IPSec stops working after a while until pfsense reboot
-
I have the strange issue that my IPSec VPN is basically working (I can connect from phone or desktop PC just fine), but after a while, maybe a week or two, it suddenly stops working. It seems like I can connect, but trying to reach any host on the network fails/times out.
After rebooting the pfsense box it will be fine again.I am running version 2.3.4-RELEASE (i386) on an older pfsense appliance, maybe SG-2220 or something (I would have to look this up).
This is the VPN log in a broken situation:
Mar 12 18:59:06 charon 07[NET] <93> received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (763 bytes) Mar 12 18:59:06 charon 07[ENC] <93> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ] Mar 12 18:59:06 charon 07[IKE] <93> received FRAGMENTATION vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received NAT-T (RFC 3947) vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received draft-ietf-ipsec-nat-t-ike vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received draft-ietf-ipsec-nat-t-ike-08 vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received draft-ietf-ipsec-nat-t-ike-07 vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received draft-ietf-ipsec-nat-t-ike-06 vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received draft-ietf-ipsec-nat-t-ike-05 vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received draft-ietf-ipsec-nat-t-ike-04 vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received XAuth vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received Cisco Unity vendor ID Mar 12 18:59:06 charon 07[IKE] <93> received DPD vendor ID Mar 12 18:59:06 charon 07[IKE] <93> xxx.xxx.xxx.xxx is initiating a Aggressive Mode IKE_SA Mar 12 18:59:06 charon 07[CFG] <93> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048 Mar 12 18:59:06 charon 07[CFG] <93> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Mar 12 18:59:06 charon 07[IKE] <93> no proposal found Mar 12 18:59:06 charon 07[ENC] <93> generating INFORMATIONAL_V1 request 3420768250 [ N(NO_PROP) ] Mar 12 18:59:06 charon 07[NET] <93> sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (56 bytes) Mar 12 18:59:06 charon 07[NET] <94> received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (763 bytes) Mar 12 18:59:06 charon 07[ENC] <94> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ] Mar 12 18:59:06 charon 07[IKE] <94> received FRAGMENTATION vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received NAT-T (RFC 3947) vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received draft-ietf-ipsec-nat-t-ike vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received draft-ietf-ipsec-nat-t-ike-08 vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received draft-ietf-ipsec-nat-t-ike-07 vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received draft-ietf-ipsec-nat-t-ike-06 vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received draft-ietf-ipsec-nat-t-ike-05 vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received draft-ietf-ipsec-nat-t-ike-04 vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received XAuth vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received Cisco Unity vendor ID Mar 12 18:59:06 charon 07[IKE] <94> received DPD vendor ID Mar 12 18:59:06 charon 07[IKE] <94> xxx.xxx.xxx.xxx is initiating a Aggressive Mode IKE_SA Mar 12 18:59:06 charon 07[CFG] <94> looking for XAuthInitPSK peer configs matching xxx.xxx.xxx.xxx...xxx.xxx.xxx.xxx[mygroup] Mar 12 18:59:06 charon 07[CFG] <94> selected peer config "con1" Mar 12 18:59:06 charon 07[ENC] <con1|94> generating AGGRESSIVE response 0 [ SA KE No ID V V V V NAT-D NAT-D HASH ] Mar 12 18:59:06 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (412 bytes) Mar 12 18:59:06 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (100 bytes) Mar 12 18:59:06 charon 07[ENC] <con1|94> parsed AGGRESSIVE request 0 [ HASH NAT-D NAT-D ] Mar 12 18:59:06 charon 07[IKE] <con1|94> local host is behind NAT, sending keep alives Mar 12 18:59:06 charon 07[IKE] <con1|94> remote host is behind NAT Mar 12 18:59:06 charon 07[ENC] <con1|94> generating TRANSACTION request 787153111 [ HASH CPRQ(X_USER X_PWD) ] Mar 12 18:59:06 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (76 bytes) Mar 12 18:59:06 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 18:59:06 charon 07[ENC] <con1|94> parsed INFORMATIONAL_V1 request 1028131866 [ HASH N(INITIAL_CONTACT) ] Mar 12 18:59:06 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 18:59:06 charon 07[ENC] <con1|94> parsed TRANSACTION response 787153111 [ HASH CPRP(X_USER X_PWD) ] Mar 12 18:59:07 charon user 'pf' authenticated Mar 12 18:59:07 charon 07[IKE] <con1|94> XAuth-SCRIPT succeeded for user 'xxx'. Mar 12 18:59:07 charon 07[IKE] <con1|94> XAuth authentication of 'xxx' successful Mar 12 18:59:07 charon 07[ENC] <con1|94> generating TRANSACTION request 1874065729 [ HASH CPS(X_STATUS) ] Mar 12 18:59:07 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (76 bytes) Mar 12 18:59:07 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (76 bytes) Mar 12 18:59:07 charon 07[ENC] <con1|94> parsed TRANSACTION response 1874065729 [ HASH CPA(X_STATUS) ] Mar 12 18:59:07 charon 07[IKE] <con1|94> IKE_SA con1[94] established between xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]...xxx.xxx.xxx.xxx[mygroup] Mar 12 18:59:07 charon 07[IKE] <con1|94> scheduling reauthentication in 85601s Mar 12 18:59:07 charon 07[IKE] <con1|94> maximum IKE_SA lifetime 86141s Mar 12 18:59:07 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (172 bytes) Mar 12 18:59:07 charon 07[ENC] <con1|94> unknown attribute type (28683) Mar 12 18:59:07 charon 07[ENC] <con1|94> parsed TRANSACTION request 74808596 [ HASH CPRQ(ADDR MASK DNS NBNS EXP VER U_BANNER U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN U_PFS U_SAVEPWD U_FWTYPE U_BKPSRV (28683)) ] Mar 12 18:59:07 charon 07[IKE] <con1|94> peer requested virtual IP %any Mar 12 18:59:07 charon 07[CFG] <con1|94> reassigning offline lease to 'xxx' Mar 12 18:59:07 charon 07[IKE] <con1|94> assigning virtual IP xxx.xxx.xxx.xxx to peer 'xxx' Mar 12 18:59:07 charon 07[ENC] <con1|94> generating TRANSACTION response 74808596 [ HASH CPRP(ADDR SUBNET U_SPLITINC U_SAVEPWD) ] Mar 12 18:59:07 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (108 bytes) Mar 12 18:59:08 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (300 bytes) Mar 12 18:59:08 charon 07[ENC] <con1|94> parsed QUICK_MODE request 3923024889 [ HASH SA No ID ID ] Mar 12 18:59:08 charon 07[IKE] <con1|94> received 3600s lifetime, configured 28800s Mar 12 18:59:08 charon 07[ENC] <con1|94> generating QUICK_MODE response 3923024889 [ HASH SA No ID ID ] Mar 12 18:59:08 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (172 bytes) Mar 12 18:59:08 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (60 bytes) Mar 12 18:59:08 charon 07[ENC] <con1|94> parsed QUICK_MODE request 3923024889 [ HASH ] Mar 12 18:59:08 charon 07[KNL] <con1|94> error sending to PF_KEY socket: No buffer space available Mar 12 18:59:08 charon 07[KNL] <con1|94> unable to delete SAD entry with SPI c5af3fd8 Mar 12 18:59:08 charon 07[KNL] <con1|94> deleting SPI allocation SA failed Mar 12 18:59:08 charon 07[KNL] <con1|94> error sending to PF_KEY socket: No buffer space available Mar 12 18:59:08 charon 07[KNL] <con1|94> unable to add SAD entry with SPI c5af3fd8 Mar 12 18:59:08 charon 07[KNL] <con1|94> error sending to PF_KEY socket: No buffer space available Mar 12 18:59:08 charon 07[KNL] <con1|94> unable to add SAD entry with SPI 09273df2 Mar 12 18:59:08 charon 07[IKE] <con1|94> unable to install inbound and outbound IPsec SA (SAD) in kernel Mar 12 18:59:08 charon 07[KNL] <con1|94> error sending to PF_KEY socket: No buffer space available Mar 12 18:59:08 charon 07[KNL] <con1|94> unable to delete SAD entry with SPI c5af3fd8 Mar 12 18:59:08 charon 07[KNL] <con1|94> error sending to PF_KEY socket: No buffer space available Mar 12 18:59:08 charon 07[KNL] <con1|94> unable to delete SAD entry with SPI 09273df2 Mar 12 18:59:08 charon 07[IKE] <con1|94> sending DELETE for ESP CHILD_SA with SPI 09273df2 Mar 12 18:59:08 charon 07[ENC] <con1|94> generating INFORMATIONAL_V1 request 341291479 [ HASH D ] Mar 12 18:59:08 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (76 bytes) Mar 12 18:59:19 charon 07[IKE] <con1|94> sending DPD request Mar 12 18:59:19 charon 07[ENC] <con1|94> generating INFORMATIONAL_V1 request 3642159767 [ HASH N(DPD) ] Mar 12 18:59:19 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (92 bytes) Mar 12 18:59:20 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 18:59:20 charon 07[ENC] <con1|94> parsed INFORMATIONAL_V1 request 3941502936 [ HASH N(DPD_ACK) ] Mar 12 18:59:30 charon 07[IKE] <con1|94> sending DPD request Mar 12 18:59:30 charon 07[ENC] <con1|94> generating INFORMATIONAL_V1 request 1264480377 [ HASH N(DPD) ] Mar 12 18:59:30 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (92 bytes) Mar 12 18:59:30 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 18:59:30 charon 07[ENC] <con1|94> parsed INFORMATIONAL_V1 request 2379291010 [ HASH N(DPD_ACK) ] Mar 12 18:59:41 charon 07[IKE] <con1|94> sending DPD request Mar 12 18:59:41 charon 07[ENC] <con1|94> generating INFORMATIONAL_V1 request 1447579793 [ HASH N(DPD) ] Mar 12 18:59:41 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (92 bytes) Mar 12 18:59:41 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 18:59:41 charon 07[ENC] <con1|94> parsed INFORMATIONAL_V1 request 3978166104 [ HASH N(DPD_ACK) ] Mar 12 18:59:52 charon 07[IKE] <con1|94> sending DPD request Mar 12 18:59:52 charon 07[ENC] <con1|94> generating INFORMATIONAL_V1 request 1877688596 [ HASH N(DPD) ] Mar 12 18:59:52 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (92 bytes) Mar 12 18:59:53 charon 07[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 18:59:53 charon 07[ENC] <con1|94> parsed INFORMATIONAL_V1 request 467361596 [ HASH N(DPD_ACK) ] Mar 12 19:00:03 charon 07[IKE] <con1|94> sending DPD request Mar 12 19:00:03 charon 07[ENC] <con1|94> generating INFORMATIONAL_V1 request 2870392734 [ HASH N(DPD) ] Mar 12 19:00:03 charon 07[NET] <con1|94> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[31993] (92 bytes) Mar 12 19:00:03 charon 06[NET] <con1|94> received packet: from xxx.xxx.xxx.xxx[31993] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 19:00:03 charon 06[ENC] <con1|94> parsed INFORMATIONAL_V1 request 1919694588 [ HASH N(DPD_ACK) ]</con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94></con1|94>
And this is how it looks after a reboot:
Mar 12 19:08:31 charon: 09[NET] <3> received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (763 bytes) Mar 12 19:08:31 charon: 09[ENC] <3> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ] Mar 12 19:08:31 charon: 09[IKE] <3> received FRAGMENTATION vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received NAT-T (RFC 3947) vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-08 vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-07 vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-06 vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-05 vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-04 vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received XAuth vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received Cisco Unity vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> received DPD vendor ID Mar 12 19:08:31 charon: 09[IKE] <3> xxx.xxx.xxx.xxx is initiating a Aggressive Mode IKE_SA Mar 12 19:08:31 charon: 09[CFG] <3> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048 Mar 12 19:08:31 charon: 09[CFG] <3> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Mar 12 19:08:31 charon: 09[IKE] <3> no proposal found Mar 12 19:08:31 charon: 09[ENC] <3> generating INFORMATIONAL_V1 request 704167115 [ N(NO_PROP) ] Mar 12 19:08:31 charon: 09[NET] <3> sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (56 bytes) Mar 12 19:08:31 charon: 09[NET] <4> received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (763 bytes) Mar 12 19:08:31 charon: 09[ENC] <4> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ] Mar 12 19:08:31 charon: 09[IKE] <4> received FRAGMENTATION vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received NAT-T (RFC 3947) vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received draft-ietf-ipsec-nat-t-ike vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received draft-ietf-ipsec-nat-t-ike-08 vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received draft-ietf-ipsec-nat-t-ike-07 vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received draft-ietf-ipsec-nat-t-ike-06 vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received draft-ietf-ipsec-nat-t-ike-05 vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received draft-ietf-ipsec-nat-t-ike-04 vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received XAuth vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received Cisco Unity vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> received DPD vendor ID Mar 12 19:08:31 charon: 09[IKE] <4> xxx.xxx.xxx.xxx is initiating a Aggressive Mode IKE_SA Mar 12 19:08:31 charon: 09[CFG] <4> looking for XAuthInitPSK peer configs matching xxx.xxx.xxx.xxx...xxx.xxx.xxx.xxx[mygroup] Mar 12 19:08:31 charon: 09[CFG] <4> selected peer config "con1" Mar 12 19:08:31 charon: 09[ENC] <con1|4> generating AGGRESSIVE response 0 [ SA KE No ID V V V V NAT-D NAT-D HASH ] Mar 12 19:08:31 charon: 09[NET] <con1|4> sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (412 bytes) Mar 12 19:08:31 charon: 09[NET] <con1|4> received packet: from xxx.xxx.xxx.xxx[23133] to xxx.xxx.xxx.xxx[4500] (100 bytes) Mar 12 19:08:31 charon: 09[ENC] <con1|4> parsed AGGRESSIVE request 0 [ HASH NAT-D NAT-D ] Mar 12 19:08:31 charon: 09[IKE] <con1|4> local host is behind NAT, sending keep alives Mar 12 19:08:31 charon: 09[IKE] <con1|4> remote host is behind NAT Mar 12 19:08:31 charon: 09[ENC] <con1|4> generating TRANSACTION request 2745404030 [ HASH CPRQ(X_USER X_PWD) ] Mar 12 19:08:31 charon: 09[NET] <con1|4> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[23133] (76 bytes) Mar 12 19:08:31 charon: 09[NET] <con1|4> received packet: from xxx.xxx.xxx.xxx[23133] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 19:08:31 charon: 09[ENC] <con1|4> parsed INFORMATIONAL_V1 request 606833553 [ HASH N(INITIAL_CONTACT) ] Mar 12 19:08:31 charon: 09[NET] <con1|4> received packet: from xxx.xxx.xxx.xxx[23133] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 19:08:31 charon: 09[ENC] <con1|4> parsed TRANSACTION response 2745404030 [ HASH CPRP(X_USER X_PWD) ] Mar 12 19:08:32 charon: user 'xxx' authenticated Mar 12 19:08:32 charon: 09[IKE] <con1|4> XAuth-SCRIPT succeeded for user 'xxx'. Mar 12 19:08:32 charon: 09[IKE] <con1|4> XAuth authentication of 'xxx' successful Mar 12 19:08:32 charon: 09[ENC] <con1|4> generating TRANSACTION request 3854176480 [ HASH CPS(X_STATUS) ] Mar 12 19:08:32 charon: 09[NET] <con1|4> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[23133] (76 bytes) Mar 12 19:08:32 charon: 09[NET] <con1|4> received packet: from xxx.xxx.xxx.xxx[23133] to xxx.xxx.xxx.xxx[4500] (76 bytes) Mar 12 19:08:32 charon: 09[ENC] <con1|4> parsed TRANSACTION response 3854176480 [ HASH CPA(X_STATUS) ] Mar 12 19:08:32 charon: 09[IKE] <con1|4> IKE_SA con1[4] established between xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]...xxx.xxx.xxx.xxx[mygroup] Mar 12 19:08:32 charon: 09[IKE] <con1|4> scheduling reauthentication in 85438s Mar 12 19:08:32 charon: 09[IKE] <con1|4> maximum IKE_SA lifetime 85978s Mar 12 19:08:32 charon: 15[NET] <con1|4> received packet: from xxx.xxx.xxx.xxx[23133] to xxx.xxx.xxx.xxx[4500] (172 bytes) Mar 12 19:08:32 charon: 15[ENC] <con1|4> unknown attribute type (28683) Mar 12 19:08:32 charon: 15[ENC] <con1|4> parsed TRANSACTION request 367507894 [ HASH CPRQ(ADDR MASK DNS NBNS EXP VER U_BANNER U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN U_xxxS U_SAVEPWD U_FWTYPE U_BKPSRV (28683)) ] Mar 12 19:08:32 charon: 15[IKE] <con1|4> peer requested virtual IP %any Mar 12 19:08:32 charon: 15[CFG] <con1|4> reassigning offline lease to 'xxx' Mar 12 19:08:32 charon: 15[IKE] <con1|4> assigning virtual IP xxx.xxx.xxx.xxx to peer 'xxx' Mar 12 19:08:32 charon: 15[ENC] <con1|4> generating TRANSACTION response 367507894 [ HASH CPRP(ADDR SUBNET U_SPLITINC U_SAVEPWD) ] Mar 12 19:08:32 charon: 15[NET] <con1|4> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[23133] (108 bytes) Mar 12 19:08:33 charon: 15[NET] <con1|4> received packet: from xxx.xxx.xxx.xxx[23133] to xxx.xxx.xxx.xxx[4500] (300 bytes) Mar 12 19:08:33 charon: 15[ENC] <con1|4> parsed QUICK_MODE request 1067071585 [ HASH SA No ID ID ] Mar 12 19:08:33 charon: 15[IKE] <con1|4> received 3600s lifetime, configured 28800s Mar 12 19:08:33 charon: 15[ENC] <con1|4> generating QUICK_MODE response 1067071585 [ HASH SA No ID ID ] Mar 12 19:08:33 charon: 15[NET] <con1|4> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[23133] (172 bytes) Mar 12 19:08:33 charon: 15[NET] <con1|4> received packet: from xxx.xxx.xxx.xxx[23133] to xxx.xxx.xxx.xxx[4500] (60 bytes) Mar 12 19:08:33 charon: 15[ENC] <con1|4> parsed QUICK_MODE request 1067071585 [ HASH ] Mar 12 19:08:33 charon: 15[IKE] <con1|4> CHILD_SA con1{2} established with SPIs cf48d10c_i 003348b1_o and TS xxx.xxx.xxx.xxx/24|/0 === xxx.xxx.xxx.xxx/32|/0 Mar 12 19:08:43 charon: 15[IKE] <con1|4> sending DPD request Mar 12 19:08:43 charon: 15[ENC] <con1|4> generating INFORMATIONAL_V1 request 290792902 [ HASH N(DPD) ] Mar 12 19:08:43 charon: 15[NET] <con1|4> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[23133] (92 bytes) Mar 12 19:08:43 charon: 15[NET] <con1|4> received packet: from xxx.xxx.xxx.xxx[23133] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 19:08:43 charon: 15[ENC] <con1|4> parsed INFORMATIONAL_V1 request 252340332 [ HASH N(DPD_ACK) ] Mar 12 19:08:53 charon: 15[IKE] <con1|4> sending DPD request Mar 12 19:08:53 charon: 15[ENC] <con1|4> generating INFORMATIONAL_V1 request 793729741 [ HASH N(DPD) ] Mar 12 19:08:53 charon: 15[NET] <con1|4> sending packet: from xxx.xxx.xxx.xxx[4500] to xxx.xxx.xxx.xxx[23133] (92 bytes) Mar 12 19:08:53 charon: 15[NET] <con1|4> received packet: from xxx.xxx.xxx.xxx[23133] to xxx.xxx.xxx.xxx[4500] (92 bytes) Mar 12 19:08:53 charon: 15[ENC] <con1|4> parsed INFORMATIONAL_V1 request 3098169530 [ HASH N(DPD_ACK) ]</con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4>
Could someone help me out to fix this?