Aug 05 15:35:37 vedge01-la.us ipsec_starter[2665]: charon (2666) started after 40 ms Aug 05 15:35:37 vedge01-la.us charon[2666]: 06[CFG] received stroke: add connection 'peer-test01-tunnel-1' Aug 05 15:35:37 vedge01-la.us charon[2666]: 06[CFG] left nor right host is our side, assuming left=local Aug 05 15:35:37 vedge01-la.us charon[2666]: 06[CFG] added configuration 'peer-test01-tunnel-1' Aug 05 15:35:38 vedge01-la.us charon[2666]: 07[CFG] rereading secrets Aug 05 15:35:38 vedge01-la.us charon[2666]: 07[CFG] loading secrets from '/etc/ipsec.secrets' Aug 05 15:35:38 vedge01-la.us charon[2666]: 07[CFG] loaded IKE secret for 192.168.50.231 %any 100.100.100.1 Aug 05 15:35:38 vedge01-la.us charon[2666]: 07[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts' Aug 05 15:35:38 vedge01-la.us charon[2666]: 07[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts' Aug 05 15:35:38 vedge01-la.us charon[2666]: 07[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Aug 05 15:35:38 vedge01-la.us charon[2666]: 07[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts' Aug 05 15:35:38 vedge01-la.us charon[2666]: 07[CFG] rereading crls from '/etc/ipsec.d/crls' Aug 05 15:35:38 vedge01-la.us charon[2666]: 09[CFG] received stroke: delete connection 'peer-test01-tunnel-1' Aug 05 15:35:38 vedge01-la.us charon[2666]: 09[CFG] deleted connection 'peer-test01-tunnel-1' Aug 05 15:35:38 vedge01-la.us charon[2666]: 11[CFG] received stroke: add connection 'peer-test01-tunnel-1' Aug 05 15:35:38 vedge01-la.us charon[2666]: 11[CFG] left nor right host is our side, assuming left=local Aug 05 15:35:38 vedge01-la.us charon[2666]: 11[CFG] added configuration 'peer-test01-tunnel-1' Aug 05 15:35:55 vedge01-la.us charon[2666]: 12[CFG] rereading secrets Aug 05 15:35:55 vedge01-la.us charon[2666]: 12[CFG] loading secrets from '/etc/ipsec.secrets' Aug 05 15:35:55 vedge01-la.us charon[2666]: 12[CFG] loaded IKE secret for 100.100.100.1 %any 100.100.100.1 Aug 05 15:35:55 vedge01-la.us charon[2666]: 12[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts' Aug 05 15:35:55 vedge01-la.us charon[2666]: 12[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts' Aug 05 15:35:55 vedge01-la.us charon[2666]: 12[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Aug 05 15:35:55 vedge01-la.us charon[2666]: 12[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts' Aug 05 15:35:55 vedge01-la.us charon[2666]: 12[CFG] rereading crls from '/etc/ipsec.d/crls' Aug 05 15:35:55 vedge01-la.us charon[2666]: 15[CFG] received stroke: delete connection 'peer-test01-tunnel-1' Aug 05 15:35:55 vedge01-la.us charon[2666]: 15[CFG] deleted connection 'peer-test01-tunnel-1' Aug 05 15:35:55 vedge01-la.us charon[2666]: 05[CFG] received stroke: add connection 'peer-test01-tunnel-1' Aug 05 15:35:55 vedge01-la.us charon[2666]: 05[CFG] added configuration 'peer-test01-tunnel-1' Aug 05 15:35:55 vedge01-la.us charon[2666]: 07[CFG] rereading secrets Aug 05 15:35:55 vedge01-la.us charon[2666]: 07[CFG] loading secrets from '/etc/ipsec.secrets' Aug 05 15:35:55 vedge01-la.us charon[2666]: 07[CFG] loaded IKE secret for 100.100.100.1 %any 100.100.100.1 Aug 05 15:35:55 vedge01-la.us charon[2666]: 07[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts' Aug 05 15:35:55 vedge01-la.us charon[2666]: 07[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts' Aug 05 15:35:55 vedge01-la.us charon[2666]: 07[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Aug 05 15:35:55 vedge01-la.us charon[2666]: 07[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts' Aug 05 15:35:55 vedge01-la.us charon[2666]: 07[CFG] rereading crls from '/etc/ipsec.d/crls' Aug 05 15:35:55 vedge01-la.us charon[2666]: 09[CFG] received stroke: delete connection 'peer-test01-tunnel-1' Aug 05 15:35:55 vedge01-la.us charon[2666]: 09[CFG] deleted connection 'peer-test01-tunnel-1' Aug 05 15:35:55 vedge01-la.us charon[2666]: 13[CFG] received stroke: add connection 'peer-test01-tunnel-1' Aug 05 15:35:55 vedge01-la.us charon[2666]: 13[CFG] added configuration 'peer-test01-tunnel-1' Aug 05 15:36:15 vedge01-la.us charon[2666]: 06[CFG] received stroke: terminate 'peer-test01-tunnel-1' Aug 05 15:36:15 vedge01-la.us charon[2666]: 06[CFG] no IKE_SA named 'peer-test01-tunnel-1' found Aug 05 15:36:15 vedge01-la.us charon[2666]: 07[CFG] received stroke: initiate 'peer-test01-tunnel-1' Aug 05 15:36:15 vedge01-la.us charon[2666]: 10[IKE] unable to resolve %any, initiate aborted Aug 05 15:36:15 vedge01-la.us charon[2666]: 10[MGR] tried to checkin and delete nonexisting IKE_SA Aug 05 15:38:14 vedge01-la.us charon[2666]: 11[NET] <2> received packet: from 60.60.60.1[500] to 100.100.100.1[500] (464 bytes) Aug 05 15:38:14 vedge01-la.us charon[2666]: 11[ENC] <2> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Aug 05 15:38:14 vedge01-la.us charon[2666]: 11[IKE] <2> 60.60.60.1 is initiating an IKE_SA Aug 05 15:38:14 vedge01-la.us charon[2666]: 11[CFG] <2> selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 Aug 05 15:38:14 vedge01-la.us charon[2666]: 11[IKE] <2> remote host is behind NAT Aug 05 15:38:14 vedge01-la.us charon[2666]: 11[ENC] <2> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ] Aug 05 15:38:14 vedge01-la.us charon[2666]: 11[NET] <2> sending packet: from 100.100.100.1[500] to 60.60.60.1[500] (464 bytes) Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[NET] <2> received packet: from 60.60.60.1[4500] to 100.100.100.1[4500] (268 bytes) Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[ENC] <2> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(IPCOMP_SUP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[CFG] <2> looking for peer configs matching 100.100.100.1[100.100.100.1]...60.60.60.1[test01] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[CFG] selected peer config 'peer-test01-tunnel-1' Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[IKE] authentication of 'test01' with pre-shared key successful Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[IKE] peer supports MOBIKE Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[IKE] authentication of '100.100.100.1' (myself) with pre-shared key Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[IKE] IKE_SA peer-test01-tunnel-1[2] established between 100.100.100.1[100.100.100.1]...60.60.60.1[test01] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[DMN] thread 12 received 11 Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] dumping 17 stack frame addresses: Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7eff467f3000 [0x7eff46802890] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so @ 0x7eff3c109000 [0x7eff3c116c4c] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so @ 0x7eff3c109000 [0x7eff3c116fac] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so @ 0x7eff3c109000 [0x7eff3c110341] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so @ 0x7eff3c109000 [0x7eff3c11124d] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x7eff46a10000 [0x7eff46a3efcf] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x7eff46a10000 [0x7eff46a3f3d5] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x7eff46a10000 [0x7eff46a3f564] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x7eff46a10000 [0x7eff46a59702] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x7eff46a10000 [0x7eff46a5a0b5] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x7eff46a10000 [0x7eff46a537f6] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x7eff46a10000 [0x7eff46a449b7] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libcharon.so.0 @ 0x7eff46a10000 [0x7eff46a3b1e4] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libstrongswan.so.0 @ 0x7eff46cae000 [0x7eff46ce7613] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /usr/lib/ipsec/libstrongswan.so.0 @ 0x7eff46cae000 [0x7eff46cf98e7] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7eff467f3000 [0x7eff467fb064] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] /lib/x86_64-linux-gnu/libc.so.6 @ 0x7eff46448000 (clone+0x6d) [0x7eff4653062d] Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[LIB] -> Aug 05 15:38:14 vedge01-la.us charon[2666]: 12[DMN] killing ourself, received critical signal Aug 05 15:38:14 vedge01-la.us ipsec_starter[2665]: charon has died -- restart scheduled (5sec) Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 4.19.195-amd64-vyos, x86_64) Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] PKCS11 module '' lacks library path Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[LIB] plugin 'openssl' failed to load: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: version `OPENSSL_1.0.2' not found (required by /usr/lib/ipsec/plugins/libstrongswan-openssl.so) Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[KNL] unable to create IPv4 routing table rule Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[KNL] unable to create IPv6 routing table rule Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] loading crls from '/etc/ipsec.d/crls' Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] loading secrets from '/etc/ipsec.secrets' Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] loaded IKE secret for 100.100.100.1 %any 100.100.100.1 Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] loaded 0 RADIUS server configurations Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[CFG] HA config misses local/remote address Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default bypass-lan connmark stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock counters Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[LIB] dropped capabilities, running as uid 0, gid 0 Aug 05 15:38:19 vedge01-la.us charon[3259]: 00[JOB] spawning 16 worker threads Aug 05 15:38:19 vedge01-la.us ipsec_starter[2665]: charon (3259) started after 40 ms Aug 05 15:38:19 vedge01-la.us charon[3259]: 03[CFG] received stroke: add connection 'peer-test01-tunnel-1' Aug 05 15:38:19 vedge01-la.us charon[3259]: 03[CFG] added configuration 'peer-test01-tunnel-1' Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[KNL] policy already exists, try to update it Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[KNL] policy already exists, try to update it Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[KNL] policy already exists, try to update it Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[IKE] installed bypass policy for 134.159.34.78/31 Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[KNL] policy already exists, try to update it Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[KNL] policy already exists, try to update it Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[KNL] policy already exists, try to update it Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[IKE] installed bypass policy for ::1/128 Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[KNL] policy already exists, try to update it Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[KNL] policy already exists, try to update it Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[KNL] policy already exists, try to update it Aug 05 15:38:19 vedge01-la.us charon[3259]: 05[IKE] installed bypass policy for fe80::/64