VPN Unreliable since upgrade to V2.2
-
We are getting drops in VPN and seeing the below errros
charon: 06[IKE] peer not responding, trying again (3/3) happens 20 times a day now used to be rock solid before upgrading.
-
So thats PPTP?
No….
TINC...
Uhhhhhh....
Openvpn?
L2TP?
or IPSEC?
-
Sorry IPSec
been going mental today
Jan 30 19:23:28 ipsec_starter[35858]:
Jan 30 19:23:28 ipsec_starter[35858]: 'con1000' routed
Jan 30 19:23:28 ipsec_starter[35858]:
Jan 30 19:23:28 ipsec_starter[35858]: configuration 'con1000' unrouted
Jan 30 16:51:34 charon: 11[CFG] received stroke: loglevel -1 for cfg
Jan 30 16:51:34 charon: 09[CFG] received stroke: loglevel -1 for job
Jan 30 16:51:34 charon: 09[CFG] received stroke: loglevel -1 for chd
Jan 30 16:51:34 charon: 09[CFG] received stroke: loglevel -1 for ike
Jan 30 16:51:34 charon: 09[CFG] received stroke: loglevel -1 for mgr
Jan 30 16:51:34 charon: 09[CFG] received stroke: loglevel -1 for dmn
Jan 30 16:51:34 charon: 09[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Jan 30 16:51:34 charon: 09[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Jan 30 16:51:34 charon: 09[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Jan 30 16:51:34 charon: 09[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Jan 30 16:51:34 charon: 09[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Jan 30 16:51:34 charon: 09[CFG] loaded IKE secret for %any 212.38.169.250
Jan 30 16:51:34 charon: 09[CFG] loaded IKE secret for %any 81.168.48.250
Jan 30 16:51:34 charon: 09[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Jan 30 16:51:34 charon: 09[CFG] rereading secrets
Jan 30 16:51:34 charon: 09[ENC] parsed INFORMATIONAL_V1 request 788743145 [ HASH N(DPD_ACK) ]
Jan 30 16:51:34 charon: 09[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:51:34 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:51:34 charon: 07[ENC] generating INFORMATIONAL_V1 request 3060198682 [ HASH N(DPD) ]
Jan 30 16:51:34 charon: 07[IKE] sending DPD request
Jan 30 16:51:34 charon: 07[IKE] <con2000|255>sending DPD request
Jan 30 16:51:24 charon: 07[ENC] parsed INFORMATIONAL_V1 request 4221769679 [ HASH N(DPD_ACK) ]
Jan 30 16:51:24 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:51:24 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:51:24 charon: 07[ENC] generating INFORMATIONAL_V1 request 3567837408 [ HASH N(DPD) ]
Jan 30 16:51:24 charon: 07[IKE] sending DPD request
Jan 30 16:51:24 charon: 07[IKE] <con2000|255>sending DPD request
Jan 30 16:51:21 charon: 07[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:51:21 charon: 07[IKE] sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:51:21 charon: 07[IKE] <con1000|260>sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:51:14 charon: 07[ENC] parsed INFORMATIONAL_V1 request 2589483059 [ HASH N(DPD_ACK) ]
Jan 30 16:51:14 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:51:14 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:51:14 charon: 07[ENC] generating INFORMATIONAL_V1 request 3843554533 [ HASH N(DPD) ]
Jan 30 16:51:14 charon: 07[IKE] sending DPD request
Jan 30 16:51:14 charon: 07[IKE] <con2000|255>sending DPD request
Jan 30 16:51:08 charon: 07[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:51:08 charon: 07[IKE] sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:51:08 charon: 07[IKE] <con1000|260>sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:51:03 charon: 07[ENC] parsed INFORMATIONAL_V1 request 637938113 [ HASH N(DPD_ACK) ]
Jan 30 16:51:03 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:51:03 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:51:03 charon: 07[ENC] generating INFORMATIONAL_V1 request 2471942177 [ HASH N(DPD) ]
Jan 30 16:51:03 charon: 07[IKE] sending DPD request
Jan 30 16:51:03 charon: 07[IKE] <con2000|255>sending DPD request
Jan 30 16:51:01 charon: 06[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:51:01 charon: 06[IKE] sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:51:01 charon: 06[IKE] <con1000|260>sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:50:57 charon: 06[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:50:57 charon: 06[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
Jan 30 16:50:57 charon: 06[IKE] initiating Main Mode IKE_SA con1000[260] to 81.168.48.250
Jan 30 16:50:57 charon: 06[IKE] <con1000|260>initiating Main Mode IKE_SA con1000[260] to 81.168.48.250
Jan 30 16:50:57 charon: 06[IKE] peer not responding, trying again (3/3)
Jan 30 16:50:57 charon: 06[IKE] <con1000|260>peer not responding, trying again (3/3)
Jan 30 16:50:57 charon: 06[IKE] giving up after 5 retransmits
Jan 30 16:50:57 charon: 06[IKE] <con1000|260>giving up after 5 retransmits
Jan 30 16:50:53 charon: 06[ENC] parsed INFORMATIONAL_V1 request 2095033923 [ HASH N(DPD_ACK) ]
Jan 30 16:50:53 charon: 06[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:50:53 charon: 06[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:50:53 charon: 06[ENC] generating INFORMATIONAL_V1 request 4288186713 [ HASH N(DPD) ]
Jan 30 16:50:53 charon: 06[IKE] sending DPD request
Jan 30 16:50:53 charon: 06[IKE] <con2000|255>sending DPD request
Jan 30 16:50:43 charon: 07[ENC] parsed INFORMATIONAL_V1 request 11694638 [ HASH N(DPD_ACK) ]
Jan 30 16:50:43 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:50:43 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:50:43 charon: 07[ENC] generating INFORMATIONAL_V1 request 841954003 [ HASH N(DPD) ]
Jan 30 16:50:43 charon: 07[IKE] sending DPD request
Jan 30 16:50:43 charon: 07[IKE] <con2000|255>sending DPD request
Jan 30 16:50:33 charon: 07[ENC] parsed INFORMATIONAL_V1 request 718148700 [ HASH N(DPD_ACK) ]
Jan 30 16:50:33 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:50:33 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:50:33 charon: 07[ENC] generating INFORMATIONAL_V1 request 4083807354 [ HASH N(DPD) ]
Jan 30 16:50:33 charon: 07[IKE] sending DPD request
Jan 30 16:50:33 charon: 07[IKE] <con2000|255>sending DPD request
Jan 30 16:50:23 charon: 12[ENC] parsed INFORMATIONAL_V1 request 1577005225 [ HASH N(DPD_ACK) ]
Jan 30 16:50:23 charon: 12[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:50:23 charon: 12[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:50:23 charon: 12[ENC] generating INFORMATIONAL_V1 request 640359113 [ HASH N(DPD) ]
Jan 30 16:50:23 charon: 12[IKE] sending DPD request
Jan 30 16:50:23 charon: 12[IKE] <con2000|255>sending DPD request
Jan 30 16:50:13 charon: 07[ENC] parsed INFORMATIONAL_V1 request 3146261125 [ HASH N(DPD_ACK) ]
Jan 30 16:50:13 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:50:13 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:50:13 charon: 07[ENC] generating INFORMATIONAL_V1 request 1601009955 [ HASH N(DPD) ]
Jan 30 16:50:13 charon: 07[IKE] sending DPD request
Jan 30 16:50:13 charon: 07[IKE] <con2000|255>sending DPD request
Jan 30 16:50:03 charon: 07[ENC] parsed INFORMATIONAL_V1 request 3094862307 [ HASH N(DPD_ACK) ]
Jan 30 16:50:03 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:50:03 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:50:03 charon: 07[ENC] generating INFORMATIONAL_V1 request 289945337 [ HASH N(DPD) ]
Jan 30 16:50:03 charon: 07[IKE] sending DPD request
Jan 30 16:50:03 charon: 07[IKE] <con2000|255>sending DPD request
Jan 30 16:49:53 charon: 07[ENC] parsed INFORMATIONAL_V1 request 3053674439 [ HASH N(DPD_ACK) ]
Jan 30 16:49:53 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:49:53 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:49:53 charon: 07[ENC] generating INFORMATIONAL_V1 request 4051565405 [ HASH N(DPD) ]
Jan 30 16:49:53 charon: 07[IKE] sending DPD request
Jan 30 16:49:53 charon: 07[IKE] <con2000|255>sending DPD request
Jan 30 16:49:43 charon: 10[ENC] parsed INFORMATIONAL_V1 request 54283509 [ HASH N(DPD_ACK) ]
Jan 30 16:49:43 charon: 10[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:49:43 charon: 10[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:49:43 charon: 10[ENC] generating INFORMATIONAL_V1 request 2845292127 [ HASH N(DPD) ]
Jan 30 16:49:43 charon: 10[IKE] sending DPD request
Jan 30 16:49:43 charon: 10[IKE] <con2000|255>sending DPD request
Jan 30 16:49:42 charon: 10[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:49:42 charon: 10[IKE] sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:49:42 charon: 10[IKE] <con1000|260>sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:49:33 charon: 10[ENC] parsed INFORMATIONAL_V1 request 183782379 [ HASH N(DPD_ACK) ]
Jan 30 16:49:33 charon: 10[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:49:33 charon: 10[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:49:33 charon: 10[ENC] generating INFORMATIONAL_V1 request 538410056 [ HASH N(DPD) ]
Jan 30 16:49:33 charon: 10[IKE] sending DPD request
Jan 30 16:49:33 charon: 10[IKE] <con2000|255>sending DPD request
Jan 30 16:49:23 charon: 10[ENC] parsed INFORMATIONAL_V1 request 954374923 [ HASH N(DPD_ACK) ]
Jan 30 16:49:23 charon: 10[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:49:23 charon: 10[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:49:23 charon: 10[ENC] generating INFORMATIONAL_V1 request 547305630 [ HASH N(DPD) ]
Jan 30 16:49:23 charon: 10[IKE] sending DPD request
Jan 30 16:49:23 charon: 10[IKE] <con2000|255>sending DPD request
Jan 30 16:49:13 charon: 10[ENC] parsed INFORMATIONAL_V1 request 280705186 [ HASH N(DPD_ACK) ]
Jan 30 16:49:13 charon: 10[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:49:13 charon: 10[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:49:13 charon: 10[ENC] generating INFORMATIONAL_V1 request 1204076042 [ HASH N(DPD) ]
Jan 30 16:49:13 charon: 10[IKE] sending DPD request
Jan 30 16:49:13 charon: 10[IKE] <con2000|255>sending DPD request
Jan 30 16:49:03 charon: 16[ENC] parsed INFORMATIONAL_V1 request 3312007276 [ HASH N(DPD_ACK) ]
Jan 30 16:49:03 charon: 16[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:49:03 charon: 16[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:49:03 charon: 16[ENC] generating INFORMATIONAL_V1 request 3069398184 [ HASH N(DPD) ]
Jan 30 16:49:03 charon: 16[IKE] sending DPD request
Jan 30 16:49:03 charon: 16[IKE] <con2000|255>sending DPD request
Jan 30 16:49:00 charon: 16[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:49:00 charon: 16[IKE] sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:49:00 charon: 16[IKE] <con1000|260>sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:48:56 charon: 16[IKE] establishing IKE_SA failed, peer not responding
Jan 30 16:48:56 charon: 16[IKE] <con1000|257>establishing IKE_SA failed, peer not responding
Jan 30 16:48:56 charon: 16[IKE] giving up after 5 retransmits
Jan 30 16:48:56 charon: 16[IKE] <con1000|257>giving up after 5 retransmits
Jan 30 16:48:53 charon: 16[ENC] parsed INFORMATIONAL_V1 request 1525566505 [ HASH N(DPD_ACK) ]
Jan 30 16:48:53 charon: 16[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:48:53 charon: 16[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:48:53 charon: 16[ENC] generating INFORMATIONAL_V1 request 374289435 [ HASH N(DPD) ]
Jan 30 16:48:53 charon: 16[IKE] sending DPD request
Jan 30 16:48:53 charon: 16[IKE] <con2000|255>sending DPD request
Jan 30 16:48:43 charon: 16[ENC] parsed INFORMATIONAL_V1 request 1277015062 [ HASH N(DPD_ACK) ]
Jan 30 16:48:43 charon: 16[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:48:43 charon: 16[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:48:43 charon: 16[ENC] generating INFORMATIONAL_V1 request 713138442 [ HASH N(DPD) ]
Jan 30 16:48:43 charon: 16[IKE] sending DPD request
Jan 30 16:48:43 charon: 16[IKE] <con2000|255>sending DPD request
Jan 30 16:48:36 charon: 16[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:48:36 charon: 16[IKE] sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:48:36 charon: 16[IKE] <con1000|260>sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:48:33 charon: 16[ENC] parsed INFORMATIONAL_V1 request 334138567 [ HASH N(DPD_ACK) ]
Jan 30 16:48:33 charon: 16[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:48:33 charon: 16[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:48:33 charon: 16[ENC] generating INFORMATIONAL_V1 request 1303237051 [ HASH N(DPD) ]
Jan 30 16:48:33 charon: 16[IKE] sending DPD request
Jan 30 16:48:33 charon: 16[IKE] <con2000|255>sending DPD request
Jan 30 16:48:23 charon: 03[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:48:23 charon: 03[ENC] generating INFORMATIONAL_V1 request 1431728415 [ HASH N(DPD_ACK) ]
Jan 30 16:48:23 charon: 03[ENC] parsed INFORMATIONAL_V1 request 3256667415 [ HASH N(DPD) ]
Jan 30 16:48:23 charon: 03[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:48:23 charon: 03[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:48:23 charon: 03[IKE] sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:48:23 charon: 03[IKE] <con1000|260>sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:48:16 charon: 03[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:48:16 charon: 03[IKE] sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:48:16 charon: 03[IKE] <con1000|260>sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:48:14 charon: 03[ENC] parsed INFORMATIONAL_V1 request 1320841570 [ HASH N(DPD_ACK) ]
Jan 30 16:48:14 charon: 03[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:48:14 charon: 03[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:48:14 charon: 03[ENC] generating INFORMATIONAL_V1 request 1240754596 [ HASH N(DPD) ]
Jan 30 16:48:14 charon: 03[IKE] sending DPD request
Jan 30 16:48:14 charon: 03[IKE] <con2000|255>sending DPD request
Jan 30 16:48:12 charon: 03[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:48:12 charon: 03[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
Jan 30 16:48:12 charon: 03[IKE] initiating Main Mode IKE_SA con1000[260] to 81.168.48.250
Jan 30 16:48:12 charon: 03[IKE] <con1000|260>initiating Main Mode IKE_SA con1000[260] to 81.168.48.250
Jan 30 16:48:12 charon: 03[IKE] peer not responding, trying again (2/3)
Jan 30 16:48:12 charon: 03[IKE] <con1000|260>peer not responding, trying again (2/3)
Jan 30 16:48:12 charon: 03[IKE] giving up after 5 retransmits
Jan 30 16:48:12 charon: 03[IKE] <con1000|260>giving up after 5 retransmits
Jan 30 16:48:04 charon: 03[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:48:04 charon: 03[ENC] generating INFORMATIONAL_V1 request 2875230535 [ HASH N(DPD_ACK) ]
Jan 30 16:48:04 charon: 03[ENC] parsed INFORMATIONAL_V1 request 3645244472 [ HASH N(DPD) ]
Jan 30 16:48:04 charon: 03[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:47:55 charon: 03[ENC] parsed INFORMATIONAL_V1 request 1832871878 [ HASH N(DPD_ACK) ]
Jan 30 16:47:55 charon: 03[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:47:55 charon: 14[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:47:55 charon: 14[ENC] generating INFORMATIONAL_V1 request 2999487591 [ HASH N(DPD) ]
Jan 30 16:47:55 charon: 14[IKE] sending DPD request
Jan 30 16:47:55 charon: 14[IKE] <con2000|255>sending DPD request
Jan 30 16:47:45 charon: 14[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:47:45 charon: 14[ENC] generating INFORMATIONAL_V1 request 4011686820 [ HASH N(DPD_ACK) ]
Jan 30 16:47:45 charon: 14[ENC] parsed INFORMATIONAL_V1 request 578003736 [ HASH N(DPD) ]
Jan 30 16:47:45 charon: 14[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:47:41 charon: 14[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:47:41 charon: 14[IKE] sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:47:41 charon: 14[IKE] <con1000|257>sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:47:40 charon: 03[KNL] creating rekey job for ESP CHILD_SA with SPI c29bdf42 and reqid {2}
Jan 30 16:47:36 charon: 03[ENC] parsed INFORMATIONAL_V1 request 2921335284 [ HASH N(DPD_ACK) ]
Jan 30 16:47:36 charon: 03[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:47:36 charon: 03[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:47:36 charon: 03[ENC] generating INFORMATIONAL_V1 request 4083646668 [ HASH N(DPD) ]
Jan 30 16:47:36 charon: 03[IKE] sending DPD request
Jan 30 16:47:36 charon: 03[IKE] <con2000|255>sending DPD request
Jan 30 16:47:26 charon: 03[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:47:26 charon: 03[ENC] generating INFORMATIONAL_V1 request 668052589 [ HASH N(DPD_ACK) ]
Jan 30 16:47:26 charon: 03[ENC] parsed INFORMATIONAL_V1 request 2586301748 [ HASH N(DPD) ]
Jan 30 16:47:26 charon: 03[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:47:17 charon: 15[ENC] parsed INFORMATIONAL_V1 request 4066203232 [ HASH N(DPD_ACK) ]
Jan 30 16:47:17 charon: 15[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:47:17 charon: 15[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:47:17 charon: 15[ENC] generating INFORMATIONAL_V1 request 1425427581 [ HASH N(DPD) ]
Jan 30 16:47:17 charon: 15[IKE] sending DPD request
Jan 30 16:47:17 charon: 15[IKE] <con2000|255>sending DPD request
Jan 30 16:47:07 charon: 15[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:47:07 charon: 15[ENC] generating INFORMATIONAL_V1 request 2379941063 [ HASH N(DPD_ACK) ]
Jan 30 16:47:07 charon: 15[ENC] parsed INFORMATIONAL_V1 request 2778815708 [ HASH N(DPD) ]
Jan 30 16:47:07 charon: 15[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:46:59 charon: 15[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:46:59 charon: 15[IKE] sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:46:59 charon: 15[IKE] <con1000|257>sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:46:58 charon: 15[ENC] parsed INFORMATIONAL_V1 request 3544085360 [ HASH N(DPD_ACK) ]
Jan 30 16:46:58 charon: 15[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:46:58 charon: 15[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:46:58 charon: 15[ENC] generating INFORMATIONAL_V1 request 3628671395 [ HASH N(DPD) ]
Jan 30 16:46:58 charon: 15[IKE] sending DPD request
Jan 30 16:46:58 charon: 15[IKE] <con2000|255>sending DPD request
Jan 30 16:46:56 charon: 15[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:46:56 charon: 15[IKE] sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:46:56 charon: 15[IKE] <con1000|260>sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:46:48 charon: 15[ENC] parsed INFORMATIONAL_V1 request 890175996 [ HASH N(DPD_ACK) ]
Jan 30 16:46:48 charon: 15[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:46:48 charon: 15[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:46:48 charon: 15[ENC] generating INFORMATIONAL_V1 request 824618597 [ HASH N(DPD) ]
Jan 30 16:46:48 charon: 15[IKE] sending DPD request
Jan 30 16:46:48 charon: 15[IKE] <con2000|255>sending DPD request
Jan 30 16:46:38 charon: 13[ENC] parsed INFORMATIONAL_V1 request 2551543176 [ HASH N(DPD_ACK) ]
Jan 30 16:46:38 charon: 13[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:46:38 charon: 13[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:46:38 charon: 13[ENC] generating INFORMATIONAL_V1 request 2384237775 [ HASH N(DPD) ]
Jan 30 16:46:38 charon: 13[IKE] sending DPD request
Jan 30 16:46:38 charon: 13[IKE] <con2000|255>sending DPD request
Jan 30 16:46:35 charon: 13[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:46:35 charon: 13[IKE] sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:46:35 charon: 13[IKE] <con1000|257>sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:46:27 charon: 13[ENC] parsed INFORMATIONAL_V1 request 2760272594 [ HASH N(DPD_ACK) ]
Jan 30 16:46:27 charon: 13[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:46:27 charon: 13[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:46:27 charon: 13[ENC] generating INFORMATIONAL_V1 request 116244434 [ HASH N(DPD) ]
Jan 30 16:46:27 charon: 13[IKE] sending DPD request
Jan 30 16:46:27 charon: 13[IKE] <con2000|255>sending DPD request
Jan 30 16:46:22 charon: 13[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:46:22 charon: 13[IKE] sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:46:22 charon: 13[IKE] <con1000|257>sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:46:17 charon: 13[ENC] parsed INFORMATIONAL_V1 request 3028818906 [ HASH N(DPD_ACK) ]
Jan 30 16:46:17 charon: 13[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:46:17 charon: 13[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:46:17 charon: 13[ENC] generating INFORMATIONAL_V1 request 3135591218 [ HASH N(DPD) ]
Jan 30 16:46:17 charon: 13[IKE] sending DPD request
Jan 30 16:46:17 charon: 13[IKE] <con2000|255>sending DPD request
Jan 30 16:46:15 charon: 13[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:46:15 charon: 13[IKE] sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:46:15 charon: 13[IKE] <con1000|257>sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:46:14 charon: 13[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:46:14 charon: 13[IKE] sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:46:14 charon: 13[IKE] <con1000|260>sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:46:11 charon: 13[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:46:11 charon: 13[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
Jan 30 16:46:11 charon: 13[IKE] initiating Main Mode IKE_SA con1000[257] to 81.168.48.250
Jan 30 16:46:11 charon: 13[IKE] <con1000|257>initiating Main Mode IKE_SA con1000[257] to 81.168.48.250
Jan 30 16:46:11 charon: 13[IKE] peer not responding, trying again (3/3)
Jan 30 16:46:11 charon: 13[IKE] <con1000|257>peer not responding, trying again (3/3)
Jan 30 16:46:11 charon: 13[IKE] giving up after 5 retransmits
Jan 30 16:46:11 charon: 13[IKE] <con1000|257>giving up after 5 retransmits
Jan 30 16:46:07 charon: 13[ENC] parsed INFORMATIONAL_V1 request 2157355661 [ HASH N(DPD_ACK) ]
Jan 30 16:46:07 charon: 13[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:46:07 charon: 11[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:46:07 charon: 11[ENC] generating INFORMATIONAL_V1 request 3858232307 [ HASH N(DPD) ]
Jan 30 16:46:07 charon: 11[IKE] sending DPD request
Jan 30 16:46:07 charon: 11[IKE] <con2000|255>sending DPD request
Jan 30 16:45:57 charon: 11[IKE] CHILD_SA con2000{2} established with SPIs cf3e65bb_i cc8f755f_o and TS 192.168.1.0/24|/0 === 192.168.50.0/24|/0
Jan 30 16:45:57 charon: 11[IKE] <con2000|255>CHILD_SA con2000{2} established with SPIs cf3e65bb_i cc8f755f_o and TS 192.168.1.0/24|/0 === 192.168.50.0/24|/0
Jan 30 16:45:57 charon: 11[ENC] parsed QUICK_MODE request 556550128 [ HASH ]
Jan 30 16:45:57 charon: 11[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (60 bytes)
Jan 30 16:45:57 charon: 11[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (188 bytes)
Jan 30 16:45:57 charon: 11[ENC] generating QUICK_MODE response 556550128 [ HASH SA No ID ID ]
Jan 30 16:45:57 charon: 11[IKE] detected rekeying of CHILD_SA con2000{2}
Jan 30 16:45:57 charon: 11[IKE] <con2000|255>detected rekeying of CHILD_SA con2000{2}
Jan 30 16:45:57 charon: 11[ENC] parsed QUICK_MODE request 556550128 [ HASH SA No ID ID ]
Jan 30 16:45:57 charon: 11[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (188 bytes)
Jan 30 16:45:51 charon: 11[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:45:51 charon: 11[ENC] generating INFORMATIONAL_V1 request 2652816399 [ HASH N(DPD_ACK) ]
Jan 30 16:45:51 charon: 11[ENC] parsed INFORMATIONAL_V1 request 1923889573 [ HASH N(DPD) ]
Jan 30 16:45:51 charon: 11[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:45:51 charon: 11[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:45:51 charon: 11[IKE] sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:45:51 charon: 11[IKE] <con1000|260>sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:45:41 charon: 09[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:45:41 charon: 09[ENC] generating INFORMATIONAL_V1 request 1778789646 [ HASH N(DPD_ACK) ]
Jan 30 16:45:41 charon: 09[ENC] parsed INFORMATIONAL_V1 request 412083306 [ HASH N(DPD) ]
Jan 30 16:45:41 charon: 09[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:45:38 charon: 09[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:45:38 charon: 09[IKE] sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:45:38 charon: 09[IKE] <con1000|260>sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:45:33 charon: 09[IKE] CHILD_SA con1000{1} established with SPIs c4afcc16_i 30414fb3_o and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:45:33 charon: 09[IKE] <con1000|261>CHILD_SA con1000{1} established with SPIs c4afcc16_i 30414fb3_o and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:45:33 charon: 09[ENC] parsed QUICK_MODE request 1827186182 [ HASH ]
Jan 30 16:45:33 charon: 09[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (52 bytes)
Jan 30 16:45:33 charon: 09[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (172 bytes)
Jan 30 16:45:33 charon: 09[ENC] generating QUICK_MODE response 1827186182 [ HASH SA No ID ID ]
Jan 30 16:45:33 charon: 09[ENC] parsed QUICK_MODE request 1827186182 [ HASH SA No ID ID ]
Jan 30 16:45:33 charon: 09[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (156 bytes)
Jan 30 16:45:33 charon: 11[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (68 bytes)
Jan 30 16:45:33 charon: 11[ENC] generating ID_PROT response 0 [ ID HASH ]
Jan 30 16:45:33 charon: 11[IKE] maximum IKE_SA lifetime 28554s
Jan 30 16:45:33 charon: 11[IKE] <con1000|261>maximum IKE_SA lifetime 28554s
Jan 30 16:45:33 charon: 11[IKE] scheduling reauthentication in 28014s
Jan 30 16:45:33 charon: 11[IKE] <con1000|261>scheduling reauthentication in 28014s
Jan 30 16:45:33 charon: 11[IKE] IKE_SA con1000[261] established between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:45:33 charon: 11[IKE] <con1000|261>IKE_SA con1000[261] established between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:45:33 charon: 11[CFG] selected peer config "con1000"
Jan 30 16:45:33 charon: 11[CFG] looking for pre-shared key peer configs matching 195.99.170.125…81.168.48.250[81.168.48.250]
Jan 30 16:45:33 charon: 11[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Jan 30 16:45:33 charon: 11[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:45:33 charon: 11[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (212 bytes)
Jan 30 16:45:33 charon: 11[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jan 30 16:45:33 charon: 11[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 30 16:45:33 charon: 11[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (196 bytes)
Jan 30 16:45:33 charon: 11[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (152 bytes)
Jan 30 16:45:33 charon: 11[ENC] generating ID_PROT response 0 [ SA V V V V ]
Jan 30 16:45:33 charon: 11[IKE] 81.168.48.250 is initiating a Main Mode IKE_SA
Jan 30 16:45:33 charon: 11[IKE] <261> 81.168.48.250 is initiating a Main Mode IKE_SA
Jan 30 16:45:33 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 30 16:45:33 charon: 11[IKE] <261> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 30 16:45:33 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 30 16:45:33 charon: 11[IKE] <261> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 30 16:45:33 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 30 16:45:33 charon: 11[IKE] <261> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 30 16:45:33 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 30 16:45:33 charon: 11[IKE] <261> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 30 16:45:33 charon: 11[IKE] received NAT-T (RFC 3947) vendor ID
Jan 30 16:45:33 charon: 11[IKE] <261> received NAT-T (RFC 3947) vendor ID
Jan 30 16:45:33 charon: 11[IKE] received DPD vendor ID
Jan 30 16:45:33 charon: 11[IKE] <261> received DPD vendor ID
Jan 30 16:45:33 charon: 11[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Jan 30 16:45:33 charon: 11[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (200 bytes)
Jan 30 16:45:31 charon: 06[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:45:31 charon: 06[ENC] generating INFORMATIONAL_V1 request 1471566719 [ HASH N(DPD_ACK) ]
Jan 30 16:45:31 charon: 06[ENC] parsed INFORMATIONAL_V1 request 3127029776 [ HASH N(DPD) ]
Jan 30 16:45:31 charon: 06[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:45:31 charon: 06[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:45:31 charon: 06[IKE] sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:45:31 charon: 06[IKE] <con1000|260>sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:45:27 charon: 06[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:45:27 charon: 06[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
Jan 30 16:45:27 charon: 06[IKE] initiating Main Mode IKE_SA con1000[260] to 81.168.48.250
Jan 30 16:45:27 charon: 06[IKE] <con1000|260>initiating Main Mode IKE_SA con1000[260] to 81.168.48.250
Jan 30 16:45:27 charon: 06[KNL] creating acquire job for policy 195.99.170.125/32|/0 === 81.168.48.250/32|/0 with reqid {1}
Jan 30 16:45:25 charon: 06[IKE] deleting IKE_SA con1000[259] between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:45:25 charon: 06[IKE] <con1000|259>deleting IKE_SA con1000[259] between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:45:25 charon: 06[IKE] received DELETE for IKE_SA con1000[259]
Jan 30 16:45:25 charon: 06[IKE] <con1000|259>received DELETE for IKE_SA con1000[259]
Jan 30 16:45:25 charon: 06[ENC] parsed INFORMATIONAL_V1 request 4018689468 [ HASH D ]
Jan 30 16:45:25 charon: 06[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (76 bytes)
Jan 30 16:45:25 charon: 09[IKE] closing CHILD_SA con1000{1} with SPIs ccd5f7d4_i (655060 bytes) 30414fb2_o (1569392 bytes) and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:45:25 charon: 09[IKE] <con1000|259>closing CHILD_SA con1000{1} with SPIs ccd5f7d4_i (655060 bytes) 30414fb2_o (1569392 bytes) and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:45:25 charon: 09[IKE] received DELETE for ESP CHILD_SA with SPI 30414fb2
Jan 30 16:45:25 charon: 09[IKE] <con1000|259>received DELETE for ESP CHILD_SA with SPI 30414fb2
Jan 30 16:45:25 charon: 09[ENC] parsed INFORMATIONAL_V1 request 3951317432 [ HASH D ]
Jan 30 16:45:25 charon: 09[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (68 bytes)
Jan 30 16:45:21 charon: 09[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:45:21 charon: 09[ENC] generating INFORMATIONAL_V1 request 244293608 [ HASH N(DPD_ACK) ]
Jan 30 16:45:21 charon: 09[ENC] parsed INFORMATIONAL_V1 request 1566037627 [ HASH N(DPD) ]
Jan 30 16:45:21 charon: 09[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:45:21 ipsec_starter[35858]:
Jan 30 16:45:21 ipsec_starter[35858]: 'con1000' routed
Jan 30 16:45:21 charon: 09[CFG] received stroke: route 'con1000'
Jan 30 16:45:21 charon: 11[CFG] added configuration 'con1000'
Jan 30 16:45:21 charon: 11[CFG] received stroke: add connection 'con1000'
Jan 30 16:45:21 charon: 11[CFG] deleted connection 'con1000'
Jan 30 16:45:21 charon: 11[CFG] received stroke: delete connection 'con1000'
Jan 30 16:45:21 ipsec_starter[35858]:
Jan 30 16:45:21 ipsec_starter[35858]: configuration 'con1000' unrouted
Jan 30 16:45:21 charon: 11[CFG] received stroke: unroute 'con1000'
Jan 30 16:45:21 charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Jan 30 16:45:21 charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Jan 30 16:45:21 charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Jan 30 16:45:21 charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Jan 30 16:45:21 charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Jan 30 16:45:21 charon: 07[CFG] loaded IKE secret for %any 212.38.169.250
Jan 30 16:45:21 charon: 07[CFG] loaded IKE secret for %any 81.168.48.250
Jan 30 16:45:21 charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Jan 30 16:45:21 charon: 07[CFG] rereading secrets
Jan 30 16:45:11 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:45:11 charon: 07[ENC] generating INFORMATIONAL_V1 request 3945737918 [ HASH N(DPD_ACK) ]
Jan 30 16:45:11 charon: 07[ENC] parsed INFORMATIONAL_V1 request 2605426342 [ HASH N(DPD) ]
Jan 30 16:45:11 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:45:01 charon: 07[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:45:01 charon: 07[ENC] generating INFORMATIONAL_V1 request 3797642225 [ HASH N(DPD_ACK) ]
Jan 30 16:45:01 charon: 07[ENC] parsed INFORMATIONAL_V1 request 1582725926 [ HASH N(DPD) ]
Jan 30 16:45:01 charon: 07[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:44:55 charon: 07[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:44:55 charon: 07[IKE] sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:44:55 charon: 07[IKE] <con1000|257>sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:44:51 charon: 12[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:44:51 charon: 12[ENC] generating INFORMATIONAL_V1 request 2783461707 [ HASH N(DPD_ACK) ]
Jan 30 16:44:51 charon: 12[ENC] parsed INFORMATIONAL_V1 request 404322050 [ HASH N(DPD) ]
Jan 30 16:44:51 charon: 12[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:44:41 charon: 12[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:44:41 charon: 12[ENC] generating INFORMATIONAL_V1 request 2232927505 [ HASH N(DPD_ACK) ]
Jan 30 16:44:41 charon: 12[ENC] parsed INFORMATIONAL_V1 request 5245550 [ HASH N(DPD) ]
Jan 30 16:44:41 charon: 12[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:44:37 ipsec_starter[35858]:
Jan 30 16:44:37 ipsec_starter[35858]: 'con1000' routed
Jan 30 16:44:37 charon: 12[CFG] received stroke: route 'con1000'
Jan 30 16:44:37 charon: 07[CFG] added configuration 'con1000'
Jan 30 16:44:37 charon: 07[CFG] received stroke: add connection 'con1000'
Jan 30 16:44:37 charon: 07[CFG] deleted connection 'con1000'
Jan 30 16:44:37 charon: 07[CFG] received stroke: delete connection 'con1000'
Jan 30 16:44:37 ipsec_starter[35858]:
Jan 30 16:44:37 charon: 07[CFG] received stroke: unroute 'con1000'
Jan 30 16:44:37 charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Jan 30 16:44:37 charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Jan 30 16:44:37 charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Jan 30 16:44:37 charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Jan 30 16:44:37 charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Jan 30 16:44:37 charon: 12[CFG] loaded IKE secret for %any 212.38.169.250
Jan 30 16:44:37 charon: 12[CFG] loaded IKE secret for %any 81.168.48.250
Jan 30 16:44:37 charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Jan 30 16:44:37 charon: 12[CFG] rereading secrets
Jan 30 16:44:31 charon: 10[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:44:31 charon: 10[ENC] generating INFORMATIONAL_V1 request 3771161138 [ HASH N(DPD_ACK) ]
Jan 30 16:44:31 charon: 10[ENC] parsed INFORMATIONAL_V1 request 312237969 [ HASH N(DPD) ]
Jan 30 16:44:31 charon: 10[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:44:21 charon: 10[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:44:21 charon: 10[ENC] generating INFORMATIONAL_V1 request 2172736518 [ HASH N(DPD_ACK) ]
Jan 30 16:44:21 charon: 10[ENC] parsed INFORMATIONAL_V1 request 12508521 [ HASH N(DPD) ]
Jan 30 16:44:21 charon: 10[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:44:13 charon: 10[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:44:13 charon: 10[IKE] sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:44:13 charon: 10[IKE] <con1000|257>sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:44:11 charon: 10[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:44:11 charon: 10[ENC] generating INFORMATIONAL_V1 request 1228396809 [ HASH N(DPD_ACK) ]
Jan 30 16:44:11 charon: 10[ENC] parsed INFORMATIONAL_V1 request 552546541 [ HASH N(DPD) ]
Jan 30 16:44:11 charon: 10[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:44:01 charon: 10[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:44:01 charon: 10[ENC] generating INFORMATIONAL_V1 request 960035738 [ HASH N(DPD_ACK) ]
Jan 30 16:44:01 charon: 10[ENC] parsed INFORMATIONAL_V1 request 983685187 [ HASH N(DPD) ]
Jan 30 16:44:01 charon: 10[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:43:51 charon: 16[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:43:51 charon: 16[ENC] generating INFORMATIONAL_V1 request 2438163099 [ HASH N(DPD_ACK) ]
Jan 30 16:43:51 charon: 16[ENC] parsed INFORMATIONAL_V1 request 2135517361 [ HASH N(DPD) ]
Jan 30 16:43:51 charon: 16[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:43:50 charon: 16[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:43:50 charon: 16[IKE] sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:43:50 charon: 16[IKE] <con1000|257>sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:43:41 charon: 16[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:43:41 charon: 16[ENC] generating INFORMATIONAL_V1 request 2760017838 [ HASH N(DPD_ACK) ]
Jan 30 16:43:41 charon: 16[ENC] parsed INFORMATIONAL_V1 request 1524205984 [ HASH N(DPD) ]
Jan 30 16:43:41 charon: 16[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:43:37 charon: 16[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:43:37 charon: 16[IKE] sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:43:37 charon: 16[IKE] <con1000|257>sending retransmit 2 of request message ID 0, seq 1
Jan 30 16:43:31 charon: 16[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:43:31 charon: 16[ENC] generating INFORMATIONAL_V1 request 4140798287 [ HASH N(DPD_ACK) ]
Jan 30 16:43:31 charon: 16[ENC] parsed INFORMATIONAL_V1 request 3285195598 [ HASH N(DPD) ]
Jan 30 16:43:31 charon: 16[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:43:30 charon: 16[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:43:30 charon: 16[IKE] sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:43:30 charon: 16[IKE] <con1000|257>sending retransmit 1 of request message ID 0, seq 1
Jan 30 16:43:26 charon: 16[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:43:26 charon: 16[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
Jan 30 16:43:26 charon: 16[IKE] initiating Main Mode IKE_SA con1000[257] to 81.168.48.250
Jan 30 16:43:26 charon: 16[IKE] <con1000|257>initiating Main Mode IKE_SA con1000[257] to 81.168.48.250
Jan 30 16:43:26 charon: 16[IKE] peer not responding, trying again (2/3)
Jan 30 16:43:26 charon: 16[IKE] <con1000|257>peer not responding, trying again (2/3)
Jan 30 16:43:26 charon: 16[IKE] giving up after 5 retransmits
Jan 30 16:43:26 charon: 16[IKE] <con1000|257>giving up after 5 retransmits
Jan 30 16:43:21 charon: 14[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:43:21 charon: 14[ENC] generating INFORMATIONAL_V1 request 3441032433 [ HASH N(DPD_ACK) ]
Jan 30 16:43:21 charon: 14[ENC] parsed INFORMATIONAL_V1 request 944594875 [ HASH N(DPD) ]
Jan 30 16:43:21 charon: 14[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:43:11 charon: 14[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:43:11 charon: 14[ENC] generating INFORMATIONAL_V1 request 3683550308 [ HASH N(DPD_ACK) ]
Jan 30 16:43:11 charon: 14[ENC] parsed INFORMATIONAL_V1 request 2304101870 [ HASH N(DPD) ]
Jan 30 16:43:11 charon: 14[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:43:01 charon: 14[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:43:01 charon: 14[ENC] generating INFORMATIONAL_V1 request 2257535841 [ HASH N(DPD_ACK) ]
Jan 30 16:43:01 charon: 14[ENC] parsed INFORMATIONAL_V1 request 3601699866 [ HASH N(DPD) ]
Jan 30 16:43:01 charon: 14[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:43:00 charon: 14[IKE] CHILD_SA con1000{1} established with SPIs ccd5f7d4_i 30414fb2_o and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:43:00 charon: 14[IKE] <con1000|259>CHILD_SA con1000{1} established with SPIs ccd5f7d4_i 30414fb2_o and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:43:00 charon: 14[ENC] parsed QUICK_MODE request 2358713825 [ HASH ]
Jan 30 16:43:00 charon: 14[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (52 bytes)
Jan 30 16:43:00 charon: 14[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (172 bytes)
Jan 30 16:43:00 charon: 14[ENC] generating QUICK_MODE response 2358713825 [ HASH SA No ID ID ]
Jan 30 16:43:00 charon: 14[ENC] parsed QUICK_MODE request 2358713825 [ HASH SA No ID ID ]
Jan 30 16:43:00 charon: 14[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (148 bytes)
Jan 30 16:43:00 charon: 14[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (68 bytes)
Jan 30 16:43:00 charon: 14[ENC] generating ID_PROT response 0 [ ID HASH ]
Jan 30 16:43:00 charon: 14[IKE] maximum IKE_SA lifetime 28387s
Jan 30 16:43:00 charon: 14[IKE] <con1000|259>maximum IKE_SA lifetime 28387s
Jan 30 16:43:00 charon: 14[IKE] scheduling reauthentication in 27847s
Jan 30 16:43:00 charon: 14[IKE] <con1000|259>scheduling reauthentication in 27847s
Jan 30 16:43:00 charon: 14[IKE] IKE_SA con1000[259] established between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:43:00 charon: 14[IKE] <con1000|259>IKE_SA con1000[259] established between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:43:00 charon: 14[CFG] selected peer config "con1000"
Jan 30 16:43:00 charon: 14[CFG] looking for pre-shared key peer configs matching 195.99.170.125…81.168.48.250[81.168.48.250]
Jan 30 16:43:00 charon: 14[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Jan 30 16:43:00 charon: 14[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:43:00 charon: 14[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (204 bytes)
Jan 30 16:43:00 charon: 14[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jan 30 16:43:00 charon: 14[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 30 16:43:00 charon: 14[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (188 bytes)
Jan 30 16:43:00 charon: 14[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (152 bytes)
Jan 30 16:43:00 charon: 14[ENC] generating ID_PROT response 0 [ SA V V V V ]
Jan 30 16:43:00 charon: 14[IKE] 81.168.48.250 is initiating a Main Mode IKE_SA
Jan 30 16:43:00 charon: 14[IKE] <259> 81.168.48.250 is initiating a Main Mode IKE_SA
Jan 30 16:43:00 charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 30 16:43:00 charon: 14[IKE] <259> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 30 16:43:00 charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 30 16:43:00 charon: 14[IKE] <259> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 30 16:43:00 charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 30 16:43:00 charon: 14[IKE] <259> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 30 16:43:00 charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 30 16:43:00 charon: 14[IKE] <259> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 30 16:43:00 charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
Jan 30 16:43:00 charon: 14[IKE] <259> received NAT-T (RFC 3947) vendor ID
Jan 30 16:43:00 charon: 14[IKE] received DPD vendor ID
Jan 30 16:43:00 charon: 14[IKE] <259> received DPD vendor ID
Jan 30 16:43:00 charon: 14[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Jan 30 16:43:00 charon: 14[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (200 bytes)
Jan 30 16:42:58 charon: 14[CFG] ignoring acquire, connection attempt pending
Jan 30 16:42:58 charon: 14[KNL] creating acquire job for policy 195.99.170.125/32|/0 === 81.168.48.250/32|/0 with reqid {1}
Jan 30 16:42:58 charon: 14[IKE] deleting IKE_SA con1000[258] between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:42:58 charon: 14[IKE] <con1000|258>deleting IKE_SA con1000[258] between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:42:58 charon: 14[IKE] received DELETE for IKE_SA con1000[258]
Jan 30 16:42:58 charon: 14[IKE] <con1000|258>received DELETE for IKE_SA con1000[258]
Jan 30 16:42:58 charon: 14[ENC] parsed INFORMATIONAL_V1 request 1986980393 [ HASH D ]
Jan 30 16:42:58 charon: 14[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (76 bytes)
Jan 30 16:42:58 charon: 16[IKE] closing CHILD_SA con1000{1} with SPIs ce9ef5bf_i (568233 bytes) 30414fb1_o (1257192 bytes) and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:42:58 charon: 16[IKE] <con1000|258>closing CHILD_SA con1000{1} with SPIs ce9ef5bf_i (568233 bytes) 30414fb1_o (1257192 bytes) and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:42:58 charon: 16[IKE] received DELETE for ESP CHILD_SA with SPI 30414fb1
Jan 30 16:42:58 charon: 16[IKE] <con1000|258>received DELETE for ESP CHILD_SA with SPI 30414fb1
Jan 30 16:42:58 charon: 16[ENC] parsed INFORMATIONAL_V1 request 1919608357 [ HASH D ]
Jan 30 16:42:58 charon: 16[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (68 bytes)
Jan 30 16:42:51 charon: 16[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:42:51 charon: 16[ENC] generating INFORMATIONAL_V1 request 2286573325 [ HASH N(DPD_ACK) ]
Jan 30 16:42:51 charon: 16[ENC] parsed INFORMATIONAL_V1 request 1189429199 [ HASH N(DPD) ]
Jan 30 16:42:51 charon: 16[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:42:44 charon: 15[IKE] CHILD_SA con1000{1} established with SPIs ce9ef5bf_i 30414fb1_o and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:42:44 charon: 15[IKE] <con1000|258>CHILD_SA con1000{1} established with SPIs ce9ef5bf_i 30414fb1_o and TS 192.168.1.0/24|/0 === 10.0.0.0/24|/0
Jan 30 16:42:44 charon: 15[ENC] parsed QUICK_MODE request 2077227407 [ HASH ]
Jan 30 16:42:44 charon: 15[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (52 bytes)
Jan 30 16:42:44 charon: 15[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (172 bytes)
Jan 30 16:42:44 charon: 15[ENC] generating QUICK_MODE response 2077227407 [ HASH SA No ID ID ]
Jan 30 16:42:44 charon: 15[ENC] parsed QUICK_MODE request 2077227407 [ HASH SA No ID ID ]
Jan 30 16:42:44 charon: 15[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (148 bytes)
Jan 30 16:42:44 charon: 16[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (68 bytes)
Jan 30 16:42:44 charon: 16[ENC] generating ID_PROT response 0 [ ID HASH ]
Jan 30 16:42:44 charon: 16[IKE] maximum IKE_SA lifetime 28683s
Jan 30 16:42:44 charon: 16[IKE] <con1000|258>maximum IKE_SA lifetime 28683s
Jan 30 16:42:44 charon: 16[IKE] scheduling reauthentication in 28143s
Jan 30 16:42:44 charon: 16[IKE] <con1000|258>scheduling reauthentication in 28143s
Jan 30 16:42:44 charon: 16[IKE] IKE_SA con1000[258] established between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:42:44 charon: 16[IKE] <con1000|258>IKE_SA con1000[258] established between 195.99.170.125[195.99.170.125]…81.168.48.250[81.168.48.250]
Jan 30 16:42:44 charon: 16[CFG] selected peer config "con1000"
Jan 30 16:42:44 charon: 16[CFG] looking for pre-shared key peer configs matching 195.99.170.125…81.168.48.250[81.168.48.250]
Jan 30 16:42:44 charon: 16[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Jan 30 16:42:44 charon: 16[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:42:44 charon: 16[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (204 bytes)
Jan 30 16:42:44 charon: 16[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jan 30 16:42:44 charon: 16[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 30 16:42:44 charon: 16[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (188 bytes)
Jan 30 16:42:44 charon: 16[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (152 bytes)
Jan 30 16:42:44 charon: 16[ENC] generating ID_PROT response 0 [ SA V V V V ]
Jan 30 16:42:44 charon: 16[IKE] 81.168.48.250 is initiating a Main Mode IKE_SA
Jan 30 16:42:44 charon: 16[IKE] <258> 81.168.48.250 is initiating a Main Mode IKE_SA
Jan 30 16:42:44 charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 30 16:42:44 charon: 16[IKE] <258> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 30 16:42:44 charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 30 16:42:44 charon: 16[IKE] <258> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 30 16:42:44 charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 30 16:42:44 charon: 16[IKE] <258> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 30 16:42:44 charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 30 16:42:44 charon: 16[IKE] <258> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 30 16:42:44 charon: 16[IKE] received NAT-T (RFC 3947) vendor ID
Jan 30 16:42:44 charon: 16[IKE] <258> received NAT-T (RFC 3947) vendor ID
Jan 30 16:42:44 charon: 16[IKE] received DPD vendor ID
Jan 30 16:42:44 charon: 16[IKE] <258> received DPD vendor ID
Jan 30 16:42:44 charon: 16[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Jan 30 16:42:44 charon: 16[NET] received packet: from 81.168.48.250[500] to 195.99.170.125[500] (200 bytes)
Jan 30 16:42:41 charon: 16[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:42:41 charon: 16[ENC] generating INFORMATIONAL_V1 request 3880806261 [ HASH N(DPD_ACK) ]
Jan 30 16:42:41 charon: 16[ENC] parsed INFORMATIONAL_V1 request 2008939906 [ HASH N(DPD) ]
Jan 30 16:42:41 charon: 16[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:42:31 charon: 13[ENC] parsed INFORMATIONAL_V1 request 1750487973 [ HASH N(DPD_ACK) ]
Jan 30 16:42:31 charon: 13[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:42:31 charon: 13[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:42:31 charon: 13[ENC] generating INFORMATIONAL_V1 request 3840507214 [ HASH N(DPD) ]
Jan 30 16:42:31 charon: 13[IKE] sending DPD request
Jan 30 16:42:31 charon: 13[IKE] <con2000|255>sending DPD request
Jan 30 16:42:21 charon: 13[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:42:21 charon: 13[ENC] generating INFORMATIONAL_V1 request 556316801 [ HASH N(DPD_ACK) ]
Jan 30 16:42:21 charon: 13[ENC] parsed INFORMATIONAL_V1 request 2381845583 [ HASH N(DPD) ]
Jan 30 16:42:21 charon: 13[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:42:19 charon: 13[CFG] ignoring acquire, connection attempt pending
Jan 30 16:42:19 charon: 13[KNL] creating acquire job for policy 195.99.170.125/32|/0 === 81.168.48.250/32|/0 with reqid {1}
Jan 30 16:42:11 charon: 13[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:42:11 charon: 13[ENC] generating INFORMATIONAL_V1 request 3279964535 [ HASH N(DPD_ACK) ]
Jan 30 16:42:11 charon: 13[ENC] parsed INFORMATIONAL_V1 request 3755192054 [ HASH N(DPD) ]
Jan 30 16:42:11 charon: 13[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:42:10 charon: 13[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:42:10 charon: 13[IKE] sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:42:10 charon: 13[IKE] <con1000|257>sending retransmit 5 of request message ID 0, seq 1
Jan 30 16:42:01 charon: 13[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:42:01 charon: 13[ENC] generating INFORMATIONAL_V1 request 3462187374 [ HASH N(DPD_ACK) ]
Jan 30 16:42:01 charon: 13[ENC] parsed INFORMATIONAL_V1 request 2702747715 [ HASH N(DPD) ]
Jan 30 16:42:01 charon: 13[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:41:52 charon: 13[CFG] ignoring acquire, connection attempt pending
Jan 30 16:41:52 charon: 13[KNL] creating acquire job for policy 195.99.170.125/32|/0 === 81.168.48.250/32|/0 with reqid {1}
Jan 30 16:41:51 charon: 13[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:41:51 charon: 13[ENC] generating INFORMATIONAL_V1 request 85986942 [ HASH N(DPD_ACK) ]
Jan 30 16:41:51 charon: 13[ENC] parsed INFORMATIONAL_V1 request 977990986 [ HASH N(DPD) ]
Jan 30 16:41:51 charon: 13[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:41:41 charon: 06[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:41:41 charon: 06[ENC] generating INFORMATIONAL_V1 request 4140697257 [ HASH N(DPD_ACK) ]
Jan 30 16:41:41 charon: 06[ENC] parsed INFORMATIONAL_V1 request 68026169 [ HASH N(DPD) ]
Jan 30 16:41:41 charon: 06[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:41:31 charon: 06[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:41:31 charon: 06[ENC] generating INFORMATIONAL_V1 request 646642700 [ HASH N(DPD_ACK) ]
Jan 30 16:41:31 charon: 06[ENC] parsed INFORMATIONAL_V1 request 3705742781 [ HASH N(DPD) ]
Jan 30 16:41:31 charon: 06[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:41:30 charon: 06[CFG] ignoring acquire, connection attempt pending
Jan 30 16:41:30 charon: 06[KNL] creating acquire job for policy 195.99.170.125/32|/0 === 81.168.48.250/32|/0 with reqid {1}
Jan 30 16:41:28 charon: 06[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:41:28 charon: 06[IKE] sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:41:28 charon: 06[IKE] <con1000|257>sending retransmit 4 of request message ID 0, seq 1
Jan 30 16:41:21 charon: 06[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:41:21 charon: 06[ENC] generating INFORMATIONAL_V1 request 981208545 [ HASH N(DPD_ACK) ]
Jan 30 16:41:21 charon: 06[ENC] parsed INFORMATIONAL_V1 request 2475012631 [ HASH N(DPD) ]
Jan 30 16:41:21 charon: 06[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:41:11 charon: 06[NET] sending packet: from 195.99.170.125[500] to 212.38.169.250[500] (92 bytes)
Jan 30 16:41:11 charon: 06[ENC] generating INFORMATIONAL_V1 request 3584528621 [ HASH N(DPD_ACK) ]
Jan 30 16:41:11 charon: 06[ENC] parsed INFORMATIONAL_V1 request 2979351022 [ HASH N(DPD) ]
Jan 30 16:41:11 charon: 06[NET] received packet: from 212.38.169.250[500] to 195.99.170.125[500] (92 bytes)
Jan 30 16:41:05 charon: 06[CFG] ignoring acquire, connection attempt pending
Jan 30 16:41:05 charon: 13[KNL] creating acquire job for policy 195.99.170.125/32|/0 === 81.168.48.250/32|/0 with reqid {1}
Jan 30 16:41:05 charon: 13[NET] sending packet: from 195.99.170.125[500] to 81.168.48.250[500] (196 bytes)
Jan 30 16:41:05 charon: 13[IKE] sending retransmit 3 of request message ID 0, seq 1
Jan 30 16:41:05 c</con1000|257></con1000|257></con2000|255></con1000|258></con1000|258></con1000|258></con1000|258></con1000|258></con1000|258></con1000|258></con1000|258></con1000|259></con1000|259></con1000|259></con1000|259></con1000|257></con1000|257></con1000|257></con1000|257></con1000|257></con1000|257></con1000|257></con1000|257></con1000|259></con1000|259></con1000|259></con1000|259></con1000|260></con1000|260></con1000|261></con1000|261></con1000|261></con1000|261></con1000|260></con1000|260></con2000|255></con2000|255></con2000|255></con1000|257></con1000|257></con1000|257></con1000|260></con1000|257></con2000|255></con1000|257></con2000|255></con1000|257></con2000|255></con2000|255></con1000|260></con2000|255></con1000|257></con2000|255></con2000|255></con1000|257></con2000|255></con1000|260></con1000|260></con1000|260></con2000|255></con1000|260></con1000|260></con2000|255></con1000|260></con2000|255></con2000|255></con1000|257></con1000|257></con1000|260></con2000|255></con2000|255></con2000|255></con2000|255></con1000|260></con2000|255></con2000|255></con2000|255></con2000|255></con2000|255></con2000|255></con2000|255></con2000|255></con1000|260></con1000|260></con1000|260></con1000|260></con2000|255></con1000|260></con2000|255></con1000|260></con2000|255></con2000|255> -
Yeah - There has been lots of IPSEC issues but people seem to have fixes. I'm sure one will be along shortly.
-
Pretty clear it was IPsec, given we're on the IPsec board, and that's what charon does. :)
uk26: could you get me into that system to dig into it further? PM me and we can arrange something.
-
Oooooooooppppsss.
-
Hi,
I have noticed when the issue appears there is then an established connection and a connecting connection for the same vpn link. restarting it removes the duplicate and then the vpn will time out for a few minutes and then the duplicate is back again.
-
Are your lifetimes matching on both sides?
Are the DPD timers low? -
I was able to go through this with uk26 and found a couple potential issues, and an explanation for the "peer not responding" in the logs there.
The Draytek on the opposite side of the affected IPsec connection was configured as initiator-only. So when the pfSense side was trying to initiate the connection, the Draytek just ignored it (as it was configured to do).
What happened in the drop in that particular instance is the Draytek sent a delete for the child SA, and then waited near 10 seconds to initiate a new child SA. strongswan was attempting to do that before the active SA was deleted, so the connection would stay up, but since the Draytek was configured not to reply it just timed out over and over trying to bring up a new SA to keep the connection up. When the Draytek kicked off negotiation about 10 seconds after it told strongswan to delete the existing SA, it was successful, and came back up.
The logs from the Draytek from that time period weren't available, so we only have half the story from that instance. It's now logging to another machine in case any problems come back up.
The Draytek was also configured to use 10.0.0.254/24 rather than 10.0.0.0/24. Though there weren't any indications that was causing any issues, it's technically incorrect and was changed to 10.0.0.0/24 to match what's on the pfSense side.
I suspect now that the Draytek is configured to be either initiator or responder that this issue will go away. Why there was a behavior change between racoon and strongswan there I'm not sure.
uk26 - follow up and let us know how things are going.
-
so far seems ok. getting the odd packet loss over the VPN link. ping external IP of PFsense and no packet loss.
will keep monitoring
-
I am also facing major issues with IPSec since upgrading from 2.1.5 to 2.2
I have a tunnel between our office and our cloud provider with 5 phase 2 entries. It is configured with PSK, 3DES, SHA1 and DH Group 2.
It is completely random which of the 5 will work and even sometimes all 5 work together but very seldom. Stopping and starting IPSec sometimes has an effect on which links are up and which are down. HAving the link up does not guarantee that it will work though. Links show up but no traffic goes over them. I have tried to remove everything and reconfigure it again but still no luck.
Just to give some additional information, it is running on a Supermicro D525 on a USB since the new OS will not install to the discs. Tried every option in the Bios but after formatting and setting volumes it fails with Error Code 19. Only way to get it back was to run it off USB. So all in all a very bad experience upgrading to 2.2
Let me know what information I need to send for the IPSec debugging. Major issue for me right now.
I have 2 other boxes (different HW) all running fine in other offices around the world, but unfortunately this is our main office and 24 hours of broken internet so far!
-
I am also facing major issues with IPSec since upgrading from 2.1.5 to 2.2
Start your own topic please.
-
The option to control the behaviour as a responder only will be on 2.2.1