04:44:55 charon 49573 13[CHD] SPI 0xc884f3d2, src x.x.x.162 dst 192.168.177.22 Jun 8 04:44:55 charon 49573 13[CHD] adding outbound ESP SA Jun 8 04:44:55 charon 49573 13[CHD] SPI 0xc59ae251, src 192.168.177.22 dst x.x.x.162 Jun 8 04:44:55 charon 49573 13[IKE] CHILD_SA con2{1918} established with SPIs c884f3d2_i c59ae251_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:44:55 charon 49573 13[CHD] CHILD_SA con2{1918} state change: INSTALLING => INSTALLED Jun 8 04:44:55 charon 49573 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:44:55 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:45:00 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:45:00 charon 49573 13[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:45:00 charon 49573 13[IKE] received DELETE for IKE_SA con2[631] Jun 8 04:45:00 charon 49573 13[IKE] deleting IKE_SA con2[631] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:45:00 charon 49573 13[IKE] IKE_SA con2[631] state change: ESTABLISHED => DELETING Jun 8 04:45:00 charon 49573 13[IKE] IKE_SA deleted Jun 8 04:45:00 charon 49573 13[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:45:00 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:45:00 charon 49573 13[IKE] IKE_SA con2[631] state change: DELETING => DESTROYING Jun 8 04:45:00 charon 49573 13[CHD] CHILD_SA con2{1918} state change: INSTALLED => DESTROYING Jun 8 04:45:01 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:45:01 charon 49573 06[CFG] ignoring acquire, connection attempt pending Jun 8 04:45:45 charon 49573 13[IKE] giving up after 5 retransmits Jun 8 04:45:45 charon 49573 13[IKE] establishing IKE_SA failed, peer not responding Jun 8 04:45:45 charon 49573 13[IKE] IKE_SA con2[629] state change: CONNECTING => DESTROYING Jun 8 04:45:55 charon 49573 13[NET] <632> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:45:55 charon 49573 13[ENC] <632> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:45:55 charon 49573 13[CFG] <632> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:45:55 charon 49573 13[CFG] <632> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:45:55 charon 49573 13[CFG] <632> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:45:55 charon 49573 13[CFG] <632> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:45:55 charon 49573 13[IKE] <632> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:45:55 charon 49573 13[IKE] <632> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:45:55 charon 49573 13[IKE] <632> x.x.x.162 is initiating an IKE_SA Jun 8 04:45:55 charon 49573 13[IKE] <632> IKE_SA (unnamed)[632] state change: CREATED => CONNECTING Jun 8 04:45:55 charon 49573 13[CFG] <632> selecting proposal: Jun 8 04:45:55 charon 49573 13[CFG] <632> proposal matches Jun 8 04:45:55 charon 49573 13[CFG] <632> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:45:55 charon 49573 13[CFG] <632> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:45:55 charon 49573 13[CFG] <632> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:45:55 charon 49573 13[CFG] <632> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:45:55 charon 49573 13[IKE] <632> local host is behind NAT, sending keep alives Jun 8 04:45:55 charon 49573 13[CFG] <632> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:45:55 charon 49573 13[IKE] <632> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:45:55 charon 49573 13[ENC] <632> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:45:55 charon 49573 13[NET] <632> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:45:55 charon 49573 13[NET] <632> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:45:55 charon 49573 13[ENC] <632> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:45:55 charon 49573 13[IKE] <632> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:45:55 charon 49573 13[IKE] <632> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:45:55 charon 49573 13[CFG] <632> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:45:55 charon 49573 13[CFG] <632> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:45:55 charon 49573 13[CFG] selected peer config 'con2' Jun 8 04:45:55 charon 49573 13[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:45:55 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:45:55 charon 49573 13[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:45:55 charon 49573 13[IKE] successfully created shared key MAC Jun 8 04:45:55 charon 49573 13[IKE] IKE_SA con2[632] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:45:55 charon 49573 13[IKE] IKE_SA con2[632] state change: CONNECTING => ESTABLISHED Jun 8 04:45:55 charon 49573 13[IKE] scheduling rekeying in 23192s Jun 8 04:45:55 charon 49573 13[IKE] maximum IKE_SA lifetime 26072s Jun 8 04:45:55 charon 49573 13[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:45:55 charon 49573 13[CFG] proposing traffic selectors for us: Jun 8 04:45:55 charon 49573 13[CFG] 192.168.0.0/22|/0 Jun 8 04:45:55 charon 49573 13[CFG] 10.8.0.0/24|/0 Jun 8 04:45:55 charon 49573 13[CFG] proposing traffic selectors for other: Jun 8 04:45:55 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:45:55 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:45:55 charon 49573 13[CFG] candidate "con2" with prio 15+5 Jun 8 04:45:55 charon 49573 13[CFG] found matching child config "con2" with prio 20 Jun 8 04:45:55 charon 49573 13[CFG] selecting proposal: Jun 8 04:45:55 charon 49573 13[CFG] proposal matches Jun 8 04:45:55 charon 49573 13[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:45:55 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:45:55 charon 49573 13[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:45:55 charon 49573 13[CFG] selecting traffic selectors for us: Jun 8 04:45:55 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:45:55 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:45:55 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:45:55 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:45:55 charon 49573 13[CFG] selecting traffic selectors for other: Jun 8 04:45:55 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:45:55 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:45:55 charon 49573 13[CHD] CHILD_SA con2{1919} state change: CREATED => INSTALLING Jun 8 04:45:55 charon 49573 13[CHD] using AES_GCM_16 for encryption Jun 8 04:45:55 charon 49573 13[CHD] adding inbound ESP SA Jun 8 04:45:55 charon 49573 13[CHD] SPI 0xcc3bae05, src x.x.x.162 dst 192.168.177.22 Jun 8 04:45:55 charon 49573 13[CHD] adding outbound ESP SA Jun 8 04:45:55 charon 49573 13[CHD] SPI 0xcab7803c, src 192.168.177.22 dst x.x.x.162 Jun 8 04:45:55 charon 49573 13[IKE] CHILD_SA con2{1919} established with SPIs cc3bae05_i cab7803c_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:45:55 charon 49573 13[CHD] CHILD_SA con2{1919} state change: INSTALLING => INSTALLED Jun 8 04:45:55 charon 49573 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:45:55 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:46:00 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:46:00 charon 49573 13[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:46:00 charon 49573 13[IKE] received DELETE for IKE_SA con2[632] Jun 8 04:46:00 charon 49573 13[IKE] deleting IKE_SA con2[632] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:46:00 charon 49573 13[IKE] IKE_SA con2[632] state change: ESTABLISHED => DELETING Jun 8 04:46:00 charon 49573 13[IKE] IKE_SA deleted Jun 8 04:46:00 charon 49573 13[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:46:00 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:46:00 charon 49573 13[IKE] IKE_SA con2[632] state change: DELETING => DESTROYING Jun 8 04:46:00 charon 49573 13[CHD] CHILD_SA con2{1919} state change: INSTALLED => DESTROYING Jun 8 04:46:02 charon 49573 07[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:46:02 charon 49573 07[IKE] queueing IKE_VENDOR task Jun 8 04:46:02 charon 49573 07[IKE] queueing IKE_INIT task Jun 8 04:46:02 charon 49573 07[IKE] queueing IKE_NATD task Jun 8 04:46:02 charon 49573 07[IKE] queueing IKE_CERT_PRE task Jun 8 04:46:02 charon 49573 07[IKE] queueing IKE_AUTH task Jun 8 04:46:02 charon 49573 07[IKE] queueing IKE_CERT_POST task Jun 8 04:46:02 charon 49573 07[IKE] queueing IKE_CONFIG task Jun 8 04:46:02 charon 49573 07[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:46:02 charon 49573 07[IKE] queueing CHILD_CREATE task Jun 8 04:46:02 charon 49573 07[IKE] activating new tasks Jun 8 04:46:02 charon 49573 07[IKE] activating IKE_VENDOR task Jun 8 04:46:02 charon 49573 07[IKE] activating IKE_INIT task Jun 8 04:46:02 charon 49573 07[IKE] activating IKE_NATD task Jun 8 04:46:02 charon 49573 07[IKE] activating IKE_CERT_PRE task Jun 8 04:46:02 charon 49573 07[IKE] activating IKE_AUTH task Jun 8 04:46:02 charon 49573 07[IKE] activating IKE_CERT_POST task Jun 8 04:46:02 charon 49573 07[IKE] activating IKE_CONFIG task Jun 8 04:46:02 charon 49573 07[IKE] activating CHILD_CREATE task Jun 8 04:46:02 charon 49573 07[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:46:02 charon 49573 07[IKE] initiating IKE_SA con2[633] to x.x.x.162 Jun 8 04:46:02 charon 49573 07[IKE] IKE_SA con2[633] state change: CREATED => CONNECTING Jun 8 04:46:02 charon 49573 07[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:46:02 charon 49573 07[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:46:02 charon 49573 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:46:02 charon 49573 07[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:46:06 charon 49573 07[IKE] retransmit 1 of request with message ID 0 Jun 8 04:46:06 charon 49573 07[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:46:13 charon 49573 07[IKE] retransmit 2 of request with message ID 0 Jun 8 04:46:13 charon 49573 07[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:46:26 charon 49573 07[IKE] retransmit 3 of request with message ID 0 Jun 8 04:46:26 charon 49573 07[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:46:49 charon 49573 07[IKE] retransmit 4 of request with message ID 0 Jun 8 04:46:49 charon 49573 07[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:46:56 charon 49573 07[NET] <634> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:46:56 charon 49573 07[ENC] <634> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:46:56 charon 49573 07[CFG] <634> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:46:56 charon 49573 07[CFG] <634> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:46:56 charon 49573 07[CFG] <634> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:46:56 charon 49573 07[CFG] <634> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:46:56 charon 49573 07[IKE] <634> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:46:56 charon 49573 07[IKE] <634> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:46:56 charon 49573 07[IKE] <634> x.x.x.162 is initiating an IKE_SA Jun 8 04:46:56 charon 49573 07[IKE] <634> IKE_SA (unnamed)[634] state change: CREATED => CONNECTING Jun 8 04:46:56 charon 49573 07[CFG] <634> selecting proposal: Jun 8 04:46:56 charon 49573 07[CFG] <634> proposal matches Jun 8 04:46:56 charon 49573 07[CFG] <634> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:46:56 charon 49573 07[CFG] <634> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:46:56 charon 49573 07[CFG] <634> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:46:56 charon 49573 07[CFG] <634> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:46:56 charon 49573 07[IKE] <634> local host is behind NAT, sending keep alives Jun 8 04:46:56 charon 49573 07[CFG] <634> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:46:56 charon 49573 07[IKE] <634> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:46:56 charon 49573 07[ENC] <634> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:46:56 charon 49573 07[NET] <634> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:46:56 charon 49573 07[NET] <634> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:46:56 charon 49573 07[ENC] <634> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:46:56 charon 49573 07[IKE] <634> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:46:56 charon 49573 07[IKE] <634> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:46:56 charon 49573 07[CFG] <634> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:46:56 charon 49573 07[CFG] <634> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:46:56 charon 49573 07[CFG] selected peer config 'con2' Jun 8 04:46:56 charon 49573 07[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:46:56 charon 49573 07[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:46:56 charon 49573 07[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:46:56 charon 49573 07[IKE] successfully created shared key MAC Jun 8 04:46:56 charon 49573 07[IKE] IKE_SA con2[634] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:46:56 charon 49573 07[IKE] IKE_SA con2[634] state change: CONNECTING => ESTABLISHED Jun 8 04:46:56 charon 49573 07[IKE] scheduling rekeying in 24806s Jun 8 04:46:56 charon 49573 07[IKE] maximum IKE_SA lifetime 27686s Jun 8 04:46:56 charon 49573 07[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:46:56 charon 49573 07[CFG] proposing traffic selectors for us: Jun 8 04:46:56 charon 49573 07[CFG] 192.168.0.0/22|/0 Jun 8 04:46:56 charon 49573 07[CFG] 10.8.0.0/24|/0 Jun 8 04:46:56 charon 49573 07[CFG] proposing traffic selectors for other: Jun 8 04:46:56 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 04:46:56 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 04:46:56 charon 49573 07[CFG] candidate "con2" with prio 15+5 Jun 8 04:46:56 charon 49573 07[CFG] found matching child config "con2" with prio 20 Jun 8 04:46:56 charon 49573 07[CFG] selecting proposal: Jun 8 04:46:56 charon 49573 07[CFG] proposal matches Jun 8 04:46:56 charon 49573 07[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:46:56 charon 49573 07[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:46:56 charon 49573 07[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:46:56 charon 49573 07[CFG] selecting traffic selectors for us: Jun 8 04:46:56 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:46:56 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:46:56 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:46:56 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:46:56 charon 49573 07[CFG] selecting traffic selectors for other: Jun 8 04:46:56 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:46:56 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:46:56 charon 49573 07[CHD] CHILD_SA con2{1920} state change: CREATED => INSTALLING Jun 8 04:46:56 charon 49573 07[CHD] using AES_GCM_16 for encryption Jun 8 04:46:56 charon 49573 07[CHD] adding inbound ESP SA Jun 8 04:46:56 charon 49573 07[CHD] SPI 0xc33d8ac7, src x.x.x.162 dst 192.168.177.22 Jun 8 04:46:56 charon 49573 07[CHD] adding outbound ESP SA Jun 8 04:46:56 charon 49573 07[CHD] SPI 0xcf5b73ec, src 192.168.177.22 dst x.x.x.162 Jun 8 04:46:56 charon 49573 07[IKE] CHILD_SA con2{1920} established with SPIs c33d8ac7_i cf5b73ec_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:46:56 charon 49573 07[CHD] CHILD_SA con2{1920} state change: INSTALLING => INSTALLED Jun 8 04:46:56 charon 49573 07[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:46:56 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:47:00 charon 49573 07[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:47:00 charon 49573 07[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:47:00 charon 49573 07[IKE] received DELETE for IKE_SA con2[634] Jun 8 04:47:00 charon 49573 07[IKE] deleting IKE_SA con2[634] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:47:00 charon 49573 07[IKE] IKE_SA con2[634] state change: ESTABLISHED => DELETING Jun 8 04:47:00 charon 49573 07[IKE] IKE_SA deleted Jun 8 04:47:00 charon 49573 07[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:47:00 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:47:00 charon 49573 07[IKE] IKE_SA con2[634] state change: DELETING => DESTROYING Jun 8 04:47:00 charon 49573 07[CHD] CHILD_SA con2{1920} state change: INSTALLED => DESTROYING Jun 8 04:47:01 charon 49573 07[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:47:01 charon 49573 11[CFG] ignoring acquire, connection attempt pending Jun 8 04:47:31 charon 49573 07[IKE] retransmit 5 of request with message ID 0 Jun 8 04:47:31 charon 49573 07[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:47:57 charon 49573 07[NET] <635> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:47:57 charon 49573 07[ENC] <635> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:47:57 charon 49573 07[CFG] <635> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:47:57 charon 49573 07[CFG] <635> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:47:57 charon 49573 07[CFG] <635> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:47:57 charon 49573 07[CFG] <635> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:47:57 charon 49573 07[IKE] <635> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:47:57 charon 49573 07[IKE] <635> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:47:57 charon 49573 07[IKE] <635> x.x.x.162 is initiating an IKE_SA Jun 8 04:47:57 charon 49573 07[IKE] <635> IKE_SA (unnamed)[635] state change: CREATED => CONNECTING Jun 8 04:47:57 charon 49573 07[CFG] <635> selecting proposal: Jun 8 04:47:57 charon 49573 07[CFG] <635> proposal matches Jun 8 04:47:57 charon 49573 07[CFG] <635> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:47:57 charon 49573 07[CFG] <635> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:47:57 charon 49573 07[CFG] <635> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:47:57 charon 49573 07[CFG] <635> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:47:57 charon 49573 07[IKE] <635> local host is behind NAT, sending keep alives Jun 8 04:47:57 charon 49573 07[CFG] <635> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:47:57 charon 49573 07[IKE] <635> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:47:57 charon 49573 07[ENC] <635> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:47:57 charon 49573 07[NET] <635> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:47:57 charon 49573 07[NET] <635> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:47:57 charon 49573 07[ENC] <635> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:47:57 charon 49573 07[IKE] <635> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:47:57 charon 49573 07[IKE] <635> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:47:57 charon 49573 07[CFG] <635> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:47:57 charon 49573 07[CFG] <635> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:47:57 charon 49573 07[CFG] selected peer config 'con2' Jun 8 04:47:57 charon 49573 07[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:47:57 charon 49573 07[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:47:57 charon 49573 07[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:47:57 charon 49573 07[IKE] successfully created shared key MAC Jun 8 04:47:57 charon 49573 07[IKE] IKE_SA con2[635] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:47:57 charon 49573 07[IKE] IKE_SA con2[635] state change: CONNECTING => ESTABLISHED Jun 8 04:47:57 charon 49573 07[IKE] scheduling rekeying in 23997s Jun 8 04:47:57 charon 49573 07[IKE] maximum IKE_SA lifetime 26877s Jun 8 04:47:57 charon 49573 07[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:47:57 charon 49573 07[CFG] proposing traffic selectors for us: Jun 8 04:47:57 charon 49573 07[CFG] 192.168.0.0/22|/0 Jun 8 04:47:57 charon 49573 07[CFG] 10.8.0.0/24|/0 Jun 8 04:47:57 charon 49573 07[CFG] proposing traffic selectors for other: Jun 8 04:47:57 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 04:47:57 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 04:47:57 charon 49573 07[CFG] candidate "con2" with prio 15+5 Jun 8 04:47:57 charon 49573 07[CFG] found matching child config "con2" with prio 20 Jun 8 04:47:57 charon 49573 07[CFG] selecting proposal: Jun 8 04:47:57 charon 49573 07[CFG] proposal matches Jun 8 04:47:57 charon 49573 07[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:47:57 charon 49573 07[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:47:57 charon 49573 07[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:47:57 charon 49573 07[CFG] selecting traffic selectors for us: Jun 8 04:47:57 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:47:57 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:47:57 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:47:57 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:47:57 charon 49573 07[CFG] selecting traffic selectors for other: Jun 8 04:47:57 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:47:57 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:47:57 charon 49573 07[CHD] CHILD_SA con2{1921} state change: CREATED => INSTALLING Jun 8 04:47:57 charon 49573 07[CHD] using AES_GCM_16 for encryption Jun 8 04:47:57 charon 49573 07[CHD] adding inbound ESP SA Jun 8 04:47:57 charon 49573 07[CHD] SPI 0xc5307b70, src x.x.x.162 dst 192.168.177.22 Jun 8 04:47:57 charon 49573 07[CHD] adding outbound ESP SA Jun 8 04:47:57 charon 49573 07[CHD] SPI 0xcb9efdf0, src 192.168.177.22 dst x.x.x.162 Jun 8 04:47:57 charon 49573 07[IKE] CHILD_SA con2{1921} established with SPIs c5307b70_i cb9efdf0_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:47:57 charon 49573 07[CHD] CHILD_SA con2{1921} state change: INSTALLING => INSTALLED Jun 8 04:47:57 charon 49573 07[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:47:57 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:48:00 charon 49573 07[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:48:00 charon 49573 07[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:48:00 charon 49573 07[IKE] received DELETE for IKE_SA con2[635] Jun 8 04:48:00 charon 49573 07[IKE] deleting IKE_SA con2[635] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:48:00 charon 49573 07[IKE] IKE_SA con2[635] state change: ESTABLISHED => DELETING Jun 8 04:48:00 charon 49573 07[IKE] IKE_SA deleted Jun 8 04:48:00 charon 49573 07[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:48:00 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:48:00 charon 49573 07[IKE] IKE_SA con2[635] state change: DELETING => DESTROYING Jun 8 04:48:00 charon 49573 07[CHD] CHILD_SA con2{1921} state change: INSTALLED => DESTROYING Jun 8 04:48:01 charon 49573 07[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:48:01 charon 49573 07[CFG] ignoring acquire, connection attempt pending Jun 8 04:48:16 charon 49573 07[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:48:16 charon 49573 08[CFG] ignoring acquire, connection attempt pending Jun 8 04:48:40 charon 49573 08[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:48:40 charon 49573 08[CFG] ignoring acquire, connection attempt pending Jun 8 04:48:47 charon 49573 08[IKE] giving up after 5 retransmits Jun 8 04:48:47 charon 49573 08[IKE] establishing IKE_SA failed, peer not responding Jun 8 04:48:47 charon 49573 08[IKE] IKE_SA con2[633] state change: CONNECTING => DESTROYING Jun 8 04:48:57 charon 49573 08[NET] <636> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:48:57 charon 49573 08[ENC] <636> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:48:57 charon 49573 08[CFG] <636> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:48:57 charon 49573 08[CFG] <636> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:48:57 charon 49573 08[CFG] <636> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:48:57 charon 49573 08[CFG] <636> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:48:57 charon 49573 08[IKE] <636> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:48:57 charon 49573 08[IKE] <636> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:48:57 charon 49573 08[IKE] <636> x.x.x.162 is initiating an IKE_SA Jun 8 04:48:57 charon 49573 08[IKE] <636> IKE_SA (unnamed)[636] state change: CREATED => CONNECTING Jun 8 04:48:57 charon 49573 08[CFG] <636> selecting proposal: Jun 8 04:48:57 charon 49573 08[CFG] <636> proposal matches Jun 8 04:48:57 charon 49573 08[CFG] <636> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:48:57 charon 49573 08[CFG] <636> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:48:57 charon 49573 08[CFG] <636> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:48:57 charon 49573 08[CFG] <636> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:48:57 charon 49573 08[IKE] <636> local host is behind NAT, sending keep alives Jun 8 04:48:57 charon 49573 08[CFG] <636> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:48:57 charon 49573 08[IKE] <636> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:48:57 charon 49573 08[ENC] <636> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:48:57 charon 49573 08[NET] <636> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:48:57 charon 49573 08[NET] <636> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:48:57 charon 49573 08[ENC] <636> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:48:57 charon 49573 08[IKE] <636> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:48:57 charon 49573 08[IKE] <636> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:48:57 charon 49573 08[CFG] <636> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:48:57 charon 49573 08[CFG] <636> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:48:57 charon 49573 08[CFG] selected peer config 'con2' Jun 8 04:48:57 charon 49573 08[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:48:57 charon 49573 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:48:57 charon 49573 08[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:48:57 charon 49573 08[IKE] successfully created shared key MAC Jun 8 04:48:57 charon 49573 08[IKE] IKE_SA con2[636] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:48:57 charon 49573 08[IKE] IKE_SA con2[636] state change: CONNECTING => ESTABLISHED Jun 8 04:48:57 charon 49573 08[IKE] scheduling rekeying in 23123s Jun 8 04:48:57 charon 49573 08[IKE] maximum IKE_SA lifetime 26003s Jun 8 04:48:57 charon 49573 08[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:48:57 charon 49573 08[CFG] proposing traffic selectors for us: Jun 8 04:48:57 charon 49573 08[CFG] 192.168.0.0/22|/0 Jun 8 04:48:57 charon 49573 08[CFG] 10.8.0.0/24|/0 Jun 8 04:48:57 charon 49573 08[CFG] proposing traffic selectors for other: Jun 8 04:48:57 charon 49573 08[CFG] 172.16.100.0/24|/0 Jun 8 04:48:57 charon 49573 08[CFG] 172.16.100.0/24|/0 Jun 8 04:48:57 charon 49573 08[CFG] candidate "con2" with prio 15+5 Jun 8 04:48:57 charon 49573 08[CFG] found matching child config "con2" with prio 20 Jun 8 04:48:57 charon 49573 08[CFG] selecting proposal: Jun 8 04:48:57 charon 49573 08[CFG] proposal matches Jun 8 04:48:57 charon 49573 08[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:48:57 charon 49573 08[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:48:57 charon 49573 08[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:48:57 charon 49573 08[CFG] selecting traffic selectors for us: Jun 8 04:48:57 charon 49573 08[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:48:57 charon 49573 08[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:48:57 charon 49573 08[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:48:57 charon 49573 08[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:48:57 charon 49573 08[CFG] selecting traffic selectors for other: Jun 8 04:48:57 charon 49573 08[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:48:57 charon 49573 08[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:48:57 charon 49573 08[CHD] CHILD_SA con2{1922} state change: CREATED => INSTALLING Jun 8 04:48:57 charon 49573 08[CHD] using AES_GCM_16 for encryption Jun 8 04:48:57 charon 49573 08[CHD] adding inbound ESP SA Jun 8 04:48:57 charon 49573 08[CHD] SPI 0xcfcdb914, src x.x.x.162 dst 192.168.177.22 Jun 8 04:48:57 charon 49573 08[CHD] adding outbound ESP SA Jun 8 04:48:57 charon 49573 08[CHD] SPI 0xc35dcef3, src 192.168.177.22 dst x.x.x.162 Jun 8 04:48:57 charon 49573 08[IKE] CHILD_SA con2{1922} established with SPIs cfcdb914_i c35dcef3_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:48:57 charon 49573 08[CHD] CHILD_SA con2{1922} state change: INSTALLING => INSTALLED Jun 8 04:48:57 charon 49573 08[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:48:57 charon 49573 08[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:49:00 charon 49573 08[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:49:00 charon 49573 08[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:49:00 charon 49573 08[IKE] received DELETE for IKE_SA con2[636] Jun 8 04:49:00 charon 49573 08[IKE] deleting IKE_SA con2[636] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:49:00 charon 49573 08[IKE] IKE_SA con2[636] state change: ESTABLISHED => DELETING Jun 8 04:49:00 charon 49573 08[IKE] IKE_SA deleted Jun 8 04:49:00 charon 49573 08[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:49:00 charon 49573 08[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:49:00 charon 49573 08[IKE] IKE_SA con2[636] state change: DELETING => DESTROYING Jun 8 04:49:00 charon 49573 08[CHD] CHILD_SA con2{1922} state change: INSTALLED => DESTROYING Jun 8 04:49:01 charon 49573 08[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:49:01 charon 49573 05[IKE] queueing IKE_VENDOR task Jun 8 04:49:01 charon 49573 05[IKE] queueing IKE_INIT task Jun 8 04:49:01 charon 49573 05[IKE] queueing IKE_NATD task Jun 8 04:49:01 charon 49573 05[IKE] queueing IKE_CERT_PRE task Jun 8 04:49:01 charon 49573 05[IKE] queueing IKE_AUTH task Jun 8 04:49:01 charon 49573 05[IKE] queueing IKE_CERT_POST task Jun 8 04:49:01 charon 49573 05[IKE] queueing IKE_CONFIG task Jun 8 04:49:01 charon 49573 05[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:49:01 charon 49573 05[IKE] queueing CHILD_CREATE task Jun 8 04:49:01 charon 49573 05[IKE] activating new tasks Jun 8 04:49:01 charon 49573 05[IKE] activating IKE_VENDOR task Jun 8 04:49:01 charon 49573 05[IKE] activating IKE_INIT task Jun 8 04:49:01 charon 49573 05[IKE] activating IKE_NATD task Jun 8 04:49:01 charon 49573 05[IKE] activating IKE_CERT_PRE task Jun 8 04:49:01 charon 49573 05[IKE] activating IKE_AUTH task Jun 8 04:49:01 charon 49573 05[IKE] activating IKE_CERT_POST task Jun 8 04:49:01 charon 49573 05[IKE] activating IKE_CONFIG task Jun 8 04:49:01 charon 49573 05[IKE] activating CHILD_CREATE task Jun 8 04:49:01 charon 49573 05[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:49:01 charon 49573 05[IKE] initiating IKE_SA con2[637] to x.x.x.162 Jun 8 04:49:01 charon 49573 05[IKE] IKE_SA con2[637] state change: CREATED => CONNECTING Jun 8 04:49:01 charon 49573 05[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:49:01 charon 49573 05[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:49:01 charon 49573 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:49:01 charon 49573 05[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:49:05 charon 49573 05[IKE] retransmit 1 of request with message ID 0 Jun 8 04:49:05 charon 49573 05[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:49:12 charon 49573 05[IKE] retransmit 2 of request with message ID 0 Jun 8 04:49:12 charon 49573 05[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:49:21 charon 49573 08[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:49:21 charon 49573 01[CFG] ignoring acquire, connection attempt pending Jun 8 04:49:25 charon 49573 01[IKE] retransmit 3 of request with message ID 0 Jun 8 04:49:25 charon 49573 01[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:49:49 charon 49573 01[IKE] retransmit 4 of request with message ID 0 Jun 8 04:49:49 charon 49573 01[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:49:55 charon 49573 01[NET] <638> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:49:55 charon 49573 01[ENC] <638> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:49:55 charon 49573 01[CFG] <638> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:49:55 charon 49573 01[CFG] <638> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:49:55 charon 49573 01[CFG] <638> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:49:55 charon 49573 01[CFG] <638> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:49:55 charon 49573 01[IKE] <638> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:49:55 charon 49573 01[IKE] <638> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:49:55 charon 49573 01[IKE] <638> x.x.x.162 is initiating an IKE_SA Jun 8 04:49:55 charon 49573 01[IKE] <638> IKE_SA (unnamed)[638] state change: CREATED => CONNECTING Jun 8 04:49:55 charon 49573 01[CFG] <638> selecting proposal: Jun 8 04:49:55 charon 49573 01[CFG] <638> proposal matches Jun 8 04:49:55 charon 49573 01[CFG] <638> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:49:55 charon 49573 01[CFG] <638> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:49:55 charon 49573 01[CFG] <638> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:49:55 charon 49573 01[CFG] <638> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:49:55 charon 49573 01[IKE] <638> local host is behind NAT, sending keep alives Jun 8 04:49:55 charon 49573 01[CFG] <638> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:49:55 charon 49573 01[IKE] <638> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:49:55 charon 49573 01[ENC] <638> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:49:55 charon 49573 01[NET] <638> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:49:55 charon 49573 01[NET] <638> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:49:55 charon 49573 01[ENC] <638> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:49:55 charon 49573 01[IKE] <638> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:49:55 charon 49573 01[IKE] <638> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:49:55 charon 49573 01[CFG] <638> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:49:55 charon 49573 01[CFG] <638> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:49:55 charon 49573 01[CFG] selected peer config 'con2' Jun 8 04:49:55 charon 49573 01[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:49:55 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:49:55 charon 49573 01[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:49:55 charon 49573 01[IKE] successfully created shared key MAC Jun 8 04:49:55 charon 49573 01[IKE] IKE_SA con2[638] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:49:55 charon 49573 01[IKE] IKE_SA con2[638] state change: CONNECTING => ESTABLISHED Jun 8 04:49:55 charon 49573 01[IKE] scheduling rekeying in 23122s Jun 8 04:49:55 charon 49573 01[IKE] maximum IKE_SA lifetime 26002s Jun 8 04:49:55 charon 49573 01[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:49:55 charon 49573 01[CFG] proposing traffic selectors for us: Jun 8 04:49:55 charon 49573 01[CFG] 192.168.0.0/22|/0 Jun 8 04:49:55 charon 49573 01[CFG] 10.8.0.0/24|/0 Jun 8 04:49:55 charon 49573 01[CFG] proposing traffic selectors for other: Jun 8 04:49:55 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 04:49:55 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 04:49:55 charon 49573 01[CFG] candidate "con2" with prio 15+5 Jun 8 04:49:55 charon 49573 01[CFG] found matching child config "con2" with prio 20 Jun 8 04:49:55 charon 49573 01[CFG] selecting proposal: Jun 8 04:49:55 charon 49573 01[CFG] proposal matches Jun 8 04:49:55 charon 49573 01[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:49:55 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:49:55 charon 49573 01[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:49:55 charon 49573 01[CFG] selecting traffic selectors for us: Jun 8 04:49:55 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:49:55 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:49:55 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:49:55 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:49:55 charon 49573 01[CFG] selecting traffic selectors for other: Jun 8 04:49:55 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:49:55 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:49:55 charon 49573 01[CHD] CHILD_SA con2{1923} state change: CREATED => INSTALLING Jun 8 04:49:55 charon 49573 01[CHD] using AES_GCM_16 for encryption Jun 8 04:49:55 charon 49573 01[CHD] adding inbound ESP SA Jun 8 04:49:55 charon 49573 01[CHD] SPI 0xcbbb93b6, src x.x.x.162 dst 192.168.177.22 Jun 8 04:49:55 charon 49573 01[CHD] adding outbound ESP SA Jun 8 04:49:55 charon 49573 01[CHD] SPI 0xca61a716, src 192.168.177.22 dst x.x.x.162 Jun 8 04:49:55 charon 49573 01[IKE] CHILD_SA con2{1923} established with SPIs cbbb93b6_i ca61a716_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:49:55 charon 49573 01[CHD] CHILD_SA con2{1923} state change: INSTALLING => INSTALLED Jun 8 04:49:55 charon 49573 01[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:49:55 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:50:00 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:50:00 charon 49573 01[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:50:00 charon 49573 01[IKE] received DELETE for IKE_SA con2[638] Jun 8 04:50:00 charon 49573 01[IKE] deleting IKE_SA con2[638] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:50:00 charon 49573 01[IKE] IKE_SA con2[638] state change: ESTABLISHED => DELETING Jun 8 04:50:00 charon 49573 01[IKE] IKE_SA deleted Jun 8 04:50:00 charon 49573 01[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:50:00 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:50:00 charon 49573 01[IKE] IKE_SA con2[638] state change: DELETING => DESTROYING Jun 8 04:50:00 charon 49573 01[CHD] CHILD_SA con2{1923} state change: INSTALLED => DESTROYING Jun 8 04:50:02 charon 49573 01[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:50:02 charon 49573 12[CFG] ignoring acquire, connection attempt pending Jun 8 04:50:31 charon 49573 12[IKE] retransmit 5 of request with message ID 0 Jun 8 04:50:31 charon 49573 12[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:50:54 charon 49573 12[NET] <639> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:50:54 charon 49573 12[ENC] <639> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:50:54 charon 49573 12[CFG] <639> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:50:54 charon 49573 12[CFG] <639> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:50:54 charon 49573 12[CFG] <639> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:50:54 charon 49573 12[CFG] <639> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:50:54 charon 49573 12[IKE] <639> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:50:54 charon 49573 12[IKE] <639> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:50:54 charon 49573 12[IKE] <639> x.x.x.162 is initiating an IKE_SA Jun 8 04:50:54 charon 49573 12[IKE] <639> IKE_SA (unnamed)[639] state change: CREATED => CONNECTING Jun 8 04:50:54 charon 49573 12[CFG] <639> selecting proposal: Jun 8 04:50:54 charon 49573 12[CFG] <639> proposal matches Jun 8 04:50:54 charon 49573 12[CFG] <639> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:50:54 charon 49573 12[CFG] <639> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:50:54 charon 49573 12[CFG] <639> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:50:54 charon 49573 12[CFG] <639> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:50:54 charon 49573 12[IKE] <639> local host is behind NAT, sending keep alives Jun 8 04:50:54 charon 49573 12[CFG] <639> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:50:54 charon 49573 12[IKE] <639> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:50:54 charon 49573 12[ENC] <639> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:50:54 charon 49573 12[NET] <639> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:50:54 charon 49573 12[NET] <639> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:50:54 charon 49573 12[ENC] <639> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:50:54 charon 49573 12[IKE] <639> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:50:54 charon 49573 12[IKE] <639> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:50:54 charon 49573 12[CFG] <639> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:50:54 charon 49573 12[CFG] <639> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:50:54 charon 49573 12[CFG] selected peer config 'con2' Jun 8 04:50:54 charon 49573 12[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:50:54 charon 49573 12[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:50:54 charon 49573 12[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:50:54 charon 49573 12[IKE] successfully created shared key MAC Jun 8 04:50:54 charon 49573 12[IKE] IKE_SA con2[639] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:50:54 charon 49573 12[IKE] IKE_SA con2[639] state change: CONNECTING => ESTABLISHED Jun 8 04:50:54 charon 49573 12[IKE] scheduling rekeying in 24443s Jun 8 04:50:54 charon 49573 12[IKE] maximum IKE_SA lifetime 27323s Jun 8 04:50:54 charon 49573 12[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:50:54 charon 49573 12[CFG] proposing traffic selectors for us: Jun 8 04:50:54 charon 49573 12[CFG] 192.168.0.0/22|/0 Jun 8 04:50:54 charon 49573 12[CFG] 10.8.0.0/24|/0 Jun 8 04:50:54 charon 49573 12[CFG] proposing traffic selectors for other: Jun 8 04:50:54 charon 49573 12[CFG] 172.16.100.0/24|/0 Jun 8 04:50:54 charon 49573 12[CFG] 172.16.100.0/24|/0 Jun 8 04:50:54 charon 49573 12[CFG] candidate "con2" with prio 15+5 Jun 8 04:50:54 charon 49573 12[CFG] found matching child config "con2" with prio 20 Jun 8 04:50:54 charon 49573 12[CFG] selecting proposal: Jun 8 04:50:54 charon 49573 12[CFG] proposal matches Jun 8 04:50:54 charon 49573 12[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:50:54 charon 49573 12[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:50:54 charon 49573 12[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:50:54 charon 49573 12[CFG] selecting traffic selectors for us: Jun 8 04:50:54 charon 49573 12[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:50:54 charon 49573 12[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:50:54 charon 49573 12[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:50:54 charon 49573 12[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:50:54 charon 49573 12[CFG] selecting traffic selectors for other: Jun 8 04:50:54 charon 49573 12[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:50:54 charon 49573 12[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:50:54 charon 49573 12[CHD] CHILD_SA con2{1924} state change: CREATED => INSTALLING Jun 8 04:50:54 charon 49573 12[CHD] using AES_GCM_16 for encryption Jun 8 04:50:54 charon 49573 12[CHD] adding inbound ESP SA Jun 8 04:50:54 charon 49573 12[CHD] SPI 0xc3fa87bb, src x.x.x.162 dst 192.168.177.22 Jun 8 04:50:54 charon 49573 12[CHD] adding outbound ESP SA Jun 8 04:50:54 charon 49573 12[CHD] SPI 0xc2900ac1, src 192.168.177.22 dst x.x.x.162 Jun 8 04:50:54 charon 49573 12[IKE] CHILD_SA con2{1924} established with SPIs c3fa87bb_i c2900ac1_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:50:54 charon 49573 12[CHD] CHILD_SA con2{1924} state change: INSTALLING => INSTALLED Jun 8 04:50:54 charon 49573 12[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:50:54 charon 49573 12[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:51:00 charon 49573 12[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:51:00 charon 49573 12[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:51:00 charon 49573 12[IKE] received DELETE for IKE_SA con2[639] Jun 8 04:51:00 charon 49573 12[IKE] deleting IKE_SA con2[639] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:51:00 charon 49573 12[IKE] IKE_SA con2[639] state change: ESTABLISHED => DELETING Jun 8 04:51:00 charon 49573 12[IKE] IKE_SA deleted Jun 8 04:51:00 charon 49573 12[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:51:00 charon 49573 12[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:51:00 charon 49573 12[IKE] IKE_SA con2[639] state change: DELETING => DESTROYING Jun 8 04:51:00 charon 49573 12[CHD] CHILD_SA con2{1924} state change: INSTALLED => DESTROYING Jun 8 04:51:01 charon 49573 12[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:51:01 charon 49573 12[CFG] ignoring acquire, connection attempt pending Jun 8 04:51:46 charon 49573 15[IKE] giving up after 5 retransmits Jun 8 04:51:46 charon 49573 15[IKE] establishing IKE_SA failed, peer not responding Jun 8 04:51:46 charon 49573 15[IKE] IKE_SA con2[637] state change: CONNECTING => DESTROYING Jun 8 04:51:57 charon 49573 15[NET] <640> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:51:57 charon 49573 15[ENC] <640> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:51:57 charon 49573 15[CFG] <640> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:51:57 charon 49573 15[CFG] <640> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:51:57 charon 49573 15[CFG] <640> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:51:57 charon 49573 15[CFG] <640> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:51:57 charon 49573 15[IKE] <640> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:51:57 charon 49573 15[IKE] <640> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:51:57 charon 49573 15[IKE] <640> x.x.x.162 is initiating an IKE_SA Jun 8 04:51:57 charon 49573 15[IKE] <640> IKE_SA (unnamed)[640] state change: CREATED => CONNECTING Jun 8 04:51:57 charon 49573 15[CFG] <640> selecting proposal: Jun 8 04:51:57 charon 49573 15[CFG] <640> proposal matches Jun 8 04:51:57 charon 49573 15[CFG] <640> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:51:57 charon 49573 15[CFG] <640> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:51:57 charon 49573 15[CFG] <640> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:51:57 charon 49573 15[CFG] <640> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:51:57 charon 49573 15[IKE] <640> local host is behind NAT, sending keep alives Jun 8 04:51:57 charon 49573 15[CFG] <640> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:51:57 charon 49573 15[IKE] <640> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:51:57 charon 49573 15[ENC] <640> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:51:57 charon 49573 15[NET] <640> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:51:57 charon 49573 15[NET] <640> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:51:57 charon 49573 15[ENC] <640> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:51:57 charon 49573 15[IKE] <640> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:51:57 charon 49573 15[IKE] <640> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:51:57 charon 49573 15[CFG] <640> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:51:57 charon 49573 15[CFG] <640> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:51:57 charon 49573 15[CFG] selected peer config 'con2' Jun 8 04:51:57 charon 49573 15[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:51:57 charon 49573 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:51:57 charon 49573 15[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:51:57 charon 49573 15[IKE] successfully created shared key MAC Jun 8 04:51:57 charon 49573 15[IKE] IKE_SA con2[640] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:51:57 charon 49573 15[IKE] IKE_SA con2[640] state change: CONNECTING => ESTABLISHED Jun 8 04:51:57 charon 49573 15[IKE] scheduling rekeying in 25724s Jun 8 04:51:57 charon 49573 15[IKE] maximum IKE_SA lifetime 28604s Jun 8 04:51:57 charon 49573 15[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:51:57 charon 49573 15[CFG] proposing traffic selectors for us: Jun 8 04:51:57 charon 49573 15[CFG] 192.168.0.0/22|/0 Jun 8 04:51:57 charon 49573 15[CFG] 10.8.0.0/24|/0 Jun 8 04:51:57 charon 49573 15[CFG] proposing traffic selectors for other: Jun 8 04:51:57 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 04:51:57 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 04:51:57 charon 49573 15[CFG] candidate "con2" with prio 15+5 Jun 8 04:51:57 charon 49573 15[CFG] found matching child config "con2" with prio 20 Jun 8 04:51:57 charon 49573 15[CFG] selecting proposal: Jun 8 04:51:57 charon 49573 15[CFG] proposal matches Jun 8 04:51:57 charon 49573 15[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:51:57 charon 49573 15[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:51:57 charon 49573 15[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:51:57 charon 49573 15[CFG] selecting traffic selectors for us: Jun 8 04:51:57 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:51:57 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:51:57 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:51:57 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:51:57 charon 49573 15[CFG] selecting traffic selectors for other: Jun 8 04:51:57 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:51:57 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:51:57 charon 49573 15[CHD] CHILD_SA con2{1925} state change: CREATED => INSTALLING Jun 8 04:51:57 charon 49573 15[CHD] using AES_GCM_16 for encryption Jun 8 04:51:57 charon 49573 15[CHD] adding inbound ESP SA Jun 8 04:51:57 charon 49573 15[CHD] SPI 0xcc85bca3, src x.x.x.162 dst 192.168.177.22 Jun 8 04:51:57 charon 49573 15[CHD] adding outbound ESP SA Jun 8 04:51:57 charon 49573 15[CHD] SPI 0xcc5384e1, src 192.168.177.22 dst x.x.x.162 Jun 8 04:51:57 charon 49573 15[IKE] CHILD_SA con2{1925} established with SPIs cc85bca3_i cc5384e1_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:51:57 charon 49573 15[CHD] CHILD_SA con2{1925} state change: INSTALLING => INSTALLED Jun 8 04:51:57 charon 49573 15[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:51:57 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:52:00 charon 49573 15[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:52:00 charon 49573 15[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:52:00 charon 49573 15[IKE] received DELETE for IKE_SA con2[640] Jun 8 04:52:00 charon 49573 15[IKE] deleting IKE_SA con2[640] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:52:00 charon 49573 15[IKE] IKE_SA con2[640] state change: ESTABLISHED => DELETING Jun 8 04:52:00 charon 49573 15[IKE] IKE_SA deleted Jun 8 04:52:00 charon 49573 15[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:52:00 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:52:00 charon 49573 15[IKE] IKE_SA con2[640] state change: DELETING => DESTROYING Jun 8 04:52:00 charon 49573 15[CHD] CHILD_SA con2{1925} state change: INSTALLED => DESTROYING Jun 8 04:52:01 charon 49573 14[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:52:01 charon 49573 14[IKE] queueing IKE_VENDOR task Jun 8 04:52:01 charon 49573 14[IKE] queueing IKE_INIT task Jun 8 04:52:01 charon 49573 14[IKE] queueing IKE_NATD task Jun 8 04:52:01 charon 49573 14[IKE] queueing IKE_CERT_PRE task Jun 8 04:52:01 charon 49573 14[IKE] queueing IKE_AUTH task Jun 8 04:52:01 charon 49573 14[IKE] queueing IKE_CERT_POST task Jun 8 04:52:01 charon 49573 14[IKE] queueing IKE_CONFIG task Jun 8 04:52:01 charon 49573 14[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:52:01 charon 49573 14[IKE] queueing CHILD_CREATE task Jun 8 04:52:01 charon 49573 14[IKE] activating new tasks Jun 8 04:52:01 charon 49573 14[IKE] activating IKE_VENDOR task Jun 8 04:52:01 charon 49573 14[IKE] activating IKE_INIT task Jun 8 04:52:01 charon 49573 14[IKE] activating IKE_NATD task Jun 8 04:52:01 charon 49573 14[IKE] activating IKE_CERT_PRE task Jun 8 04:52:01 charon 49573 14[IKE] activating IKE_AUTH task Jun 8 04:52:01 charon 49573 14[IKE] activating IKE_CERT_POST task Jun 8 04:52:01 charon 49573 14[IKE] activating IKE_CONFIG task Jun 8 04:52:01 charon 49573 14[IKE] activating CHILD_CREATE task Jun 8 04:52:01 charon 49573 14[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:52:01 charon 49573 14[IKE] initiating IKE_SA con2[641] to x.x.x.162 Jun 8 04:52:01 charon 49573 14[IKE] IKE_SA con2[641] state change: CREATED => CONNECTING Jun 8 04:52:01 charon 49573 14[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:52:01 charon 49573 14[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:52:01 charon 49573 14[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:52:01 charon 49573 14[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:52:05 charon 49573 14[IKE] retransmit 1 of request with message ID 0 Jun 8 04:52:05 charon 49573 14[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:52:12 charon 49573 14[IKE] retransmit 2 of request with message ID 0 Jun 8 04:52:12 charon 49573 14[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:52:25 charon 49573 14[IKE] retransmit 3 of request with message ID 0 Jun 8 04:52:25 charon 49573 14[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:52:49 charon 49573 14[IKE] retransmit 4 of request with message ID 0 Jun 8 04:52:49 charon 49573 14[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:52:57 charon 49573 14[NET] <642> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:52:57 charon 49573 14[ENC] <642> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:52:57 charon 49573 14[CFG] <642> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:52:57 charon 49573 14[CFG] <642> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:52:57 charon 49573 14[CFG] <642> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:52:57 charon 49573 14[CFG] <642> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:52:57 charon 49573 14[IKE] <642> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:52:57 charon 49573 14[IKE] <642> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:52:57 charon 49573 14[IKE] <642> x.x.x.162 is initiating an IKE_SA Jun 8 04:52:57 charon 49573 14[IKE] <642> IKE_SA (unnamed)[642] state change: CREATED => CONNECTING Jun 8 04:52:57 charon 49573 14[CFG] <642> selecting proposal: Jun 8 04:52:57 charon 49573 14[CFG] <642> proposal matches Jun 8 04:52:57 charon 49573 14[CFG] <642> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:52:57 charon 49573 14[CFG] <642> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:52:57 charon 49573 14[CFG] <642> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:52:57 charon 49573 14[CFG] <642> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:52:57 charon 49573 14[IKE] <642> local host is behind NAT, sending keep alives Jun 8 04:52:57 charon 49573 14[CFG] <642> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:52:57 charon 49573 14[IKE] <642> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:52:57 charon 49573 14[ENC] <642> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:52:57 charon 49573 14[NET] <642> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:52:57 charon 49573 14[NET] <642> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:52:57 charon 49573 14[ENC] <642> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:52:57 charon 49573 14[IKE] <642> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:52:57 charon 49573 14[IKE] <642> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:52:57 charon 49573 14[CFG] <642> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:52:57 charon 49573 14[CFG] <642> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:52:57 charon 49573 14[CFG] selected peer config 'con2' Jun 8 04:52:57 charon 49573 14[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:52:57 charon 49573 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:52:57 charon 49573 14[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:52:57 charon 49573 14[IKE] successfully created shared key MAC Jun 8 04:52:57 charon 49573 14[IKE] IKE_SA con2[642] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:52:57 charon 49573 14[IKE] IKE_SA con2[642] state change: CONNECTING => ESTABLISHED Jun 8 04:52:57 charon 49573 14[IKE] scheduling rekeying in 23067s Jun 8 04:52:57 charon 49573 14[IKE] maximum IKE_SA lifetime 25947s Jun 8 04:52:57 charon 49573 14[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:52:57 charon 49573 14[CFG] proposing traffic selectors for us: Jun 8 04:52:57 charon 49573 14[CFG] 192.168.0.0/22|/0 Jun 8 04:52:57 charon 49573 14[CFG] 10.8.0.0/24|/0 Jun 8 04:52:57 charon 49573 14[CFG] proposing traffic selectors for other: Jun 8 04:52:57 charon 49573 14[CFG] 172.16.100.0/24|/0 Jun 8 04:52:57 charon 49573 14[CFG] 172.16.100.0/24|/0 Jun 8 04:52:57 charon 49573 14[CFG] candidate "con2" with prio 15+5 Jun 8 04:52:57 charon 49573 14[CFG] found matching child config "con2" with prio 20 Jun 8 04:52:57 charon 49573 14[CFG] selecting proposal: Jun 8 04:52:57 charon 49573 14[CFG] proposal matches Jun 8 04:52:57 charon 49573 14[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:52:57 charon 49573 14[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:52:57 charon 49573 14[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:52:57 charon 49573 14[CFG] selecting traffic selectors for us: Jun 8 04:52:57 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:52:57 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:52:57 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:52:57 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:52:57 charon 49573 14[CFG] selecting traffic selectors for other: Jun 8 04:52:57 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:52:57 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:52:57 charon 49573 14[CHD] CHILD_SA con2{1926} state change: CREATED => INSTALLING Jun 8 04:52:57 charon 49573 14[CHD] using AES_GCM_16 for encryption Jun 8 04:52:57 charon 49573 14[CHD] adding inbound ESP SA Jun 8 04:52:57 charon 49573 14[CHD] SPI 0xc67429f9, src x.x.x.162 dst 192.168.177.22 Jun 8 04:52:57 charon 49573 14[CHD] adding outbound ESP SA Jun 8 04:52:57 charon 49573 14[CHD] SPI 0xc19b698d, src 192.168.177.22 dst x.x.x.162 Jun 8 04:52:57 charon 49573 14[IKE] CHILD_SA con2{1926} established with SPIs c67429f9_i c19b698d_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:52:57 charon 49573 14[CHD] CHILD_SA con2{1926} state change: INSTALLING => INSTALLED Jun 8 04:52:57 charon 49573 14[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:52:57 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:53:00 charon 49573 14[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:53:00 charon 49573 14[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:53:00 charon 49573 14[IKE] received DELETE for IKE_SA con2[642] Jun 8 04:53:00 charon 49573 14[IKE] deleting IKE_SA con2[642] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:53:00 charon 49573 14[IKE] IKE_SA con2[642] state change: ESTABLISHED => DELETING Jun 8 04:53:00 charon 49573 14[IKE] IKE_SA deleted Jun 8 04:53:00 charon 49573 14[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:53:00 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:53:00 charon 49573 14[IKE] IKE_SA con2[642] state change: DELETING => DESTROYING Jun 8 04:53:00 charon 49573 14[CHD] CHILD_SA con2{1926} state change: INSTALLED => DESTROYING Jun 8 04:53:01 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:53:01 charon 49573 14[CFG] ignoring acquire, connection attempt pending Jun 8 04:53:18 charon 49573 14[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:53:18 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 04:53:31 charon 49573 13[IKE] retransmit 5 of request with message ID 0 Jun 8 04:53:31 charon 49573 13[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:53:57 charon 49573 13[NET] <643> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:53:57 charon 49573 13[ENC] <643> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:53:57 charon 49573 13[CFG] <643> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:53:57 charon 49573 13[CFG] <643> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:53:57 charon 49573 13[CFG] <643> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:53:57 charon 49573 13[CFG] <643> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:53:57 charon 49573 13[IKE] <643> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:53:57 charon 49573 13[IKE] <643> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:53:57 charon 49573 13[IKE] <643> x.x.x.162 is initiating an IKE_SA Jun 8 04:53:57 charon 49573 13[IKE] <643> IKE_SA (unnamed)[643] state change: CREATED => CONNECTING Jun 8 04:53:57 charon 49573 13[CFG] <643> selecting proposal: Jun 8 04:53:57 charon 49573 13[CFG] <643> proposal matches Jun 8 04:53:57 charon 49573 13[CFG] <643> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:53:57 charon 49573 13[CFG] <643> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:53:57 charon 49573 13[CFG] <643> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:53:57 charon 49573 13[CFG] <643> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:53:57 charon 49573 13[IKE] <643> local host is behind NAT, sending keep alives Jun 8 04:53:57 charon 49573 13[CFG] <643> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:53:57 charon 49573 13[IKE] <643> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:53:57 charon 49573 13[ENC] <643> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:53:57 charon 49573 13[NET] <643> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:53:57 charon 49573 13[NET] <643> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:53:57 charon 49573 13[ENC] <643> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:53:57 charon 49573 13[IKE] <643> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:53:57 charon 49573 13[IKE] <643> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:53:57 charon 49573 13[CFG] <643> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:53:57 charon 49573 13[CFG] <643> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:53:57 charon 49573 13[CFG] selected peer config 'con2' Jun 8 04:53:57 charon 49573 13[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:53:57 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:53:57 charon 49573 13[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:53:57 charon 49573 13[IKE] successfully created shared key MAC Jun 8 04:53:57 charon 49573 13[IKE] IKE_SA con2[643] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:53:57 charon 49573 13[IKE] IKE_SA con2[643] state change: CONNECTING => ESTABLISHED Jun 8 04:53:57 charon 49573 13[IKE] scheduling rekeying in 23963s Jun 8 04:53:57 charon 49573 13[IKE] maximum IKE_SA lifetime 26843s Jun 8 04:53:57 charon 49573 13[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:53:57 charon 49573 13[CFG] proposing traffic selectors for us: Jun 8 04:53:57 charon 49573 13[CFG] 192.168.0.0/22|/0 Jun 8 04:53:57 charon 49573 13[CFG] 10.8.0.0/24|/0 Jun 8 04:53:57 charon 49573 13[CFG] proposing traffic selectors for other: Jun 8 04:53:57 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:53:57 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 04:53:57 charon 49573 13[CFG] candidate "con2" with prio 15+5 Jun 8 04:53:57 charon 49573 13[CFG] found matching child config "con2" with prio 20 Jun 8 04:53:57 charon 49573 13[CFG] selecting proposal: Jun 8 04:53:57 charon 49573 13[CFG] proposal matches Jun 8 04:53:57 charon 49573 13[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:53:57 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:53:57 charon 49573 13[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:53:57 charon 49573 13[CFG] selecting traffic selectors for us: Jun 8 04:53:57 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:53:57 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:53:57 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:53:57 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:53:57 charon 49573 13[CFG] selecting traffic selectors for other: Jun 8 04:53:57 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:53:57 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:53:57 charon 49573 13[CHD] CHILD_SA con2{1927} state change: CREATED => INSTALLING Jun 8 04:53:57 charon 49573 13[CHD] using AES_GCM_16 for encryption Jun 8 04:53:57 charon 49573 13[CHD] adding inbound ESP SA Jun 8 04:53:57 charon 49573 13[CHD] SPI 0xcb45a757, src x.x.x.162 dst 192.168.177.22 Jun 8 04:53:57 charon 49573 13[CHD] adding outbound ESP SA Jun 8 04:53:57 charon 49573 13[CHD] SPI 0xc2e7f50e, src 192.168.177.22 dst x.x.x.162 Jun 8 04:53:57 charon 49573 13[IKE] CHILD_SA con2{1927} established with SPIs cb45a757_i c2e7f50e_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:53:57 charon 49573 13[CHD] CHILD_SA con2{1927} state change: INSTALLING => INSTALLED Jun 8 04:53:57 charon 49573 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:53:57 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:54:00 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:54:00 charon 49573 13[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:54:00 charon 49573 13[IKE] received DELETE for IKE_SA con2[643] Jun 8 04:54:00 charon 49573 13[IKE] deleting IKE_SA con2[643] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:54:00 charon 49573 13[IKE] IKE_SA con2[643] state change: ESTABLISHED => DELETING Jun 8 04:54:00 charon 49573 13[IKE] IKE_SA deleted Jun 8 04:54:00 charon 49573 13[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:54:00 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:54:00 charon 49573 13[IKE] IKE_SA con2[643] state change: DELETING => DESTROYING Jun 8 04:54:00 charon 49573 13[CHD] CHILD_SA con2{1927} state change: INSTALLED => DESTROYING Jun 8 04:54:01 charon 49573 09[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:54:01 charon 49573 09[CFG] ignoring acquire, connection attempt pending Jun 8 04:54:46 charon 49573 09[IKE] giving up after 5 retransmits Jun 8 04:54:46 charon 49573 09[IKE] establishing IKE_SA failed, peer not responding Jun 8 04:54:46 charon 49573 09[IKE] IKE_SA con2[641] state change: CONNECTING => DESTROYING Jun 8 04:54:55 charon 49573 09[NET] <644> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:54:55 charon 49573 09[ENC] <644> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:54:55 charon 49573 09[CFG] <644> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:54:55 charon 49573 09[CFG] <644> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:54:55 charon 49573 09[CFG] <644> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:54:55 charon 49573 09[CFG] <644> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:54:55 charon 49573 09[IKE] <644> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:54:55 charon 49573 09[IKE] <644> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:54:55 charon 49573 09[IKE] <644> x.x.x.162 is initiating an IKE_SA Jun 8 04:54:55 charon 49573 09[IKE] <644> IKE_SA (unnamed)[644] state change: CREATED => CONNECTING Jun 8 04:54:55 charon 49573 09[CFG] <644> selecting proposal: Jun 8 04:54:55 charon 49573 09[CFG] <644> proposal matches Jun 8 04:54:55 charon 49573 09[CFG] <644> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:54:55 charon 49573 09[CFG] <644> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:54:55 charon 49573 09[CFG] <644> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:54:55 charon 49573 09[CFG] <644> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:54:55 charon 49573 09[IKE] <644> local host is behind NAT, sending keep alives Jun 8 04:54:55 charon 49573 09[CFG] <644> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:54:55 charon 49573 09[IKE] <644> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:54:55 charon 49573 09[ENC] <644> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:54:55 charon 49573 09[NET] <644> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:54:55 charon 49573 09[NET] <644> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:54:55 charon 49573 09[ENC] <644> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:54:55 charon 49573 09[IKE] <644> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:54:55 charon 49573 09[IKE] <644> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:54:55 charon 49573 09[CFG] <644> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:54:55 charon 49573 09[CFG] <644> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:54:55 charon 49573 09[CFG] selected peer config 'con2' Jun 8 04:54:55 charon 49573 09[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:54:55 charon 49573 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:54:55 charon 49573 09[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:54:55 charon 49573 09[IKE] successfully created shared key MAC Jun 8 04:54:55 charon 49573 09[IKE] IKE_SA con2[644] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:54:55 charon 49573 09[IKE] IKE_SA con2[644] state change: CONNECTING => ESTABLISHED Jun 8 04:54:55 charon 49573 09[IKE] scheduling rekeying in 23993s Jun 8 04:54:55 charon 49573 09[IKE] maximum IKE_SA lifetime 26873s Jun 8 04:54:55 charon 49573 09[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:54:55 charon 49573 09[CFG] proposing traffic selectors for us: Jun 8 04:54:55 charon 49573 09[CFG] 192.168.0.0/22|/0 Jun 8 04:54:55 charon 49573 09[CFG] 10.8.0.0/24|/0 Jun 8 04:54:55 charon 49573 09[CFG] proposing traffic selectors for other: Jun 8 04:54:55 charon 49573 09[CFG] 172.16.100.0/24|/0 Jun 8 04:54:55 charon 49573 09[CFG] 172.16.100.0/24|/0 Jun 8 04:54:55 charon 49573 09[CFG] candidate "con2" with prio 15+5 Jun 8 04:54:55 charon 49573 09[CFG] found matching child config "con2" with prio 20 Jun 8 04:54:55 charon 49573 09[CFG] selecting proposal: Jun 8 04:54:55 charon 49573 09[CFG] proposal matches Jun 8 04:54:55 charon 49573 09[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:54:55 charon 49573 09[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:54:55 charon 49573 09[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:54:55 charon 49573 09[CFG] selecting traffic selectors for us: Jun 8 04:54:55 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:54:55 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:54:55 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:54:55 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:54:55 charon 49573 09[CFG] selecting traffic selectors for other: Jun 8 04:54:55 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:54:55 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:54:55 charon 49573 09[CHD] CHILD_SA con2{1928} state change: CREATED => INSTALLING Jun 8 04:54:55 charon 49573 09[CHD] using AES_GCM_16 for encryption Jun 8 04:54:55 charon 49573 09[CHD] adding inbound ESP SA Jun 8 04:54:55 charon 49573 09[CHD] SPI 0xc27a75e5, src x.x.x.162 dst 192.168.177.22 Jun 8 04:54:55 charon 49573 09[CHD] adding outbound ESP SA Jun 8 04:54:55 charon 49573 09[CHD] SPI 0xc348d1e4, src 192.168.177.22 dst x.x.x.162 Jun 8 04:54:55 charon 49573 09[IKE] CHILD_SA con2{1928} established with SPIs c27a75e5_i c348d1e4_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:54:55 charon 49573 09[CHD] CHILD_SA con2{1928} state change: INSTALLING => INSTALLED Jun 8 04:54:55 charon 49573 09[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:54:55 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:55:00 charon 49573 09[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:55:00 charon 49573 09[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:55:00 charon 49573 09[IKE] received DELETE for IKE_SA con2[644] Jun 8 04:55:00 charon 49573 09[IKE] deleting IKE_SA con2[644] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:55:00 charon 49573 09[IKE] IKE_SA con2[644] state change: ESTABLISHED => DELETING Jun 8 04:55:00 charon 49573 09[IKE] IKE_SA deleted Jun 8 04:55:00 charon 49573 09[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:55:00 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:55:00 charon 49573 09[IKE] IKE_SA con2[644] state change: DELETING => DESTROYING Jun 8 04:55:00 charon 49573 09[CHD] CHILD_SA con2{1928} state change: INSTALLED => DESTROYING Jun 8 04:55:01 charon 49573 09[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:55:01 charon 49573 09[IKE] queueing IKE_VENDOR task Jun 8 04:55:01 charon 49573 09[IKE] queueing IKE_INIT task Jun 8 04:55:01 charon 49573 09[IKE] queueing IKE_NATD task Jun 8 04:55:01 charon 49573 09[IKE] queueing IKE_CERT_PRE task Jun 8 04:55:01 charon 49573 09[IKE] queueing IKE_AUTH task Jun 8 04:55:01 charon 49573 09[IKE] queueing IKE_CERT_POST task Jun 8 04:55:01 charon 49573 09[IKE] queueing IKE_CONFIG task Jun 8 04:55:01 charon 49573 09[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:55:01 charon 49573 09[IKE] queueing CHILD_CREATE task Jun 8 04:55:01 charon 49573 09[IKE] activating new tasks Jun 8 04:55:01 charon 49573 09[IKE] activating IKE_VENDOR task Jun 8 04:55:01 charon 49573 09[IKE] activating IKE_INIT task Jun 8 04:55:01 charon 49573 09[IKE] activating IKE_NATD task Jun 8 04:55:01 charon 49573 09[IKE] activating IKE_CERT_PRE task Jun 8 04:55:01 charon 49573 09[IKE] activating IKE_AUTH task Jun 8 04:55:01 charon 49573 09[IKE] activating IKE_CERT_POST task Jun 8 04:55:01 charon 49573 09[IKE] activating IKE_CONFIG task Jun 8 04:55:01 charon 49573 09[IKE] activating CHILD_CREATE task Jun 8 04:55:01 charon 49573 09[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:55:01 charon 49573 09[IKE] initiating IKE_SA con2[645] to x.x.x.162 Jun 8 04:55:01 charon 49573 09[IKE] IKE_SA con2[645] state change: CREATED => CONNECTING Jun 8 04:55:01 charon 49573 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:55:01 charon 49573 09[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:55:01 charon 49573 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:55:01 charon 49573 09[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:55:05 charon 49573 09[IKE] retransmit 1 of request with message ID 0 Jun 8 04:55:05 charon 49573 09[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:55:12 charon 49573 09[IKE] retransmit 2 of request with message ID 0 Jun 8 04:55:12 charon 49573 09[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:55:16 charon 49573 09[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:55:16 charon 49573 10[CFG] ignoring acquire, connection attempt pending Jun 8 04:55:25 charon 49573 10[IKE] retransmit 3 of request with message ID 0 Jun 8 04:55:25 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:55:48 charon 49573 10[IKE] retransmit 4 of request with message ID 0 Jun 8 04:55:48 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:55:54 charon 49573 10[NET] <646> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:55:54 charon 49573 10[ENC] <646> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:55:54 charon 49573 10[CFG] <646> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:55:54 charon 49573 10[CFG] <646> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:55:54 charon 49573 10[CFG] <646> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:55:54 charon 49573 10[CFG] <646> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:55:54 charon 49573 10[IKE] <646> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:55:54 charon 49573 10[IKE] <646> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:55:54 charon 49573 10[IKE] <646> x.x.x.162 is initiating an IKE_SA Jun 8 04:55:54 charon 49573 10[IKE] <646> IKE_SA (unnamed)[646] state change: CREATED => CONNECTING Jun 8 04:55:54 charon 49573 10[CFG] <646> selecting proposal: Jun 8 04:55:54 charon 49573 10[CFG] <646> proposal matches Jun 8 04:55:54 charon 49573 10[CFG] <646> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:55:54 charon 49573 10[CFG] <646> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:55:54 charon 49573 10[CFG] <646> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:55:54 charon 49573 10[CFG] <646> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:55:54 charon 49573 10[IKE] <646> local host is behind NAT, sending keep alives Jun 8 04:55:54 charon 49573 10[CFG] <646> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:55:54 charon 49573 10[IKE] <646> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:55:54 charon 49573 10[ENC] <646> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:55:54 charon 49573 10[NET] <646> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:55:54 charon 49573 10[NET] <646> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:55:54 charon 49573 10[ENC] <646> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:55:54 charon 49573 10[IKE] <646> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:55:54 charon 49573 10[IKE] <646> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:55:54 charon 49573 10[CFG] <646> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:55:54 charon 49573 10[CFG] <646> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:55:54 charon 49573 10[CFG] selected peer config 'con2' Jun 8 04:55:54 charon 49573 10[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:55:54 charon 49573 10[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:55:54 charon 49573 10[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:55:54 charon 49573 10[IKE] successfully created shared key MAC Jun 8 04:55:54 charon 49573 10[IKE] IKE_SA con2[646] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:55:54 charon 49573 10[IKE] IKE_SA con2[646] state change: CONNECTING => ESTABLISHED Jun 8 04:55:54 charon 49573 10[IKE] scheduling rekeying in 23546s Jun 8 04:55:54 charon 49573 10[IKE] maximum IKE_SA lifetime 26426s Jun 8 04:55:54 charon 49573 10[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:55:54 charon 49573 10[CFG] proposing traffic selectors for us: Jun 8 04:55:54 charon 49573 10[CFG] 192.168.0.0/22|/0 Jun 8 04:55:54 charon 49573 10[CFG] 10.8.0.0/24|/0 Jun 8 04:55:54 charon 49573 10[CFG] proposing traffic selectors for other: Jun 8 04:55:54 charon 49573 10[CFG] 172.16.100.0/24|/0 Jun 8 04:55:54 charon 49573 10[CFG] 172.16.100.0/24|/0 Jun 8 04:55:54 charon 49573 10[CFG] candidate "con2" with prio 15+5 Jun 8 04:55:54 charon 49573 10[CFG] found matching child config "con2" with prio 20 Jun 8 04:55:54 charon 49573 10[CFG] selecting proposal: Jun 8 04:55:54 charon 49573 10[CFG] proposal matches Jun 8 04:55:54 charon 49573 10[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:55:54 charon 49573 10[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:55:54 charon 49573 10[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:55:54 charon 49573 10[CFG] selecting traffic selectors for us: Jun 8 04:55:54 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:55:54 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:55:54 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:55:54 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:55:54 charon 49573 10[CFG] selecting traffic selectors for other: Jun 8 04:55:54 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:55:54 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:55:54 charon 49573 10[CHD] CHILD_SA con2{1929} state change: CREATED => INSTALLING Jun 8 04:55:54 charon 49573 10[CHD] using AES_GCM_16 for encryption Jun 8 04:55:54 charon 49573 10[CHD] adding inbound ESP SA Jun 8 04:55:54 charon 49573 10[CHD] SPI 0xc1a22b58, src x.x.x.162 dst 192.168.177.22 Jun 8 04:55:54 charon 49573 10[CHD] adding outbound ESP SA Jun 8 04:55:54 charon 49573 10[CHD] SPI 0xc808b199, src 192.168.177.22 dst x.x.x.162 Jun 8 04:55:54 charon 49573 10[IKE] CHILD_SA con2{1929} established with SPIs c1a22b58_i c808b199_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:55:54 charon 49573 10[CHD] CHILD_SA con2{1929} state change: INSTALLING => INSTALLED Jun 8 04:55:54 charon 49573 10[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:55:54 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:56:00 charon 49573 10[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:56:00 charon 49573 10[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:56:00 charon 49573 10[IKE] received DELETE for IKE_SA con2[646] Jun 8 04:56:00 charon 49573 10[IKE] deleting IKE_SA con2[646] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:56:00 charon 49573 10[IKE] IKE_SA con2[646] state change: ESTABLISHED => DELETING Jun 8 04:56:00 charon 49573 10[IKE] IKE_SA deleted Jun 8 04:56:00 charon 49573 10[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:56:00 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:56:00 charon 49573 10[IKE] IKE_SA con2[646] state change: DELETING => DESTROYING Jun 8 04:56:00 charon 49573 10[CHD] CHILD_SA con2{1929} state change: INSTALLED => DESTROYING Jun 8 04:56:01 charon 49573 10[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:56:01 charon 49573 10[CFG] ignoring acquire, connection attempt pending Jun 8 04:56:30 charon 49573 10[IKE] retransmit 5 of request with message ID 0 Jun 8 04:56:30 charon 49573 10[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:56:56 charon 49573 10[NET] <647> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:56:56 charon 49573 10[ENC] <647> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:56:56 charon 49573 10[CFG] <647> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:56:56 charon 49573 10[CFG] <647> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:56:56 charon 49573 10[CFG] <647> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:56:56 charon 49573 10[CFG] <647> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:56:56 charon 49573 10[IKE] <647> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:56:56 charon 49573 10[IKE] <647> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:56:56 charon 49573 10[IKE] <647> x.x.x.162 is initiating an IKE_SA Jun 8 04:56:56 charon 49573 10[IKE] <647> IKE_SA (unnamed)[647] state change: CREATED => CONNECTING Jun 8 04:56:56 charon 49573 10[CFG] <647> selecting proposal: Jun 8 04:56:56 charon 49573 10[CFG] <647> proposal matches Jun 8 04:56:56 charon 49573 10[CFG] <647> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:56:56 charon 49573 10[CFG] <647> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:56:56 charon 49573 10[CFG] <647> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:56:56 charon 49573 10[CFG] <647> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:56:56 charon 49573 10[IKE] <647> local host is behind NAT, sending keep alives Jun 8 04:56:56 charon 49573 10[CFG] <647> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:56:56 charon 49573 10[IKE] <647> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:56:56 charon 49573 10[ENC] <647> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:56:56 charon 49573 10[NET] <647> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:56:56 charon 49573 10[NET] <647> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:56:56 charon 49573 10[ENC] <647> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:56:56 charon 49573 10[IKE] <647> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:56:56 charon 49573 10[IKE] <647> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:56:56 charon 49573 10[CFG] <647> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:56:56 charon 49573 10[CFG] <647> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:56:56 charon 49573 10[CFG] selected peer config 'con2' Jun 8 04:56:56 charon 49573 10[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:56:56 charon 49573 10[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:56:56 charon 49573 10[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:56:56 charon 49573 10[IKE] successfully created shared key MAC Jun 8 04:56:56 charon 49573 10[IKE] IKE_SA con2[647] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:56:56 charon 49573 10[IKE] IKE_SA con2[647] state change: CONNECTING => ESTABLISHED Jun 8 04:56:56 charon 49573 10[IKE] scheduling rekeying in 24535s Jun 8 04:56:56 charon 49573 10[IKE] maximum IKE_SA lifetime 27415s Jun 8 04:56:56 charon 49573 10[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:56:56 charon 49573 10[CFG] proposing traffic selectors for us: Jun 8 04:56:56 charon 49573 10[CFG] 192.168.0.0/22|/0 Jun 8 04:56:56 charon 49573 10[CFG] 10.8.0.0/24|/0 Jun 8 04:56:56 charon 49573 10[CFG] proposing traffic selectors for other: Jun 8 04:56:56 charon 49573 10[CFG] 172.16.100.0/24|/0 Jun 8 04:56:56 charon 49573 10[CFG] 172.16.100.0/24|/0 Jun 8 04:56:56 charon 49573 10[CFG] candidate "con2" with prio 15+5 Jun 8 04:56:56 charon 49573 10[CFG] found matching child config "con2" with prio 20 Jun 8 04:56:56 charon 49573 10[CFG] selecting proposal: Jun 8 04:56:56 charon 49573 10[CFG] proposal matches Jun 8 04:56:56 charon 49573 10[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:56:56 charon 49573 10[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:56:56 charon 49573 10[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:56:56 charon 49573 10[CFG] selecting traffic selectors for us: Jun 8 04:56:56 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:56:56 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:56:56 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:56:56 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:56:56 charon 49573 10[CFG] selecting traffic selectors for other: Jun 8 04:56:56 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:56:56 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:56:56 charon 49573 10[CHD] CHILD_SA con2{1930} state change: CREATED => INSTALLING Jun 8 04:56:56 charon 49573 10[CHD] using AES_GCM_16 for encryption Jun 8 04:56:56 charon 49573 10[CHD] adding inbound ESP SA Jun 8 04:56:56 charon 49573 10[CHD] SPI 0xc70e9415, src x.x.x.162 dst 192.168.177.22 Jun 8 04:56:56 charon 49573 10[CHD] adding outbound ESP SA Jun 8 04:56:56 charon 49573 10[CHD] SPI 0xcb414f48, src 192.168.177.22 dst x.x.x.162 Jun 8 04:56:56 charon 49573 10[IKE] CHILD_SA con2{1930} established with SPIs c70e9415_i cb414f48_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:56:56 charon 49573 10[CHD] CHILD_SA con2{1930} state change: INSTALLING => INSTALLED Jun 8 04:56:56 charon 49573 10[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:56:56 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:57:00 charon 49573 10[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:57:00 charon 49573 10[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:57:00 charon 49573 10[IKE] received DELETE for IKE_SA con2[647] Jun 8 04:57:00 charon 49573 10[IKE] deleting IKE_SA con2[647] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:57:00 charon 49573 10[IKE] IKE_SA con2[647] state change: ESTABLISHED => DELETING Jun 8 04:57:00 charon 49573 10[IKE] IKE_SA deleted Jun 8 04:57:00 charon 49573 10[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:57:00 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:57:00 charon 49573 10[IKE] IKE_SA con2[647] state change: DELETING => DESTROYING Jun 8 04:57:00 charon 49573 10[CHD] CHILD_SA con2{1930} state change: INSTALLED => DESTROYING Jun 8 04:57:01 charon 49573 10[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:57:01 charon 49573 08[CFG] ignoring acquire, connection attempt pending Jun 8 04:57:31 charon 49573 08[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:57:31 charon 49573 10[CFG] ignoring acquire, connection attempt pending Jun 8 04:57:46 charon 49573 10[IKE] giving up after 5 retransmits Jun 8 04:57:46 charon 49573 10[IKE] establishing IKE_SA failed, peer not responding Jun 8 04:57:46 charon 49573 10[IKE] IKE_SA con2[645] state change: CONNECTING => DESTROYING Jun 8 04:57:54 charon 49573 10[NET] <648> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:57:54 charon 49573 10[ENC] <648> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:57:54 charon 49573 10[CFG] <648> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:57:54 charon 49573 10[CFG] <648> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:57:54 charon 49573 10[CFG] <648> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:57:54 charon 49573 10[CFG] <648> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:57:54 charon 49573 10[IKE] <648> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:57:54 charon 49573 10[IKE] <648> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:57:54 charon 49573 10[IKE] <648> x.x.x.162 is initiating an IKE_SA Jun 8 04:57:54 charon 49573 10[IKE] <648> IKE_SA (unnamed)[648] state change: CREATED => CONNECTING Jun 8 04:57:54 charon 49573 10[CFG] <648> selecting proposal: Jun 8 04:57:54 charon 49573 10[CFG] <648> proposal matches Jun 8 04:57:54 charon 49573 10[CFG] <648> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:57:54 charon 49573 10[CFG] <648> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:57:54 charon 49573 10[CFG] <648> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:57:54 charon 49573 10[CFG] <648> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:57:54 charon 49573 10[IKE] <648> local host is behind NAT, sending keep alives Jun 8 04:57:54 charon 49573 10[CFG] <648> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:57:54 charon 49573 10[IKE] <648> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:57:54 charon 49573 10[ENC] <648> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:57:54 charon 49573 10[NET] <648> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:57:54 charon 49573 10[NET] <648> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:57:54 charon 49573 10[ENC] <648> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:57:54 charon 49573 10[IKE] <648> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:57:54 charon 49573 10[IKE] <648> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:57:54 charon 49573 10[CFG] <648> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:57:54 charon 49573 10[CFG] <648> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:57:54 charon 49573 10[CFG] selected peer config 'con2' Jun 8 04:57:54 charon 49573 10[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:57:54 charon 49573 10[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:57:54 charon 49573 10[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:57:54 charon 49573 10[IKE] successfully created shared key MAC Jun 8 04:57:54 charon 49573 10[IKE] IKE_SA con2[648] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:57:54 charon 49573 10[IKE] IKE_SA con2[648] state change: CONNECTING => ESTABLISHED Jun 8 04:57:54 charon 49573 10[IKE] scheduling rekeying in 23203s Jun 8 04:57:54 charon 49573 10[IKE] maximum IKE_SA lifetime 26083s Jun 8 04:57:54 charon 49573 10[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:57:54 charon 49573 10[CFG] proposing traffic selectors for us: Jun 8 04:57:54 charon 49573 10[CFG] 192.168.0.0/22|/0 Jun 8 04:57:54 charon 49573 10[CFG] 10.8.0.0/24|/0 Jun 8 04:57:54 charon 49573 10[CFG] proposing traffic selectors for other: Jun 8 04:57:54 charon 49573 10[CFG] 172.16.100.0/24|/0 Jun 8 04:57:54 charon 49573 10[CFG] 172.16.100.0/24|/0 Jun 8 04:57:54 charon 49573 10[CFG] candidate "con2" with prio 15+5 Jun 8 04:57:54 charon 49573 10[CFG] found matching child config "con2" with prio 20 Jun 8 04:57:54 charon 49573 10[CFG] selecting proposal: Jun 8 04:57:54 charon 49573 10[CFG] proposal matches Jun 8 04:57:54 charon 49573 10[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:57:54 charon 49573 10[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:57:54 charon 49573 10[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:57:54 charon 49573 10[CFG] selecting traffic selectors for us: Jun 8 04:57:54 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:57:54 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:57:54 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:57:54 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:57:54 charon 49573 10[CFG] selecting traffic selectors for other: Jun 8 04:57:54 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:57:54 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:57:54 charon 49573 10[CHD] CHILD_SA con2{1931} state change: CREATED => INSTALLING Jun 8 04:57:54 charon 49573 10[CHD] using AES_GCM_16 for encryption Jun 8 04:57:54 charon 49573 10[CHD] adding inbound ESP SA Jun 8 04:57:54 charon 49573 10[CHD] SPI 0xc58f53e1, src x.x.x.162 dst 192.168.177.22 Jun 8 04:57:54 charon 49573 10[CHD] adding outbound ESP SA Jun 8 04:57:54 charon 49573 10[CHD] SPI 0xc0cee294, src 192.168.177.22 dst x.x.x.162 Jun 8 04:57:54 charon 49573 10[IKE] CHILD_SA con2{1931} established with SPIs c58f53e1_i c0cee294_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:57:54 charon 49573 10[CHD] CHILD_SA con2{1931} state change: INSTALLING => INSTALLED Jun 8 04:57:54 charon 49573 10[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:57:54 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:58:00 charon 49573 10[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:58:00 charon 49573 10[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:58:00 charon 49573 10[IKE] received DELETE for IKE_SA con2[648] Jun 8 04:58:00 charon 49573 10[IKE] deleting IKE_SA con2[648] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:58:00 charon 49573 10[IKE] IKE_SA con2[648] state change: ESTABLISHED => DELETING Jun 8 04:58:00 charon 49573 10[IKE] IKE_SA deleted Jun 8 04:58:00 charon 49573 10[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:58:00 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:58:00 charon 49573 10[IKE] IKE_SA con2[648] state change: DELETING => DESTROYING Jun 8 04:58:00 charon 49573 10[CHD] CHILD_SA con2{1931} state change: INSTALLED => DESTROYING Jun 8 04:58:01 charon 49573 01[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:58:01 charon 49573 01[IKE] queueing IKE_VENDOR task Jun 8 04:58:01 charon 49573 01[IKE] queueing IKE_INIT task Jun 8 04:58:01 charon 49573 01[IKE] queueing IKE_NATD task Jun 8 04:58:01 charon 49573 01[IKE] queueing IKE_CERT_PRE task Jun 8 04:58:01 charon 49573 01[IKE] queueing IKE_AUTH task Jun 8 04:58:01 charon 49573 01[IKE] queueing IKE_CERT_POST task Jun 8 04:58:01 charon 49573 01[IKE] queueing IKE_CONFIG task Jun 8 04:58:01 charon 49573 01[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 04:58:01 charon 49573 01[IKE] queueing CHILD_CREATE task Jun 8 04:58:01 charon 49573 01[IKE] activating new tasks Jun 8 04:58:01 charon 49573 01[IKE] activating IKE_VENDOR task Jun 8 04:58:01 charon 49573 01[IKE] activating IKE_INIT task Jun 8 04:58:01 charon 49573 01[IKE] activating IKE_NATD task Jun 8 04:58:01 charon 49573 01[IKE] activating IKE_CERT_PRE task Jun 8 04:58:01 charon 49573 01[IKE] activating IKE_AUTH task Jun 8 04:58:01 charon 49573 01[IKE] activating IKE_CERT_POST task Jun 8 04:58:01 charon 49573 01[IKE] activating IKE_CONFIG task Jun 8 04:58:01 charon 49573 01[IKE] activating CHILD_CREATE task Jun 8 04:58:01 charon 49573 01[IKE] activating IKE_AUTH_LIFETIME task Jun 8 04:58:01 charon 49573 01[IKE] initiating IKE_SA con2[649] to x.x.x.162 Jun 8 04:58:01 charon 49573 01[IKE] IKE_SA con2[649] state change: CREATED => CONNECTING Jun 8 04:58:01 charon 49573 01[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:58:01 charon 49573 01[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:58:01 charon 49573 01[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:58:01 charon 49573 01[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:58:05 charon 49573 01[IKE] retransmit 1 of request with message ID 0 Jun 8 04:58:05 charon 49573 01[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:58:12 charon 49573 01[IKE] retransmit 2 of request with message ID 0 Jun 8 04:58:12 charon 49573 01[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:58:25 charon 49573 01[IKE] retransmit 3 of request with message ID 0 Jun 8 04:58:25 charon 49573 01[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:58:49 charon 49573 01[IKE] retransmit 4 of request with message ID 0 Jun 8 04:58:49 charon 49573 01[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:58:55 charon 49573 01[NET] <650> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:58:55 charon 49573 01[ENC] <650> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:58:55 charon 49573 01[CFG] <650> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:58:55 charon 49573 01[CFG] <650> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:58:55 charon 49573 01[CFG] <650> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:58:55 charon 49573 01[CFG] <650> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:58:55 charon 49573 01[IKE] <650> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:58:55 charon 49573 01[IKE] <650> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:58:55 charon 49573 01[IKE] <650> x.x.x.162 is initiating an IKE_SA Jun 8 04:58:55 charon 49573 01[IKE] <650> IKE_SA (unnamed)[650] state change: CREATED => CONNECTING Jun 8 04:58:55 charon 49573 01[CFG] <650> selecting proposal: Jun 8 04:58:55 charon 49573 01[CFG] <650> proposal matches Jun 8 04:58:55 charon 49573 01[CFG] <650> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:58:55 charon 49573 01[CFG] <650> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:58:55 charon 49573 01[CFG] <650> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:58:55 charon 49573 01[CFG] <650> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:58:55 charon 49573 01[IKE] <650> local host is behind NAT, sending keep alives Jun 8 04:58:55 charon 49573 01[CFG] <650> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:58:55 charon 49573 01[IKE] <650> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:58:55 charon 49573 01[ENC] <650> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:58:55 charon 49573 01[NET] <650> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:58:55 charon 49573 01[NET] <650> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:58:55 charon 49573 01[ENC] <650> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:58:55 charon 49573 01[IKE] <650> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:58:55 charon 49573 01[IKE] <650> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:58:55 charon 49573 01[CFG] <650> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:58:55 charon 49573 01[CFG] <650> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:58:55 charon 49573 01[CFG] selected peer config 'con2' Jun 8 04:58:55 charon 49573 01[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:58:55 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:58:55 charon 49573 01[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:58:55 charon 49573 01[IKE] successfully created shared key MAC Jun 8 04:58:55 charon 49573 01[IKE] IKE_SA con2[650] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:58:55 charon 49573 01[IKE] IKE_SA con2[650] state change: CONNECTING => ESTABLISHED Jun 8 04:58:55 charon 49573 01[IKE] scheduling rekeying in 25710s Jun 8 04:58:55 charon 49573 01[IKE] maximum IKE_SA lifetime 28590s Jun 8 04:58:55 charon 49573 01[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:58:55 charon 49573 01[CFG] proposing traffic selectors for us: Jun 8 04:58:55 charon 49573 01[CFG] 192.168.0.0/22|/0 Jun 8 04:58:55 charon 49573 01[CFG] 10.8.0.0/24|/0 Jun 8 04:58:55 charon 49573 01[CFG] proposing traffic selectors for other: Jun 8 04:58:55 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 04:58:55 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 04:58:55 charon 49573 01[CFG] candidate "con2" with prio 15+5 Jun 8 04:58:55 charon 49573 01[CFG] found matching child config "con2" with prio 20 Jun 8 04:58:55 charon 49573 01[CFG] selecting proposal: Jun 8 04:58:55 charon 49573 01[CFG] proposal matches Jun 8 04:58:55 charon 49573 01[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:58:55 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:58:55 charon 49573 01[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:58:55 charon 49573 01[CFG] selecting traffic selectors for us: Jun 8 04:58:55 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:58:55 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:58:55 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:58:55 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:58:55 charon 49573 01[CFG] selecting traffic selectors for other: Jun 8 04:58:55 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:58:55 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:58:55 charon 49573 01[CHD] CHILD_SA con2{1932} state change: CREATED => INSTALLING Jun 8 04:58:55 charon 49573 01[CHD] using AES_GCM_16 for encryption Jun 8 04:58:55 charon 49573 01[CHD] adding inbound ESP SA Jun 8 04:58:55 charon 49573 01[CHD] SPI 0xcc298c5e, src x.x.x.162 dst 192.168.177.22 Jun 8 04:58:55 charon 49573 01[CHD] adding outbound ESP SA Jun 8 04:58:55 charon 49573 01[CHD] SPI 0xce4ff3a3, src 192.168.177.22 dst x.x.x.162 Jun 8 04:58:55 charon 49573 01[IKE] CHILD_SA con2{1932} established with SPIs cc298c5e_i ce4ff3a3_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:58:55 charon 49573 01[CHD] CHILD_SA con2{1932} state change: INSTALLING => INSTALLED Jun 8 04:58:55 charon 49573 01[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:58:55 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 04:59:00 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 04:59:00 charon 49573 01[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 04:59:00 charon 49573 01[IKE] received DELETE for IKE_SA con2[650] Jun 8 04:59:00 charon 49573 01[IKE] deleting IKE_SA con2[650] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:59:00 charon 49573 01[IKE] IKE_SA con2[650] state change: ESTABLISHED => DELETING Jun 8 04:59:00 charon 49573 01[IKE] IKE_SA deleted Jun 8 04:59:00 charon 49573 01[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 04:59:00 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 04:59:00 charon 49573 01[IKE] IKE_SA con2[650] state change: DELETING => DESTROYING Jun 8 04:59:00 charon 49573 01[CHD] CHILD_SA con2{1932} state change: INSTALLED => DESTROYING Jun 8 04:59:00 newsyslog 51094 logfile turned over due to size>500K Jun 8 04:59:00 newsyslog 51094 logfile turned over due to size>500K Jun 8 04:59:01 charon 49573 01[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:59:01 charon 49573 01[CFG] ignoring acquire, connection attempt pending Jun 8 04:59:26 charon 49573 15[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 04:59:26 charon 49573 15[CFG] ignoring acquire, connection attempt pending Jun 8 04:59:31 charon 49573 15[IKE] retransmit 5 of request with message ID 0 Jun 8 04:59:31 charon 49573 15[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 04:59:55 charon 49573 15[NET] <651> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 04:59:55 charon 49573 15[ENC] <651> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 04:59:55 charon 49573 15[CFG] <651> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 04:59:55 charon 49573 15[CFG] <651> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 04:59:55 charon 49573 15[CFG] <651> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 04:59:55 charon 49573 15[CFG] <651> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 04:59:55 charon 49573 15[IKE] <651> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 04:59:55 charon 49573 15[IKE] <651> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 04:59:55 charon 49573 15[IKE] <651> x.x.x.162 is initiating an IKE_SA Jun 8 04:59:55 charon 49573 15[IKE] <651> IKE_SA (unnamed)[651] state change: CREATED => CONNECTING Jun 8 04:59:55 charon 49573 15[CFG] <651> selecting proposal: Jun 8 04:59:55 charon 49573 15[CFG] <651> proposal matches Jun 8 04:59:55 charon 49573 15[CFG] <651> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:59:55 charon 49573 15[CFG] <651> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:59:55 charon 49573 15[CFG] <651> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 04:59:55 charon 49573 15[CFG] <651> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:59:55 charon 49573 15[IKE] <651> local host is behind NAT, sending keep alives Jun 8 04:59:55 charon 49573 15[CFG] <651> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 04:59:55 charon 49573 15[IKE] <651> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 04:59:55 charon 49573 15[ENC] <651> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 04:59:55 charon 49573 15[NET] <651> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 04:59:55 charon 49573 15[NET] <651> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 04:59:55 charon 49573 15[ENC] <651> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 04:59:55 charon 49573 15[IKE] <651> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 04:59:55 charon 49573 15[IKE] <651> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 04:59:55 charon 49573 15[CFG] <651> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:59:55 charon 49573 15[CFG] <651> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 04:59:55 charon 49573 15[CFG] selected peer config 'con2' Jun 8 04:59:55 charon 49573 15[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 04:59:55 charon 49573 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 04:59:55 charon 49573 15[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 04:59:55 charon 49573 15[IKE] successfully created shared key MAC Jun 8 04:59:55 charon 49573 15[IKE] IKE_SA con2[651] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 04:59:55 charon 49573 15[IKE] IKE_SA con2[651] state change: CONNECTING => ESTABLISHED Jun 8 04:59:55 charon 49573 15[IKE] scheduling rekeying in 25101s Jun 8 04:59:55 charon 49573 15[IKE] maximum IKE_SA lifetime 27981s Jun 8 04:59:55 charon 49573 15[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 04:59:55 charon 49573 15[CFG] proposing traffic selectors for us: Jun 8 04:59:55 charon 49573 15[CFG] 192.168.0.0/22|/0 Jun 8 04:59:55 charon 49573 15[CFG] 10.8.0.0/24|/0 Jun 8 04:59:55 charon 49573 15[CFG] proposing traffic selectors for other: Jun 8 04:59:55 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 04:59:55 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 04:59:55 charon 49573 15[CFG] candidate "con2" with prio 15+5 Jun 8 04:59:55 charon 49573 15[CFG] found matching child config "con2" with prio 20 Jun 8 04:59:55 charon 49573 15[CFG] selecting proposal: Jun 8 04:59:55 charon 49573 15[CFG] proposal matches Jun 8 04:59:55 charon 49573 15[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:59:55 charon 49573 15[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:59:55 charon 49573 15[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 04:59:55 charon 49573 15[CFG] selecting traffic selectors for us: Jun 8 04:59:55 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 04:59:55 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 04:59:55 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 04:59:55 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 04:59:55 charon 49573 15[CFG] selecting traffic selectors for other: Jun 8 04:59:55 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:59:55 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 04:59:55 charon 49573 15[CHD] CHILD_SA con2{1933} state change: CREATED => INSTALLING Jun 8 04:59:55 charon 49573 15[CHD] using AES_GCM_16 for encryption Jun 8 04:59:55 charon 49573 15[CHD] adding inbound ESP SA Jun 8 04:59:55 charon 49573 15[CHD] SPI 0xcec0ff81, src x.x.x.162 dst 192.168.177.22 Jun 8 04:59:55 charon 49573 15[CHD] adding outbound ESP SA Jun 8 04:59:55 charon 49573 15[CHD] SPI 0xcec06e0f, src 192.168.177.22 dst x.x.x.162 Jun 8 04:59:55 charon 49573 15[IKE] CHILD_SA con2{1933} established with SPIs cec0ff81_i cec06e0f_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 04:59:55 charon 49573 15[CHD] CHILD_SA con2{1933} state change: INSTALLING => INSTALLED Jun 8 04:59:55 charon 49573 15[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 04:59:55 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 05:00:46 charon 49573 15[IKE] giving up after 5 retransmits Jun 8 05:00:46 charon 49573 15[IKE] establishing IKE_SA failed, peer not responding Jun 8 05:00:46 charon 49573 15[IKE] IKE_SA con2[649] state change: CONNECTING => DESTROYING Jun 8 05:49:40 charon 49573 14[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 05:49:40 charon 49573 14[ENC] parsed CREATE_CHILD_SA request 2 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 05:49:40 charon 49573 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 05:49:40 charon 49573 14[CFG] selecting proposal: Jun 8 05:49:40 charon 49573 14[CFG] proposal matches Jun 8 05:49:40 charon 49573 14[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 05:49:40 charon 49573 14[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 05:49:40 charon 49573 14[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 05:49:40 charon 49573 14[CFG] selecting traffic selectors for us: Jun 8 05:49:40 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 05:49:40 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 05:49:40 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 05:49:40 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 05:49:40 charon 49573 14[CFG] selecting traffic selectors for other: Jun 8 05:49:40 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 05:49:40 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 05:49:40 charon 49573 14[CHD] CHILD_SA con2{1934} state change: CREATED => INSTALLING Jun 8 05:49:40 charon 49573 14[CHD] using AES_GCM_16 for encryption Jun 8 05:49:40 charon 49573 14[CHD] adding inbound ESP SA Jun 8 05:49:40 charon 49573 14[CHD] SPI 0xc7b05a83, src x.x.x.162 dst 192.168.177.22 Jun 8 05:49:40 charon 49573 14[CHD] registering outbound ESP SA Jun 8 05:49:40 charon 49573 14[CHD] SPI 0xc89f6e9b, src 192.168.177.22 dst x.x.x.162 Jun 8 05:49:40 charon 49573 14[IKE] inbound CHILD_SA con2{1934} established with SPIs c7b05a83_i c89f6e9b_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 05:49:40 charon 49573 14[CHD] CHILD_SA con2{1934} state change: INSTALLING => INSTALLED Jun 8 05:49:40 charon 49573 14[CHD] CHILD_SA con2{1933} state change: INSTALLED => REKEYING Jun 8 05:49:40 charon 49573 14[CHD] CHILD_SA con2{1933} state change: REKEYING => REKEYED Jun 8 05:49:40 charon 49573 14[ENC] generating CREATE_CHILD_SA response 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 05:49:40 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 05:49:40 charon 49573 14[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 05:49:40 charon 49573 14[ENC] parsed INFORMATIONAL request 3 [ D ] Jun 8 05:49:40 charon 49573 14[IKE] received DELETE for ESP CHILD_SA with SPI cec06e0f Jun 8 05:49:40 charon 49573 14[IKE] closing CHILD_SA con2{1933} with SPIs cec0ff81_i (854446 bytes) cec06e0f_o (2135492 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 05:49:40 charon 49573 14[IKE] sending DELETE for ESP CHILD_SA with SPI cec0ff81 Jun 8 05:49:40 charon 49573 14[CHD] CHILD_SA con2{1933} state change: REKEYED => DELETING Jun 8 05:49:40 charon 49573 14[IKE] CHILD_SA closed Jun 8 05:49:40 charon 49573 14[CHD] CHILD_SA con2{1933} state change: DELETING => DELETED Jun 8 05:49:40 charon 49573 14[CHD] adding outbound ESP SA Jun 8 05:49:40 charon 49573 14[CHD] SPI 0xc89f6e9b, src 192.168.177.22 dst x.x.x.162 Jun 8 05:49:40 charon 49573 14[IKE] outbound CHILD_SA con2{1934} established with SPIs c7b05a83_i c89f6e9b_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 05:49:40 charon 49573 14[ENC] generating INFORMATIONAL response 3 [ D ] Jun 8 05:49:40 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 05:49:45 charon 49573 14[IKE] queueing CHILD_DELETE task Jun 8 05:49:45 charon 49573 14[IKE] activating new tasks Jun 8 05:49:45 charon 49573 14[IKE] activating CHILD_DELETE task Jun 8 05:49:45 charon 49573 14[CHD] CHILD_SA con2{1933} state change: DELETED => DESTROYING Jun 8 05:49:45 charon 49573 14[IKE] activating new tasks Jun 8 05:49:45 charon 49573 14[IKE] nothing to initiate Jun 8 06:39:22 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 06:39:22 charon 49573 13[ENC] parsed CREATE_CHILD_SA request 4 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 06:39:22 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 06:39:22 charon 49573 13[CFG] selecting proposal: Jun 8 06:39:22 charon 49573 13[CFG] proposal matches Jun 8 06:39:22 charon 49573 13[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 06:39:22 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 06:39:22 charon 49573 13[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 06:39:22 charon 49573 13[CFG] selecting traffic selectors for us: Jun 8 06:39:22 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 06:39:22 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 06:39:22 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 06:39:22 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 06:39:22 charon 49573 13[CFG] selecting traffic selectors for other: Jun 8 06:39:22 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 06:39:22 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 06:39:22 charon 49573 13[CHD] CHILD_SA con2{1935} state change: CREATED => INSTALLING Jun 8 06:39:22 charon 49573 13[CHD] using AES_GCM_16 for encryption Jun 8 06:39:22 charon 49573 13[CHD] adding inbound ESP SA Jun 8 06:39:22 charon 49573 13[CHD] SPI 0xc7008f7c, src x.x.x.162 dst 192.168.177.22 Jun 8 06:39:22 charon 49573 13[CHD] registering outbound ESP SA Jun 8 06:39:22 charon 49573 13[CHD] SPI 0xcf5fa965, src 192.168.177.22 dst x.x.x.162 Jun 8 06:39:22 charon 49573 13[IKE] inbound CHILD_SA con2{1935} established with SPIs c7008f7c_i cf5fa965_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 06:39:22 charon 49573 13[CHD] CHILD_SA con2{1935} state change: INSTALLING => INSTALLED Jun 8 06:39:22 charon 49573 13[CHD] CHILD_SA con2{1934} state change: INSTALLED => REKEYING Jun 8 06:39:22 charon 49573 13[CHD] CHILD_SA con2{1934} state change: REKEYING => REKEYED Jun 8 06:39:22 charon 49573 13[ENC] generating CREATE_CHILD_SA response 4 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 06:39:22 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 06:39:22 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 06:39:22 charon 49573 13[ENC] parsed INFORMATIONAL request 5 [ D ] Jun 8 06:39:22 charon 49573 13[IKE] received DELETE for ESP CHILD_SA with SPI c89f6e9b Jun 8 06:39:22 charon 49573 13[IKE] closing CHILD_SA con2{1934} with SPIs c7b05a83_i (854141 bytes) c89f6e9b_o (2135740 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 06:39:22 charon 49573 13[IKE] sending DELETE for ESP CHILD_SA with SPI c7b05a83 Jun 8 06:39:22 charon 49573 13[CHD] CHILD_SA con2{1934} state change: REKEYED => DELETING Jun 8 06:39:22 charon 49573 13[IKE] CHILD_SA closed Jun 8 06:39:22 charon 49573 13[CHD] CHILD_SA con2{1934} state change: DELETING => DELETED Jun 8 06:39:22 charon 49573 13[CHD] adding outbound ESP SA Jun 8 06:39:22 charon 49573 13[CHD] SPI 0xcf5fa965, src 192.168.177.22 dst x.x.x.162 Jun 8 06:39:22 charon 49573 13[IKE] outbound CHILD_SA con2{1935} established with SPIs c7008f7c_i cf5fa965_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 06:39:22 charon 49573 13[ENC] generating INFORMATIONAL response 5 [ D ] Jun 8 06:39:22 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 06:39:27 charon 49573 09[IKE] queueing CHILD_DELETE task Jun 8 06:39:27 charon 49573 09[IKE] activating new tasks Jun 8 06:39:27 charon 49573 09[IKE] activating CHILD_DELETE task Jun 8 06:39:27 charon 49573 09[CHD] CHILD_SA con2{1934} state change: DELETED => DESTROYING Jun 8 06:39:27 charon 49573 09[IKE] activating new tasks Jun 8 06:39:27 charon 49573 09[IKE] nothing to initiate Jun 8 07:03:59 charon 49573 13[NET] <652> received packet: from 169.228.66.212[500] to 192.168.177.22[500] (553 bytes) Jun 8 07:03:59 charon 49573 13[ENC] <652> parsed AGGRESSIVE request 0 [ SA KE No ID ] Jun 8 07:03:59 charon 49573 13[CFG] <652> looking for an IKEv1 config for 192.168.177.22...169.228.66.212 Jun 8 07:03:59 charon 49573 13[IKE] <652> no IKE config found for 192.168.177.22...169.228.66.212, sending NO_PROPOSAL_CHOSEN Jun 8 07:03:59 charon 49573 13[ENC] <652> generating INFORMATIONAL_V1 request 510599182 [ N(NO_PROP) ] Jun 8 07:03:59 charon 49573 13[NET] <652> sending packet: from 192.168.177.22[500] to 169.228.66.212[500] (40 bytes) Jun 8 07:03:59 charon 49573 13[IKE] <652> IKE_SA (unnamed)[652] state change: CREATED => DESTROYING Jun 8 07:03:59 charon 49573 13[NET] <653> received packet: from 169.228.66.212[37886] to 192.168.177.22[500] (558 bytes) Jun 8 07:03:59 charon 49573 13[ENC] <653> parsed AGGRESSIVE request 0 [ SA KE No ID CERTREQ ] Jun 8 07:03:59 charon 49573 13[CFG] <653> looking for an IKEv1 config for 192.168.177.22...169.228.66.212 Jun 8 07:03:59 charon 49573 13[IKE] <653> no IKE config found for 192.168.177.22...169.228.66.212, sending NO_PROPOSAL_CHOSEN Jun 8 07:03:59 charon 49573 13[ENC] <653> generating INFORMATIONAL_V1 request 1963518264 [ N(NO_PROP) ] Jun 8 07:03:59 charon 49573 13[NET] <653> sending packet: from 192.168.177.22[500] to 169.228.66.212[37886] (40 bytes) Jun 8 07:03:59 charon 49573 13[IKE] <653> IKE_SA (unnamed)[653] state change: CREATED => DESTROYING Jun 8 07:27:40 charon 49573 09[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 07:27:40 charon 49573 09[ENC] parsed CREATE_CHILD_SA request 6 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 07:27:40 charon 49573 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 07:27:40 charon 49573 09[CFG] selecting proposal: Jun 8 07:27:40 charon 49573 09[CFG] proposal matches Jun 8 07:27:40 charon 49573 09[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 07:27:40 charon 49573 09[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 07:27:40 charon 49573 09[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 07:27:40 charon 49573 09[CFG] selecting traffic selectors for us: Jun 8 07:27:40 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 07:27:40 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 07:27:40 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 07:27:40 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 07:27:40 charon 49573 09[CFG] selecting traffic selectors for other: Jun 8 07:27:40 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 07:27:40 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 07:27:40 charon 49573 09[CHD] CHILD_SA con2{1936} state change: CREATED => INSTALLING Jun 8 07:27:40 charon 49573 09[CHD] using AES_GCM_16 for encryption Jun 8 07:27:40 charon 49573 09[CHD] adding inbound ESP SA Jun 8 07:27:40 charon 49573 09[CHD] SPI 0xcdb6cdbd, src x.x.x.162 dst 192.168.177.22 Jun 8 07:27:40 charon 49573 09[CHD] registering outbound ESP SA Jun 8 07:27:40 charon 49573 09[CHD] SPI 0xc171db91, src 192.168.177.22 dst x.x.x.162 Jun 8 07:27:40 charon 49573 09[IKE] inbound CHILD_SA con2{1936} established with SPIs cdb6cdbd_i c171db91_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 07:27:40 charon 49573 09[CHD] CHILD_SA con2{1936} state change: INSTALLING => INSTALLED Jun 8 07:27:40 charon 49573 09[CHD] CHILD_SA con2{1935} state change: INSTALLED => REKEYING Jun 8 07:27:40 charon 49573 09[CHD] CHILD_SA con2{1935} state change: REKEYING => REKEYED Jun 8 07:27:40 charon 49573 09[ENC] generating CREATE_CHILD_SA response 6 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 07:27:40 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 07:27:40 charon 49573 09[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 07:27:40 charon 49573 09[ENC] parsed INFORMATIONAL request 7 [ D ] Jun 8 07:27:40 charon 49573 09[IKE] received DELETE for ESP CHILD_SA with SPI cf5fa965 Jun 8 07:27:40 charon 49573 09[IKE] closing CHILD_SA con2{1935} with SPIs c7008f7c_i (2586560 bytes) cf5fa965_o (2253724 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 07:27:40 charon 49573 09[IKE] sending DELETE for ESP CHILD_SA with SPI c7008f7c Jun 8 07:27:40 charon 49573 09[CHD] CHILD_SA con2{1935} state change: REKEYED => DELETING Jun 8 07:27:40 charon 49573 09[IKE] CHILD_SA closed Jun 8 07:27:40 charon 49573 09[CHD] CHILD_SA con2{1935} state change: DELETING => DELETED Jun 8 07:27:40 charon 49573 09[CHD] adding outbound ESP SA Jun 8 07:27:40 charon 49573 09[CHD] SPI 0xc171db91, src 192.168.177.22 dst x.x.x.162 Jun 8 07:27:40 charon 49573 09[IKE] outbound CHILD_SA con2{1936} established with SPIs cdb6cdbd_i c171db91_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 07:27:40 charon 49573 09[ENC] generating INFORMATIONAL response 7 [ D ] Jun 8 07:27:40 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 07:27:45 charon 49573 11[IKE] queueing CHILD_DELETE task Jun 8 07:27:45 charon 49573 11[IKE] activating new tasks Jun 8 07:27:45 charon 49573 11[IKE] activating CHILD_DELETE task Jun 8 07:27:45 charon 49573 11[CHD] CHILD_SA con2{1935} state change: DELETED => DESTROYING Jun 8 07:27:45 charon 49573 11[IKE] activating new tasks Jun 8 07:27:45 charon 49573 11[IKE] nothing to initiate Jun 8 07:31:13 charon 49573 08[NET] <654> received packet: from 162.216.149.219[53944] to 192.168.177.22[500] (1248 bytes) Jun 8 07:31:13 charon 49573 08[ENC] <654> parsed ID_PROT request 0 [ SA ] Jun 8 07:31:13 charon 49573 08[CFG] <654> looking for an IKEv1 config for 192.168.177.22...162.216.149.219 Jun 8 07:31:13 charon 49573 08[IKE] <654> no IKE config found for 192.168.177.22...162.216.149.219, sending NO_PROPOSAL_CHOSEN Jun 8 07:31:13 charon 49573 08[ENC] <654> generating INFORMATIONAL_V1 request 139510374 [ N(NO_PROP) ] Jun 8 07:31:13 charon 49573 08[NET] <654> sending packet: from 192.168.177.22[500] to 162.216.149.219[53944] (40 bytes) Jun 8 07:31:13 charon 49573 08[IKE] <654> IKE_SA (unnamed)[654] state change: CREATED => DESTROYING Jun 8 07:32:33 charon 49573 08[NET] <655> received packet: from 162.216.149.219[65289] to 192.168.177.22[500] (1248 bytes) Jun 8 07:32:33 charon 49573 08[ENC] <655> parsed ID_PROT request 0 [ SA ] Jun 8 07:32:33 charon 49573 08[CFG] <655> looking for an IKEv1 config for 192.168.177.22...162.216.149.219 Jun 8 07:32:33 charon 49573 08[IKE] <655> no IKE config found for 192.168.177.22...162.216.149.219, sending NO_PROPOSAL_CHOSEN Jun 8 07:32:33 charon 49573 08[ENC] <655> generating INFORMATIONAL_V1 request 3297126183 [ N(NO_PROP) ] Jun 8 07:32:33 charon 49573 08[NET] <655> sending packet: from 192.168.177.22[500] to 162.216.149.219[65289] (40 bytes) Jun 8 07:32:33 charon 49573 08[IKE] <655> IKE_SA (unnamed)[655] state change: CREATED => DESTROYING Jun 8 07:36:27 charon 49573 10[NET] <656> received packet: from 216.218.206.92[40668] to 192.168.177.22[500] (192 bytes) Jun 8 07:36:27 charon 49573 10[ENC] <656> parsed ID_PROT request 0 [ SA ] Jun 8 07:36:27 charon 49573 10[CFG] <656> looking for an IKEv1 config for 192.168.177.22...216.218.206.92 Jun 8 07:36:27 charon 49573 10[IKE] <656> no IKE config found for 192.168.177.22...216.218.206.92, sending NO_PROPOSAL_CHOSEN Jun 8 07:36:27 charon 49573 10[ENC] <656> generating INFORMATIONAL_V1 request 3567872127 [ N(NO_PROP) ] Jun 8 07:36:27 charon 49573 10[NET] <656> sending packet: from 192.168.177.22[500] to 216.218.206.92[40668] (40 bytes) Jun 8 07:36:27 charon 49573 10[IKE] <656> IKE_SA (unnamed)[656] state change: CREATED => DESTROYING Jun 8 08:19:52 charon 49573 08[KXX] creating rekey job for CHILD_SA ESP/0xc171db91/x.x.x.162 Jun 8 08:19:52 charon 49573 05[IKE] queueing CHILD_REKEY task Jun 8 08:19:52 charon 49573 05[IKE] activating new tasks Jun 8 08:19:52 charon 49573 05[IKE] activating CHILD_REKEY task Jun 8 08:19:52 charon 49573 05[CFG] proposing traffic selectors for us: Jun 8 08:19:52 charon 49573 05[CFG] 192.168.0.0/22|/0 Jun 8 08:19:52 charon 49573 05[CFG] 10.8.0.0/24|/0 Jun 8 08:19:52 charon 49573 05[CFG] proposing traffic selectors for other: Jun 8 08:19:52 charon 49573 05[CFG] 172.16.100.0/24|/0 Jun 8 08:19:52 charon 49573 05[CFG] 172.16.100.0/24|/0 Jun 8 08:19:52 charon 49573 05[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 08:19:52 charon 49573 05[IKE] establishing CHILD_SA con2{1937} reqid 1 Jun 8 08:19:52 charon 49573 05[CHD] CHILD_SA con2{1936} state change: INSTALLED => REKEYING Jun 8 08:19:52 charon 49573 05[ENC] generating CREATE_CHILD_SA request 0 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 08:19:52 charon 49573 05[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 08:19:52 charon 49573 05[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 08:19:52 charon 49573 05[ENC] parsed CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 08:19:52 charon 49573 05[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 08:19:52 charon 49573 05[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 08:19:52 charon 49573 05[CFG] selecting proposal: Jun 8 08:19:52 charon 49573 05[CFG] proposal matches Jun 8 08:19:52 charon 49573 05[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 08:19:52 charon 49573 05[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 08:19:52 charon 49573 05[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 08:19:52 charon 49573 05[CFG] selecting traffic selectors for us: Jun 8 08:19:52 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 08:19:52 charon 49573 05[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 08:19:52 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 08:19:52 charon 49573 05[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 08:19:52 charon 49573 05[CFG] selecting traffic selectors for other: Jun 8 08:19:52 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 08:19:52 charon 49573 05[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 08:19:52 charon 49573 05[CHD] CHILD_SA con2{1937} state change: CREATED => INSTALLING Jun 8 08:19:52 charon 49573 05[CHD] using AES_GCM_16 for encryption Jun 8 08:19:52 charon 49573 05[CHD] adding inbound ESP SA Jun 8 08:19:52 charon 49573 05[CHD] SPI 0xcba1e294, src x.x.x.162 dst 192.168.177.22 Jun 8 08:19:52 charon 49573 05[CHD] registering outbound ESP SA Jun 8 08:19:52 charon 49573 05[CHD] SPI 0xc207bf79, src 192.168.177.22 dst x.x.x.162 Jun 8 08:19:52 charon 49573 05[IKE] inbound CHILD_SA con2{1937} established with SPIs cba1e294_i c207bf79_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 08:19:52 charon 49573 05[CHD] CHILD_SA con2{1937} state change: INSTALLING => INSTALLED Jun 8 08:19:52 charon 49573 05[CHD] adding outbound ESP SA Jun 8 08:19:52 charon 49573 05[CHD] SPI 0xc207bf79, src 192.168.177.22 dst x.x.x.162 Jun 8 08:19:52 charon 49573 05[IKE] outbound CHILD_SA con2{1937} established with SPIs cba1e294_i c207bf79_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 08:19:52 charon 49573 05[CHD] CHILD_SA con2{1936} state change: REKEYING => REKEYED Jun 8 08:19:52 charon 49573 05[IKE] reinitiating already active tasks Jun 8 08:19:52 charon 49573 05[IKE] CHILD_REKEY task Jun 8 08:19:52 charon 49573 05[IKE] closing CHILD_SA con2{1936} with SPIs cdb6cdbd_i (61296670 bytes) c171db91_o (13813120 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 08:19:52 charon 49573 05[IKE] sending DELETE for ESP CHILD_SA with SPI cdb6cdbd Jun 8 08:19:52 charon 49573 05[CHD] CHILD_SA con2{1936} state change: REKEYED => DELETING Jun 8 08:19:52 charon 49573 05[ENC] generating INFORMATIONAL request 1 [ D ] Jun 8 08:19:52 charon 49573 05[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 08:19:52 charon 49573 05[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 08:19:52 charon 49573 05[ENC] parsed INFORMATIONAL response 1 [ D ] Jun 8 08:19:52 charon 49573 05[IKE] received DELETE for ESP CHILD_SA with SPI c171db91 Jun 8 08:19:52 charon 49573 05[IKE] CHILD_SA closed Jun 8 08:19:52 charon 49573 05[CHD] CHILD_SA con2{1936} state change: DELETING => DELETED Jun 8 08:19:52 charon 49573 05[IKE] activating new tasks Jun 8 08:19:52 charon 49573 05[IKE] nothing to initiate Jun 8 08:19:57 charon 49573 05[IKE] queueing CHILD_DELETE task Jun 8 08:19:57 charon 49573 05[IKE] activating new tasks Jun 8 08:19:57 charon 49573 05[IKE] activating CHILD_DELETE task Jun 8 08:19:57 charon 49573 05[CHD] CHILD_SA con2{1936} state change: DELETED => DESTROYING Jun 8 08:19:57 charon 49573 05[IKE] activating new tasks Jun 8 08:19:57 charon 49573 05[IKE] nothing to initiate Jun 8 09:08:33 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 09:08:33 charon 49573 01[ENC] parsed CREATE_CHILD_SA request 8 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 09:08:33 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 09:08:33 charon 49573 01[CFG] selecting proposal: Jun 8 09:08:33 charon 49573 01[CFG] proposal matches Jun 8 09:08:33 charon 49573 01[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 09:08:33 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 09:08:33 charon 49573 01[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 09:08:33 charon 49573 01[CFG] selecting traffic selectors for us: Jun 8 09:08:33 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 09:08:33 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 09:08:33 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 09:08:33 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 09:08:33 charon 49573 01[CFG] selecting traffic selectors for other: Jun 8 09:08:33 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 09:08:33 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 09:08:33 charon 49573 01[CHD] CHILD_SA con2{1938} state change: CREATED => INSTALLING Jun 8 09:08:33 charon 49573 01[CHD] using AES_GCM_16 for encryption Jun 8 09:08:33 charon 49573 01[CHD] adding inbound ESP SA Jun 8 09:08:33 charon 49573 01[CHD] SPI 0xcb476da1, src x.x.x.162 dst 192.168.177.22 Jun 8 09:08:33 charon 49573 01[CHD] registering outbound ESP SA Jun 8 09:08:33 charon 49573 01[CHD] SPI 0xc51b3337, src 192.168.177.22 dst x.x.x.162 Jun 8 09:08:33 charon 49573 01[IKE] inbound CHILD_SA con2{1938} established with SPIs cb476da1_i c51b3337_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 09:08:33 charon 49573 01[CHD] CHILD_SA con2{1938} state change: INSTALLING => INSTALLED Jun 8 09:08:33 charon 49573 01[CHD] CHILD_SA con2{1937} state change: INSTALLED => REKEYING Jun 8 09:08:33 charon 49573 01[CHD] CHILD_SA con2{1937} state change: REKEYING => REKEYED Jun 8 09:08:33 charon 49573 01[ENC] generating CREATE_CHILD_SA response 8 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 09:08:33 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 09:08:33 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 09:08:33 charon 49573 01[ENC] parsed INFORMATIONAL request 9 [ D ] Jun 8 09:08:33 charon 49573 01[IKE] received DELETE for ESP CHILD_SA with SPI c207bf79 Jun 8 09:08:33 charon 49573 01[IKE] closing CHILD_SA con2{1937} with SPIs cba1e294_i (71612481 bytes) c207bf79_o (21961972 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 09:08:33 charon 49573 01[IKE] sending DELETE for ESP CHILD_SA with SPI cba1e294 Jun 8 09:08:33 charon 49573 01[CHD] CHILD_SA con2{1937} state change: REKEYED => DELETING Jun 8 09:08:33 charon 49573 01[IKE] CHILD_SA closed Jun 8 09:08:33 charon 49573 01[CHD] CHILD_SA con2{1937} state change: DELETING => DELETED Jun 8 09:08:33 charon 49573 01[CHD] adding outbound ESP SA Jun 8 09:08:33 charon 49573 01[CHD] SPI 0xc51b3337, src 192.168.177.22 dst x.x.x.162 Jun 8 09:08:33 charon 49573 01[IKE] outbound CHILD_SA con2{1938} established with SPIs cb476da1_i c51b3337_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 09:08:33 charon 49573 01[ENC] generating INFORMATIONAL response 9 [ D ] Jun 8 09:08:33 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 09:08:38 charon 49573 01[IKE] queueing CHILD_DELETE task Jun 8 09:08:38 charon 49573 01[IKE] activating new tasks Jun 8 09:08:38 charon 49573 01[IKE] activating CHILD_DELETE task Jun 8 09:08:38 charon 49573 01[CHD] CHILD_SA con2{1937} state change: DELETED => DESTROYING Jun 8 09:08:38 charon 49573 01[IKE] activating new tasks Jun 8 09:08:38 charon 49573 01[IKE] nothing to initiate Jun 8 09:57:02 charon 49573 12[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 09:57:02 charon 49573 12[ENC] parsed CREATE_CHILD_SA request 10 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 09:57:02 charon 49573 12[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 09:57:02 charon 49573 12[CFG] selecting proposal: Jun 8 09:57:02 charon 49573 12[CFG] proposal matches Jun 8 09:57:02 charon 49573 12[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 09:57:02 charon 49573 12[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 09:57:02 charon 49573 12[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 09:57:02 charon 49573 12[CFG] selecting traffic selectors for us: Jun 8 09:57:02 charon 49573 12[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 09:57:02 charon 49573 12[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 09:57:02 charon 49573 12[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 09:57:02 charon 49573 12[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 09:57:02 charon 49573 12[CFG] selecting traffic selectors for other: Jun 8 09:57:02 charon 49573 12[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 09:57:02 charon 49573 12[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 09:57:02 charon 49573 12[CHD] CHILD_SA con2{1939} state change: CREATED => INSTALLING Jun 8 09:57:02 charon 49573 12[CHD] using AES_GCM_16 for encryption Jun 8 09:57:02 charon 49573 12[CHD] adding inbound ESP SA Jun 8 09:57:02 charon 49573 12[CHD] SPI 0xc5734f63, src x.x.x.162 dst 192.168.177.22 Jun 8 09:57:02 charon 49573 12[CHD] registering outbound ESP SA Jun 8 09:57:02 charon 49573 12[CHD] SPI 0xc13fc74c, src 192.168.177.22 dst x.x.x.162 Jun 8 09:57:02 charon 49573 12[IKE] inbound CHILD_SA con2{1939} established with SPIs c5734f63_i c13fc74c_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 09:57:02 charon 49573 12[CHD] CHILD_SA con2{1939} state change: INSTALLING => INSTALLED Jun 8 09:57:02 charon 49573 12[CHD] CHILD_SA con2{1938} state change: INSTALLED => REKEYING Jun 8 09:57:02 charon 49573 12[CHD] CHILD_SA con2{1938} state change: REKEYING => REKEYED Jun 8 09:57:02 charon 49573 12[ENC] generating CREATE_CHILD_SA response 10 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 09:57:02 charon 49573 12[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 09:57:02 charon 49573 12[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 09:57:02 charon 49573 12[ENC] parsed INFORMATIONAL request 11 [ D ] Jun 8 09:57:02 charon 49573 12[IKE] received DELETE for ESP CHILD_SA with SPI c51b3337 Jun 8 09:57:02 charon 49573 12[IKE] closing CHILD_SA con2{1938} with SPIs cb476da1_i (52412039 bytes) c51b3337_o (28106584 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 09:57:02 charon 49573 12[IKE] sending DELETE for ESP CHILD_SA with SPI cb476da1 Jun 8 09:57:02 charon 49573 12[CHD] CHILD_SA con2{1938} state change: REKEYED => DELETING Jun 8 09:57:02 charon 49573 12[IKE] CHILD_SA closed Jun 8 09:57:02 charon 49573 12[CHD] CHILD_SA con2{1938} state change: DELETING => DELETED Jun 8 09:57:02 charon 49573 12[CHD] adding outbound ESP SA Jun 8 09:57:02 charon 49573 12[CHD] SPI 0xc13fc74c, src 192.168.177.22 dst x.x.x.162 Jun 8 09:57:02 charon 49573 12[IKE] outbound CHILD_SA con2{1939} established with SPIs c5734f63_i c13fc74c_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 09:57:02 charon 49573 12[ENC] generating INFORMATIONAL response 11 [ D ] Jun 8 09:57:02 charon 49573 12[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 09:57:07 charon 49573 15[IKE] queueing CHILD_DELETE task Jun 8 09:57:07 charon 49573 15[IKE] activating new tasks Jun 8 09:57:07 charon 49573 15[IKE] activating CHILD_DELETE task Jun 8 09:57:07 charon 49573 15[CHD] CHILD_SA con2{1938} state change: DELETED => DESTROYING Jun 8 09:57:07 charon 49573 15[IKE] activating new tasks Jun 8 09:57:07 charon 49573 15[IKE] nothing to initiate Jun 8 10:46:02 charon 49573 14[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 10:46:02 charon 49573 14[ENC] parsed CREATE_CHILD_SA request 12 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 10:46:02 charon 49573 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 10:46:02 charon 49573 14[CFG] selecting proposal: Jun 8 10:46:02 charon 49573 14[CFG] proposal matches Jun 8 10:46:02 charon 49573 14[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 10:46:02 charon 49573 14[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 10:46:02 charon 49573 14[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 10:46:02 charon 49573 14[CFG] selecting traffic selectors for us: Jun 8 10:46:02 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 10:46:02 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 10:46:02 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 10:46:02 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 10:46:02 charon 49573 14[CFG] selecting traffic selectors for other: Jun 8 10:46:02 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 10:46:02 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 10:46:02 charon 49573 14[CHD] CHILD_SA con2{1940} state change: CREATED => INSTALLING Jun 8 10:46:02 charon 49573 14[CHD] using AES_GCM_16 for encryption Jun 8 10:46:02 charon 49573 14[CHD] adding inbound ESP SA Jun 8 10:46:02 charon 49573 14[CHD] SPI 0xc3aafdf6, src x.x.x.162 dst 192.168.177.22 Jun 8 10:46:02 charon 49573 14[CHD] registering outbound ESP SA Jun 8 10:46:02 charon 49573 14[CHD] SPI 0xca291f4e, src 192.168.177.22 dst x.x.x.162 Jun 8 10:46:02 charon 49573 14[IKE] inbound CHILD_SA con2{1940} established with SPIs c3aafdf6_i ca291f4e_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 10:46:02 charon 49573 14[CHD] CHILD_SA con2{1940} state change: INSTALLING => INSTALLED Jun 8 10:46:02 charon 49573 14[CHD] CHILD_SA con2{1939} state change: INSTALLED => REKEYING Jun 8 10:46:02 charon 49573 14[CHD] CHILD_SA con2{1939} state change: REKEYING => REKEYED Jun 8 10:46:02 charon 49573 14[ENC] generating CREATE_CHILD_SA response 12 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 10:46:02 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 10:46:02 charon 49573 14[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 10:46:02 charon 49573 14[ENC] parsed INFORMATIONAL request 13 [ D ] Jun 8 10:46:02 charon 49573 14[IKE] received DELETE for ESP CHILD_SA with SPI c13fc74c Jun 8 10:46:02 charon 49573 14[IKE] closing CHILD_SA con2{1939} with SPIs c5734f63_i (34172700 bytes) c13fc74c_o (24370392 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 10:46:02 charon 49573 14[IKE] sending DELETE for ESP CHILD_SA with SPI c5734f63 Jun 8 10:46:02 charon 49573 14[CHD] CHILD_SA con2{1939} state change: REKEYED => DELETING Jun 8 10:46:02 charon 49573 14[IKE] CHILD_SA closed Jun 8 10:46:02 charon 49573 14[CHD] CHILD_SA con2{1939} state change: DELETING => DELETED Jun 8 10:46:02 charon 49573 14[CHD] adding outbound ESP SA Jun 8 10:46:02 charon 49573 14[CHD] SPI 0xca291f4e, src 192.168.177.22 dst x.x.x.162 Jun 8 10:46:02 charon 49573 14[IKE] outbound CHILD_SA con2{1940} established with SPIs c3aafdf6_i ca291f4e_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 10:46:02 charon 49573 14[ENC] generating INFORMATIONAL response 13 [ D ] Jun 8 10:46:02 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 10:46:07 charon 49573 14[IKE] queueing CHILD_DELETE task Jun 8 10:46:07 charon 49573 14[IKE] activating new tasks Jun 8 10:46:07 charon 49573 14[IKE] activating CHILD_DELETE task Jun 8 10:46:07 charon 49573 14[CHD] CHILD_SA con2{1939} state change: DELETED => DESTROYING Jun 8 10:46:07 charon 49573 14[IKE] activating new tasks Jun 8 10:46:07 charon 49573 14[IKE] nothing to initiate Jun 8 11:17:44 charon 49573 03[ENC] no message rules specified for this message type Jun 8 11:17:44 charon 49573 03[NET] received unsupported IKE version 0.0 from 146.88.240.4, sending INVALID_MAJOR_VERSION Jun 8 11:34:09 charon 49573 11[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 11:34:09 charon 49573 11[ENC] parsed CREATE_CHILD_SA request 14 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 11:34:09 charon 49573 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 11:34:09 charon 49573 11[CFG] selecting proposal: Jun 8 11:34:09 charon 49573 11[CFG] proposal matches Jun 8 11:34:09 charon 49573 11[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 11:34:09 charon 49573 11[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 11:34:09 charon 49573 11[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 11:34:09 charon 49573 11[CFG] selecting traffic selectors for us: Jun 8 11:34:09 charon 49573 11[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 11:34:09 charon 49573 11[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 11:34:09 charon 49573 11[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 11:34:09 charon 49573 11[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 11:34:09 charon 49573 11[CFG] selecting traffic selectors for other: Jun 8 11:34:09 charon 49573 11[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 11:34:09 charon 49573 11[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 11:34:09 charon 49573 11[CHD] CHILD_SA con2{1941} state change: CREATED => INSTALLING Jun 8 11:34:09 charon 49573 11[CHD] using AES_GCM_16 for encryption Jun 8 11:34:09 charon 49573 11[CHD] adding inbound ESP SA Jun 8 11:34:09 charon 49573 11[CHD] SPI 0xca9722c6, src x.x.x.162 dst 192.168.177.22 Jun 8 11:34:09 charon 49573 11[CHD] registering outbound ESP SA Jun 8 11:34:09 charon 49573 11[CHD] SPI 0xc67f68b3, src 192.168.177.22 dst x.x.x.162 Jun 8 11:34:09 charon 49573 11[IKE] inbound CHILD_SA con2{1941} established with SPIs ca9722c6_i c67f68b3_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 11:34:09 charon 49573 11[CHD] CHILD_SA con2{1941} state change: INSTALLING => INSTALLED Jun 8 11:34:09 charon 49573 11[CHD] CHILD_SA con2{1940} state change: INSTALLED => REKEYING Jun 8 11:34:09 charon 49573 11[CHD] CHILD_SA con2{1940} state change: REKEYING => REKEYED Jun 8 11:34:09 charon 49573 11[ENC] generating CREATE_CHILD_SA response 14 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 11:34:09 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 11:34:09 charon 49573 11[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 11:34:09 charon 49573 11[ENC] parsed INFORMATIONAL request 15 [ D ] Jun 8 11:34:09 charon 49573 11[IKE] received DELETE for ESP CHILD_SA with SPI ca291f4e Jun 8 11:34:09 charon 49573 11[IKE] closing CHILD_SA con2{1940} with SPIs c3aafdf6_i (25042810 bytes) ca291f4e_o (22703460 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 11:34:09 charon 49573 11[IKE] sending DELETE for ESP CHILD_SA with SPI c3aafdf6 Jun 8 11:34:09 charon 49573 11[CHD] CHILD_SA con2{1940} state change: REKEYED => DELETING Jun 8 11:34:09 charon 49573 11[IKE] CHILD_SA closed Jun 8 11:34:09 charon 49573 11[CHD] CHILD_SA con2{1940} state change: DELETING => DELETED Jun 8 11:34:09 charon 49573 11[CHD] adding outbound ESP SA Jun 8 11:34:09 charon 49573 11[CHD] SPI 0xc67f68b3, src 192.168.177.22 dst x.x.x.162 Jun 8 11:34:09 charon 49573 11[IKE] outbound CHILD_SA con2{1941} established with SPIs ca9722c6_i c67f68b3_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 11:34:09 charon 49573 11[ENC] generating INFORMATIONAL response 15 [ D ] Jun 8 11:34:09 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 11:34:14 charon 49573 07[IKE] queueing CHILD_DELETE task Jun 8 11:34:14 charon 49573 07[IKE] activating new tasks Jun 8 11:34:14 charon 49573 07[IKE] activating CHILD_DELETE task Jun 8 11:34:14 charon 49573 07[CHD] CHILD_SA con2{1940} state change: DELETED => DESTROYING Jun 8 11:34:14 charon 49573 07[IKE] activating new tasks Jun 8 11:34:14 charon 49573 07[IKE] nothing to initiate Jun 8 11:58:16 charon 49573 01[IKE] queueing IKE_REKEY task Jun 8 11:58:16 charon 49573 01[IKE] activating new tasks Jun 8 11:58:16 charon 49573 01[IKE] activating IKE_REKEY task Jun 8 11:58:16 charon 49573 01[IKE] IKE_SA con2[651] state change: ESTABLISHED => REKEYING Jun 8 11:58:16 charon 49573 01[IKE] initiating IKE_SA con2[657] to x.x.x.162 Jun 8 11:58:16 charon 49573 01[IKE] IKE_SA con2[657] state change: CREATED => CONNECTING Jun 8 11:58:16 charon 49573 01[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 11:58:16 charon 49573 01[ENC] generating CREATE_CHILD_SA request 2 [ SA No KE ] Jun 8 11:58:16 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (304 bytes) Jun 8 11:58:16 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (304 bytes) Jun 8 11:58:16 charon 49573 01[ENC] parsed CREATE_CHILD_SA response 2 [ SA No KE ] Jun 8 11:58:16 charon 49573 01[CFG] selecting proposal: Jun 8 11:58:16 charon 49573 01[CFG] proposal matches Jun 8 11:58:16 charon 49573 01[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 11:58:16 charon 49573 01[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 11:58:16 charon 49573 01[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 11:58:16 charon 49573 01[IKE] IKE_SA con2[657] state change: CONNECTING => ESTABLISHED Jun 8 11:58:16 charon 49573 01[IKE] scheduling rekeying in 24760s Jun 8 11:58:16 charon 49573 01[IKE] maximum IKE_SA lifetime 27640s Jun 8 11:58:16 charon 49573 01[IKE] IKE_SA con2[657] rekeyed between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 11:58:16 charon 49573 01[IKE] IKE_SA con2[651] state change: REKEYING => REKEYED Jun 8 11:58:16 charon 49573 01[IKE] reinitiating already active tasks Jun 8 11:58:16 charon 49573 01[IKE] IKE_REKEY task Jun 8 11:58:16 charon 49573 01[IKE] deleting IKE_SA con2[651] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 11:58:16 charon 49573 01[IKE] IKE_SA con2[651] state change: REKEYED => DELETING Jun 8 11:58:16 charon 49573 01[IKE] sending DELETE for IKE_SA con2[651] Jun 8 11:58:16 charon 49573 01[ENC] generating INFORMATIONAL request 3 [ D ] Jun 8 11:58:16 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 11:58:16 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 11:58:16 charon 49573 01[ENC] parsed INFORMATIONAL response 3 [ ] Jun 8 11:58:16 charon 49573 01[IKE] IKE_SA deleted Jun 8 11:58:16 charon 49573 01[IKE] IKE_SA con2[651] state change: DELETING => DESTROYING Jun 8 12:22:10 charon 49573 01[KXX] creating rekey job for CHILD_SA ESP/0xca9722c6/192.168.177.22 Jun 8 12:22:10 charon 49573 01[IKE] queueing CHILD_REKEY task Jun 8 12:22:10 charon 49573 01[IKE] activating new tasks Jun 8 12:22:10 charon 49573 01[IKE] activating CHILD_REKEY task Jun 8 12:22:10 charon 49573 01[CFG] proposing traffic selectors for us: Jun 8 12:22:10 charon 49573 01[CFG] 192.168.0.0/22|/0 Jun 8 12:22:10 charon 49573 01[CFG] 10.8.0.0/24|/0 Jun 8 12:22:10 charon 49573 01[CFG] proposing traffic selectors for other: Jun 8 12:22:10 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 12:22:10 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 12:22:10 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 12:22:10 charon 49573 01[IKE] establishing CHILD_SA con2{1942} reqid 1 Jun 8 12:22:10 charon 49573 01[CHD] CHILD_SA con2{1941} state change: INSTALLED => REKEYING Jun 8 12:22:10 charon 49573 01[ENC] generating CREATE_CHILD_SA request 0 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 12:22:10 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 12:22:10 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 12:22:10 charon 49573 01[ENC] parsed CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 12:22:10 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 12:22:10 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 12:22:10 charon 49573 01[CFG] selecting proposal: Jun 8 12:22:10 charon 49573 01[CFG] proposal matches Jun 8 12:22:10 charon 49573 01[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 12:22:10 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 12:22:10 charon 49573 01[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 12:22:10 charon 49573 01[CFG] selecting traffic selectors for us: Jun 8 12:22:10 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 12:22:10 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 12:22:10 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 12:22:10 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 12:22:10 charon 49573 01[CFG] selecting traffic selectors for other: Jun 8 12:22:10 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 12:22:10 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 12:22:10 charon 49573 01[CHD] CHILD_SA con2{1942} state change: CREATED => INSTALLING Jun 8 12:22:10 charon 49573 01[CHD] using AES_GCM_16 for encryption Jun 8 12:22:10 charon 49573 01[CHD] adding inbound ESP SA Jun 8 12:22:10 charon 49573 01[CHD] SPI 0xc8e39889, src x.x.x.162 dst 192.168.177.22 Jun 8 12:22:10 charon 49573 01[CHD] registering outbound ESP SA Jun 8 12:22:10 charon 49573 01[CHD] SPI 0xcae01d9d, src 192.168.177.22 dst x.x.x.162 Jun 8 12:22:10 charon 49573 01[IKE] inbound CHILD_SA con2{1942} established with SPIs c8e39889_i cae01d9d_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 12:22:10 charon 49573 01[CHD] CHILD_SA con2{1942} state change: INSTALLING => INSTALLED Jun 8 12:22:10 charon 49573 01[CHD] adding outbound ESP SA Jun 8 12:22:10 charon 49573 01[CHD] SPI 0xcae01d9d, src 192.168.177.22 dst x.x.x.162 Jun 8 12:22:10 charon 49573 01[IKE] outbound CHILD_SA con2{1942} established with SPIs c8e39889_i cae01d9d_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 12:22:10 charon 49573 01[CHD] CHILD_SA con2{1941} state change: REKEYING => REKEYED Jun 8 12:22:10 charon 49573 01[IKE] reinitiating already active tasks Jun 8 12:22:10 charon 49573 01[IKE] CHILD_REKEY task Jun 8 12:22:10 charon 49573 01[IKE] closing CHILD_SA con2{1941} with SPIs ca9722c6_i (69332635 bytes) c67f68b3_o (28800320 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 12:22:10 charon 49573 01[IKE] sending DELETE for ESP CHILD_SA with SPI ca9722c6 Jun 8 12:22:10 charon 49573 01[CHD] CHILD_SA con2{1941} state change: REKEYED => DELETING Jun 8 12:22:10 charon 49573 01[ENC] generating INFORMATIONAL request 1 [ D ] Jun 8 12:22:10 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 12:22:10 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 12:22:10 charon 49573 01[ENC] parsed INFORMATIONAL response 1 [ D ] Jun 8 12:22:10 charon 49573 01[IKE] received DELETE for ESP CHILD_SA with SPI c67f68b3 Jun 8 12:22:10 charon 49573 01[IKE] CHILD_SA closed Jun 8 12:22:10 charon 49573 01[CHD] CHILD_SA con2{1941} state change: DELETING => DELETED Jun 8 12:22:10 charon 49573 01[IKE] activating new tasks Jun 8 12:22:10 charon 49573 01[IKE] nothing to initiate Jun 8 12:22:15 charon 49573 01[IKE] queueing CHILD_DELETE task Jun 8 12:22:15 charon 49573 01[IKE] activating new tasks Jun 8 12:22:15 charon 49573 01[IKE] activating CHILD_DELETE task Jun 8 12:22:15 charon 49573 01[CHD] CHILD_SA con2{1941} state change: DELETED => DESTROYING Jun 8 12:22:15 charon 49573 01[IKE] activating new tasks Jun 8 12:22:15 charon 49573 01[IKE] nothing to initiate Jun 8 13:14:14 charon 49573 14[KXX] creating rekey job for CHILD_SA ESP/0xcae01d9d/x.x.x.162 Jun 8 13:14:14 charon 49573 15[IKE] queueing CHILD_REKEY task Jun 8 13:14:14 charon 49573 15[IKE] activating new tasks Jun 8 13:14:14 charon 49573 15[IKE] activating CHILD_REKEY task Jun 8 13:14:14 charon 49573 15[CFG] proposing traffic selectors for us: Jun 8 13:14:14 charon 49573 15[CFG] 192.168.0.0/22|/0 Jun 8 13:14:14 charon 49573 15[CFG] 10.8.0.0/24|/0 Jun 8 13:14:14 charon 49573 15[CFG] proposing traffic selectors for other: Jun 8 13:14:14 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 13:14:14 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 13:14:14 charon 49573 15[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:14:14 charon 49573 15[IKE] establishing CHILD_SA con2{1943} reqid 1 Jun 8 13:14:14 charon 49573 15[CHD] CHILD_SA con2{1942} state change: INSTALLED => REKEYING Jun 8 13:14:14 charon 49573 15[ENC] generating CREATE_CHILD_SA request 2 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 13:14:14 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 13:14:14 charon 49573 15[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 13:14:14 charon 49573 15[ENC] parsed CREATE_CHILD_SA response 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 13:14:14 charon 49573 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 13:14:14 charon 49573 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 13:14:14 charon 49573 15[CFG] selecting proposal: Jun 8 13:14:14 charon 49573 15[CFG] proposal matches Jun 8 13:14:14 charon 49573 15[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:14:14 charon 49573 15[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:14:14 charon 49573 15[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:14:14 charon 49573 15[CFG] selecting traffic selectors for us: Jun 8 13:14:14 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 13:14:14 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 13:14:14 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 13:14:14 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 13:14:14 charon 49573 15[CFG] selecting traffic selectors for other: Jun 8 13:14:14 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 13:14:14 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 13:14:14 charon 49573 15[CHD] CHILD_SA con2{1943} state change: CREATED => INSTALLING Jun 8 13:14:14 charon 49573 15[CHD] using AES_GCM_16 for encryption Jun 8 13:14:14 charon 49573 15[CHD] adding inbound ESP SA Jun 8 13:14:14 charon 49573 15[CHD] SPI 0xc87cad0b, src x.x.x.162 dst 192.168.177.22 Jun 8 13:14:14 charon 49573 15[CHD] registering outbound ESP SA Jun 8 13:14:14 charon 49573 15[CHD] SPI 0xc28341d0, src 192.168.177.22 dst x.x.x.162 Jun 8 13:14:14 charon 49573 15[IKE] inbound CHILD_SA con2{1943} established with SPIs c87cad0b_i c28341d0_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 13:14:14 charon 49573 15[CHD] CHILD_SA con2{1943} state change: INSTALLING => INSTALLED Jun 8 13:14:14 charon 49573 15[CHD] adding outbound ESP SA Jun 8 13:14:14 charon 49573 15[CHD] SPI 0xc28341d0, src 192.168.177.22 dst x.x.x.162 Jun 8 13:14:14 charon 49573 15[IKE] outbound CHILD_SA con2{1943} established with SPIs c87cad0b_i c28341d0_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 13:14:14 charon 49573 15[CHD] CHILD_SA con2{1942} state change: REKEYING => REKEYED Jun 8 13:14:14 charon 49573 15[IKE] reinitiating already active tasks Jun 8 13:14:14 charon 49573 15[IKE] CHILD_REKEY task Jun 8 13:14:14 charon 49573 15[IKE] closing CHILD_SA con2{1942} with SPIs c8e39889_i (27743778 bytes) cae01d9d_o (41020520 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 13:14:14 charon 49573 15[IKE] sending DELETE for ESP CHILD_SA with SPI c8e39889 Jun 8 13:14:14 charon 49573 15[CHD] CHILD_SA con2{1942} state change: REKEYED => DELETING Jun 8 13:14:14 charon 49573 15[ENC] generating INFORMATIONAL request 3 [ D ] Jun 8 13:14:14 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 13:14:14 charon 49573 15[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 13:14:14 charon 49573 15[ENC] parsed INFORMATIONAL response 3 [ D ] Jun 8 13:14:14 charon 49573 15[IKE] received DELETE for ESP CHILD_SA with SPI cae01d9d Jun 8 13:14:14 charon 49573 15[IKE] CHILD_SA closed Jun 8 13:14:14 charon 49573 15[CHD] CHILD_SA con2{1942} state change: DELETING => DELETED Jun 8 13:14:14 charon 49573 15[IKE] activating new tasks Jun 8 13:14:14 charon 49573 15[IKE] nothing to initiate Jun 8 13:14:19 charon 49573 14[IKE] queueing CHILD_DELETE task Jun 8 13:14:19 charon 49573 14[IKE] activating new tasks Jun 8 13:14:19 charon 49573 14[IKE] activating CHILD_DELETE task Jun 8 13:14:19 charon 49573 14[CHD] CHILD_SA con2{1942} state change: DELETED => DESTROYING Jun 8 13:14:19 charon 49573 14[IKE] activating new tasks Jun 8 13:14:19 charon 49573 14[IKE] nothing to initiate #### REBOOT PFSENSE ##### Jun 8 13:35:47 charon 49573 14[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 13:35:47 charon 49573 14[ENC] parsed INFORMATIONAL request 0 [ D ] Jun 8 13:35:47 charon 49573 14[IKE] received DELETE for IKE_SA con2[657] Jun 8 13:35:47 charon 49573 14[IKE] deleting IKE_SA con2[657] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 13:35:47 charon 49573 14[IKE] IKE_SA con2[657] state change: ESTABLISHED => DELETING Jun 8 13:35:47 charon 49573 14[IKE] IKE_SA deleted Jun 8 13:35:47 charon 49573 14[ENC] generating INFORMATIONAL response 0 [ ] Jun 8 13:35:47 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 13:35:47 charon 49573 14[IKE] IKE_SA con2[657] state change: DELETING => DESTROYING Jun 8 13:35:47 charon 49573 14[CHD] CHILD_SA con2{1943} state change: INSTALLED => DESTROYING Jun 8 13:35:47 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:35:47 charon 49573 13[IKE] queueing IKE_VENDOR task Jun 8 13:35:47 charon 49573 13[IKE] queueing IKE_INIT task Jun 8 13:35:47 charon 49573 13[IKE] queueing IKE_NATD task Jun 8 13:35:47 charon 49573 13[IKE] queueing IKE_CERT_PRE task Jun 8 13:35:47 charon 49573 13[IKE] queueing IKE_AUTH task Jun 8 13:35:47 charon 49573 13[IKE] queueing IKE_CERT_POST task Jun 8 13:35:47 charon 49573 13[IKE] queueing IKE_CONFIG task Jun 8 13:35:47 charon 49573 13[IKE] queueing IKE_AUTH_LIFETIME task Jun 8 13:35:47 charon 49573 13[IKE] queueing CHILD_CREATE task Jun 8 13:35:47 charon 49573 13[IKE] activating new tasks Jun 8 13:35:47 charon 49573 13[IKE] activating IKE_VENDOR task Jun 8 13:35:47 charon 49573 13[IKE] activating IKE_INIT task Jun 8 13:35:47 charon 49573 13[IKE] activating IKE_NATD task Jun 8 13:35:47 charon 49573 13[IKE] activating IKE_CERT_PRE task Jun 8 13:35:47 charon 49573 13[IKE] activating IKE_AUTH task Jun 8 13:35:47 charon 49573 13[IKE] activating IKE_CERT_POST task Jun 8 13:35:47 charon 49573 13[IKE] activating IKE_CONFIG task Jun 8 13:35:47 charon 49573 13[IKE] activating CHILD_CREATE task Jun 8 13:35:47 charon 49573 13[IKE] activating IKE_AUTH_LIFETIME task Jun 8 13:35:47 charon 49573 13[IKE] initiating IKE_SA con2[658] to x.x.x.162 Jun 8 13:35:47 charon 49573 13[IKE] IKE_SA con2[658] state change: CREATED => CONNECTING Jun 8 13:35:47 charon 49573 13[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 13:35:47 charon 49573 13[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 13:35:47 charon 49573 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 13:35:47 charon 49573 13[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 13:35:49 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:35:49 charon 49573 14[CFG] ignoring acquire, connection attempt pending Jun 8 13:35:51 charon 49573 14[IKE] retransmit 1 of request with message ID 0 Jun 8 13:35:51 charon 49573 14[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 13:35:53 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:35:53 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 13:35:57 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:35:57 charon 49573 09[CFG] ignoring acquire, connection attempt pending Jun 8 13:35:58 charon 49573 09[IKE] retransmit 2 of request with message ID 0 Jun 8 13:35:58 charon 49573 09[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 13:36:00 charon 49573 09[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:00 charon 49573 09[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:04 charon 49573 09[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:04 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:05 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:05 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:08 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:08 charon 49573 09[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:11 charon 49573 09[IKE] retransmit 3 of request with message ID 0 Jun 8 13:36:11 charon 49573 09[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 13:36:11 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:11 charon 49573 11[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:15 charon 49573 11[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:15 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:17 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:17 charon 49573 11[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:18 charon 49573 11[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:18 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:21 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:21 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:26 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:26 charon 49573 11[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:29 charon 49573 11[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:29 charon 49573 11[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:31 charon 49573 11[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:31 charon 49573 11[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:35 charon 49573 13[IKE] retransmit 4 of request with message ID 0 Jun 8 13:36:35 charon 49573 13[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 13:36:35 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:35 charon 49573 13[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:38 charon 49573 13[KXX] creating acquire job for policy 192.168.177.22/32|/0 === x.x.x.162/32|/0 with reqid {1} Jun 8 13:36:38 charon 49573 07[CFG] ignoring acquire, connection attempt pending Jun 8 13:36:41 charon 49573 07[NET] <659> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 13:36:41 charon 49573 07[ENC] <659> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 13:36:41 charon 49573 07[CFG] <659> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 13:36:41 charon 49573 07[CFG] <659> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 13:36:41 charon 49573 07[CFG] <659> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 13:36:41 charon 49573 07[CFG] <659> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 13:36:41 charon 49573 07[IKE] <659> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 13:36:41 charon 49573 07[IKE] <659> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 13:36:41 charon 49573 07[IKE] <659> x.x.x.162 is initiating an IKE_SA Jun 8 13:36:41 charon 49573 07[IKE] <659> IKE_SA (unnamed)[659] state change: CREATED => CONNECTING Jun 8 13:36:41 charon 49573 07[CFG] <659> selecting proposal: Jun 8 13:36:41 charon 49573 07[CFG] <659> proposal matches Jun 8 13:36:41 charon 49573 07[CFG] <659> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 13:36:41 charon 49573 07[CFG] <659> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 13:36:41 charon 49573 07[CFG] <659> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 13:36:41 charon 49573 07[CFG] <659> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 13:36:41 charon 49573 07[IKE] <659> local host is behind NAT, sending keep alives Jun 8 13:36:41 charon 49573 07[CFG] <659> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 13:36:41 charon 49573 07[IKE] <659> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 13:36:41 charon 49573 07[ENC] <659> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 13:36:41 charon 49573 07[NET] <659> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 13:36:41 charon 49573 07[NET] <659> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 13:36:41 charon 49573 07[ENC] <659> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 13:36:41 charon 49573 07[IKE] <659> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 13:36:41 charon 49573 07[IKE] <659> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 13:36:41 charon 49573 07[CFG] <659> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 13:36:41 charon 49573 07[CFG] <659> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 13:36:41 charon 49573 07[CFG] selected peer config 'con2' Jun 8 13:36:41 charon 49573 07[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 13:36:41 charon 49573 07[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 13:36:41 charon 49573 07[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 13:36:41 charon 49573 07[IKE] successfully created shared key MAC Jun 8 13:36:41 charon 49573 07[IKE] IKE_SA con2[659] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 13:36:41 charon 49573 07[IKE] IKE_SA con2[659] state change: CONNECTING => ESTABLISHED Jun 8 13:36:41 charon 49573 07[IKE] scheduling rekeying in 24042s Jun 8 13:36:41 charon 49573 07[IKE] maximum IKE_SA lifetime 26922s Jun 8 13:36:41 charon 49573 07[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 13:36:41 charon 49573 07[CFG] proposing traffic selectors for us: Jun 8 13:36:41 charon 49573 07[CFG] 192.168.0.0/22|/0 Jun 8 13:36:41 charon 49573 07[CFG] 10.8.0.0/24|/0 Jun 8 13:36:41 charon 49573 07[CFG] proposing traffic selectors for other: Jun 8 13:36:41 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 13:36:41 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 13:36:41 charon 49573 07[CFG] candidate "con2" with prio 15+5 Jun 8 13:36:41 charon 49573 07[CFG] found matching child config "con2" with prio 20 Jun 8 13:36:41 charon 49573 07[CFG] selecting proposal: Jun 8 13:36:41 charon 49573 07[CFG] proposal matches Jun 8 13:36:41 charon 49573 07[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:36:41 charon 49573 07[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:36:41 charon 49573 07[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:36:41 charon 49573 07[CFG] selecting traffic selectors for us: Jun 8 13:36:41 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 13:36:41 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 13:36:41 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 13:36:41 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 13:36:41 charon 49573 07[CFG] selecting traffic selectors for other: Jun 8 13:36:41 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 13:36:41 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 13:36:41 charon 49573 07[CHD] CHILD_SA con2{1944} state change: CREATED => INSTALLING Jun 8 13:36:41 charon 49573 07[CHD] using AES_GCM_16 for encryption Jun 8 13:36:41 charon 49573 07[CHD] adding inbound ESP SA Jun 8 13:36:41 charon 49573 07[CHD] SPI 0xc4ad6e0a, src x.x.x.162 dst 192.168.177.22 Jun 8 13:36:41 charon 49573 07[CHD] adding outbound ESP SA Jun 8 13:36:41 charon 49573 07[CHD] SPI 0xc25e5041, src 192.168.177.22 dst x.x.x.162 Jun 8 13:36:41 charon 49573 07[IKE] CHILD_SA con2{1944} established with SPIs c4ad6e0a_i c25e5041_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 13:36:41 charon 49573 07[CHD] CHILD_SA con2{1944} state change: INSTALLING => INSTALLED Jun 8 13:36:41 charon 49573 07[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 13:36:41 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 13:37:17 charon 49573 13[IKE] retransmit 5 of request with message ID 0 Jun 8 13:37:17 charon 49573 13[NET] sending packet: from 192.168.177.22[500] to x.x.x.162[500] (336 bytes) Jun 8 13:37:17 charon 49573 13[NET] received packet: from x.x.x.162[500] to 192.168.177.22[500] (344 bytes) Jun 8 13:37:17 charon 49573 13[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 13:37:17 charon 49573 13[IKE] received FRAGMENTATION_SUPPORTED notify Jun 8 13:37:17 charon 49573 13[IKE] received SIGNATURE_HASH_ALGORITHMS notify Jun 8 13:37:17 charon 49573 13[IKE] received CHILDLESS_IKEV2_SUPPORTED notify Jun 8 13:37:17 charon 49573 13[CFG] selecting proposal: Jun 8 13:37:17 charon 49573 13[CFG] proposal matches Jun 8 13:37:17 charon 49573 13[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 13:37:17 charon 49573 13[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 13:37:17 charon 49573 13[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 13:37:17 charon 49573 13[CFG] received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 13:37:17 charon 49573 13[IKE] local host is behind NAT, sending keep alives Jun 8 13:37:17 charon 49573 13[IKE] reinitiating already active tasks Jun 8 13:37:17 charon 49573 13[IKE] IKE_CERT_PRE task Jun 8 13:37:17 charon 49573 13[IKE] IKE_AUTH task Jun 8 13:37:17 charon 49573 13[IKE] sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 13:37:17 charon 49573 13[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 13:37:17 charon 49573 13[IKE] successfully created shared key MAC Jun 8 13:37:17 charon 49573 13[CFG] proposing traffic selectors for us: Jun 8 13:37:17 charon 49573 13[CFG] 192.168.0.0/22|/0 Jun 8 13:37:17 charon 49573 13[CFG] 10.8.0.0/24|/0 Jun 8 13:37:17 charon 49573 13[CFG] proposing traffic selectors for other: Jun 8 13:37:17 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 13:37:17 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 13:37:17 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:37:17 charon 49573 13[IKE] establishing CHILD_SA con2{1945} reqid 1 Jun 8 13:37:17 charon 49573 13[ENC] generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 13:37:17 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (288 bytes) Jun 8 13:37:17 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (240 bytes) Jun 8 13:37:17 charon 49573 13[ENC] parsed IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 13:37:17 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 13:37:17 charon 49573 13[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 13:37:17 charon 49573 13[IKE] IKE_SA con2[658] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 13:37:17 charon 49573 13[IKE] IKE_SA con2[658] state change: CONNECTING => ESTABLISHED Jun 8 13:37:17 charon 49573 13[IKE] scheduling rekeying in 24134s Jun 8 13:37:17 charon 49573 13[IKE] maximum IKE_SA lifetime 27014s Jun 8 13:37:17 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 13:37:17 charon 49573 13[CFG] selecting proposal: Jun 8 13:37:17 charon 49573 13[CFG] proposal matches Jun 8 13:37:17 charon 49573 13[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:37:17 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:37:17 charon 49573 13[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 13:37:17 charon 49573 13[CFG] selecting traffic selectors for us: Jun 8 13:37:17 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 13:37:17 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 13:37:17 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 13:37:17 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 13:37:17 charon 49573 13[CFG] selecting traffic selectors for other: Jun 8 13:37:17 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 13:37:17 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 13:37:17 charon 49573 13[CHD] CHILD_SA con2{1945} state change: CREATED => INSTALLING Jun 8 13:37:17 charon 49573 13[CHD] using AES_GCM_16 for encryption Jun 8 13:37:17 charon 49573 13[CHD] adding inbound ESP SA Jun 8 13:37:17 charon 49573 13[CHD] SPI 0xcfe995e4, src x.x.x.162 dst 192.168.177.22 Jun 8 13:37:17 charon 49573 13[CHD] adding outbound ESP SA Jun 8 13:37:17 charon 49573 13[CHD] SPI 0xcc92cae2, src 192.168.177.22 dst x.x.x.162 Jun 8 13:37:17 charon 49573 13[IKE] CHILD_SA con2{1945} established with SPIs cfe995e4_i cc92cae2_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 13:37:17 charon 49573 13[CHD] CHILD_SA con2{1945} state change: INSTALLING => INSTALLED Jun 8 13:37:17 charon 49573 13[IKE] activating new tasks Jun 8 13:37:17 charon 49573 13[IKE] nothing to initiate Jun 8 13:37:27 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 13:37:27 charon 49573 13[ENC] parsed INFORMATIONAL request 2 [ D ] Jun 8 13:37:27 charon 49573 13[IKE] received DELETE for IKE_SA con2[659] Jun 8 13:37:27 charon 49573 13[IKE] deleting IKE_SA con2[659] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 13:37:27 charon 49573 13[IKE] IKE_SA con2[659] state change: ESTABLISHED => DELETING Jun 8 13:37:27 charon 49573 13[IKE] IKE_SA deleted Jun 8 13:37:27 charon 49573 13[ENC] generating INFORMATIONAL response 2 [ ] Jun 8 13:37:27 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 13:37:27 charon 49573 13[IKE] IKE_SA con2[659] state change: DELETING => DESTROYING Jun 8 13:37:27 charon 49573 13[CHD] CHILD_SA con2{1944} state change: INSTALLED => DESTROYING Jun 8 14:27:15 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 14:27:15 charon 49573 06[ENC] parsed CREATE_CHILD_SA request 0 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 14:27:15 charon 49573 06[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 14:27:15 charon 49573 06[CFG] selecting proposal: Jun 8 14:27:15 charon 49573 06[CFG] proposal matches Jun 8 14:27:15 charon 49573 06[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 14:27:15 charon 49573 06[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 14:27:15 charon 49573 06[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 14:27:15 charon 49573 06[CFG] selecting traffic selectors for us: Jun 8 14:27:15 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 14:27:15 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 14:27:15 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 14:27:15 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 14:27:15 charon 49573 06[CFG] selecting traffic selectors for other: Jun 8 14:27:15 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 14:27:15 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 14:27:15 charon 49573 06[CHD] CHILD_SA con2{1946} state change: CREATED => INSTALLING Jun 8 14:27:15 charon 49573 06[CHD] using AES_GCM_16 for encryption Jun 8 14:27:15 charon 49573 06[CHD] adding inbound ESP SA Jun 8 14:27:15 charon 49573 06[CHD] SPI 0xcbc907a5, src x.x.x.162 dst 192.168.177.22 Jun 8 14:27:15 charon 49573 06[CHD] registering outbound ESP SA Jun 8 14:27:15 charon 49573 06[CHD] SPI 0xc8e33f14, src 192.168.177.22 dst x.x.x.162 Jun 8 14:27:15 charon 49573 06[IKE] inbound CHILD_SA con2{1946} established with SPIs cbc907a5_i c8e33f14_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 14:27:15 charon 49573 06[CHD] CHILD_SA con2{1946} state change: INSTALLING => INSTALLED Jun 8 14:27:15 charon 49573 06[CHD] CHILD_SA con2{1945} state change: INSTALLED => REKEYING Jun 8 14:27:15 charon 49573 06[CHD] CHILD_SA con2{1945} state change: REKEYING => REKEYED Jun 8 14:27:15 charon 49573 06[ENC] generating CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 14:27:15 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 14:27:15 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 14:27:15 charon 49573 06[ENC] parsed INFORMATIONAL request 1 [ D ] Jun 8 14:27:15 charon 49573 06[IKE] received DELETE for ESP CHILD_SA with SPI cc92cae2 Jun 8 14:27:15 charon 49573 06[IKE] closing CHILD_SA con2{1945} with SPIs cfe995e4_i (159313706 bytes) cc92cae2_o (30181976 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 14:27:15 charon 49573 06[IKE] sending DELETE for ESP CHILD_SA with SPI cfe995e4 Jun 8 14:27:15 charon 49573 06[CHD] CHILD_SA con2{1945} state change: REKEYED => DELETING Jun 8 14:27:15 charon 49573 06[IKE] CHILD_SA closed Jun 8 14:27:15 charon 49573 06[CHD] CHILD_SA con2{1945} state change: DELETING => DELETED Jun 8 14:27:15 charon 49573 06[CHD] adding outbound ESP SA Jun 8 14:27:15 charon 49573 06[CHD] SPI 0xc8e33f14, src 192.168.177.22 dst x.x.x.162 Jun 8 14:27:15 charon 49573 06[IKE] outbound CHILD_SA con2{1946} established with SPIs cbc907a5_i c8e33f14_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 14:27:15 charon 49573 06[ENC] generating INFORMATIONAL response 1 [ D ] Jun 8 14:27:15 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 14:27:20 charon 49573 06[IKE] queueing CHILD_DELETE task Jun 8 14:27:20 charon 49573 06[IKE] activating new tasks Jun 8 14:27:20 charon 49573 06[IKE] activating CHILD_DELETE task Jun 8 14:27:20 charon 49573 06[CHD] CHILD_SA con2{1945} state change: DELETED => DESTROYING Jun 8 14:27:20 charon 49573 06[IKE] activating new tasks Jun 8 14:27:20 charon 49573 06[IKE] nothing to initiate Jun 8 15:15:43 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 15:15:43 charon 49573 06[ENC] parsed CREATE_CHILD_SA request 2 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 15:15:43 charon 49573 06[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 15:15:43 charon 49573 06[CFG] selecting proposal: Jun 8 15:15:43 charon 49573 06[CFG] proposal matches Jun 8 15:15:43 charon 49573 06[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 15:15:43 charon 49573 06[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 15:15:43 charon 49573 06[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 15:15:43 charon 49573 06[CFG] selecting traffic selectors for us: Jun 8 15:15:43 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 15:15:43 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 15:15:43 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 15:15:43 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 15:15:43 charon 49573 06[CFG] selecting traffic selectors for other: Jun 8 15:15:43 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 15:15:43 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 15:15:43 charon 49573 06[CHD] CHILD_SA con2{1947} state change: CREATED => INSTALLING Jun 8 15:15:43 charon 49573 06[CHD] using AES_GCM_16 for encryption Jun 8 15:15:43 charon 49573 06[CHD] adding inbound ESP SA Jun 8 15:15:43 charon 49573 06[CHD] SPI 0xc6dca1fe, src x.x.x.162 dst 192.168.177.22 Jun 8 15:15:43 charon 49573 06[CHD] registering outbound ESP SA Jun 8 15:15:43 charon 49573 06[CHD] SPI 0xc1d95ca5, src 192.168.177.22 dst x.x.x.162 Jun 8 15:15:43 charon 49573 06[IKE] inbound CHILD_SA con2{1947} established with SPIs c6dca1fe_i c1d95ca5_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 15:15:43 charon 49573 06[CHD] CHILD_SA con2{1947} state change: INSTALLING => INSTALLED Jun 8 15:15:43 charon 49573 06[CHD] CHILD_SA con2{1946} state change: INSTALLED => REKEYING Jun 8 15:15:43 charon 49573 06[CHD] CHILD_SA con2{1946} state change: REKEYING => REKEYED Jun 8 15:15:43 charon 49573 06[ENC] generating CREATE_CHILD_SA response 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 15:15:43 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 15:15:43 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 15:15:43 charon 49573 06[ENC] parsed INFORMATIONAL request 3 [ D ] Jun 8 15:15:43 charon 49573 06[IKE] received DELETE for ESP CHILD_SA with SPI c8e33f14 Jun 8 15:15:43 charon 49573 06[IKE] closing CHILD_SA con2{1946} with SPIs cbc907a5_i (74360735 bytes) c8e33f14_o (31037304 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 15:15:43 charon 49573 06[IKE] sending DELETE for ESP CHILD_SA with SPI cbc907a5 Jun 8 15:15:43 charon 49573 06[CHD] CHILD_SA con2{1946} state change: REKEYED => DELETING Jun 8 15:15:43 charon 49573 06[IKE] CHILD_SA closed Jun 8 15:15:43 charon 49573 06[CHD] CHILD_SA con2{1946} state change: DELETING => DELETED Jun 8 15:15:43 charon 49573 06[CHD] adding outbound ESP SA Jun 8 15:15:43 charon 49573 06[CHD] SPI 0xc1d95ca5, src 192.168.177.22 dst x.x.x.162 Jun 8 15:15:43 charon 49573 06[IKE] outbound CHILD_SA con2{1947} established with SPIs c6dca1fe_i c1d95ca5_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 15:15:43 charon 49573 06[ENC] generating INFORMATIONAL response 3 [ D ] Jun 8 15:15:43 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 15:15:48 charon 49573 06[IKE] queueing CHILD_DELETE task Jun 8 15:15:48 charon 49573 06[IKE] activating new tasks Jun 8 15:15:48 charon 49573 06[IKE] activating CHILD_DELETE task Jun 8 15:15:48 charon 49573 06[CHD] CHILD_SA con2{1946} state change: DELETED => DESTROYING Jun 8 15:15:48 charon 49573 06[IKE] activating new tasks Jun 8 15:15:48 charon 49573 06[IKE] nothing to initiate Jun 8 16:05:01 charon 49573 12[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 16:05:01 charon 49573 12[ENC] parsed CREATE_CHILD_SA request 4 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 16:05:01 charon 49573 12[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 16:05:01 charon 49573 12[CFG] selecting proposal: Jun 8 16:05:01 charon 49573 12[CFG] proposal matches Jun 8 16:05:01 charon 49573 12[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 16:05:01 charon 49573 12[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 16:05:01 charon 49573 12[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 16:05:01 charon 49573 12[CFG] selecting traffic selectors for us: Jun 8 16:05:01 charon 49573 12[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 16:05:01 charon 49573 12[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 16:05:01 charon 49573 12[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 16:05:01 charon 49573 12[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 16:05:01 charon 49573 12[CFG] selecting traffic selectors for other: Jun 8 16:05:01 charon 49573 12[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 16:05:01 charon 49573 12[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 16:05:01 charon 49573 12[CHD] CHILD_SA con2{1948} state change: CREATED => INSTALLING Jun 8 16:05:01 charon 49573 12[CHD] using AES_GCM_16 for encryption Jun 8 16:05:01 charon 49573 12[CHD] adding inbound ESP SA Jun 8 16:05:01 charon 49573 12[CHD] SPI 0xcd46368b, src x.x.x.162 dst 192.168.177.22 Jun 8 16:05:01 charon 49573 12[CHD] registering outbound ESP SA Jun 8 16:05:01 charon 49573 12[CHD] SPI 0xc01c7fba, src 192.168.177.22 dst x.x.x.162 Jun 8 16:05:01 charon 49573 12[IKE] inbound CHILD_SA con2{1948} established with SPIs cd46368b_i c01c7fba_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 16:05:01 charon 49573 12[CHD] CHILD_SA con2{1948} state change: INSTALLING => INSTALLED Jun 8 16:05:01 charon 49573 12[CHD] CHILD_SA con2{1947} state change: INSTALLED => REKEYING Jun 8 16:05:01 charon 49573 12[CHD] CHILD_SA con2{1947} state change: REKEYING => REKEYED Jun 8 16:05:01 charon 49573 12[ENC] generating CREATE_CHILD_SA response 4 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 16:05:01 charon 49573 12[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 16:05:01 charon 49573 12[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 16:05:01 charon 49573 12[ENC] parsed INFORMATIONAL request 5 [ D ] Jun 8 16:05:01 charon 49573 12[IKE] received DELETE for ESP CHILD_SA with SPI c1d95ca5 Jun 8 16:05:01 charon 49573 12[IKE] closing CHILD_SA con2{1947} with SPIs c6dca1fe_i (84419733 bytes) c1d95ca5_o (25262888 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 16:05:01 charon 49573 12[IKE] sending DELETE for ESP CHILD_SA with SPI c6dca1fe Jun 8 16:05:01 charon 49573 12[CHD] CHILD_SA con2{1947} state change: REKEYED => DELETING Jun 8 16:05:01 charon 49573 12[IKE] CHILD_SA closed Jun 8 16:05:01 charon 49573 12[CHD] CHILD_SA con2{1947} state change: DELETING => DELETED Jun 8 16:05:01 charon 49573 12[CHD] adding outbound ESP SA Jun 8 16:05:01 charon 49573 12[CHD] SPI 0xc01c7fba, src 192.168.177.22 dst x.x.x.162 Jun 8 16:05:01 charon 49573 12[IKE] outbound CHILD_SA con2{1948} established with SPIs cd46368b_i c01c7fba_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 16:05:01 charon 49573 12[ENC] generating INFORMATIONAL response 5 [ D ] Jun 8 16:05:01 charon 49573 12[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 16:05:06 charon 49573 12[IKE] queueing CHILD_DELETE task Jun 8 16:05:06 charon 49573 12[IKE] activating new tasks Jun 8 16:05:06 charon 49573 12[IKE] activating CHILD_DELETE task Jun 8 16:05:06 charon 49573 12[CHD] CHILD_SA con2{1947} state change: DELETED => DESTROYING Jun 8 16:05:06 charon 49573 12[IKE] activating new tasks Jun 8 16:05:06 charon 49573 12[IKE] nothing to initiate Jun 8 16:53:27 charon 49573 10[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 16:53:27 charon 49573 10[ENC] parsed CREATE_CHILD_SA request 6 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 16:53:27 charon 49573 10[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 16:53:27 charon 49573 10[CFG] selecting proposal: Jun 8 16:53:27 charon 49573 10[CFG] proposal matches Jun 8 16:53:27 charon 49573 10[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 16:53:27 charon 49573 10[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 16:53:27 charon 49573 10[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 16:53:27 charon 49573 10[CFG] selecting traffic selectors for us: Jun 8 16:53:27 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 16:53:27 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 16:53:27 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 16:53:27 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 16:53:27 charon 49573 10[CFG] selecting traffic selectors for other: Jun 8 16:53:27 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 16:53:27 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 16:53:27 charon 49573 10[CHD] CHILD_SA con2{1949} state change: CREATED => INSTALLING Jun 8 16:53:27 charon 49573 10[CHD] using AES_GCM_16 for encryption Jun 8 16:53:27 charon 49573 10[CHD] adding inbound ESP SA Jun 8 16:53:27 charon 49573 10[CHD] SPI 0xc2f3adf7, src x.x.x.162 dst 192.168.177.22 Jun 8 16:53:27 charon 49573 10[CHD] registering outbound ESP SA Jun 8 16:53:27 charon 49573 10[CHD] SPI 0xcff2f0e1, src 192.168.177.22 dst x.x.x.162 Jun 8 16:53:27 charon 49573 10[IKE] inbound CHILD_SA con2{1949} established with SPIs c2f3adf7_i cff2f0e1_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 16:53:27 charon 49573 10[CHD] CHILD_SA con2{1949} state change: INSTALLING => INSTALLED Jun 8 16:53:27 charon 49573 10[CHD] CHILD_SA con2{1948} state change: INSTALLED => REKEYING Jun 8 16:53:27 charon 49573 10[CHD] CHILD_SA con2{1948} state change: REKEYING => REKEYED Jun 8 16:53:27 charon 49573 10[ENC] generating CREATE_CHILD_SA response 6 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 16:53:27 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 16:53:27 charon 49573 10[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 16:53:27 charon 49573 10[ENC] parsed INFORMATIONAL request 7 [ D ] Jun 8 16:53:27 charon 49573 10[IKE] received DELETE for ESP CHILD_SA with SPI c01c7fba Jun 8 16:53:27 charon 49573 10[IKE] closing CHILD_SA con2{1948} with SPIs cd46368b_i (269050538 bytes) c01c7fba_o (12392448 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 16:53:27 charon 49573 10[IKE] sending DELETE for ESP CHILD_SA with SPI cd46368b Jun 8 16:53:27 charon 49573 10[CHD] CHILD_SA con2{1948} state change: REKEYED => DELETING Jun 8 16:53:27 charon 49573 10[IKE] CHILD_SA closed Jun 8 16:53:27 charon 49573 10[CHD] CHILD_SA con2{1948} state change: DELETING => DELETED Jun 8 16:53:27 charon 49573 10[CHD] adding outbound ESP SA Jun 8 16:53:27 charon 49573 10[CHD] SPI 0xcff2f0e1, src 192.168.177.22 dst x.x.x.162 Jun 8 16:53:27 charon 49573 10[IKE] outbound CHILD_SA con2{1949} established with SPIs c2f3adf7_i cff2f0e1_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 16:53:27 charon 49573 10[ENC] generating INFORMATIONAL response 7 [ D ] Jun 8 16:53:27 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 16:53:32 charon 49573 10[IKE] queueing CHILD_DELETE task Jun 8 16:53:32 charon 49573 10[IKE] activating new tasks Jun 8 16:53:32 charon 49573 10[IKE] activating CHILD_DELETE task Jun 8 16:53:32 charon 49573 10[CHD] CHILD_SA con2{1948} state change: DELETED => DESTROYING Jun 8 16:53:32 charon 49573 10[IKE] activating new tasks Jun 8 16:53:32 charon 49573 10[IKE] nothing to initiate Jun 8 17:41:41 charon 49573 10[KXX] creating rekey job for CHILD_SA ESP/0xc2f3adf7/192.168.177.22 Jun 8 17:41:41 charon 49573 14[IKE] queueing CHILD_REKEY task Jun 8 17:41:41 charon 49573 14[IKE] activating new tasks Jun 8 17:41:41 charon 49573 14[IKE] activating CHILD_REKEY task Jun 8 17:41:41 charon 49573 14[CFG] proposing traffic selectors for us: Jun 8 17:41:41 charon 49573 14[CFG] 192.168.0.0/22|/0 Jun 8 17:41:41 charon 49573 14[CFG] 10.8.0.0/24|/0 Jun 8 17:41:41 charon 49573 14[CFG] proposing traffic selectors for other: Jun 8 17:41:41 charon 49573 14[CFG] 172.16.100.0/24|/0 Jun 8 17:41:41 charon 49573 14[CFG] 172.16.100.0/24|/0 Jun 8 17:41:41 charon 49573 14[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 17:41:41 charon 49573 14[IKE] establishing CHILD_SA con2{1950} reqid 1 Jun 8 17:41:41 charon 49573 14[CHD] CHILD_SA con2{1949} state change: INSTALLED => REKEYING Jun 8 17:41:41 charon 49573 14[ENC] generating CREATE_CHILD_SA request 2 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 17:41:41 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 17:41:41 charon 49573 14[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 17:41:41 charon 49573 14[ENC] parsed CREATE_CHILD_SA response 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 17:41:41 charon 49573 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 17:41:41 charon 49573 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 17:41:41 charon 49573 14[CFG] selecting proposal: Jun 8 17:41:41 charon 49573 14[CFG] proposal matches Jun 8 17:41:41 charon 49573 14[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 17:41:41 charon 49573 14[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 17:41:41 charon 49573 14[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 17:41:41 charon 49573 14[CFG] selecting traffic selectors for us: Jun 8 17:41:41 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 17:41:41 charon 49573 14[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 17:41:41 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 17:41:41 charon 49573 14[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 17:41:41 charon 49573 14[CFG] selecting traffic selectors for other: Jun 8 17:41:41 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 17:41:41 charon 49573 14[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 17:41:41 charon 49573 14[CHD] CHILD_SA con2{1950} state change: CREATED => INSTALLING Jun 8 17:41:41 charon 49573 14[CHD] using AES_GCM_16 for encryption Jun 8 17:41:41 charon 49573 14[CHD] adding inbound ESP SA Jun 8 17:41:41 charon 49573 14[CHD] SPI 0xcc03a20e, src x.x.x.162 dst 192.168.177.22 Jun 8 17:41:41 charon 49573 14[CHD] registering outbound ESP SA Jun 8 17:41:41 charon 49573 14[CHD] SPI 0xc2e9a729, src 192.168.177.22 dst x.x.x.162 Jun 8 17:41:41 charon 49573 14[IKE] inbound CHILD_SA con2{1950} established with SPIs cc03a20e_i c2e9a729_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 17:41:41 charon 49573 14[CHD] CHILD_SA con2{1950} state change: INSTALLING => INSTALLED Jun 8 17:41:41 charon 49573 14[CHD] adding outbound ESP SA Jun 8 17:41:41 charon 49573 14[CHD] SPI 0xc2e9a729, src 192.168.177.22 dst x.x.x.162 Jun 8 17:41:41 charon 49573 14[IKE] outbound CHILD_SA con2{1950} established with SPIs cc03a20e_i c2e9a729_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 17:41:41 charon 49573 14[CHD] CHILD_SA con2{1949} state change: REKEYING => REKEYED Jun 8 17:41:41 charon 49573 14[IKE] reinitiating already active tasks Jun 8 17:41:41 charon 49573 14[IKE] CHILD_REKEY task Jun 8 17:41:41 charon 49573 14[IKE] closing CHILD_SA con2{1949} with SPIs c2f3adf7_i (825919 bytes) cff2f0e1_o (2069768 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 17:41:41 charon 49573 14[IKE] sending DELETE for ESP CHILD_SA with SPI c2f3adf7 Jun 8 17:41:41 charon 49573 14[CHD] CHILD_SA con2{1949} state change: REKEYED => DELETING Jun 8 17:41:41 charon 49573 14[ENC] generating INFORMATIONAL request 3 [ D ] Jun 8 17:41:41 charon 49573 14[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 17:41:41 charon 49573 14[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 17:41:41 charon 49573 14[ENC] parsed INFORMATIONAL response 3 [ D ] Jun 8 17:41:41 charon 49573 14[IKE] received DELETE for ESP CHILD_SA with SPI cff2f0e1 Jun 8 17:41:41 charon 49573 14[IKE] CHILD_SA closed Jun 8 17:41:41 charon 49573 14[CHD] CHILD_SA con2{1949} state change: DELETING => DELETED Jun 8 17:41:41 charon 49573 14[IKE] activating new tasks Jun 8 17:41:41 charon 49573 14[IKE] nothing to initiate Jun 8 17:41:47 charon 49573 14[IKE] queueing CHILD_DELETE task Jun 8 17:41:47 charon 49573 14[IKE] activating new tasks Jun 8 17:41:47 charon 49573 14[IKE] activating CHILD_DELETE task Jun 8 17:41:47 charon 49573 14[CHD] CHILD_SA con2{1949} state change: DELETED => DESTROYING Jun 8 17:41:47 charon 49573 14[IKE] activating new tasks Jun 8 17:41:47 charon 49573 14[IKE] nothing to initiate Jun 8 18:11:06 charon 49573 11[IKE] sending DPD request Jun 8 18:11:06 charon 49573 11[IKE] queueing IKE_DPD task Jun 8 18:11:06 charon 49573 11[IKE] activating new tasks Jun 8 18:11:06 charon 49573 11[IKE] activating IKE_DPD task Jun 8 18:11:06 charon 49573 11[ENC] generating INFORMATIONAL request 4 [ ] Jun 8 18:11:06 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 18:11:10 charon 49573 11[IKE] retransmit 1 of request with message ID 4 Jun 8 18:11:10 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 18:11:18 charon 49573 11[IKE] retransmit 2 of request with message ID 4 Jun 8 18:11:18 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 18:11:31 charon 49573 11[IKE] retransmit 3 of request with message ID 4 Jun 8 18:11:31 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 18:11:51 charon 49573 11[IKE] sending keep alive to x.x.x.162[4500] Jun 8 18:11:54 charon 49573 11[IKE] retransmit 4 of request with message ID 4 Jun 8 18:11:54 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 18:11:58 charon 49573 11[NET] <660> received packet: from x.x.x.162[500] to 192.168.177.22[500] (336 bytes) Jun 8 18:11:58 charon 49573 11[ENC] <660> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jun 8 18:11:58 charon 49573 11[CFG] <660> looking for an IKEv2 config for 192.168.177.22...x.x.x.162 Jun 8 18:11:58 charon 49573 11[CFG] <660> candidate: 192.168.177.22...0.0.0.0/0, ::/0, prio 1052 Jun 8 18:11:58 charon 49573 11[CFG] <660> candidate: 192.168.177.22...x.x.x.162, prio 3100 Jun 8 18:11:58 charon 49573 11[CFG] <660> found matching ike config: 192.168.177.22...x.x.x.162 with prio 3100 Jun 8 18:11:58 charon 49573 11[IKE] <660> local endpoint changed from 0.0.0.0[500] to 192.168.177.22[500] Jun 8 18:11:58 charon 49573 11[IKE] <660> remote endpoint changed from 0.0.0.0 to x.x.x.162[500] Jun 8 18:11:58 charon 49573 11[IKE] <660> x.x.x.162 is initiating an IKE_SA Jun 8 18:11:58 charon 49573 11[IKE] <660> IKE_SA (unnamed)[660] state change: CREATED => CONNECTING Jun 8 18:11:58 charon 49573 11[CFG] <660> selecting proposal: Jun 8 18:11:58 charon 49573 11[CFG] <660> proposal matches Jun 8 18:11:58 charon 49573 11[CFG] <660> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 18:11:58 charon 49573 11[CFG] <660> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 18:11:58 charon 49573 11[CFG] <660> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 8 18:11:58 charon 49573 11[CFG] <660> received supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 18:11:58 charon 49573 11[IKE] <660> local host is behind NAT, sending keep alives Jun 8 18:11:58 charon 49573 11[CFG] <660> sending supported signature hash algorithms: sha256 sha384 sha512 identity Jun 8 18:11:58 charon 49573 11[IKE] <660> sending cert request for "CN=vpn, C=XX, ST=XX, L=XX, O=XX XX" Jun 8 18:11:58 charon 49573 11[ENC] <660> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Jun 8 18:11:58 charon 49573 11[NET] <660> sending packet: from 192.168.177.22[500] to x.x.x.162[500] (369 bytes) Jun 8 18:11:58 charon 49573 07[NET] <660> received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (272 bytes) Jun 8 18:11:58 charon 49573 07[ENC] <660> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_OXXY) N(MSG_ID_SYN_SUP) ] Jun 8 18:11:58 charon 49573 07[IKE] <660> local endpoint changed from 192.168.177.22[500] to 192.168.177.22[4500] Jun 8 18:11:58 charon 49573 07[IKE] <660> remote endpoint changed from x.x.x.162[500] to x.x.x.162[4500] Jun 8 18:11:58 charon 49573 07[CFG] <660> looking for peer configs matching 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 18:11:58 charon 49573 07[CFG] <660> candidate "con2", match: 20/20/3100 (me/other/ike) Jun 8 18:11:58 charon 49573 07[CFG] selected peer config 'con2' Jun 8 18:11:58 charon 49573 07[IKE] authentication of 'x.x.x.162' with pre-shared key successful Jun 8 18:11:58 charon 49573 07[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 18:11:58 charon 49573 07[IKE] authentication of 'y.y.y.239' (myself) with pre-shared key Jun 8 18:11:58 charon 49573 07[IKE] successfully created shared key MAC Jun 8 18:11:58 charon 49573 07[IKE] destroying duplicate IKE_SA for peer 'x.x.x.162', received INITIAL_CONTACT Jun 8 18:11:58 charon 49573 07[IKE] IKE_SA con2[658] state change: ESTABLISHED => DESTROYING Jun 8 18:11:58 charon 49573 07[CHD] CHILD_SA con2{1950} state change: INSTALLED => DESTROYING Jun 8 18:11:58 charon 49573 07[IKE] IKE_SA con2[660] established between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 8 18:11:58 charon 49573 07[IKE] IKE_SA con2[660] state change: CONNECTING => ESTABLISHED Jun 8 18:11:58 charon 49573 07[IKE] scheduling rekeying in 25011s Jun 8 18:11:58 charon 49573 07[IKE] maximum IKE_SA lifetime 27891s Jun 8 18:11:58 charon 49573 07[CFG] looking for a child config for 192.168.0.0/22|/0 10.8.0.0/24|/0 === 172.16.100.0/24|/0 Jun 8 18:11:58 charon 49573 07[CFG] proposing traffic selectors for us: Jun 8 18:11:58 charon 49573 07[CFG] 192.168.0.0/22|/0 Jun 8 18:11:58 charon 49573 07[CFG] 10.8.0.0/24|/0 Jun 8 18:11:58 charon 49573 07[CFG] proposing traffic selectors for other: Jun 8 18:11:58 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 18:11:58 charon 49573 07[CFG] 172.16.100.0/24|/0 Jun 8 18:11:58 charon 49573 07[CFG] candidate "con2" with prio 15+5 Jun 8 18:11:58 charon 49573 07[CFG] found matching child config "con2" with prio 20 Jun 8 18:11:58 charon 49573 07[CFG] selecting proposal: Jun 8 18:11:58 charon 49573 07[CFG] proposal matches Jun 8 18:11:58 charon 49573 07[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 18:11:58 charon 49573 07[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 18:11:58 charon 49573 07[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 18:11:58 charon 49573 07[CFG] selecting traffic selectors for us: Jun 8 18:11:58 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 18:11:58 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 18:11:58 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 18:11:58 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 18:11:58 charon 49573 07[CFG] selecting traffic selectors for other: Jun 8 18:11:58 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 18:11:58 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 18:11:58 charon 49573 07[CHD] CHILD_SA con2{1951} state change: CREATED => INSTALLING Jun 8 18:11:58 charon 49573 07[CHD] using AES_GCM_16 for encryption Jun 8 18:11:58 charon 49573 07[CHD] adding inbound ESP SA Jun 8 18:11:58 charon 49573 07[CHD] SPI 0xcfac2a16, src x.x.x.162 dst 192.168.177.22 Jun 8 18:11:58 charon 49573 07[CHD] adding outbound ESP SA Jun 8 18:11:58 charon 49573 07[CHD] SPI 0xc10da990, src 192.168.177.22 dst x.x.x.162 Jun 8 18:11:58 charon 49573 07[IKE] CHILD_SA con2{1951} established with SPIs cfac2a16_i c10da990_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 18:11:58 charon 49573 07[CHD] CHILD_SA con2{1951} state change: INSTALLING => INSTALLED Jun 8 18:11:58 charon 49573 07[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jun 8 18:11:58 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (240 bytes) Jun 8 19:03:09 charon 49573 05[KXX] creating rekey job for CHILD_SA ESP/0xcfac2a16/192.168.177.22 Jun 8 19:03:09 charon 49573 12[IKE] queueing CHILD_REKEY task Jun 8 19:03:09 charon 49573 12[IKE] activating new tasks Jun 8 19:03:09 charon 49573 12[IKE] activating CHILD_REKEY task Jun 8 19:03:09 charon 49573 12[CFG] proposing traffic selectors for us: Jun 8 19:03:09 charon 49573 12[CFG] 192.168.0.0/22|/0 Jun 8 19:03:09 charon 49573 12[CFG] 10.8.0.0/24|/0 Jun 8 19:03:09 charon 49573 12[CFG] proposing traffic selectors for other: Jun 8 19:03:09 charon 49573 12[CFG] 172.16.100.0/24|/0 Jun 8 19:03:09 charon 49573 12[CFG] 172.16.100.0/24|/0 Jun 8 19:03:09 charon 49573 12[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 19:03:09 charon 49573 12[IKE] establishing CHILD_SA con2{1952} reqid 1 Jun 8 19:03:09 charon 49573 12[CHD] CHILD_SA con2{1951} state change: INSTALLED => REKEYING Jun 8 19:03:09 charon 49573 12[ENC] generating CREATE_CHILD_SA request 0 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 19:03:09 charon 49573 12[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 19:03:09 charon 49573 12[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 19:03:09 charon 49573 12[ENC] parsed CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 19:03:09 charon 49573 12[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 19:03:09 charon 49573 12[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 19:03:09 charon 49573 12[CFG] selecting proposal: Jun 8 19:03:09 charon 49573 12[CFG] proposal matches Jun 8 19:03:09 charon 49573 12[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 19:03:09 charon 49573 12[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 19:03:09 charon 49573 12[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 19:03:09 charon 49573 12[CFG] selecting traffic selectors for us: Jun 8 19:03:09 charon 49573 12[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 19:03:09 charon 49573 12[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 19:03:09 charon 49573 12[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 19:03:09 charon 49573 12[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 19:03:09 charon 49573 12[CFG] selecting traffic selectors for other: Jun 8 19:03:09 charon 49573 12[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 19:03:09 charon 49573 12[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 19:03:09 charon 49573 12[CHD] CHILD_SA con2{1952} state change: CREATED => INSTALLING Jun 8 19:03:09 charon 49573 12[CHD] using AES_GCM_16 for encryption Jun 8 19:03:09 charon 49573 12[CHD] adding inbound ESP SA Jun 8 19:03:09 charon 49573 12[CHD] SPI 0xcb245b23, src x.x.x.162 dst 192.168.177.22 Jun 8 19:03:09 charon 49573 12[CHD] registering outbound ESP SA Jun 8 19:03:09 charon 49573 12[CHD] SPI 0xc88fe8ba, src 192.168.177.22 dst x.x.x.162 Jun 8 19:03:09 charon 49573 12[IKE] inbound CHILD_SA con2{1952} established with SPIs cb245b23_i c88fe8ba_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 19:03:09 charon 49573 12[CHD] CHILD_SA con2{1952} state change: INSTALLING => INSTALLED Jun 8 19:03:09 charon 49573 12[CHD] adding outbound ESP SA Jun 8 19:03:09 charon 49573 12[CHD] SPI 0xc88fe8ba, src 192.168.177.22 dst x.x.x.162 Jun 8 19:03:09 charon 49573 12[IKE] outbound CHILD_SA con2{1952} established with SPIs cb245b23_i c88fe8ba_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 19:03:09 charon 49573 12[CHD] CHILD_SA con2{1951} state change: REKEYING => REKEYED Jun 8 19:03:09 charon 49573 12[IKE] reinitiating already active tasks Jun 8 19:03:09 charon 49573 12[IKE] CHILD_REKEY task Jun 8 19:03:09 charon 49573 12[IKE] closing CHILD_SA con2{1951} with SPIs cfac2a16_i (13327335 bytes) c10da990_o (3379788 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 19:03:09 charon 49573 12[IKE] sending DELETE for ESP CHILD_SA with SPI cfac2a16 Jun 8 19:03:09 charon 49573 12[CHD] CHILD_SA con2{1951} state change: REKEYED => DELETING Jun 8 19:03:09 charon 49573 12[ENC] generating INFORMATIONAL request 1 [ D ] Jun 8 19:03:09 charon 49573 12[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 19:03:09 charon 49573 12[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 19:03:09 charon 49573 12[ENC] parsed INFORMATIONAL response 1 [ D ] Jun 8 19:03:09 charon 49573 12[IKE] received DELETE for ESP CHILD_SA with SPI c10da990 Jun 8 19:03:09 charon 49573 12[IKE] CHILD_SA closed Jun 8 19:03:09 charon 49573 12[CHD] CHILD_SA con2{1951} state change: DELETING => DELETED Jun 8 19:03:09 charon 49573 12[IKE] activating new tasks Jun 8 19:03:09 charon 49573 12[IKE] nothing to initiate Jun 8 19:03:14 charon 49573 05[IKE] queueing CHILD_DELETE task Jun 8 19:03:14 charon 49573 05[IKE] activating new tasks Jun 8 19:03:14 charon 49573 05[IKE] activating CHILD_DELETE task Jun 8 19:03:14 charon 49573 05[CHD] CHILD_SA con2{1951} state change: DELETED => DESTROYING Jun 8 19:03:14 charon 49573 05[IKE] activating new tasks Jun 8 19:03:14 charon 49573 05[IKE] nothing to initiate Jun 8 19:52:19 charon 49573 09[KXX] creating rekey job for CHILD_SA ESP/0xcb245b23/192.168.177.22 Jun 8 19:52:19 charon 49573 09[IKE] queueing CHILD_REKEY task Jun 8 19:52:19 charon 49573 09[IKE] activating new tasks Jun 8 19:52:19 charon 49573 09[IKE] activating CHILD_REKEY task Jun 8 19:52:19 charon 49573 09[CFG] proposing traffic selectors for us: Jun 8 19:52:19 charon 49573 09[CFG] 192.168.0.0/22|/0 Jun 8 19:52:19 charon 49573 09[CFG] 10.8.0.0/24|/0 Jun 8 19:52:19 charon 49573 09[CFG] proposing traffic selectors for other: Jun 8 19:52:19 charon 49573 09[CFG] 172.16.100.0/24|/0 Jun 8 19:52:19 charon 49573 09[CFG] 172.16.100.0/24|/0 Jun 8 19:52:19 charon 49573 09[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 19:52:19 charon 49573 09[IKE] establishing CHILD_SA con2{1953} reqid 1 Jun 8 19:52:19 charon 49573 09[CHD] CHILD_SA con2{1952} state change: INSTALLED => REKEYING Jun 8 19:52:19 charon 49573 09[ENC] generating CREATE_CHILD_SA request 2 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 19:52:19 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 19:52:19 charon 49573 09[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 19:52:19 charon 49573 09[ENC] parsed CREATE_CHILD_SA response 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 19:52:19 charon 49573 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 19:52:19 charon 49573 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 19:52:19 charon 49573 09[CFG] selecting proposal: Jun 8 19:52:19 charon 49573 09[CFG] proposal matches Jun 8 19:52:19 charon 49573 09[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 19:52:19 charon 49573 09[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 19:52:19 charon 49573 09[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 19:52:19 charon 49573 09[CFG] selecting traffic selectors for us: Jun 8 19:52:19 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 19:52:19 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 19:52:19 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 19:52:19 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 19:52:19 charon 49573 09[CFG] selecting traffic selectors for other: Jun 8 19:52:19 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 19:52:19 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 19:52:19 charon 49573 09[CHD] CHILD_SA con2{1953} state change: CREATED => INSTALLING Jun 8 19:52:19 charon 49573 09[CHD] using AES_GCM_16 for encryption Jun 8 19:52:19 charon 49573 09[CHD] adding inbound ESP SA Jun 8 19:52:19 charon 49573 09[CHD] SPI 0xc00e4785, src x.x.x.162 dst 192.168.177.22 Jun 8 19:52:19 charon 49573 09[CHD] registering outbound ESP SA Jun 8 19:52:19 charon 49573 09[CHD] SPI 0xc857a232, src 192.168.177.22 dst x.x.x.162 Jun 8 19:52:19 charon 49573 09[IKE] inbound CHILD_SA con2{1953} established with SPIs c00e4785_i c857a232_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 19:52:19 charon 49573 09[CHD] CHILD_SA con2{1953} state change: INSTALLING => INSTALLED Jun 8 19:52:19 charon 49573 09[CHD] adding outbound ESP SA Jun 8 19:52:19 charon 49573 09[CHD] SPI 0xc857a232, src 192.168.177.22 dst x.x.x.162 Jun 8 19:52:19 charon 49573 09[IKE] outbound CHILD_SA con2{1953} established with SPIs c00e4785_i c857a232_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 19:52:19 charon 49573 09[CHD] CHILD_SA con2{1952} state change: REKEYING => REKEYED Jun 8 19:52:19 charon 49573 09[IKE] reinitiating already active tasks Jun 8 19:52:19 charon 49573 09[IKE] CHILD_REKEY task Jun 8 19:52:19 charon 49573 09[IKE] closing CHILD_SA con2{1952} with SPIs cb245b23_i (841777 bytes) c88fe8ba_o (2110276 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 19:52:19 charon 49573 09[IKE] sending DELETE for ESP CHILD_SA with SPI cb245b23 Jun 8 19:52:19 charon 49573 09[CHD] CHILD_SA con2{1952} state change: REKEYED => DELETING Jun 8 19:52:19 charon 49573 09[ENC] generating INFORMATIONAL request 3 [ D ] Jun 8 19:52:19 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 19:52:19 charon 49573 09[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 19:52:19 charon 49573 09[ENC] parsed INFORMATIONAL response 3 [ D ] Jun 8 19:52:19 charon 49573 09[IKE] received DELETE for ESP CHILD_SA with SPI c88fe8ba Jun 8 19:52:19 charon 49573 09[IKE] CHILD_SA closed Jun 8 19:52:19 charon 49573 09[CHD] CHILD_SA con2{1952} state change: DELETING => DELETED Jun 8 19:52:19 charon 49573 09[IKE] activating new tasks Jun 8 19:52:19 charon 49573 09[IKE] nothing to initiate Jun 8 19:52:24 charon 49573 09[IKE] queueing CHILD_DELETE task Jun 8 19:52:24 charon 49573 09[IKE] activating new tasks Jun 8 19:52:24 charon 49573 09[IKE] activating CHILD_DELETE task Jun 8 19:52:24 charon 49573 09[CHD] CHILD_SA con2{1952} state change: DELETED => DESTROYING Jun 8 19:52:24 charon 49573 09[IKE] activating new tasks Jun 8 19:52:24 charon 49573 09[IKE] nothing to initiate Jun 8 20:41:19 charon 49573 14[KXX] creating rekey job for CHILD_SA ESP/0xc00e4785/192.168.177.22 Jun 8 20:41:19 charon 49573 13[IKE] queueing CHILD_REKEY task Jun 8 20:41:19 charon 49573 13[IKE] activating new tasks Jun 8 20:41:19 charon 49573 13[IKE] activating CHILD_REKEY task Jun 8 20:41:19 charon 49573 13[CFG] proposing traffic selectors for us: Jun 8 20:41:19 charon 49573 13[CFG] 192.168.0.0/22|/0 Jun 8 20:41:19 charon 49573 13[CFG] 10.8.0.0/24|/0 Jun 8 20:41:19 charon 49573 13[CFG] proposing traffic selectors for other: Jun 8 20:41:19 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 20:41:19 charon 49573 13[CFG] 172.16.100.0/24|/0 Jun 8 20:41:19 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 20:41:19 charon 49573 13[IKE] establishing CHILD_SA con2{1954} reqid 1 Jun 8 20:41:19 charon 49573 13[CHD] CHILD_SA con2{1953} state change: INSTALLED => REKEYING Jun 8 20:41:19 charon 49573 13[ENC] generating CREATE_CHILD_SA request 4 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 20:41:19 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 20:41:19 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 20:41:19 charon 49573 13[ENC] parsed CREATE_CHILD_SA response 4 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 20:41:19 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 20:41:19 charon 49573 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 20:41:19 charon 49573 13[CFG] selecting proposal: Jun 8 20:41:19 charon 49573 13[CFG] proposal matches Jun 8 20:41:19 charon 49573 13[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 20:41:19 charon 49573 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 20:41:19 charon 49573 13[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 20:41:19 charon 49573 13[CFG] selecting traffic selectors for us: Jun 8 20:41:19 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 20:41:19 charon 49573 13[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 20:41:19 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 20:41:19 charon 49573 13[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 20:41:19 charon 49573 13[CFG] selecting traffic selectors for other: Jun 8 20:41:19 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 20:41:19 charon 49573 13[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 20:41:19 charon 49573 13[CHD] CHILD_SA con2{1954} state change: CREATED => INSTALLING Jun 8 20:41:19 charon 49573 13[CHD] using AES_GCM_16 for encryption Jun 8 20:41:19 charon 49573 13[CHD] adding inbound ESP SA Jun 8 20:41:19 charon 49573 13[CHD] SPI 0xc45bd7e7, src x.x.x.162 dst 192.168.177.22 Jun 8 20:41:19 charon 49573 13[CHD] registering outbound ESP SA Jun 8 20:41:19 charon 49573 13[CHD] SPI 0xc195bc3e, src 192.168.177.22 dst x.x.x.162 Jun 8 20:41:19 charon 49573 13[IKE] inbound CHILD_SA con2{1954} established with SPIs c45bd7e7_i c195bc3e_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 20:41:19 charon 49573 13[CHD] CHILD_SA con2{1954} state change: INSTALLING => INSTALLED Jun 8 20:41:19 charon 49573 13[CHD] adding outbound ESP SA Jun 8 20:41:19 charon 49573 13[CHD] SPI 0xc195bc3e, src 192.168.177.22 dst x.x.x.162 Jun 8 20:41:19 charon 49573 13[IKE] outbound CHILD_SA con2{1954} established with SPIs c45bd7e7_i c195bc3e_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 20:41:19 charon 49573 13[CHD] CHILD_SA con2{1953} state change: REKEYING => REKEYED Jun 8 20:41:19 charon 49573 13[IKE] reinitiating already active tasks Jun 8 20:41:19 charon 49573 13[IKE] CHILD_REKEY task Jun 8 20:41:19 charon 49573 13[IKE] closing CHILD_SA con2{1953} with SPIs c00e4785_i (840492 bytes) c857a232_o (2103160 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 20:41:19 charon 49573 13[IKE] sending DELETE for ESP CHILD_SA with SPI c00e4785 Jun 8 20:41:19 charon 49573 13[CHD] CHILD_SA con2{1953} state change: REKEYED => DELETING Jun 8 20:41:19 charon 49573 13[ENC] generating INFORMATIONAL request 5 [ D ] Jun 8 20:41:19 charon 49573 13[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 20:41:19 charon 49573 13[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 20:41:19 charon 49573 13[ENC] parsed INFORMATIONAL response 5 [ D ] Jun 8 20:41:19 charon 49573 13[IKE] received DELETE for ESP CHILD_SA with SPI c857a232 Jun 8 20:41:19 charon 49573 13[IKE] CHILD_SA closed Jun 8 20:41:19 charon 49573 13[CHD] CHILD_SA con2{1953} state change: DELETING => DELETED Jun 8 20:41:19 charon 49573 13[IKE] activating new tasks Jun 8 20:41:19 charon 49573 13[IKE] nothing to initiate Jun 8 20:41:24 charon 49573 13[IKE] queueing CHILD_DELETE task Jun 8 20:41:24 charon 49573 13[IKE] activating new tasks Jun 8 20:41:24 charon 49573 13[IKE] activating CHILD_DELETE task Jun 8 20:41:24 charon 49573 13[CHD] CHILD_SA con2{1953} state change: DELETED => DESTROYING Jun 8 20:41:24 charon 49573 13[IKE] activating new tasks Jun 8 20:41:24 charon 49573 13[IKE] nothing to initiate Jun 8 21:30:21 charon 49573 14[KXX] creating rekey job for CHILD_SA ESP/0xc195bc3e/x.x.x.162 Jun 8 21:30:21 charon 49573 11[IKE] queueing CHILD_REKEY task Jun 8 21:30:21 charon 49573 11[IKE] activating new tasks Jun 8 21:30:21 charon 49573 11[IKE] activating CHILD_REKEY task Jun 8 21:30:21 charon 49573 11[CFG] proposing traffic selectors for us: Jun 8 21:30:21 charon 49573 11[CFG] 192.168.0.0/22|/0 Jun 8 21:30:21 charon 49573 11[CFG] 10.8.0.0/24|/0 Jun 8 21:30:21 charon 49573 11[CFG] proposing traffic selectors for other: Jun 8 21:30:21 charon 49573 11[CFG] 172.16.100.0/24|/0 Jun 8 21:30:21 charon 49573 11[CFG] 172.16.100.0/24|/0 Jun 8 21:30:21 charon 49573 11[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 21:30:21 charon 49573 11[IKE] establishing CHILD_SA con2{1955} reqid 1 Jun 8 21:30:21 charon 49573 11[CHD] CHILD_SA con2{1954} state change: INSTALLED => REKEYING Jun 8 21:30:21 charon 49573 11[ENC] generating CREATE_CHILD_SA request 6 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 21:30:21 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 21:30:21 charon 49573 11[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 21:30:21 charon 49573 11[ENC] parsed CREATE_CHILD_SA response 6 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 21:30:21 charon 49573 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 21:30:21 charon 49573 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 21:30:21 charon 49573 11[CFG] selecting proposal: Jun 8 21:30:21 charon 49573 11[CFG] proposal matches Jun 8 21:30:21 charon 49573 11[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 21:30:21 charon 49573 11[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 21:30:21 charon 49573 11[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 21:30:21 charon 49573 11[CFG] selecting traffic selectors for us: Jun 8 21:30:21 charon 49573 11[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 21:30:21 charon 49573 11[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 21:30:21 charon 49573 11[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 21:30:21 charon 49573 11[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 21:30:21 charon 49573 11[CFG] selecting traffic selectors for other: Jun 8 21:30:21 charon 49573 11[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 21:30:21 charon 49573 11[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 21:30:21 charon 49573 11[CHD] CHILD_SA con2{1955} state change: CREATED => INSTALLING Jun 8 21:30:21 charon 49573 11[CHD] using AES_GCM_16 for encryption Jun 8 21:30:21 charon 49573 11[CHD] adding inbound ESP SA Jun 8 21:30:21 charon 49573 11[CHD] SPI 0xc3ae2c09, src x.x.x.162 dst 192.168.177.22 Jun 8 21:30:21 charon 49573 11[CHD] registering outbound ESP SA Jun 8 21:30:21 charon 49573 11[CHD] SPI 0xc26a1762, src 192.168.177.22 dst x.x.x.162 Jun 8 21:30:21 charon 49573 11[IKE] inbound CHILD_SA con2{1955} established with SPIs c3ae2c09_i c26a1762_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 21:30:21 charon 49573 11[CHD] CHILD_SA con2{1955} state change: INSTALLING => INSTALLED Jun 8 21:30:21 charon 49573 11[CHD] adding outbound ESP SA Jun 8 21:30:21 charon 49573 11[CHD] SPI 0xc26a1762, src 192.168.177.22 dst x.x.x.162 Jun 8 21:30:21 charon 49573 11[IKE] outbound CHILD_SA con2{1955} established with SPIs c3ae2c09_i c26a1762_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 21:30:21 charon 49573 11[CHD] CHILD_SA con2{1954} state change: REKEYING => REKEYED Jun 8 21:30:21 charon 49573 11[IKE] reinitiating already active tasks Jun 8 21:30:21 charon 49573 11[IKE] CHILD_REKEY task Jun 8 21:30:21 charon 49573 11[IKE] closing CHILD_SA con2{1954} with SPIs c45bd7e7_i (841313 bytes) c195bc3e_o (2105920 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 21:30:21 charon 49573 11[IKE] sending DELETE for ESP CHILD_SA with SPI c45bd7e7 Jun 8 21:30:21 charon 49573 11[CHD] CHILD_SA con2{1954} state change: REKEYED => DELETING Jun 8 21:30:21 charon 49573 11[ENC] generating INFORMATIONAL request 7 [ D ] Jun 8 21:30:21 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 21:30:21 charon 49573 11[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 21:30:21 charon 49573 11[ENC] parsed INFORMATIONAL response 7 [ D ] Jun 8 21:30:21 charon 49573 11[IKE] received DELETE for ESP CHILD_SA with SPI c195bc3e Jun 8 21:30:21 charon 49573 11[IKE] CHILD_SA closed Jun 8 21:30:21 charon 49573 11[CHD] CHILD_SA con2{1954} state change: DELETING => DELETED Jun 8 21:30:21 charon 49573 11[IKE] activating new tasks Jun 8 21:30:21 charon 49573 11[IKE] nothing to initiate Jun 8 21:30:26 charon 49573 07[IKE] queueing CHILD_DELETE task Jun 8 21:30:26 charon 49573 07[IKE] activating new tasks Jun 8 21:30:26 charon 49573 07[IKE] activating CHILD_DELETE task Jun 8 21:30:26 charon 49573 07[CHD] CHILD_SA con2{1954} state change: DELETED => DESTROYING Jun 8 21:30:26 charon 49573 07[IKE] activating new tasks Jun 8 21:30:26 charon 49573 07[IKE] nothing to initiate Jun 8 22:18:55 charon 49573 11[KXX] creating rekey job for CHILD_SA ESP/0xc26a1762/x.x.x.162 Jun 8 22:18:55 charon 49573 11[IKE] queueing CHILD_REKEY task Jun 8 22:18:55 charon 49573 11[IKE] activating new tasks Jun 8 22:18:55 charon 49573 11[IKE] activating CHILD_REKEY task Jun 8 22:18:55 charon 49573 11[CFG] proposing traffic selectors for us: Jun 8 22:18:55 charon 49573 11[CFG] 192.168.0.0/22|/0 Jun 8 22:18:55 charon 49573 11[CFG] 10.8.0.0/24|/0 Jun 8 22:18:55 charon 49573 11[CFG] proposing traffic selectors for other: Jun 8 22:18:55 charon 49573 11[CFG] 172.16.100.0/24|/0 Jun 8 22:18:55 charon 49573 11[CFG] 172.16.100.0/24|/0 Jun 8 22:18:55 charon 49573 11[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 22:18:55 charon 49573 11[IKE] establishing CHILD_SA con2{1956} reqid 1 Jun 8 22:18:55 charon 49573 11[CHD] CHILD_SA con2{1955} state change: INSTALLED => REKEYING Jun 8 22:18:55 charon 49573 11[ENC] generating CREATE_CHILD_SA request 8 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 22:18:55 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 22:18:55 charon 49573 11[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 22:18:55 charon 49573 11[ENC] parsed CREATE_CHILD_SA response 8 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 22:18:55 charon 49573 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 22:18:55 charon 49573 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 22:18:55 charon 49573 11[CFG] selecting proposal: Jun 8 22:18:55 charon 49573 11[CFG] proposal matches Jun 8 22:18:55 charon 49573 11[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 22:18:55 charon 49573 11[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 22:18:55 charon 49573 11[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 22:18:55 charon 49573 11[CFG] selecting traffic selectors for us: Jun 8 22:18:55 charon 49573 11[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 22:18:55 charon 49573 11[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 22:18:55 charon 49573 11[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 22:18:55 charon 49573 11[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 22:18:55 charon 49573 11[CFG] selecting traffic selectors for other: Jun 8 22:18:55 charon 49573 11[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 22:18:55 charon 49573 11[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 22:18:55 charon 49573 11[CHD] CHILD_SA con2{1956} state change: CREATED => INSTALLING Jun 8 22:18:55 charon 49573 11[CHD] using AES_GCM_16 for encryption Jun 8 22:18:55 charon 49573 11[CHD] adding inbound ESP SA Jun 8 22:18:55 charon 49573 11[CHD] SPI 0xc1cb2ec1, src x.x.x.162 dst 192.168.177.22 Jun 8 22:18:55 charon 49573 11[CHD] registering outbound ESP SA Jun 8 22:18:55 charon 49573 11[CHD] SPI 0xc6e77359, src 192.168.177.22 dst x.x.x.162 Jun 8 22:18:55 charon 49573 11[IKE] inbound CHILD_SA con2{1956} established with SPIs c1cb2ec1_i c6e77359_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 22:18:55 charon 49573 11[CHD] CHILD_SA con2{1956} state change: INSTALLING => INSTALLED Jun 8 22:18:55 charon 49573 11[CHD] adding outbound ESP SA Jun 8 22:18:55 charon 49573 11[CHD] SPI 0xc6e77359, src 192.168.177.22 dst x.x.x.162 Jun 8 22:18:55 charon 49573 11[IKE] outbound CHILD_SA con2{1956} established with SPIs c1cb2ec1_i c6e77359_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 22:18:55 charon 49573 11[CHD] CHILD_SA con2{1955} state change: REKEYING => REKEYED Jun 8 22:18:55 charon 49573 11[IKE] reinitiating already active tasks Jun 8 22:18:55 charon 49573 11[IKE] CHILD_REKEY task Jun 8 22:18:55 charon 49573 11[IKE] closing CHILD_SA con2{1955} with SPIs c3ae2c09_i (834955 bytes) c26a1762_o (2087436 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 22:18:55 charon 49573 11[IKE] sending DELETE for ESP CHILD_SA with SPI c3ae2c09 Jun 8 22:18:55 charon 49573 11[CHD] CHILD_SA con2{1955} state change: REKEYED => DELETING Jun 8 22:18:55 charon 49573 11[ENC] generating INFORMATIONAL request 9 [ D ] Jun 8 22:18:55 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 22:18:55 charon 49573 11[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 22:18:55 charon 49573 11[ENC] parsed INFORMATIONAL response 9 [ D ] Jun 8 22:18:55 charon 49573 11[IKE] received DELETE for ESP CHILD_SA with SPI c26a1762 Jun 8 22:18:55 charon 49573 11[IKE] CHILD_SA closed Jun 8 22:18:55 charon 49573 11[CHD] CHILD_SA con2{1955} state change: DELETING => DELETED Jun 8 22:18:55 charon 49573 11[IKE] activating new tasks Jun 8 22:18:55 charon 49573 11[IKE] nothing to initiate Jun 8 22:19:00 charon 49573 11[IKE] queueing CHILD_DELETE task Jun 8 22:19:00 charon 49573 11[IKE] activating new tasks Jun 8 22:19:00 charon 49573 11[IKE] activating CHILD_DELETE task Jun 8 22:19:00 charon 49573 11[CHD] CHILD_SA con2{1955} state change: DELETED => DESTROYING Jun 8 22:19:00 charon 49573 11[IKE] activating new tasks Jun 8 22:19:00 charon 49573 11[IKE] nothing to initiate Jun 8 23:06:58 charon 49573 08[KXX] creating rekey job for CHILD_SA ESP/0xc1cb2ec1/192.168.177.22 Jun 8 23:06:58 charon 49573 01[IKE] queueing CHILD_REKEY task Jun 8 23:06:58 charon 49573 01[IKE] activating new tasks Jun 8 23:06:58 charon 49573 01[IKE] activating CHILD_REKEY task Jun 8 23:06:58 charon 49573 01[CFG] proposing traffic selectors for us: Jun 8 23:06:58 charon 49573 01[CFG] 192.168.0.0/22|/0 Jun 8 23:06:58 charon 49573 01[CFG] 10.8.0.0/24|/0 Jun 8 23:06:58 charon 49573 01[CFG] proposing traffic selectors for other: Jun 8 23:06:58 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 23:06:58 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 8 23:06:58 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 23:06:58 charon 49573 01[IKE] establishing CHILD_SA con2{1957} reqid 1 Jun 8 23:06:58 charon 49573 01[CHD] CHILD_SA con2{1956} state change: INSTALLED => REKEYING Jun 8 23:06:58 charon 49573 01[ENC] generating CREATE_CHILD_SA request 10 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 23:06:58 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 23:06:58 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 23:06:58 charon 49573 01[ENC] parsed CREATE_CHILD_SA response 10 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 23:06:58 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 23:06:58 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 23:06:58 charon 49573 01[CFG] selecting proposal: Jun 8 23:06:58 charon 49573 01[CFG] proposal matches Jun 8 23:06:58 charon 49573 01[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 23:06:58 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 23:06:58 charon 49573 01[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 23:06:58 charon 49573 01[CFG] selecting traffic selectors for us: Jun 8 23:06:58 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 23:06:58 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 23:06:58 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 23:06:58 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 23:06:58 charon 49573 01[CFG] selecting traffic selectors for other: Jun 8 23:06:58 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 23:06:58 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 23:06:58 charon 49573 01[CHD] CHILD_SA con2{1957} state change: CREATED => INSTALLING Jun 8 23:06:58 charon 49573 01[CHD] using AES_GCM_16 for encryption Jun 8 23:06:58 charon 49573 01[CHD] adding inbound ESP SA Jun 8 23:06:58 charon 49573 01[CHD] SPI 0xcc39ca98, src x.x.x.162 dst 192.168.177.22 Jun 8 23:06:58 charon 49573 01[CHD] registering outbound ESP SA Jun 8 23:06:58 charon 49573 01[CHD] SPI 0xcf4a52f0, src 192.168.177.22 dst x.x.x.162 Jun 8 23:06:58 charon 49573 01[IKE] inbound CHILD_SA con2{1957} established with SPIs cc39ca98_i cf4a52f0_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 23:06:58 charon 49573 01[CHD] CHILD_SA con2{1957} state change: INSTALLING => INSTALLED Jun 8 23:06:58 charon 49573 01[CHD] adding outbound ESP SA Jun 8 23:06:58 charon 49573 01[CHD] SPI 0xcf4a52f0, src 192.168.177.22 dst x.x.x.162 Jun 8 23:06:58 charon 49573 01[IKE] outbound CHILD_SA con2{1957} established with SPIs cc39ca98_i cf4a52f0_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 23:06:58 charon 49573 01[CHD] CHILD_SA con2{1956} state change: REKEYING => REKEYED Jun 8 23:06:58 charon 49573 01[IKE] reinitiating already active tasks Jun 8 23:06:58 charon 49573 01[IKE] CHILD_REKEY task Jun 8 23:06:58 charon 49573 01[IKE] closing CHILD_SA con2{1956} with SPIs c1cb2ec1_i (826245 bytes) c6e77359_o (2063808 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 23:06:58 charon 49573 01[IKE] sending DELETE for ESP CHILD_SA with SPI c1cb2ec1 Jun 8 23:06:58 charon 49573 01[CHD] CHILD_SA con2{1956} state change: REKEYED => DELETING Jun 8 23:06:58 charon 49573 01[ENC] generating INFORMATIONAL request 11 [ D ] Jun 8 23:06:58 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 23:06:58 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 23:06:58 charon 49573 01[ENC] parsed INFORMATIONAL response 11 [ D ] Jun 8 23:06:58 charon 49573 01[IKE] received DELETE for ESP CHILD_SA with SPI c6e77359 Jun 8 23:06:58 charon 49573 01[IKE] CHILD_SA closed Jun 8 23:06:58 charon 49573 01[CHD] CHILD_SA con2{1956} state change: DELETING => DELETED Jun 8 23:06:58 charon 49573 01[IKE] activating new tasks Jun 8 23:06:58 charon 49573 01[IKE] nothing to initiate Jun 8 23:07:03 charon 49573 01[IKE] queueing CHILD_DELETE task Jun 8 23:07:03 charon 49573 01[IKE] activating new tasks Jun 8 23:07:03 charon 49573 01[IKE] activating CHILD_DELETE task Jun 8 23:07:03 charon 49573 01[CHD] CHILD_SA con2{1956} state change: DELETED => DESTROYING Jun 8 23:07:03 charon 49573 01[IKE] activating new tasks Jun 8 23:07:03 charon 49573 01[IKE] nothing to initiate Jun 8 23:55:17 charon 49573 15[KXX] creating rekey job for CHILD_SA ESP/0xcf4a52f0/x.x.x.162 Jun 8 23:55:17 charon 49573 15[IKE] queueing CHILD_REKEY task Jun 8 23:55:17 charon 49573 15[IKE] activating new tasks Jun 8 23:55:17 charon 49573 15[IKE] activating CHILD_REKEY task Jun 8 23:55:17 charon 49573 15[CFG] proposing traffic selectors for us: Jun 8 23:55:17 charon 49573 15[CFG] 192.168.0.0/22|/0 Jun 8 23:55:17 charon 49573 15[CFG] 10.8.0.0/24|/0 Jun 8 23:55:17 charon 49573 15[CFG] proposing traffic selectors for other: Jun 8 23:55:17 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 23:55:17 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 8 23:55:17 charon 49573 15[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 23:55:17 charon 49573 15[IKE] establishing CHILD_SA con2{1958} reqid 1 Jun 8 23:55:17 charon 49573 15[CHD] CHILD_SA con2{1957} state change: INSTALLED => REKEYING Jun 8 23:55:17 charon 49573 15[ENC] generating CREATE_CHILD_SA request 12 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 23:55:17 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 8 23:55:17 charon 49573 15[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 8 23:55:17 charon 49573 15[ENC] parsed CREATE_CHILD_SA response 12 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 8 23:55:17 charon 49573 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 8 23:55:17 charon 49573 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 8 23:55:17 charon 49573 15[CFG] selecting proposal: Jun 8 23:55:17 charon 49573 15[CFG] proposal matches Jun 8 23:55:17 charon 49573 15[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 23:55:17 charon 49573 15[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 23:55:17 charon 49573 15[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 8 23:55:17 charon 49573 15[CFG] selecting traffic selectors for us: Jun 8 23:55:17 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 8 23:55:17 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 8 23:55:17 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 8 23:55:17 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 8 23:55:17 charon 49573 15[CFG] selecting traffic selectors for other: Jun 8 23:55:17 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 23:55:17 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 8 23:55:17 charon 49573 15[CHD] CHILD_SA con2{1958} state change: CREATED => INSTALLING Jun 8 23:55:17 charon 49573 15[CHD] using AES_GCM_16 for encryption Jun 8 23:55:17 charon 49573 15[CHD] adding inbound ESP SA Jun 8 23:55:17 charon 49573 15[CHD] SPI 0xc82d3ac8, src x.x.x.162 dst 192.168.177.22 Jun 8 23:55:17 charon 49573 15[CHD] registering outbound ESP SA Jun 8 23:55:17 charon 49573 15[CHD] SPI 0xcf4df197, src 192.168.177.22 dst x.x.x.162 Jun 8 23:55:17 charon 49573 15[IKE] inbound CHILD_SA con2{1958} established with SPIs c82d3ac8_i cf4df197_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 23:55:17 charon 49573 15[CHD] CHILD_SA con2{1958} state change: INSTALLING => INSTALLED Jun 8 23:55:17 charon 49573 15[CHD] adding outbound ESP SA Jun 8 23:55:17 charon 49573 15[CHD] SPI 0xcf4df197, src 192.168.177.22 dst x.x.x.162 Jun 8 23:55:17 charon 49573 15[IKE] outbound CHILD_SA con2{1958} established with SPIs c82d3ac8_i cf4df197_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 23:55:17 charon 49573 15[CHD] CHILD_SA con2{1957} state change: REKEYING => REKEYED Jun 8 23:55:17 charon 49573 15[IKE] reinitiating already active tasks Jun 8 23:55:17 charon 49573 15[IKE] CHILD_REKEY task Jun 8 23:55:17 charon 49573 15[IKE] closing CHILD_SA con2{1957} with SPIs cc39ca98_i (828854 bytes) cf4a52f0_o (2075044 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 8 23:55:17 charon 49573 15[IKE] sending DELETE for ESP CHILD_SA with SPI cc39ca98 Jun 8 23:55:17 charon 49573 15[CHD] CHILD_SA con2{1957} state change: REKEYED => DELETING Jun 8 23:55:17 charon 49573 15[ENC] generating INFORMATIONAL request 13 [ D ] Jun 8 23:55:17 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 8 23:55:17 charon 49573 15[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 8 23:55:17 charon 49573 15[ENC] parsed INFORMATIONAL response 13 [ D ] Jun 8 23:55:17 charon 49573 15[IKE] received DELETE for ESP CHILD_SA with SPI cf4a52f0 Jun 8 23:55:17 charon 49573 15[IKE] CHILD_SA closed Jun 8 23:55:17 charon 49573 15[CHD] CHILD_SA con2{1957} state change: DELETING => DELETED Jun 8 23:55:17 charon 49573 15[IKE] activating new tasks Jun 8 23:55:17 charon 49573 15[IKE] nothing to initiate Jun 8 23:55:22 charon 49573 15[IKE] queueing CHILD_DELETE task Jun 8 23:55:22 charon 49573 15[IKE] activating new tasks Jun 8 23:55:22 charon 49573 15[IKE] activating CHILD_DELETE task Jun 8 23:55:22 charon 49573 15[CHD] CHILD_SA con2{1957} state change: DELETED => DESTROYING Jun 8 23:55:22 charon 49573 15[IKE] activating new tasks Jun 8 23:55:22 charon 49573 15[IKE] nothing to initiate Jun 9 00:43:52 charon 49573 06[KXX] creating rekey job for CHILD_SA ESP/0xc82d3ac8/192.168.177.22 Jun 9 00:43:52 charon 49573 06[IKE] queueing CHILD_REKEY task Jun 9 00:43:52 charon 49573 06[IKE] activating new tasks Jun 9 00:43:52 charon 49573 06[IKE] activating CHILD_REKEY task Jun 9 00:43:52 charon 49573 06[CFG] proposing traffic selectors for us: Jun 9 00:43:52 charon 49573 06[CFG] 192.168.0.0/22|/0 Jun 9 00:43:52 charon 49573 06[CFG] 10.8.0.0/24|/0 Jun 9 00:43:52 charon 49573 06[CFG] proposing traffic selectors for other: Jun 9 00:43:52 charon 49573 06[CFG] 172.16.100.0/24|/0 Jun 9 00:43:52 charon 49573 06[CFG] 172.16.100.0/24|/0 Jun 9 00:43:52 charon 49573 06[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 00:43:52 charon 49573 06[IKE] establishing CHILD_SA con2{1959} reqid 1 Jun 9 00:43:52 charon 49573 06[CHD] CHILD_SA con2{1958} state change: INSTALLED => REKEYING Jun 9 00:43:52 charon 49573 06[ENC] generating CREATE_CHILD_SA request 14 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 00:43:52 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 00:43:52 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 00:43:52 charon 49573 06[ENC] parsed CREATE_CHILD_SA response 14 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 00:43:52 charon 49573 06[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 9 00:43:52 charon 49573 06[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 00:43:52 charon 49573 06[CFG] selecting proposal: Jun 9 00:43:52 charon 49573 06[CFG] proposal matches Jun 9 00:43:52 charon 49573 06[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 00:43:52 charon 49573 06[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 00:43:52 charon 49573 06[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 00:43:52 charon 49573 06[CFG] selecting traffic selectors for us: Jun 9 00:43:52 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 00:43:52 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 00:43:52 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 00:43:52 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 00:43:52 charon 49573 06[CFG] selecting traffic selectors for other: Jun 9 00:43:52 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 00:43:52 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 00:43:52 charon 49573 06[CHD] CHILD_SA con2{1959} state change: CREATED => INSTALLING Jun 9 00:43:52 charon 49573 06[CHD] using AES_GCM_16 for encryption Jun 9 00:43:52 charon 49573 06[CHD] adding inbound ESP SA Jun 9 00:43:52 charon 49573 06[CHD] SPI 0xc3ed3e41, src x.x.x.162 dst 192.168.177.22 Jun 9 00:43:52 charon 49573 06[CHD] registering outbound ESP SA Jun 9 00:43:52 charon 49573 06[CHD] SPI 0xcd304bc8, src 192.168.177.22 dst x.x.x.162 Jun 9 00:43:52 charon 49573 06[IKE] inbound CHILD_SA con2{1959} established with SPIs c3ed3e41_i cd304bc8_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 00:43:52 charon 49573 06[CHD] CHILD_SA con2{1959} state change: INSTALLING => INSTALLED Jun 9 00:43:52 charon 49573 06[CHD] adding outbound ESP SA Jun 9 00:43:52 charon 49573 06[CHD] SPI 0xcd304bc8, src 192.168.177.22 dst x.x.x.162 Jun 9 00:43:52 charon 49573 06[IKE] outbound CHILD_SA con2{1959} established with SPIs c3ed3e41_i cd304bc8_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 00:43:52 charon 49573 06[CHD] CHILD_SA con2{1958} state change: REKEYING => REKEYED Jun 9 00:43:52 charon 49573 06[IKE] reinitiating already active tasks Jun 9 00:43:52 charon 49573 06[IKE] CHILD_REKEY task Jun 9 00:43:52 charon 49573 06[IKE] closing CHILD_SA con2{1958} with SPIs c82d3ac8_i (833836 bytes) cf4df197_o (2087964 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 00:43:52 charon 49573 06[IKE] sending DELETE for ESP CHILD_SA with SPI c82d3ac8 Jun 9 00:43:52 charon 49573 06[CHD] CHILD_SA con2{1958} state change: REKEYED => DELETING Jun 9 00:43:52 charon 49573 06[ENC] generating INFORMATIONAL request 15 [ D ] Jun 9 00:43:52 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 00:43:52 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 00:43:52 charon 49573 06[ENC] parsed INFORMATIONAL response 15 [ D ] Jun 9 00:43:52 charon 49573 06[IKE] received DELETE for ESP CHILD_SA with SPI cf4df197 Jun 9 00:43:52 charon 49573 06[IKE] CHILD_SA closed Jun 9 00:43:52 charon 49573 06[CHD] CHILD_SA con2{1958} state change: DELETING => DELETED Jun 9 00:43:52 charon 49573 06[IKE] activating new tasks Jun 9 00:43:52 charon 49573 06[IKE] nothing to initiate Jun 9 00:43:57 charon 49573 06[IKE] queueing CHILD_DELETE task Jun 9 00:43:57 charon 49573 06[IKE] activating new tasks Jun 9 00:43:57 charon 49573 06[IKE] activating CHILD_DELETE task Jun 9 00:43:57 charon 49573 06[CHD] CHILD_SA con2{1958} state change: DELETED => DESTROYING Jun 9 00:43:57 charon 49573 06[IKE] activating new tasks Jun 9 00:43:57 charon 49573 06[IKE] nothing to initiate Jun 9 00:55:39 charon 49573 08[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (304 bytes) Jun 9 00:55:39 charon 49573 08[ENC] parsed CREATE_CHILD_SA request 2 [ SA No KE ] Jun 9 00:55:39 charon 49573 08[IKE] x.x.x.162 is initiating an IKE_SA Jun 9 00:55:39 charon 49573 08[IKE] IKE_SA con2[661] state change: CREATED => CONNECTING Jun 9 00:55:39 charon 49573 08[CFG] selecting proposal: Jun 9 00:55:39 charon 49573 08[CFG] proposal matches Jun 9 00:55:39 charon 49573 08[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 9 00:55:39 charon 49573 08[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 9 00:55:39 charon 49573 08[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 9 00:55:39 charon 49573 08[IKE] IKE_SA con2[661] state change: CONNECTING => ESTABLISHED Jun 9 00:55:39 charon 49573 08[IKE] scheduling rekeying in 24565s Jun 9 00:55:39 charon 49573 08[IKE] maximum IKE_SA lifetime 27445s Jun 9 00:55:39 charon 49573 08[IKE] IKE_SA con2[661] rekeyed between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 9 00:55:39 charon 49573 08[IKE] IKE_SA con2[660] state change: ESTABLISHED => REKEYED Jun 9 00:55:39 charon 49573 08[ENC] generating CREATE_CHILD_SA response 2 [ SA No KE ] Jun 9 00:55:39 charon 49573 08[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (304 bytes) Jun 9 00:55:39 charon 49573 08[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 00:55:39 charon 49573 08[ENC] parsed INFORMATIONAL request 3 [ D ] Jun 9 00:55:39 charon 49573 08[IKE] received DELETE for IKE_SA con2[660] Jun 9 00:55:39 charon 49573 08[IKE] deleting IKE_SA con2[660] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 9 00:55:39 charon 49573 08[IKE] IKE_SA con2[660] state change: REKEYED => DELETING Jun 9 00:55:39 charon 49573 08[IKE] IKE_SA deleted Jun 9 00:55:39 charon 49573 08[ENC] generating INFORMATIONAL response 3 [ ] Jun 9 00:55:39 charon 49573 08[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 00:55:39 charon 49573 08[IKE] IKE_SA con2[660] state change: DELETING => DESTROYING Jun 9 01:33:02 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 01:33:02 charon 49573 06[ENC] parsed CREATE_CHILD_SA request 0 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 01:33:02 charon 49573 06[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 01:33:02 charon 49573 06[CFG] selecting proposal: Jun 9 01:33:02 charon 49573 06[CFG] proposal matches Jun 9 01:33:02 charon 49573 06[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 01:33:02 charon 49573 06[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 01:33:02 charon 49573 06[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 01:33:02 charon 49573 06[CFG] selecting traffic selectors for us: Jun 9 01:33:02 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 01:33:02 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 01:33:02 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 01:33:02 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 01:33:02 charon 49573 06[CFG] selecting traffic selectors for other: Jun 9 01:33:02 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 01:33:02 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 01:33:02 charon 49573 06[CHD] CHILD_SA con2{1960} state change: CREATED => INSTALLING Jun 9 01:33:02 charon 49573 06[CHD] using AES_GCM_16 for encryption Jun 9 01:33:02 charon 49573 06[CHD] adding inbound ESP SA Jun 9 01:33:02 charon 49573 06[CHD] SPI 0xc251b9cc, src x.x.x.162 dst 192.168.177.22 Jun 9 01:33:02 charon 49573 06[CHD] registering outbound ESP SA Jun 9 01:33:02 charon 49573 06[CHD] SPI 0xccf984ea, src 192.168.177.22 dst x.x.x.162 Jun 9 01:33:02 charon 49573 06[IKE] inbound CHILD_SA con2{1960} established with SPIs c251b9cc_i ccf984ea_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 01:33:02 charon 49573 06[CHD] CHILD_SA con2{1960} state change: INSTALLING => INSTALLED Jun 9 01:33:02 charon 49573 06[CHD] CHILD_SA con2{1959} state change: INSTALLED => REKEYING Jun 9 01:33:02 charon 49573 06[CHD] CHILD_SA con2{1959} state change: REKEYING => REKEYED Jun 9 01:33:02 charon 49573 06[ENC] generating CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 01:33:02 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 01:33:02 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 01:33:02 charon 49573 06[ENC] parsed INFORMATIONAL request 1 [ D ] Jun 9 01:33:02 charon 49573 06[IKE] received DELETE for ESP CHILD_SA with SPI cd304bc8 Jun 9 01:33:02 charon 49573 06[IKE] closing CHILD_SA con2{1959} with SPIs c3ed3e41_i (843064 bytes) cd304bc8_o (2111016 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 01:33:02 charon 49573 06[IKE] sending DELETE for ESP CHILD_SA with SPI c3ed3e41 Jun 9 01:33:02 charon 49573 06[CHD] CHILD_SA con2{1959} state change: REKEYED => DELETING Jun 9 01:33:02 charon 49573 06[IKE] CHILD_SA closed Jun 9 01:33:02 charon 49573 06[CHD] CHILD_SA con2{1959} state change: DELETING => DELETED Jun 9 01:33:02 charon 49573 06[CHD] adding outbound ESP SA Jun 9 01:33:02 charon 49573 06[CHD] SPI 0xccf984ea, src 192.168.177.22 dst x.x.x.162 Jun 9 01:33:02 charon 49573 06[IKE] outbound CHILD_SA con2{1960} established with SPIs c251b9cc_i ccf984ea_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 01:33:02 charon 49573 06[ENC] generating INFORMATIONAL response 1 [ D ] Jun 9 01:33:02 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 01:33:07 charon 49573 06[IKE] queueing CHILD_DELETE task Jun 9 01:33:07 charon 49573 06[IKE] activating new tasks Jun 9 01:33:07 charon 49573 06[IKE] activating CHILD_DELETE task Jun 9 01:33:07 charon 49573 06[CHD] CHILD_SA con2{1959} state change: DELETED => DESTROYING Jun 9 01:33:07 charon 49573 06[IKE] activating new tasks Jun 9 01:33:07 charon 49573 06[IKE] nothing to initiate Jun 9 02:21:17 charon 49573 09[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 02:21:17 charon 49573 09[ENC] parsed CREATE_CHILD_SA request 2 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 02:21:17 charon 49573 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 02:21:17 charon 49573 09[CFG] selecting proposal: Jun 9 02:21:17 charon 49573 09[CFG] proposal matches Jun 9 02:21:17 charon 49573 09[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 02:21:17 charon 49573 09[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 02:21:17 charon 49573 09[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 02:21:17 charon 49573 09[CFG] selecting traffic selectors for us: Jun 9 02:21:17 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 02:21:17 charon 49573 09[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 02:21:17 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 02:21:17 charon 49573 09[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 02:21:17 charon 49573 09[CFG] selecting traffic selectors for other: Jun 9 02:21:17 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 02:21:17 charon 49573 09[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 02:21:17 charon 49573 09[CHD] CHILD_SA con2{1961} state change: CREATED => INSTALLING Jun 9 02:21:17 charon 49573 09[CHD] using AES_GCM_16 for encryption Jun 9 02:21:17 charon 49573 09[CHD] adding inbound ESP SA Jun 9 02:21:17 charon 49573 09[CHD] SPI 0xc370c44e, src x.x.x.162 dst 192.168.177.22 Jun 9 02:21:17 charon 49573 09[CHD] registering outbound ESP SA Jun 9 02:21:17 charon 49573 09[CHD] SPI 0xc498cb13, src 192.168.177.22 dst x.x.x.162 Jun 9 02:21:17 charon 49573 09[IKE] inbound CHILD_SA con2{1961} established with SPIs c370c44e_i c498cb13_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 02:21:17 charon 49573 09[CHD] CHILD_SA con2{1961} state change: INSTALLING => INSTALLED Jun 9 02:21:17 charon 49573 09[CHD] CHILD_SA con2{1960} state change: INSTALLED => REKEYING Jun 9 02:21:17 charon 49573 09[CHD] CHILD_SA con2{1960} state change: REKEYING => REKEYED Jun 9 02:21:17 charon 49573 09[ENC] generating CREATE_CHILD_SA response 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 02:21:17 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 02:21:17 charon 49573 09[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 02:21:17 charon 49573 09[ENC] parsed INFORMATIONAL request 3 [ D ] Jun 9 02:21:17 charon 49573 09[IKE] received DELETE for ESP CHILD_SA with SPI ccf984ea Jun 9 02:21:17 charon 49573 09[IKE] closing CHILD_SA con2{1960} with SPIs c251b9cc_i (828543 bytes) ccf984ea_o (2071972 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 02:21:17 charon 49573 09[IKE] sending DELETE for ESP CHILD_SA with SPI c251b9cc Jun 9 02:21:17 charon 49573 09[CHD] CHILD_SA con2{1960} state change: REKEYED => DELETING Jun 9 02:21:17 charon 49573 09[IKE] CHILD_SA closed Jun 9 02:21:17 charon 49573 09[CHD] CHILD_SA con2{1960} state change: DELETING => DELETED Jun 9 02:21:17 charon 49573 09[CHD] adding outbound ESP SA Jun 9 02:21:17 charon 49573 09[CHD] SPI 0xc498cb13, src 192.168.177.22 dst x.x.x.162 Jun 9 02:21:17 charon 49573 09[IKE] outbound CHILD_SA con2{1961} established with SPIs c370c44e_i c498cb13_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 02:21:17 charon 49573 09[ENC] generating INFORMATIONAL response 3 [ D ] Jun 9 02:21:17 charon 49573 09[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 02:21:23 charon 49573 09[IKE] queueing CHILD_DELETE task Jun 9 02:21:23 charon 49573 09[IKE] activating new tasks Jun 9 02:21:23 charon 49573 09[IKE] activating CHILD_DELETE task Jun 9 02:21:23 charon 49573 09[CHD] CHILD_SA con2{1960} state change: DELETED => DESTROYING Jun 9 02:21:23 charon 49573 09[IKE] activating new tasks Jun 9 02:21:23 charon 49573 09[IKE] nothing to initiate Jun 9 02:31:04 charon 49573 12[NET] <662> received packet: from 64.62.197.157[50664] to 192.168.177.22[500] (192 bytes) Jun 9 02:31:04 charon 49573 12[ENC] <662> parsed ID_PROT request 0 [ SA ] Jun 9 02:31:04 charon 49573 12[CFG] <662> looking for an IKEv1 config for 192.168.177.22...64.62.197.157 Jun 9 02:31:04 charon 49573 12[IKE] <662> no IKE config found for 192.168.177.22...64.62.197.157, sending NO_PROPOSAL_CHOSEN Jun 9 02:31:04 charon 49573 12[ENC] <662> generating INFORMATIONAL_V1 request 1484367143 [ N(NO_PROP) ] Jun 9 02:31:04 charon 49573 12[NET] <662> sending packet: from 192.168.177.22[500] to 64.62.197.157[50664] (40 bytes) Jun 9 02:31:04 charon 49573 12[IKE] <662> IKE_SA (unnamed)[662] state change: CREATED => DESTROYING Jun 9 03:12:49 charon 49573 07[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 03:12:49 charon 49573 07[ENC] parsed CREATE_CHILD_SA request 4 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 03:12:49 charon 49573 07[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 03:12:49 charon 49573 07[CFG] selecting proposal: Jun 9 03:12:49 charon 49573 07[CFG] proposal matches Jun 9 03:12:49 charon 49573 07[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 03:12:49 charon 49573 07[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 03:12:49 charon 49573 07[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 03:12:49 charon 49573 07[CFG] selecting traffic selectors for us: Jun 9 03:12:49 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 03:12:49 charon 49573 07[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 03:12:49 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 03:12:49 charon 49573 07[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 03:12:49 charon 49573 07[CFG] selecting traffic selectors for other: Jun 9 03:12:49 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 03:12:49 charon 49573 07[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 03:12:49 charon 49573 07[CHD] CHILD_SA con2{1962} state change: CREATED => INSTALLING Jun 9 03:12:49 charon 49573 07[CHD] using AES_GCM_16 for encryption Jun 9 03:12:49 charon 49573 07[CHD] adding inbound ESP SA Jun 9 03:12:49 charon 49573 07[CHD] SPI 0xc41a06f9, src x.x.x.162 dst 192.168.177.22 Jun 9 03:12:49 charon 49573 07[CHD] registering outbound ESP SA Jun 9 03:12:49 charon 49573 07[CHD] SPI 0xc64dadae, src 192.168.177.22 dst x.x.x.162 Jun 9 03:12:49 charon 49573 07[IKE] inbound CHILD_SA con2{1962} established with SPIs c41a06f9_i c64dadae_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 03:12:49 charon 49573 07[CHD] CHILD_SA con2{1962} state change: INSTALLING => INSTALLED Jun 9 03:12:49 charon 49573 07[CHD] CHILD_SA con2{1961} state change: INSTALLED => REKEYING Jun 9 03:12:49 charon 49573 07[CHD] CHILD_SA con2{1961} state change: REKEYING => REKEYED Jun 9 03:12:49 charon 49573 07[ENC] generating CREATE_CHILD_SA response 4 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 03:12:49 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 03:12:49 charon 49573 07[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 03:12:49 charon 49573 07[ENC] parsed INFORMATIONAL request 5 [ D ] Jun 9 03:12:49 charon 49573 07[IKE] received DELETE for ESP CHILD_SA with SPI c498cb13 Jun 9 03:12:49 charon 49573 07[IKE] closing CHILD_SA con2{1961} with SPIs c370c44e_i (886191 bytes) c498cb13_o (2214744 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 03:12:49 charon 49573 07[IKE] sending DELETE for ESP CHILD_SA with SPI c370c44e Jun 9 03:12:49 charon 49573 07[CHD] CHILD_SA con2{1961} state change: REKEYED => DELETING Jun 9 03:12:49 charon 49573 07[IKE] CHILD_SA closed Jun 9 03:12:49 charon 49573 07[CHD] CHILD_SA con2{1961} state change: DELETING => DELETED Jun 9 03:12:49 charon 49573 07[CHD] adding outbound ESP SA Jun 9 03:12:49 charon 49573 07[CHD] SPI 0xc64dadae, src 192.168.177.22 dst x.x.x.162 Jun 9 03:12:49 charon 49573 07[IKE] outbound CHILD_SA con2{1962} established with SPIs c41a06f9_i c64dadae_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 03:12:49 charon 49573 07[ENC] generating INFORMATIONAL response 5 [ D ] Jun 9 03:12:49 charon 49573 07[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 03:12:54 charon 49573 08[IKE] queueing CHILD_DELETE task Jun 9 03:12:54 charon 49573 08[IKE] activating new tasks Jun 9 03:12:54 charon 49573 08[IKE] activating CHILD_DELETE task Jun 9 03:12:54 charon 49573 08[CHD] CHILD_SA con2{1961} state change: DELETED => DESTROYING Jun 9 03:12:54 charon 49573 08[IKE] activating new tasks Jun 9 03:12:54 charon 49573 08[IKE] nothing to initiate Jun 9 04:02:42 charon 49573 07[KXX] creating rekey job for CHILD_SA ESP/0xc64dadae/x.x.x.162 Jun 9 04:02:42 charon 49573 01[IKE] queueing CHILD_REKEY task Jun 9 04:02:42 charon 49573 01[IKE] activating new tasks Jun 9 04:02:42 charon 49573 01[IKE] activating CHILD_REKEY task Jun 9 04:02:42 charon 49573 01[CFG] proposing traffic selectors for us: Jun 9 04:02:42 charon 49573 01[CFG] 192.168.0.0/22|/0 Jun 9 04:02:42 charon 49573 01[CFG] 10.8.0.0/24|/0 Jun 9 04:02:42 charon 49573 01[CFG] proposing traffic selectors for other: Jun 9 04:02:42 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 9 04:02:42 charon 49573 01[CFG] 172.16.100.0/24|/0 Jun 9 04:02:42 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 04:02:42 charon 49573 01[IKE] establishing CHILD_SA con2{1963} reqid 1 Jun 9 04:02:42 charon 49573 01[CHD] CHILD_SA con2{1962} state change: INSTALLED => REKEYING Jun 9 04:02:42 charon 49573 01[ENC] generating CREATE_CHILD_SA request 0 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 04:02:42 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 04:02:42 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 04:02:42 charon 49573 01[ENC] parsed CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 04:02:42 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 9 04:02:42 charon 49573 01[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 04:02:42 charon 49573 01[CFG] selecting proposal: Jun 9 04:02:42 charon 49573 01[CFG] proposal matches Jun 9 04:02:42 charon 49573 01[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 04:02:42 charon 49573 01[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 04:02:42 charon 49573 01[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 04:02:42 charon 49573 01[CFG] selecting traffic selectors for us: Jun 9 04:02:42 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 04:02:42 charon 49573 01[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 04:02:42 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 04:02:42 charon 49573 01[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 04:02:42 charon 49573 01[CFG] selecting traffic selectors for other: Jun 9 04:02:42 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 04:02:42 charon 49573 01[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 04:02:42 charon 49573 01[CHD] CHILD_SA con2{1963} state change: CREATED => INSTALLING Jun 9 04:02:42 charon 49573 01[CHD] using AES_GCM_16 for encryption Jun 9 04:02:42 charon 49573 01[CHD] adding inbound ESP SA Jun 9 04:02:42 charon 49573 01[CHD] SPI 0xcf62b00f, src x.x.x.162 dst 192.168.177.22 Jun 9 04:02:42 charon 49573 01[CHD] registering outbound ESP SA Jun 9 04:02:42 charon 49573 01[CHD] SPI 0xcfd3b67f, src 192.168.177.22 dst x.x.x.162 Jun 9 04:02:42 charon 49573 01[IKE] inbound CHILD_SA con2{1963} established with SPIs cf62b00f_i cfd3b67f_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 04:02:42 charon 49573 01[CHD] CHILD_SA con2{1963} state change: INSTALLING => INSTALLED Jun 9 04:02:42 charon 49573 01[CHD] adding outbound ESP SA Jun 9 04:02:42 charon 49573 01[CHD] SPI 0xcfd3b67f, src 192.168.177.22 dst x.x.x.162 Jun 9 04:02:42 charon 49573 01[IKE] outbound CHILD_SA con2{1963} established with SPIs cf62b00f_i cfd3b67f_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 04:02:42 charon 49573 01[CHD] CHILD_SA con2{1962} state change: REKEYING => REKEYED Jun 9 04:02:42 charon 49573 01[IKE] reinitiating already active tasks Jun 9 04:02:42 charon 49573 01[IKE] CHILD_REKEY task Jun 9 04:02:42 charon 49573 01[IKE] closing CHILD_SA con2{1962} with SPIs c41a06f9_i (855529 bytes) c64dadae_o (2140892 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 04:02:42 charon 49573 01[IKE] sending DELETE for ESP CHILD_SA with SPI c41a06f9 Jun 9 04:02:42 charon 49573 01[CHD] CHILD_SA con2{1962} state change: REKEYED => DELETING Jun 9 04:02:42 charon 49573 01[ENC] generating INFORMATIONAL request 1 [ D ] Jun 9 04:02:42 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 04:02:42 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 04:02:42 charon 49573 01[ENC] parsed INFORMATIONAL response 1 [ D ] Jun 9 04:02:42 charon 49573 01[IKE] received DELETE for ESP CHILD_SA with SPI c64dadae Jun 9 04:02:42 charon 49573 01[IKE] CHILD_SA closed Jun 9 04:02:42 charon 49573 01[CHD] CHILD_SA con2{1962} state change: DELETING => DELETED Jun 9 04:02:42 charon 49573 01[IKE] activating new tasks Jun 9 04:02:42 charon 49573 01[IKE] nothing to initiate Jun 9 04:02:47 charon 49573 07[IKE] queueing CHILD_DELETE task Jun 9 04:02:47 charon 49573 07[IKE] activating new tasks Jun 9 04:02:47 charon 49573 07[IKE] activating CHILD_DELETE task Jun 9 04:02:47 charon 49573 07[CHD] CHILD_SA con2{1962} state change: DELETED => DESTROYING Jun 9 04:02:47 charon 49573 07[IKE] activating new tasks Jun 9 04:02:47 charon 49573 07[IKE] nothing to initiate Jun 9 04:50:52 charon 49573 10[KXX] creating rekey job for CHILD_SA ESP/0xcfd3b67f/x.x.x.162 Jun 9 04:50:52 charon 49573 15[IKE] queueing CHILD_REKEY task Jun 9 04:50:52 charon 49573 15[IKE] activating new tasks Jun 9 04:50:52 charon 49573 15[IKE] activating CHILD_REKEY task Jun 9 04:50:52 charon 49573 15[CFG] proposing traffic selectors for us: Jun 9 04:50:52 charon 49573 15[CFG] 192.168.0.0/22|/0 Jun 9 04:50:52 charon 49573 15[CFG] 10.8.0.0/24|/0 Jun 9 04:50:52 charon 49573 15[CFG] proposing traffic selectors for other: Jun 9 04:50:52 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 9 04:50:52 charon 49573 15[CFG] 172.16.100.0/24|/0 Jun 9 04:50:52 charon 49573 15[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 04:50:52 charon 49573 15[IKE] establishing CHILD_SA con2{1964} reqid 1 Jun 9 04:50:52 charon 49573 15[CHD] CHILD_SA con2{1963} state change: INSTALLED => REKEYING Jun 9 04:50:52 charon 49573 15[ENC] generating CREATE_CHILD_SA request 2 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 04:50:52 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 04:50:52 charon 49573 15[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 04:50:52 charon 49573 15[ENC] parsed CREATE_CHILD_SA response 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 04:50:52 charon 49573 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 9 04:50:52 charon 49573 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 04:50:52 charon 49573 15[CFG] selecting proposal: Jun 9 04:50:52 charon 49573 15[CFG] proposal matches Jun 9 04:50:52 charon 49573 15[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 04:50:52 charon 49573 15[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 04:50:52 charon 49573 15[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 04:50:52 charon 49573 15[CFG] selecting traffic selectors for us: Jun 9 04:50:52 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 04:50:52 charon 49573 15[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 04:50:52 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 04:50:52 charon 49573 15[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 04:50:52 charon 49573 15[CFG] selecting traffic selectors for other: Jun 9 04:50:52 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 04:50:52 charon 49573 15[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 04:50:52 charon 49573 15[CHD] CHILD_SA con2{1964} state change: CREATED => INSTALLING Jun 9 04:50:52 charon 49573 15[CHD] using AES_GCM_16 for encryption Jun 9 04:50:52 charon 49573 15[CHD] adding inbound ESP SA Jun 9 04:50:52 charon 49573 15[CHD] SPI 0xc45c5db2, src x.x.x.162 dst 192.168.177.22 Jun 9 04:50:52 charon 49573 15[CHD] registering outbound ESP SA Jun 9 04:50:52 charon 49573 15[CHD] SPI 0xc7943480, src 192.168.177.22 dst x.x.x.162 Jun 9 04:50:52 charon 49573 15[IKE] inbound CHILD_SA con2{1964} established with SPIs c45c5db2_i c7943480_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 04:50:52 charon 49573 15[CHD] CHILD_SA con2{1964} state change: INSTALLING => INSTALLED Jun 9 04:50:52 charon 49573 15[CHD] adding outbound ESP SA Jun 9 04:50:52 charon 49573 15[CHD] SPI 0xc7943480, src 192.168.177.22 dst x.x.x.162 Jun 9 04:50:52 charon 49573 15[IKE] outbound CHILD_SA con2{1964} established with SPIs c45c5db2_i c7943480_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 04:50:52 charon 49573 15[CHD] CHILD_SA con2{1963} state change: REKEYING => REKEYED Jun 9 04:50:52 charon 49573 15[IKE] reinitiating already active tasks Jun 9 04:50:52 charon 49573 15[IKE] CHILD_REKEY task Jun 9 04:50:52 charon 49573 15[IKE] closing CHILD_SA con2{1963} with SPIs cf62b00f_i (824961 bytes) cfd3b67f_o (2066128 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 04:50:52 charon 49573 15[IKE] sending DELETE for ESP CHILD_SA with SPI cf62b00f Jun 9 04:50:52 charon 49573 15[CHD] CHILD_SA con2{1963} state change: REKEYED => DELETING Jun 9 04:50:52 charon 49573 15[ENC] generating INFORMATIONAL request 3 [ D ] Jun 9 04:50:52 charon 49573 15[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 04:50:52 charon 49573 15[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 04:50:52 charon 49573 15[ENC] parsed INFORMATIONAL response 3 [ D ] Jun 9 04:50:52 charon 49573 15[IKE] received DELETE for ESP CHILD_SA with SPI cfd3b67f Jun 9 04:50:52 charon 49573 15[IKE] CHILD_SA closed Jun 9 04:50:52 charon 49573 15[CHD] CHILD_SA con2{1963} state change: DELETING => DELETED Jun 9 04:50:52 charon 49573 15[IKE] activating new tasks Jun 9 04:50:52 charon 49573 15[IKE] nothing to initiate Jun 9 04:50:57 charon 49573 10[IKE] queueing CHILD_DELETE task Jun 9 04:50:57 charon 49573 10[IKE] activating new tasks Jun 9 04:50:57 charon 49573 10[IKE] activating CHILD_DELETE task Jun 9 04:50:57 charon 49573 10[CHD] CHILD_SA con2{1963} state change: DELETED => DESTROYING Jun 9 04:50:57 charon 49573 10[IKE] activating new tasks Jun 9 04:50:57 charon 49573 10[IKE] nothing to initiate Jun 9 05:38:52 charon 49573 10[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 05:38:52 charon 49573 10[ENC] parsed CREATE_CHILD_SA request 6 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 05:38:52 charon 49573 10[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 05:38:52 charon 49573 10[CFG] selecting proposal: Jun 9 05:38:52 charon 49573 10[CFG] proposal matches Jun 9 05:38:52 charon 49573 10[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 05:38:52 charon 49573 10[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 05:38:52 charon 49573 10[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 05:38:52 charon 49573 10[CFG] selecting traffic selectors for us: Jun 9 05:38:52 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 05:38:52 charon 49573 10[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 05:38:52 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 05:38:52 charon 49573 10[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 05:38:52 charon 49573 10[CFG] selecting traffic selectors for other: Jun 9 05:38:52 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 05:38:52 charon 49573 10[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 05:38:52 charon 49573 10[CHD] CHILD_SA con2{1965} state change: CREATED => INSTALLING Jun 9 05:38:52 charon 49573 10[CHD] using AES_GCM_16 for encryption Jun 9 05:38:52 charon 49573 10[CHD] adding inbound ESP SA Jun 9 05:38:52 charon 49573 10[CHD] SPI 0xc10763fc, src x.x.x.162 dst 192.168.177.22 Jun 9 05:38:52 charon 49573 10[CHD] registering outbound ESP SA Jun 9 05:38:52 charon 49573 10[CHD] SPI 0xcbe34d9e, src 192.168.177.22 dst x.x.x.162 Jun 9 05:38:52 charon 49573 10[IKE] inbound CHILD_SA con2{1965} established with SPIs c10763fc_i cbe34d9e_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 05:38:52 charon 49573 10[CHD] CHILD_SA con2{1965} state change: INSTALLING => INSTALLED Jun 9 05:38:52 charon 49573 10[CHD] CHILD_SA con2{1964} state change: INSTALLED => REKEYING Jun 9 05:38:52 charon 49573 10[CHD] CHILD_SA con2{1964} state change: REKEYING => REKEYED Jun 9 05:38:52 charon 49573 10[ENC] generating CREATE_CHILD_SA response 6 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 05:38:52 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 05:38:52 charon 49573 10[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 05:38:52 charon 49573 10[ENC] parsed INFORMATIONAL request 7 [ D ] Jun 9 05:38:52 charon 49573 10[IKE] received DELETE for ESP CHILD_SA with SPI c7943480 Jun 9 05:38:52 charon 49573 10[IKE] closing CHILD_SA con2{1964} with SPIs c45c5db2_i (824147 bytes) c7943480_o (2062504 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 05:38:52 charon 49573 10[IKE] sending DELETE for ESP CHILD_SA with SPI c45c5db2 Jun 9 05:38:52 charon 49573 10[CHD] CHILD_SA con2{1964} state change: REKEYED => DELETING Jun 9 05:38:52 charon 49573 10[IKE] CHILD_SA closed Jun 9 05:38:52 charon 49573 10[CHD] CHILD_SA con2{1964} state change: DELETING => DELETED Jun 9 05:38:52 charon 49573 10[CHD] adding outbound ESP SA Jun 9 05:38:52 charon 49573 10[CHD] SPI 0xcbe34d9e, src 192.168.177.22 dst x.x.x.162 Jun 9 05:38:52 charon 49573 10[IKE] outbound CHILD_SA con2{1965} established with SPIs c10763fc_i cbe34d9e_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 05:38:52 charon 49573 10[ENC] generating INFORMATIONAL response 7 [ D ] Jun 9 05:38:52 charon 49573 10[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 05:38:57 charon 49573 10[IKE] queueing CHILD_DELETE task Jun 9 05:38:57 charon 49573 10[IKE] activating new tasks Jun 9 05:38:57 charon 49573 10[IKE] activating CHILD_DELETE task Jun 9 05:38:57 charon 49573 10[CHD] CHILD_SA con2{1964} state change: DELETED => DESTROYING Jun 9 05:38:57 charon 49573 10[IKE] activating new tasks Jun 9 05:38:57 charon 49573 10[IKE] nothing to initiate Jun 9 06:29:28 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 06:29:28 charon 49573 06[ENC] parsed CREATE_CHILD_SA request 8 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 06:29:28 charon 49573 06[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 06:29:28 charon 49573 06[CFG] selecting proposal: Jun 9 06:29:28 charon 49573 06[CFG] proposal matches Jun 9 06:29:28 charon 49573 06[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 06:29:28 charon 49573 06[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 06:29:28 charon 49573 06[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 06:29:28 charon 49573 06[CFG] selecting traffic selectors for us: Jun 9 06:29:28 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 06:29:28 charon 49573 06[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 06:29:28 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 06:29:28 charon 49573 06[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 06:29:28 charon 49573 06[CFG] selecting traffic selectors for other: Jun 9 06:29:28 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 06:29:28 charon 49573 06[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 06:29:28 charon 49573 06[CHD] CHILD_SA con2{1966} state change: CREATED => INSTALLING Jun 9 06:29:28 charon 49573 06[CHD] using AES_GCM_16 for encryption Jun 9 06:29:28 charon 49573 06[CHD] adding inbound ESP SA Jun 9 06:29:28 charon 49573 06[CHD] SPI 0xcecc149f, src x.x.x.162 dst 192.168.177.22 Jun 9 06:29:28 charon 49573 06[CHD] registering outbound ESP SA Jun 9 06:29:28 charon 49573 06[CHD] SPI 0xc98e6b3f, src 192.168.177.22 dst x.x.x.162 Jun 9 06:29:28 charon 49573 06[IKE] inbound CHILD_SA con2{1966} established with SPIs cecc149f_i c98e6b3f_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 06:29:28 charon 49573 06[CHD] CHILD_SA con2{1966} state change: INSTALLING => INSTALLED Jun 9 06:29:28 charon 49573 06[CHD] CHILD_SA con2{1965} state change: INSTALLED => REKEYING Jun 9 06:29:28 charon 49573 06[CHD] CHILD_SA con2{1965} state change: REKEYING => REKEYED Jun 9 06:29:28 charon 49573 06[ENC] generating CREATE_CHILD_SA response 8 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 06:29:28 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 06:29:28 charon 49573 06[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 06:29:28 charon 49573 06[ENC] parsed INFORMATIONAL request 9 [ D ] Jun 9 06:29:28 charon 49573 06[IKE] received DELETE for ESP CHILD_SA with SPI cbe34d9e Jun 9 06:29:28 charon 49573 06[IKE] closing CHILD_SA con2{1965} with SPIs c10763fc_i (868901 bytes) cbe34d9e_o (2173696 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 06:29:28 charon 49573 06[IKE] sending DELETE for ESP CHILD_SA with SPI c10763fc Jun 9 06:29:28 charon 49573 06[CHD] CHILD_SA con2{1965} state change: REKEYED => DELETING Jun 9 06:29:28 charon 49573 06[IKE] CHILD_SA closed Jun 9 06:29:28 charon 49573 06[CHD] CHILD_SA con2{1965} state change: DELETING => DELETED Jun 9 06:29:28 charon 49573 06[CHD] adding outbound ESP SA Jun 9 06:29:28 charon 49573 06[CHD] SPI 0xc98e6b3f, src 192.168.177.22 dst x.x.x.162 Jun 9 06:29:28 charon 49573 06[IKE] outbound CHILD_SA con2{1966} established with SPIs cecc149f_i c98e6b3f_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 06:29:28 charon 49573 06[ENC] generating INFORMATIONAL response 9 [ D ] Jun 9 06:29:28 charon 49573 06[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 06:29:33 charon 49573 06[IKE] queueing CHILD_DELETE task Jun 9 06:29:33 charon 49573 06[IKE] activating new tasks Jun 9 06:29:33 charon 49573 06[IKE] activating CHILD_DELETE task Jun 9 06:29:33 charon 49573 06[CHD] CHILD_SA con2{1965} state change: DELETED => DESTROYING Jun 9 06:29:33 charon 49573 06[IKE] activating new tasks Jun 9 06:29:33 charon 49573 06[IKE] nothing to initiate Jun 9 07:17:32 charon 49573 09[KXX] creating rekey job for CHILD_SA ESP/0xcecc149f/192.168.177.22 Jun 9 07:17:32 charon 49573 11[IKE] queueing CHILD_REKEY task Jun 9 07:17:32 charon 49573 11[IKE] activating new tasks Jun 9 07:17:32 charon 49573 11[IKE] activating CHILD_REKEY task Jun 9 07:17:32 charon 49573 11[CFG] proposing traffic selectors for us: Jun 9 07:17:32 charon 49573 11[CFG] 192.168.0.0/22|/0 Jun 9 07:17:32 charon 49573 11[CFG] 10.8.0.0/24|/0 Jun 9 07:17:32 charon 49573 11[CFG] proposing traffic selectors for other: Jun 9 07:17:32 charon 49573 11[CFG] 172.16.100.0/24|/0 Jun 9 07:17:32 charon 49573 11[CFG] 172.16.100.0/24|/0 Jun 9 07:17:32 charon 49573 11[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 07:17:32 charon 49573 11[IKE] establishing CHILD_SA con2{1967} reqid 1 Jun 9 07:17:32 charon 49573 11[CHD] CHILD_SA con2{1966} state change: INSTALLED => REKEYING Jun 9 07:17:32 charon 49573 11[ENC] generating CREATE_CHILD_SA request 4 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 07:17:32 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 07:17:32 charon 49573 11[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 07:17:32 charon 49573 11[ENC] parsed CREATE_CHILD_SA response 4 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 07:17:32 charon 49573 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 9 07:17:32 charon 49573 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 07:17:32 charon 49573 11[CFG] selecting proposal: Jun 9 07:17:32 charon 49573 11[CFG] proposal matches Jun 9 07:17:32 charon 49573 11[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 07:17:32 charon 49573 11[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 07:17:32 charon 49573 11[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 07:17:32 charon 49573 11[CFG] selecting traffic selectors for us: Jun 9 07:17:32 charon 49573 11[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 07:17:32 charon 49573 11[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 07:17:32 charon 49573 11[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 07:17:32 charon 49573 11[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 07:17:32 charon 49573 11[CFG] selecting traffic selectors for other: Jun 9 07:17:32 charon 49573 11[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 07:17:32 charon 49573 11[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 07:17:32 charon 49573 11[CHD] CHILD_SA con2{1967} state change: CREATED => INSTALLING Jun 9 07:17:32 charon 49573 11[CHD] using AES_GCM_16 for encryption Jun 9 07:17:32 charon 49573 11[CHD] adding inbound ESP SA Jun 9 07:17:32 charon 49573 11[CHD] SPI 0xce9aef89, src x.x.x.162 dst 192.168.177.22 Jun 9 07:17:32 charon 49573 11[CHD] registering outbound ESP SA Jun 9 07:17:32 charon 49573 11[CHD] SPI 0xc17e59fb, src 192.168.177.22 dst x.x.x.162 Jun 9 07:17:32 charon 49573 11[IKE] inbound CHILD_SA con2{1967} established with SPIs ce9aef89_i c17e59fb_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 07:17:32 charon 49573 11[CHD] CHILD_SA con2{1967} state change: INSTALLING => INSTALLED Jun 9 07:17:32 charon 49573 11[CHD] adding outbound ESP SA Jun 9 07:17:32 charon 49573 11[CHD] SPI 0xc17e59fb, src 192.168.177.22 dst x.x.x.162 Jun 9 07:17:32 charon 49573 11[IKE] outbound CHILD_SA con2{1967} established with SPIs ce9aef89_i c17e59fb_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 07:17:32 charon 49573 11[CHD] CHILD_SA con2{1966} state change: REKEYING => REKEYED Jun 9 07:17:32 charon 49573 11[IKE] reinitiating already active tasks Jun 9 07:17:32 charon 49573 11[IKE] CHILD_REKEY task Jun 9 07:17:32 charon 49573 11[IKE] closing CHILD_SA con2{1966} with SPIs cecc149f_i (825311 bytes) c98e6b3f_o (2064824 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 07:17:32 charon 49573 11[IKE] sending DELETE for ESP CHILD_SA with SPI cecc149f Jun 9 07:17:32 charon 49573 11[CHD] CHILD_SA con2{1966} state change: REKEYED => DELETING Jun 9 07:17:32 charon 49573 11[ENC] generating INFORMATIONAL request 5 [ D ] Jun 9 07:17:32 charon 49573 11[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 07:17:32 charon 49573 11[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 07:17:32 charon 49573 11[ENC] parsed INFORMATIONAL response 5 [ D ] Jun 9 07:17:32 charon 49573 11[IKE] received DELETE for ESP CHILD_SA with SPI c98e6b3f Jun 9 07:17:32 charon 49573 11[IKE] CHILD_SA closed Jun 9 07:17:32 charon 49573 11[CHD] CHILD_SA con2{1966} state change: DELETING => DELETED Jun 9 07:17:32 charon 49573 11[IKE] activating new tasks Jun 9 07:17:32 charon 49573 11[IKE] nothing to initiate Jun 9 07:17:37 charon 49573 11[IKE] queueing CHILD_DELETE task Jun 9 07:17:37 charon 49573 11[IKE] activating new tasks Jun 9 07:17:37 charon 49573 11[IKE] activating CHILD_DELETE task Jun 9 07:17:37 charon 49573 11[CHD] CHILD_SA con2{1966} state change: DELETED => DESTROYING Jun 9 07:17:37 charon 49573 11[IKE] activating new tasks Jun 9 07:17:37 charon 49573 11[IKE] nothing to initiate Jun 9 07:45:04 charon 49573 01[IKE] queueing IKE_REKEY task Jun 9 07:45:04 charon 49573 01[IKE] activating new tasks Jun 9 07:45:04 charon 49573 01[IKE] activating IKE_REKEY task Jun 9 07:45:04 charon 49573 01[IKE] IKE_SA con2[661] state change: ESTABLISHED => REKEYING Jun 9 07:45:04 charon 49573 01[IKE] initiating IKE_SA con2[663] to x.x.x.162 Jun 9 07:45:04 charon 49573 01[IKE] IKE_SA con2[663] state change: CREATED => CONNECTING Jun 9 07:45:04 charon 49573 01[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 9 07:45:04 charon 49573 01[ENC] generating CREATE_CHILD_SA request 6 [ SA No KE ] Jun 9 07:45:04 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (304 bytes) Jun 9 07:45:04 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (304 bytes) Jun 9 07:45:04 charon 49573 01[ENC] parsed CREATE_CHILD_SA response 6 [ SA No KE ] Jun 9 07:45:04 charon 49573 01[CFG] selecting proposal: Jun 9 07:45:04 charon 49573 01[CFG] proposal matches Jun 9 07:45:04 charon 49573 01[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 9 07:45:04 charon 49573 01[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 9 07:45:04 charon 49573 01[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jun 9 07:45:04 charon 49573 01[IKE] IKE_SA con2[663] state change: CONNECTING => ESTABLISHED Jun 9 07:45:04 charon 49573 01[IKE] scheduling rekeying in 23290s Jun 9 07:45:04 charon 49573 01[IKE] maximum IKE_SA lifetime 26170s Jun 9 07:45:04 charon 49573 01[IKE] IKE_SA con2[663] rekeyed between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 9 07:45:04 charon 49573 01[IKE] IKE_SA con2[661] state change: REKEYING => REKEYED Jun 9 07:45:04 charon 49573 01[IKE] reinitiating already active tasks Jun 9 07:45:04 charon 49573 01[IKE] IKE_REKEY task Jun 9 07:45:04 charon 49573 01[IKE] deleting IKE_SA con2[661] between 192.168.177.22[y.y.y.239]...x.x.x.162[x.x.x.162] Jun 9 07:45:04 charon 49573 01[IKE] IKE_SA con2[661] state change: REKEYED => DELETING Jun 9 07:45:04 charon 49573 01[IKE] sending DELETE for IKE_SA con2[661] Jun 9 07:45:04 charon 49573 01[ENC] generating INFORMATIONAL request 7 [ D ] Jun 9 07:45:04 charon 49573 01[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 07:45:04 charon 49573 01[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 07:45:04 charon 49573 01[ENC] parsed INFORMATIONAL response 7 [ ] Jun 9 07:45:04 charon 49573 01[IKE] IKE_SA deleted Jun 9 07:45:04 charon 49573 01[IKE] IKE_SA con2[661] state change: DELETING => DESTROYING Jun 9 08:07:39 charon 49573 14[KXX] creating rekey job for CHILD_SA ESP/0xc17e59fb/x.x.x.162 Jun 9 08:07:39 charon 49573 08[IKE] queueing CHILD_REKEY task Jun 9 08:07:39 charon 49573 08[IKE] activating new tasks Jun 9 08:07:39 charon 49573 08[IKE] activating CHILD_REKEY task Jun 9 08:07:39 charon 49573 08[CFG] proposing traffic selectors for us: Jun 9 08:07:39 charon 49573 08[CFG] 192.168.0.0/22|/0 Jun 9 08:07:39 charon 49573 08[CFG] 10.8.0.0/24|/0 Jun 9 08:07:39 charon 49573 08[CFG] proposing traffic selectors for other: Jun 9 08:07:39 charon 49573 08[CFG] 172.16.100.0/24|/0 Jun 9 08:07:39 charon 49573 08[CFG] 172.16.100.0/24|/0 Jun 9 08:07:39 charon 49573 08[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 08:07:39 charon 49573 08[IKE] establishing CHILD_SA con2{1968} reqid 1 Jun 9 08:07:39 charon 49573 08[CHD] CHILD_SA con2{1967} state change: INSTALLED => REKEYING Jun 9 08:07:39 charon 49573 08[ENC] generating CREATE_CHILD_SA request 0 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 08:07:39 charon 49573 08[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (224 bytes) Jun 9 08:07:39 charon 49573 08[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (224 bytes) Jun 9 08:07:39 charon 49573 08[ENC] parsed CREATE_CHILD_SA response 0 [ N(ESP_TFC_PAD_N) SA No TSi TSr ] Jun 9 08:07:39 charon 49573 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify Jun 9 08:07:39 charon 49573 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jun 9 08:07:39 charon 49573 08[CFG] selecting proposal: Jun 9 08:07:39 charon 49573 08[CFG] proposal matches Jun 9 08:07:39 charon 49573 08[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 08:07:39 charon 49573 08[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 08:07:39 charon 49573 08[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ Jun 9 08:07:39 charon 49573 08[CFG] selecting traffic selectors for us: Jun 9 08:07:39 charon 49573 08[CFG] config: 192.168.0.0/22|/0, received: 192.168.0.0/22|/0 => match: 192.168.0.0/22|/0 Jun 9 08:07:39 charon 49573 08[CFG] config: 192.168.0.0/22|/0, received: 10.8.0.0/24|/0 => no match Jun 9 08:07:39 charon 49573 08[CFG] config: 10.8.0.0/24|/0, received: 192.168.0.0/22|/0 => no match Jun 9 08:07:39 charon 49573 08[CFG] config: 10.8.0.0/24|/0, received: 10.8.0.0/24|/0 => match: 10.8.0.0/24|/0 Jun 9 08:07:39 charon 49573 08[CFG] selecting traffic selectors for other: Jun 9 08:07:39 charon 49573 08[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 08:07:39 charon 49573 08[CFG] config: 172.16.100.0/24|/0, received: 172.16.100.0/24|/0 => match: 172.16.100.0/24|/0 Jun 9 08:07:39 charon 49573 08[CHD] CHILD_SA con2{1968} state change: CREATED => INSTALLING Jun 9 08:07:39 charon 49573 08[CHD] using AES_GCM_16 for encryption Jun 9 08:07:39 charon 49573 08[CHD] adding inbound ESP SA Jun 9 08:07:39 charon 49573 08[CHD] SPI 0xc0849c8e, src x.x.x.162 dst 192.168.177.22 Jun 9 08:07:39 charon 49573 08[CHD] registering outbound ESP SA Jun 9 08:07:39 charon 49573 08[CHD] SPI 0xcbde6c1d, src 192.168.177.22 dst x.x.x.162 Jun 9 08:07:39 charon 49573 08[IKE] inbound CHILD_SA con2{1968} established with SPIs c0849c8e_i cbde6c1d_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 08:07:39 charon 49573 08[CHD] CHILD_SA con2{1968} state change: INSTALLING => INSTALLED Jun 9 08:07:39 charon 49573 08[CHD] adding outbound ESP SA Jun 9 08:07:39 charon 49573 08[CHD] SPI 0xcbde6c1d, src 192.168.177.22 dst x.x.x.162 Jun 9 08:07:39 charon 49573 08[IKE] outbound CHILD_SA con2{1968} established with SPIs c0849c8e_i cbde6c1d_o and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 08:07:39 charon 49573 08[CHD] CHILD_SA con2{1967} state change: REKEYING => REKEYED Jun 9 08:07:39 charon 49573 08[IKE] reinitiating already active tasks Jun 9 08:07:39 charon 49573 08[IKE] CHILD_REKEY task Jun 9 08:07:39 charon 49573 08[IKE] closing CHILD_SA con2{1967} with SPIs ce9aef89_i (28499725 bytes) c17e59fb_o (9022384 bytes) and TS 10.8.0.0/24|/0 192.168.0.0/22|/0 === 172.16.100.0/24|/0 Jun 9 08:07:39 charon 49573 08[IKE] sending DELETE for ESP CHILD_SA with SPI ce9aef89 Jun 9 08:07:39 charon 49573 08[CHD] CHILD_SA con2{1967} state change: REKEYED => DELETING Jun 9 08:07:39 charon 49573 08[ENC] generating INFORMATIONAL request 1 [ D ] Jun 9 08:07:39 charon 49573 08[NET] sending packet: from 192.168.177.22[4500] to x.x.x.162[4500] (80 bytes) Jun 9 08:07:39 charon 49573 08[NET] received packet: from x.x.x.162[4500] to 192.168.177.22[4500] (80 bytes) Jun 9 08:07:39 charon 49573 08[ENC] parsed INFORMATIONAL response 1 [ D ] Jun 9 08:07:39 charon 49573 08[IKE] received DELETE for ESP CHILD_SA with SPI c17e59fb Jun 9 08:07:39 charon 49573 08[IKE] CHILD_SA closed Jun 9 08:07:39 charon 49573 08[CHD] CHILD_SA con2{1967} state change: DELETING => DELETED Jun 9 08:07:39 charon 49573 08[IKE] activating new tasks Jun 9 08:07:39 charon 49573 08[IKE] nothing to initiate Jun 9 08:07:44 charon 49573 12[IKE] queueing CHILD_DELETE task Jun 9 08:07:44 charon 49573 12[IKE] activating new tasks Jun 9 08:07:44 charon 49573 12[IKE] activating CHILD_DELETE task Jun 9 08:07:44 charon 49573 12[CHD] CHILD_SA con2{1967} state change: DELETED => DESTROYING Jun 9 08:07:44 charon 49573 12[IKE] activating new tasks Jun 9 08:07:44 charon 49573 12[IKE] nothing to initiate Jun 9 08:33:58 charon 49573 05[CFG] vici client 108 connected Jun 9 08:33:58 charon 49573 15[CFG] vici client 108 requests: get-pools Jun 9 08:33:58 charon 49573 15[CFG] vici client 108 disconnected Jun 9 08:34:12 charon 49573 10[CFG] vici client 109 connected Jun 9 08:34:12 charon 49573 05[CFG] vici client 109 registered for: list-sa Jun 9 08:34:12 charon 49573 06[CFG] vici client 109 requests: list-sas Jun 9 08:34:12 charon 49573 05[CFG] vici client 109 disconnected Jun 9 08:34:12 charon 49573 06[CFG] vici client 110 connected Jun 9 08:34:12 charon 49573 05[CFG] vici client 110 requests: get-pools Jun 9 08:34:12 charon 49573 06[CFG] vici client 110 disconnected Jun 9 08:34:19 charon 49573 11[CFG] vici client 111 connected Jun 9 08:34:19 charon 49573 09[CFG] vici client 111 registered for: list-sa Jun 9 08:34:19 charon 49573 11[CFG] vici client 111 requests: list-sas Jun 9 08:34:19 charon 49573 09[CFG] vici client 111 disconnected Jun 9 08:34:19 charon 49573 11[CFG] vici client 112 connected Jun 9 08:34:19 charon 49573 08[CFG] vici client 112 requests: get-pools Jun 9 08:34:19 charon 49573 11[CFG] vici client 112 disconnected Jun 9 08:34:26 charon 49573 14[CFG] vici client 113 connected Jun 9 08:34:26 charon 49573 14[CFG] vici client 113 registered for: list-sa Jun 9 08:34:26 charon 49573 12[CFG] vici client 113 requests: list-sas Jun 9 08:34:26 charon 49573 12[CFG] vici client 113 disconnected Jun 9 08:34:26 charon 49573 14[CFG] vici client 114 connected Jun 9 08:34:26 charon 49573 01[CFG] vici client 114 requests: get-pools Jun 9 08:34:26 charon 49573 01[CFG] vici client 114 disconnected Jun 9 08:34:33 charon 49573 15[CFG] vici client 115 connected Jun 9 08:34:33 charon 49573 07[CFG] vici client 115 registered for: list-sa Jun 9 08:34:33 charon 49573 07[CFG] vici client 115 requests: list-sas Jun 9 08:34:33 charon 49573 10[CFG] vici client 115 disconnected Jun 9 08:34:33 charon 49573 07[CFG] vici client 116 connected Jun 9 08:34:33 charon 49573 10[CFG] vici client 116 requests: get-pools Jun 9 08:34:33 charon 49573 07[CFG] vici client 116 disconnected Jun 9 08:35:57 charon 49573 08[CFG] vici client 117 connected Jun 9 08:35:57 charon 49573 11[CFG] vici client 117 requests: get-pools Jun 9 08:35:57 charon 49573 11[CFG] vici client 117 disconnected Jun 9 08:36:04 charon 49573 13[CFG] vici client 118 connected Jun 9 08:36:04 charon 49573 09[CFG] vici client 118 registered for: list-sa Jun 9 08:36:04 charon 49573 13[CFG] vici client 118 requests: list-sas Jun 9 08:36:04 charon 49573 13[CFG] vici client 118 disconnected Jun 9 08:36:04 charon 49573 08[CFG] vici client 119 connected Jun 9 08:36:04 charon 49573 12[CFG] vici client 119 requests: get-pools Jun 9 08:36:04 charon 49573 12[CFG] vici client 119 disconnected Jun 9 08:36:12 charon 49573 01[CFG] vici client 120 connected Jun 9 08:36:12 charon 49573 14[CFG] vici client 120 registered for: list-sa Jun 9 08:36:12 charon 49573 14[CFG] vici client 120 requests: list-sas Jun 9 08:36:12 charon 49573 14[CFG] vici client 120 disconnected Jun 9 08:36:12 charon 49573 01[CFG] vici client 121 connected Jun 9 08:36:12 charon 49573 14[CFG] vici client 121 requests: get-pools Jun 9 08:36:12 charon 49573 01[CFG] vici client 121 disconnected Jun 9 08:36:19 charon 49573 07[CFG] vici client 122 connected Jun 9 08:36:19 charon 49573 10[CFG] vici client 122 registered for: list-sa Jun 9 08:36:19 charon 49573 10[CFG] vici client 122 requests: list-sas Jun 9 08:36:19 charon 49573 07[CFG] vici client 122 disconnected Jun 9 08:36:19 charon 49573 10[CFG] vici client 123 connected Jun 9 08:36:19 charon 49573 05[CFG] vici client 123 requests: get-pools Jun 9 08:36:19 charon 49573 10[CFG] vici client 123 disconnected Jun 9 08:36:26 charon 49573 11[CFG] vici client 124 connected Jun 9 08:36:26 charon 49573 09[CFG] vici client 124 registered for: list-sa Jun 9 08:36:26 charon 49573 09[CFG] vici client 124 requests: list-sas Jun 9 08:36:26 charon 49573 09[CFG] vici client 124 disconnected Jun 9 08:36:26 charon 49573 11[CFG] vici client 125 connected Jun 9 08:36:26 charon 49573 12[CFG] vici client 125 requests: get-pools Jun 9 08:36:26 charon 49573 12[CFG] vici client 125 disconnected Jun 9 08:36:33 charon 49573 08[CFG] vici client 126 connected Jun 9 08:36:33 charon 49573 13[CFG] vici client 126 registered for: list-sa Jun 9 08:36:33 charon 49573 13[CFG] vici client 126 requests: list-sas Jun 9 08:36:33 charon 49573 08[CFG] vici client 126 disconnected Jun 9 08:36:33 charon 49573 13[CFG] vici client 127 connected Jun 9 08:36:33 charon 49573 08[CFG] vici client 127 requests: get-pools Jun 9 08:36:33 charon 49573 08[CFG] vici client 127 disconnected Jun 9 08:36:40 charon 49573 14[CFG] vici client 128 connected Jun 9 08:36:40 charon 49573 15[CFG] vici client 128 registered for: list-sa Jun 9 08:36:40 charon 49573 15[CFG] vici client 128 requests: list-sas Jun 9 08:36:40 charon 49573 01[CFG] vici client 128 disconnected Jun 9 08:36:40 charon 49573 15[CFG] vici client 129 connected Jun 9 08:36:40 charon 49573 05[CFG] vici client 129 requests: get-pools Jun 9 08:36:40 charon 49573 05[CFG] vici client 129 disconnected Jun 9 08:36:47 charon 49573 10[CFG] vici client 130 connected Jun 9 08:36:47 charon 49573 07[CFG] vici client 130 registered for: list-sa Jun 9 08:36:47 charon 49573 01[CFG] vici client 130 requests: list-sas Jun 9 08:36:47 charon 49573 07[CFG] vici client 130 disconnected Jun 9 08:36:47 charon 49573 01[CFG] vici client 131 connected Jun 9 08:36:47 charon 49573 07[CFG] vici client 131 requests: get-pools Jun 9 08:36:47 charon 49573 01[CFG] vici client 131 disconnected Jun 9 08:36:54 charon 49573 12[CFG] vici client 132 connected Jun 9 08:36:54 charon 49573 11[CFG] vici client 132 registered for: list-sa Jun 9 08:36:54 charon 49573 11[CFG] vici client 132 requests: list-sas Jun 9 08:36:54 charon 49573 12[CFG] vici client 132 disconnected Jun 9 08:36:54 charon 49573 11[CFG] vici client 133 connected Jun 9 08:36:54 charon 49573 12[CFG] vici client 133 requests: get-pools Jun 9 08:36:54 charon 49573 11[CFG] vici client 133 disconnected pfSense is developed and maintained by Netgate. © ESF 2004 - 2023 View license.