Today we had another disruption preceded by a lot of these log entries:
2017-08-29 08:29:55,Daemon.Info,10.3.1.2,Aug 29 08:29:55 charon: 13[ENC] <con2000|5> generating INFORMATIONAL_V1 request 817940652 [ HASH N(INVAL_HASH) ]
2017-08-29 08:29:55,Daemon.Info,10.3.1.2,Aug 29 08:29:55 charon: 13[NET] <con2000|5> sending packet: from *.*.*.254[500] to *.*.*.66[500] (76 bytes)
2017-08-29 08:29:55,Daemon.Info,10.3.1.2,Aug 29 08:29:55 charon: 13[IKE] <con2000|5> QUICK_MODE request with message ID 1339927066 processing failed
2017-08-29 08:29:59,Daemon.Info,10.3.1.2,Aug 29 08:29:59 charon: 13[NET] <con2000|5> received packet: from *.*.*.66[500] to *.*.*.254[500] (172 bytes)
2017-08-29 08:29:59,Daemon.Info,10.3.1.2,"Aug 29 08:29:59 charon: 13[IKE] <con2000|5> received retransmit of request with ID 2091090257, but no response to retransmit"
2017-08-29 08:30:03,Daemon.Info,10.3.1.2,Aug 29 08:30:03 charon: 13[NET] <con2000|5> received packet: from *.*.*.66[500] to *.*.*.254[500] (172 bytes)
2017-08-29 08:30:03,Daemon.Info,10.3.1.2,Aug 29 08:30:03 charon: 13[ENC] <con2000|5> parsed QUICK_MODE request 1339927066 [ HASH SA No ID ID ]
2017-08-29 08:30:03,Daemon.Info,10.3.1.2,Aug 29 08:30:03 charon: 13[ENC] <con2000|5> received HASH payload does not match
2017-08-29 08:30:03,Daemon.Info,10.3.1.2,Aug 29 08:30:03 charon: 13[IKE] <con2000|5> integrity check failed</con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5>
Other log entries that looked suspicious are:
2017-08-29 08:40:39,Daemon.Info,10.3.1.2,Aug 29 08:40:39 charon: 14[ENC] <con2000|5> generating INFORMATIONAL_V1 request 3211985302 [ HASH N(PLD_MAL) ]
2017-08-29 08:40:39,Daemon.Info,10.3.1.2,Aug 29 08:40:39 charon: 14[NET] <con2000|5> sending packet: from *.*.*.254[500] to *.*.*.66[500] (76 bytes)
2017-08-29 08:40:39,Daemon.Info,10.3.1.2,Aug 29 08:40:39 charon: 14[IKE] <con2000|5> QUICK_MODE request with message ID 3438183006 processing failed
2017-08-29 08:40:47,Daemon.Info,10.3.1.2,Aug 29 08:40:47 charon: 10[NET] <con2000|5> received packet: from *.*.*.66[500] to *.*.*.254[500] (172 bytes)
2017-08-29 08:40:47,Daemon.Info,10.3.1.2,"Aug 29 08:40:47 charon: 10[ENC] <con2000|5> invalid HASH_V1 payload length, decryption failed?"
2017-08-29 08:40:47,Daemon.Info,10.3.1.2,Aug 29 08:40:47 charon: 10[ENC] <con2000|5> could not decrypt payloads
2017-08-29 08:40:47,Daemon.Info,10.3.1.2,Aug 29 08:40:47 charon: 10[IKE] <con2000|5> message parsing failed</con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5>
2017-08-29 08:43:06,Daemon.Info,10.3.1.2,Aug 29 08:43:06 charon: 05[ENC] <con2000|5> generating INFORMATIONAL_V1 request 1187213230 [ HASH N(INVAL_HASH) ]
2017-08-29 08:43:06,Daemon.Info,10.3.1.2,Aug 29 08:43:06 charon: 05[NET] <con2000|5> sending packet: from *.*.*.254[500] to *.*.*.66[500] (76 bytes)
2017-08-29 08:43:06,Daemon.Info,10.3.1.2,Aug 29 08:43:06 charon: 05[IKE] <con2000|5> QUICK_MODE request with message ID 879409864 processing failed
2017-08-29 08:43:07,Daemon.Info,10.3.1.2,Aug 29 08:43:07 charon: 05[NET] <con2000|5> received packet: from *.*.*.66[500] to *.*.*.254[500] (172 bytes)
2017-08-29 08:43:07,Daemon.Info,10.3.1.2,"Aug 29 08:43:07 charon: 05[IKE] <con2000|5> received retransmit of request with ID 2426813154, but no response to retransmit"
2017-08-29 08:43:14,Daemon.Info,10.3.1.2,Aug 29 08:43:14 charon: 05[NET] <con2000|5> received packet: from *.*.*.66[500] to *.*.*.254[500] (76 bytes)
2017-08-29 08:43:14,Daemon.Info,10.3.1.2,Aug 29 08:43:14 charon: 05[ENC] <con2000|5> parsed INFORMATIONAL_V1 request 3155446242 [ HASH D ]
2017-08-29 08:43:14,Daemon.Info,10.3.1.2,Aug 29 08:43:14 charon: 05[IKE] <con2000|5> received DELETE for ESP CHILD_SA with SPI a559aaa0
2017-08-29 08:43:14,Daemon.Info,10.3.1.2,"Aug 29 08:43:14 charon: 05[IKE] <con2000|5> CHILD_SA not found, ignored"</con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5></con2000|5>