Nov 15 08:08:13 kevinolos systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf. Nov 15 08:08:13 kevinolos ipsec[2553]: Starting strongSwan 5.6.0 IPsec [starter]... Nov 15 08:08:14 kevinolos kernel: [ 33.300756] NET: Registered protocol family 15 Nov 15 08:08:14 kevinolos kernel: [ 33.366041] Initializing XFRM netlink socket Nov 15 08:08:14 kevinolos charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.0, Linux 4.14.0-rc7+, x86_64) Nov 15 08:08:14 kevinolos charon: 00[CFG] PKCS11 module '' lacks library path Nov 15 08:08:14 kevinolos kernel: [ 33.510756] AVX2 or AES-NI instructions are not detected. Nov 15 08:08:14 kevinolos kernel: [ 33.561330] alg: No test for xcbc(camellia) (xcbc(camellia-asm)) Nov 15 08:08:14 kevinolos kernel: [ 33.597914] alg: No test for rfc3686(ctr(camellia)) (rfc3686(ctr-camellia-aesni)) Nov 15 08:08:14 kevinolos kernel: [ 33.710137] AVX2 instructions are not detected. Nov 15 08:08:14 kevinolos charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Nov 15 08:08:14 kevinolos charon: 00[CFG] loaded ca certificate "DC=com, DC=XXX" from '/etc/ipsec.d/cacerts/hcs.pem' Nov 15 08:08:14 kevinolos charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Nov 15 08:08:14 kevinolos charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Nov 15 08:08:14 kevinolos charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Nov 15 08:08:14 kevinolos charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Nov 15 08:08:14 kevinolos ipsec[2553]: charon (2579) started after 480 ms Nov 15 08:08:14 kevinolos charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Nov 15 08:08:14 kevinolos charon: 00[CFG] loaded IKE secret for X.X.X.X %any Nov 15 08:08:14 kevinolos charon: 00[CFG] loaded 0 RADIUS server configurations Nov 15 08:08:14 kevinolos charon: 00[CFG] HA config misses local/remote address Nov 15 08:08:14 kevinolos charon: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aesni aes rc2 sha2 sha1 md5 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity Nov 15 08:08:14 kevinolos charon: 00[LIB] dropped capabilities, running as uid 0, gid 0 Nov 15 08:08:14 kevinolos charon: 00[JOB] spawning 16 worker threads Nov 15 08:08:14 kevinolos charon: 09[CFG] received stroke: add connection 'hcs' Nov 15 08:08:14 kevinolos charon: 09[CFG] added configuration 'hcs' Nov 15 08:08:15 kevinolos charon: 04[CFG] received stroke: initiate 'hcs' Nov 15 08:08:15 kevinolos charon: 06[IKE] initiating Main Mode IKE_SA hcs[1] to X.X.X.X Nov 15 08:08:15 kevinolos charon: 06[ENC] generating ID_PROT request 0 [ SA V V V V V ] Nov 15 08:08:15 kevinolos charon: 06[NET] sending packet: from 192.168.21.10[500] to X.X.X.X[500] (212 bytes) Nov 15 08:08:15 kevinolos charon: 05[NET] received packet: from X.X.X.X[500] to 192.168.21.10[500] (156 bytes) Nov 15 08:08:16 kevinolos charon: 05[ENC] parsed ID_PROT response 0 [ SA V V V V ] Nov 15 08:08:16 kevinolos charon: 05[IKE] received XAuth vendor ID Nov 15 08:08:16 kevinolos charon: 05[IKE] received NAT-T (RFC 3947) vendor ID Nov 15 08:08:16 kevinolos charon: 05[IKE] received DPD vendor ID Nov 15 08:08:16 kevinolos charon: 05[IKE] received FRAGMENTATION vendor ID Nov 15 08:08:16 kevinolos charon: 05[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] Nov 15 08:08:16 kevinolos charon: 05[NET] sending packet: from 192.168.21.10[500] to X.X.X.X[500] (244 bytes) Nov 15 08:08:16 kevinolos charon: 07[NET] received packet: from X.X.X.X[500] to 192.168.21.10[500] (228 bytes) Nov 15 08:08:16 kevinolos charon: 07[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] Nov 15 08:08:16 kevinolos charon: 07[IKE] local host is behind NAT, sending keep alives Nov 15 08:08:16 kevinolos charon: 07[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] Nov 15 08:08:16 kevinolos charon: 07[NET] sending packet: from 192.168.21.10[4500] to X.X.X.X[4500] (100 bytes) Nov 15 08:08:17 kevinolos charon: 08[NET] received packet: from X.X.X.X[4500] to 192.168.21.10[4500] (92 bytes) Nov 15 08:08:17 kevinolos charon: 08[ENC] parsed ID_PROT response 0 [ ID HASH V ] Nov 15 08:08:17 kevinolos charon: 08[IKE] received DPD vendor ID Nov 15 08:08:17 kevinolos charon: 08[IKE] IKE_SA hcs[1] established between 192.168.21.10[192.168.21.10]...X.X.X.X[X.X.X.X] Nov 15 08:08:17 kevinolos charon: 08[IKE] scheduling reauthentication in 10245s Nov 15 08:08:17 kevinolos charon: 08[IKE] maximum IKE_SA lifetime 10785s Nov 15 08:08:17 kevinolos charon: 08[ENC] generating QUICK_MODE request 288079573 [ HASH SA No KE ID ID NAT-OA NAT-OA ] Nov 15 08:08:17 kevinolos charon: 08[NET] sending packet: from 192.168.21.10[4500] to X.X.X.X[4500] (356 bytes) Nov 15 08:08:17 kevinolos charon: 10[NET] received packet: from X.X.X.X[4500] to 192.168.21.10[4500] (308 bytes) Nov 15 08:08:17 kevinolos charon: 10[ENC] parsed QUICK_MODE response 288079573 [ HASH SA No KE ID ID NAT-OA NAT-OA ] Nov 15 08:08:17 kevinolos ipsec[2553]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.0, Linux 4.14.0-rc7+, x86_64) Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] PKCS11 module '' lacks library path Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] loaded ca certificate "DC=com, DC=XXX" from '/etc/ipsec.d/cacerts/hcs.pem' Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] loading crls from '/etc/ipsec.d/crls' Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] loading secrets from '/etc/ipsec.secrets' Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] loaded IKE secret for X.X.X.X %any Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] loaded 0 RADIUS server configurations Nov 15 08:08:17 kevinolos ipsec[2553]: 00[CFG] HA config misses local/remote address Nov 15 08:08:17 kevinolos ipsec[2553]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aesni aes rc2 sha2 sha1 md5 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity Nov 15 08:08:17 kevinolos ipsec[2553]: 00[LIB] dropped capabilities, running as uid 0, gid 0 Nov 15 08:08:17 kevinolos ipsec[2553]: 00[JOB] spawning 16 worker threads Nov 15 08:08:17 kevinolos ipsec[2553]: 09[CFG] received stroke: add connection 'hcs' Nov 15 08:08:17 kevinolos ipsec[2553]: 09[CFG] added configuration 'hcs' Nov 15 08:08:17 kevinolos ipsec[2553]: 04[CFG] received stroke: initiate 'hcs' Nov 15 08:08:17 kevinolos ipsec[2553]: 06[IKE] initiating Main Mode IKE_SA hcs[1] to X.X.X.X Nov 15 08:08:17 kevinolos ipsec[2553]: 06[ENC] generating ID_PROT request 0 [ SA V V V V V ] Nov 15 08:08:17 kevinolos ipsec[2553]: 06[NET] sending packet: from 192.168.21.10[500] to X.X.X.X[500] (212 bytes) Nov 15 08:08:17 kevinolos ipsec[2553]: 05[NET] received packet: from X.X.X.X[500] to 192.168.21.10[500] (156 bytes) Nov 15 08:08:17 kevinolos ipsec[2553]: 05[ENC] parsed ID_PROT response 0 [ SA V V V V ] Nov 15 08:08:17 kevinolos ipsec[2553]: 05[IKE] received XAuth vendor ID Nov 15 08:08:17 kevinolos ipsec[2553]: 05[IKE] received NAT-T (RFC 3947) vendor ID Nov 15 08:08:17 kevinolos ipsec[2553]: 05[IKE] received DPD vendor ID Nov 15 08:08:17 kevinolos ipsec[2553]: 05[IKE] received FRAGMENTATION vendor ID Nov 15 08:08:17 kevinolos ipsec[2553]: 05[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] Nov 15 08:08:17 kevinolos ipsec[2553]: 05[NET] sending packet: from 192.168.21.10[500] to X.X.X.X[500] (244 bytes) Nov 15 08:08:17 kevinolos ipsec[2553]: 07[NET] received packet: from X.X.X.X[500] to 192.168.21.10[500] (228 bytes) Nov 15 08:08:17 kevinolos ipsec[2553]: 07[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] Nov 15 08:08:17 kevinolos ipsec[2553]: 07[IKE] local host is behind NAT, sending keep alives Nov 15 08:08:17 kevinolos ipsec[2553]: 07[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] Nov 15 08:08:17 kevinolos ipsec[2553]: 07[NET] sending packet: from 192.168.21.10[4500] to X.X.X.X[4500] (100 bytes) Nov 15 08:08:17 kevinolos ipsec[2553]: 08[NET] received packet: from X.X.X.X[4500] to 192.168.21.10[4500] (92 bytes) Nov 15 08:08:17 kevinolos ipsec[2553]: 08[ENC] parsed ID_PROT response 0 [ ID HASH V ] Nov 15 08:08:17 kevinolos ipsec[2553]: 08[IKE] received DPD vendor ID Nov 15 08:08:17 kevinolos ipsec[2553]: 08[IKE] IKE_SA hcs[1] established between 192.168.21.10[192.168.21.10]...X.X.X.X[X.X.X.X] Nov 15 08:08:17 kevinolos ipsec[2553]: 08[IKE] scheduling reauthentication in 10245s Nov 15 08:08:17 kevinolos ipsec[2553]: 08[IKE] maximum IKE_SA lifetime 10785s Nov 15 08:08:17 kevinolos ipsec[2553]: 08[ENC] generating QUICK_MODE request 288079573 [ HASH SA No KE ID ID NAT-OA NAT-OA ] Nov 15 08:08:17 kevinolos ipsec[2553]: 08[NET] sending packet: from 192.168.21.10[4500] to X.X.X.X[4500] (356 bytes) Nov 15 08:08:17 kevinolos ipsec[2553]: 10[NET] received packet: from X.X.X.X[4500] to 192.168.21.10[4500] (308 bytes) Nov 15 08:08:17 kevinolos charon: 10[IKE] CHILD_SA hcs{1} established with SPIs c7ff3092_i 0f8d840d_o and TS 192.168.21.10/32[udp/l2f] === X.X.X.X/32[udp/l2f] Nov 15 08:08:17 kevinolos charon: 10[ENC] generating QUICK_MODE request 288079573 [ HASH ] Nov 15 08:08:17 kevinolos charon: 10[NET] sending packet: from 192.168.21.10[4500] to X.X.X.X[4500] (60 bytes) Nov 15 08:08:17 kevinolos kernel: [ 36.924216] alg: No test for echainiv(authenc(hmac(sha1),cbc(des3_ede))) (echainiv(authenc(hmac(sha1-generic),cbc(des3_ede-generic)))) Nov 15 08:08:18 kevinolos systemd[1]: Starting LSB: layer 2 tunelling protocol daemon... Nov 15 08:08:18 kevinolos xl2tpd[2969]: setsockopt recvref[30]: Protocol not available Nov 15 08:08:18 kevinolos kernel: [ 37.356110] PPP generic driver version 2.4.2 Nov 15 08:08:18 kevinolos kernel: [ 37.361628] NET: Registered protocol family 24 Nov 15 08:08:18 kevinolos kernel: [ 37.382853] l2tp_core: L2TP core driver, V2.0 Nov 15 08:08:18 kevinolos kernel: [ 37.389878] l2tp_netlink: L2TP netlink interface Nov 15 08:08:18 kevinolos xl2tpd[2969]: Using l2tp kernel support. Nov 15 08:08:18 kevinolos xl2tpd[2965]: Starting xl2tpd: xl2tpd. Nov 15 08:08:18 kevinolos systemd[1]: Started LSB: layer 2 tunelling protocol daemon. Nov 15 08:08:18 kevinolos xl2tpd[2982]: xl2tpd version xl2tpd-1.3.10 started on kevinolos PID:2982 Nov 15 08:08:18 kevinolos xl2tpd[2982]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Nov 15 08:08:18 kevinolos xl2tpd[2982]: Forked by Scott Balmos and David Stipp, (C) 2001 Nov 15 08:08:18 kevinolos xl2tpd[2982]: Inherited by Jeff McAdams, (C) 2002 Nov 15 08:08:18 kevinolos xl2tpd[2982]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Nov 15 08:08:18 kevinolos xl2tpd[2982]: Listening on IP address 0.0.0.0, port 1701 Nov 15 08:08:18 kevinolos kernel: [ 37.397585] l2tp_ppp: PPPoL2TP kernel driver, V2.0 Nov 15 08:08:18 kevinolos xl2tpd[2982]: get_call: allocating new tunnel for host X.X.X.X, port 1701. Nov 15 08:08:18 kevinolos xl2tpd[2982]: Connecting to host X.X.X.X, port 1701 Nov 15 08:08:18 kevinolos xl2tpd[2982]: control_finish: message type is (null)(0). Tunnel is 0, call is 0. Nov 15 08:08:18 kevinolos xl2tpd[2982]: control_finish: sending SCCRQ Nov 15 08:08:18 kevinolos charon: 09[KNL] creating acquire job for policy 192.168.21.10/32[udp/l2f] === X.X.X.X/32[udp/l2f] with reqid {1} Nov 15 08:08:18 kevinolos charon: 12[CFG] trap not found, unable to acquire reqid 1 Nov 15 08:08:19 kevinolos xl2tpd[2982]: network_thread: select timeout Nov 15 08:08:24 kevinolos xl2tpd[2982]: network_thread: select timeout Nov 15 08:08:28 kevinolos xl2tpd[2982]: network_thread: select timeout Nov 15 08:08:36 kevinolos xl2tpd[2982]: network_thread: select timeout Nov 15 08:08:44 kevinolos charon: 05[IKE] sending keep alive to X.X.X.X[4500] Nov 15 08:08:52 kevinolos xl2tpd[2982]: network_thread: select timeout Nov 15 08:08:52 kevinolos xl2tpd[2982]: Maximum retries exceeded for tunnel 33232. Closing. Nov 15 08:08:52 kevinolos xl2tpd[2982]: Connection 0 closed to X.X.X.X, port 1701 (Timeout) Nov 15 08:08:53 kevinolos xl2tpd[2982]: network_thread: select timeout