Script started on 2020-08-14 17:37:39+00:00 + cat /etc/os-release NAME="CentOS Linux" VERSION="8 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="8" PLATFORM_ID="platform:el8" PRETTY_NAME="CentOS Linux 8 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:8" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-8" CENTOS_MANTISBT_PROJECT_VERSION="8" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="8" + rpm -q strongswan strongswan-5.8.2-5.el8.aarch64 + systemctl stop strongswan-starter.service + cp /dev/null /var/log/charon_debug.log + systemctl start strongswan-starter.service + sleep 5 + swanctl -l tunnel-gw5: #1, ESTABLISHED, IKEv2, b08d93ef3b5bc30a_i* 1dff6e91e496d71c_r local 'C=US, O=W*******, CN=gw1' @ XX.XX.XX.246[4500] remote 'C=US, O=W*******, CN=gw5' @ XX.XX.XX.245[4500] AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 established 5s ago, reauth in 2084s tunnel-gw5: #1, reqid 1, INSTALLED, TRANSPORT, ESP:AES_CBC-256/HMAC_SHA2_256_128 installed 5s ago, rekeying in 28113s, expires in 28795s in c5901459, 0 bytes, 0 packets out c2adcbd9, 0 bytes, 0 packets local XX.XX.XX.246/32[gre] remote XX.XX.XX.245/32[gre] + swanctl -L tunnel-gw5: IKEv2, reauthentication every 3060s, no rekeying, dpd delay 30s local: XX.XX.XX.246 remote: XX.XX.XX.245 local public key authentication: id: C=US, O=W*******, CN=gw1 certs: C=US, O=W*******, CN=gw1 remote public key authentication: id: C=US, O=W*******, CN=gw5 tunnel-gw5: TRANSPORT, rekeying every 28260s, dpd action is restart local: dynamic[gre] remote: dynamic[gre] + cat /etc/strongswan/ipsec.d/conf/base.conf # basic global config settings config setup charondebug="all" uniqueids=yes strictcrlpolicy=no conn %default + cat /etc/strongswan/ipsec.d/conf/gw5.conf # config for gw1 conn tunnel-gw5 # left=XX.XX.XX.246 leftprotoport=47 right=XX.XX.XX.245 rightprotoport=47 ike=aes256-sha2_256-modp1024! esp=aes256-sha2_256! keyingtries=0 ikelifetime=1h lifetime=8h dpddelay=30 dpdtimeout=120 dpdaction=restart authby=pubkey auto=start keyexchange=ikev2 type=transport leftcert=gw1.crt leftid="C=US, O=W*******, CN=gw1" rightid="C=US, O=W*******, CN=gw5" + cat /etc/strongswan/ipsec.d/secrets/gw1 # added by philipp : RSA gw1.key + nft list ruleset table ip filter { chain INPUT { type filter hook input priority filter; policy accept; } chain FORWARD { type filter hook forward priority filter; policy accept; } chain OUTPUT { type filter hook output priority filter; policy accept; } } table ip6 filter { chain INPUT { type filter hook input priority filter; policy accept; } chain FORWARD { type filter hook forward priority filter; policy accept; } chain OUTPUT { type filter hook output priority filter; policy accept; } } table bridge filter { chain INPUT { type filter hook input priority filter; policy accept; } chain FORWARD { type filter hook forward priority filter; policy accept; } chain OUTPUT { type filter hook output priority filter; policy accept; } } table ip security { chain INPUT { type filter hook input priority 150; policy accept; } chain FORWARD { type filter hook forward priority 150; policy accept; } chain OUTPUT { type filter hook output priority 150; policy accept; } } table ip raw { chain PREROUTING { type filter hook prerouting priority raw; policy accept; } chain OUTPUT { type filter hook output priority raw; policy accept; } } table ip mangle { chain PREROUTING { type filter hook prerouting priority mangle; policy accept; } chain INPUT { type filter hook input priority mangle; policy accept; } chain FORWARD { type filter hook forward priority mangle; policy accept; } chain OUTPUT { type route hook output priority mangle; policy accept; } chain POSTROUTING { type filter hook postrouting priority mangle; policy accept; } } table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } chain INPUT { type nat hook input priority 100; policy accept; } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; } chain OUTPUT { type nat hook output priority -100; policy accept; } } table ip6 security { chain INPUT { type filter hook input priority 150; policy accept; } chain FORWARD { type filter hook forward priority 150; policy accept; } chain OUTPUT { type filter hook output priority 150; policy accept; } } table ip6 raw { chain PREROUTING { type filter hook prerouting priority raw; policy accept; } chain OUTPUT { type filter hook output priority raw; policy accept; } } table ip6 mangle { chain PREROUTING { type filter hook prerouting priority mangle; policy accept; } chain INPUT { type filter hook input priority mangle; policy accept; } chain FORWARD { type filter hook forward priority mangle; policy accept; } chain OUTPUT { type route hook output priority mangle; policy accept; } chain POSTROUTING { type filter hook postrouting priority mangle; policy accept; } } table ip6 nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } chain INPUT { type nat hook input priority 100; policy accept; } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; } chain OUTPUT { type nat hook output priority -100; policy accept; } } table bridge nat { chain PREROUTING { type filter hook prerouting priority dstnat; policy accept; } chain OUTPUT { type filter hook output priority out; policy accept; } chain POSTROUTING { type filter hook postrouting priority srcnat; policy accept; } } table inet firewalld { chain raw_PREROUTING { type filter hook prerouting priority raw + 10; policy accept; icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . iif oif missing log prefix "rpfilter_DROP: " drop jump raw_PREROUTING_ZONES_SOURCE jump raw_PREROUTING_ZONES } chain raw_PREROUTING_ZONES_SOURCE { ip saddr 222.184.0.0/13 goto raw_PRE_drop ip saddr 185.156.72.0/22 goto raw_PRE_drop ip saddr 167.71.222.137 goto raw_PRE_drop ip saddr 45.145.64.0/22 goto raw_PRE_drop ip saddr 92.63.192.0/20 goto raw_PRE_drop ip saddr 45.129.33.0/24 goto raw_PRE_drop ip saddr 87.251.64.0/20 goto raw_PRE_drop ip saddr 193.32.160.0/22 goto raw_PRE_drop ip saddr 94.102.48.0/20 goto raw_PRE_drop ip saddr 77.89.192.0/18 goto raw_PRE_drop ip saddr 185.175.92.0/22 goto raw_PRE_drop ip saddr 185.176.24.0/22 goto raw_PRE_drop ip saddr 185.232.28.0/22 goto raw_PRE_drop ip saddr 185.153.196.0/22 goto raw_PRE_drop ip saddr 114.32.0.0/12 goto raw_PRE_drop ip saddr 89.248.160.0/20 goto raw_PRE_drop ip saddr 193.27.228.0/23 goto raw_PRE_drop ip saddr 31.10.5.0/24 goto raw_PRE_drop ip saddr 194.26.29.0/24 goto raw_PRE_drop ip saddr 58.48.0.0/13 goto raw_PRE_drop ip saddr 45.145.64.22 goto raw_PRE_drop ip saddr 92.63.192.0/20 goto raw_PRE_drop ip saddr 195.54.160.0/23 goto raw_PRE_drop ip saddr 194.26.25.0/24 goto raw_PRE_drop } chain raw_PREROUTING_ZONES { iifname "tun-gw5" goto raw_PRE_trusted iifname "dummy0" goto raw_PRE_trusted iifname "eth0" goto raw_PRE_trusted iifname "enp1s0u2u4" goto raw_PRE_public iifname "wlan0" goto raw_PRE_trusted goto raw_PRE_trusted } chain mangle_PREROUTING { type filter hook prerouting priority mangle + 10; policy accept; jump mangle_PREROUTING_ZONES_SOURCE jump mangle_PREROUTING_ZONES } chain mangle_PREROUTING_ZONES_SOURCE { ip saddr 222.184.0.0/13 goto mangle_PRE_drop ip saddr 185.156.72.0/22 goto mangle_PRE_drop ip saddr 167.71.222.137 goto mangle_PRE_drop ip saddr 45.145.64.0/22 goto mangle_PRE_drop ip saddr 92.63.192.0/20 goto mangle_PRE_drop ip saddr 45.129.33.0/24 goto mangle_PRE_drop ip saddr 87.251.64.0/20 goto mangle_PRE_drop ip saddr 193.32.160.0/22 goto mangle_PRE_drop ip saddr 94.102.48.0/20 goto mangle_PRE_drop ip saddr 77.89.192.0/18 goto mangle_PRE_drop ip saddr 185.175.92.0/22 goto mangle_PRE_drop ip saddr 185.176.24.0/22 goto mangle_PRE_drop ip saddr 185.232.28.0/22 goto mangle_PRE_drop ip saddr 185.153.196.0/22 goto mangle_PRE_drop ip saddr 114.32.0.0/12 goto mangle_PRE_drop ip saddr 89.248.160.0/20 goto mangle_PRE_drop ip saddr 193.27.228.0/23 goto mangle_PRE_drop ip saddr 31.10.5.0/24 goto mangle_PRE_drop ip saddr 194.26.29.0/24 goto mangle_PRE_drop ip saddr 58.48.0.0/13 goto mangle_PRE_drop ip saddr 45.145.64.22 goto mangle_PRE_drop ip saddr 92.63.192.0/20 goto mangle_PRE_drop ip saddr 195.54.160.0/23 goto mangle_PRE_drop ip saddr 194.26.25.0/24 goto mangle_PRE_drop } chain mangle_PREROUTING_ZONES { iifname "tun-gw5" goto mangle_PRE_trusted iifname "dummy0" goto mangle_PRE_trusted iifname "eth0" goto mangle_PRE_trusted iifname "enp1s0u2u4" goto mangle_PRE_public iifname "wlan0" goto mangle_PRE_trusted goto mangle_PRE_trusted } chain filter_INPUT { type filter hook input priority filter + 10; policy accept; ct state { established, related } accept ct status dnat accept iifname "lo" accept jump filter_INPUT_ZONES_SOURCE jump filter_INPUT_ZONES ct state { invalid } meta pkttype host log prefix "STATE_INVALID_DROP: " ct state { invalid } drop meta pkttype host log prefix "FINAL_REJECT: " reject with icmpx type admin-prohibited } chain filter_FORWARD { type filter hook forward priority filter + 10; policy accept; ct state { established, related } accept ct status dnat accept iifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 type addr-unreachable jump filter_FORWARD_IN_ZONES_SOURCE jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES_SOURCE jump filter_FORWARD_OUT_ZONES ct state { invalid } meta pkttype host log prefix "STATE_INVALID_DROP: " ct state { invalid } drop meta pkttype host log prefix "FINAL_REJECT: " reject with icmpx type admin-prohibited } chain filter_OUTPUT { type filter hook output priority filter + 10; policy accept; oifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 type addr-unreachable } chain filter_INPUT_ZONES_SOURCE { ip saddr 222.184.0.0/13 goto filter_IN_drop ip saddr 185.156.72.0/22 goto filter_IN_drop ip saddr 167.71.222.137 goto filter_IN_drop ip saddr 45.145.64.0/22 goto filter_IN_drop ip saddr 92.63.192.0/20 goto filter_IN_drop ip saddr 45.129.33.0/24 goto filter_IN_drop ip saddr 87.251.64.0/20 goto filter_IN_drop ip saddr 193.32.160.0/22 goto filter_IN_drop ip saddr 94.102.48.0/20 goto filter_IN_drop ip saddr 77.89.192.0/18 goto filter_IN_drop ip saddr 185.175.92.0/22 goto filter_IN_drop ip saddr 185.176.24.0/22 goto filter_IN_drop ip saddr 185.232.28.0/22 goto filter_IN_drop ip saddr 185.153.196.0/22 goto filter_IN_drop ip saddr 114.32.0.0/12 goto filter_IN_drop ip saddr 89.248.160.0/20 goto filter_IN_drop ip saddr 193.27.228.0/23 goto filter_IN_drop ip saddr 31.10.5.0/24 goto filter_IN_drop ip saddr 194.26.29.0/24 goto filter_IN_drop ip saddr 58.48.0.0/13 goto filter_IN_drop ip saddr 45.145.64.22 goto filter_IN_drop ip saddr 92.63.192.0/20 goto filter_IN_drop ip saddr 195.54.160.0/23 goto filter_IN_drop ip saddr 194.26.25.0/24 goto filter_IN_drop } chain filter_INPUT_ZONES { iifname "tun-gw5" goto filter_IN_trusted iifname "dummy0" goto filter_IN_trusted iifname "eth0" goto filter_IN_trusted iifname "enp1s0u2u4" goto filter_IN_public iifname "wlan0" goto filter_IN_trusted goto filter_IN_trusted } chain filter_FORWARD_IN_ZONES_SOURCE { ip saddr 222.184.0.0/13 goto filter_FWDI_drop ip saddr 185.156.72.0/22 goto filter_FWDI_drop ip saddr 167.71.222.137 goto filter_FWDI_drop ip saddr 45.145.64.0/22 goto filter_FWDI_drop ip saddr 92.63.192.0/20 goto filter_FWDI_drop ip saddr 45.129.33.0/24 goto filter_FWDI_drop ip saddr 87.251.64.0/20 goto filter_FWDI_drop ip saddr 193.32.160.0/22 goto filter_FWDI_drop ip saddr 94.102.48.0/20 goto filter_FWDI_drop ip saddr 77.89.192.0/18 goto filter_FWDI_drop ip saddr 185.175.92.0/22 goto filter_FWDI_drop ip saddr 185.176.24.0/22 goto filter_FWDI_drop ip saddr 185.232.28.0/22 goto filter_FWDI_drop ip saddr 185.153.196.0/22 goto filter_FWDI_drop ip saddr 114.32.0.0/12 goto filter_FWDI_drop ip saddr 89.248.160.0/20 goto filter_FWDI_drop ip saddr 193.27.228.0/23 goto filter_FWDI_drop ip saddr 31.10.5.0/24 goto filter_FWDI_drop ip saddr 194.26.29.0/24 goto filter_FWDI_drop ip saddr 58.48.0.0/13 goto filter_FWDI_drop ip saddr 45.145.64.22 goto filter_FWDI_drop ip saddr 92.63.192.0/20 goto filter_FWDI_drop ip saddr 195.54.160.0/23 goto filter_FWDI_drop ip saddr 194.26.25.0/24 goto filter_FWDI_drop } chain filter_FORWARD_IN_ZONES { iifname "tun-gw5" goto filter_FWDI_trusted iifname "dummy0" goto filter_FWDI_trusted iifname "eth0" goto filter_FWDI_trusted iifname "enp1s0u2u4" goto filter_FWDI_public iifname "wlan0" goto filter_FWDI_trusted goto filter_FWDI_trusted } chain filter_FORWARD_OUT_ZONES_SOURCE { ip daddr 222.184.0.0/13 goto filter_FWDO_drop ip daddr 185.156.72.0/22 goto filter_FWDO_drop ip daddr 167.71.222.137 goto filter_FWDO_drop ip daddr 45.145.64.0/22 goto filter_FWDO_drop ip daddr 92.63.192.0/20 goto filter_FWDO_drop ip daddr 45.129.33.0/24 goto filter_FWDO_drop ip daddr 87.251.64.0/20 goto filter_FWDO_drop ip daddr 193.32.160.0/22 goto filter_FWDO_drop ip daddr 94.102.48.0/20 goto filter_FWDO_drop ip daddr 77.89.192.0/18 goto filter_FWDO_drop ip daddr 185.175.92.0/22 goto filter_FWDO_drop ip daddr 185.176.24.0/22 goto filter_FWDO_drop ip daddr 185.232.28.0/22 goto filter_FWDO_drop ip daddr 185.153.196.0/22 goto filter_FWDO_drop ip daddr 114.32.0.0/12 goto filter_FWDO_drop ip daddr 89.248.160.0/20 goto filter_FWDO_drop ip daddr 193.27.228.0/23 goto filter_FWDO_drop ip daddr 31.10.5.0/24 goto filter_FWDO_drop ip daddr 194.26.29.0/24 goto filter_FWDO_drop ip daddr 58.48.0.0/13 goto filter_FWDO_drop ip daddr 45.145.64.22 goto filter_FWDO_drop ip daddr 92.63.192.0/20 goto filter_FWDO_drop ip daddr 195.54.160.0/23 goto filter_FWDO_drop ip daddr 194.26.25.0/24 goto filter_FWDO_drop } chain filter_FORWARD_OUT_ZONES { oifname "tun-gw5" goto filter_FWDO_trusted oifname "dummy0" goto filter_FWDO_trusted oifname "eth0" goto filter_FWDO_trusted oifname "enp1s0u2u4" goto filter_FWDO_public oifname "wlan0" goto filter_FWDO_trusted goto filter_FWDO_trusted } chain raw_PRE_drop { jump raw_PRE_drop_pre jump raw_PRE_drop_log jump raw_PRE_drop_deny jump raw_PRE_drop_allow jump raw_PRE_drop_post } chain raw_PRE_drop_pre { } chain raw_PRE_drop_log { } chain raw_PRE_drop_deny { } chain raw_PRE_drop_allow { } chain raw_PRE_drop_post { } chain mangle_PRE_drop { jump mangle_PRE_drop_pre jump mangle_PRE_drop_log jump mangle_PRE_drop_deny jump mangle_PRE_drop_allow jump mangle_PRE_drop_post } chain mangle_PRE_drop_pre { } chain mangle_PRE_drop_log { } chain mangle_PRE_drop_deny { } chain mangle_PRE_drop_allow { } chain mangle_PRE_drop_post { } chain filter_IN_drop { jump filter_IN_drop_pre jump filter_IN_drop_log jump filter_IN_drop_deny jump filter_IN_drop_allow jump filter_IN_drop_post meta pkttype host log prefix ""filter_IN_drop_DROP: "" drop } chain filter_IN_drop_pre { } chain filter_IN_drop_log { } chain filter_IN_drop_deny { } chain filter_IN_drop_allow { } chain filter_IN_drop_post { } chain filter_FWDI_drop { jump filter_FWDI_drop_pre jump filter_FWDI_drop_log jump filter_FWDI_drop_deny jump filter_FWDI_drop_allow jump filter_FWDI_drop_post meta pkttype host log prefix ""filter_FWDI_drop_DROP: "" drop } chain filter_FWDI_drop_pre { } chain filter_FWDI_drop_log { } chain filter_FWDI_drop_deny { } chain filter_FWDI_drop_allow { } chain filter_FWDI_drop_post { } chain filter_FWDO_drop { jump filter_FWDO_drop_pre jump filter_FWDO_drop_log jump filter_FWDO_drop_deny jump filter_FWDO_drop_allow jump filter_FWDO_drop_post meta pkttype host log prefix ""filter_FWDO_drop_DROP: "" drop } chain filter_FWDO_drop_pre { } chain filter_FWDO_drop_log { } chain filter_FWDO_drop_deny { } chain filter_FWDO_drop_allow { } chain filter_FWDO_drop_post { } chain raw_PRE_public { jump raw_PRE_public_pre jump raw_PRE_public_log jump raw_PRE_public_deny jump raw_PRE_public_allow jump raw_PRE_public_post } chain raw_PRE_public_pre { } chain raw_PRE_public_log { } chain raw_PRE_public_deny { } chain raw_PRE_public_allow { } chain raw_PRE_public_post { } chain filter_IN_public { jump filter_IN_public_pre jump filter_IN_public_log jump filter_IN_public_deny jump filter_IN_public_allow jump filter_IN_public_post meta l4proto { icmp, ipv6-icmp } accept } chain filter_IN_public_pre { } chain filter_IN_public_log { } chain filter_IN_public_deny { } chain filter_IN_public_allow { tcp dport 22 ct state { new, untracked } accept udp dport 500 ct state { new, untracked } accept udp dport 4500 ct state { new, untracked } accept meta l4proto ah ct state { new, untracked } accept meta l4proto esp ct state { new, untracked } accept } chain filter_IN_public_post { } chain mangle_PRE_public { jump mangle_PRE_public_pre jump mangle_PRE_public_log jump mangle_PRE_public_deny jump mangle_PRE_public_allow jump mangle_PRE_public_post } chain mangle_PRE_public_pre { } chain mangle_PRE_public_log { } chain mangle_PRE_public_deny { } chain mangle_PRE_public_allow { } chain mangle_PRE_public_post { } chain filter_FWDI_public { jump filter_FWDI_public_pre jump filter_FWDI_public_log jump filter_FWDI_public_deny jump filter_FWDI_public_allow jump filter_FWDI_public_post meta l4proto { icmp, ipv6-icmp } accept } chain filter_FWDI_public_pre { } chain filter_FWDI_public_log { } chain filter_FWDI_public_deny { } chain filter_FWDI_public_allow { } chain filter_FWDI_public_post { } chain filter_FWDO_public { jump filter_FWDO_public_pre jump filter_FWDO_public_log jump filter_FWDO_public_deny jump filter_FWDO_public_allow jump filter_FWDO_public_post } chain filter_FWDO_public_pre { } chain filter_FWDO_public_log { } chain filter_FWDO_public_deny { } chain filter_FWDO_public_allow { } chain filter_FWDO_public_post { } chain raw_PRE_trusted { jump raw_PRE_trusted_pre jump raw_PRE_trusted_log jump raw_PRE_trusted_deny jump raw_PRE_trusted_allow jump raw_PRE_trusted_post } chain raw_PRE_trusted_pre { } chain raw_PRE_trusted_log { } chain raw_PRE_trusted_deny { } chain raw_PRE_trusted_allow { } chain raw_PRE_trusted_post { } chain mangle_PRE_trusted { jump mangle_PRE_trusted_pre jump mangle_PRE_trusted_log jump mangle_PRE_trusted_deny jump mangle_PRE_trusted_allow jump mangle_PRE_trusted_post } chain mangle_PRE_trusted_pre { } chain mangle_PRE_trusted_log { } chain mangle_PRE_trusted_deny { } chain mangle_PRE_trusted_allow { } chain mangle_PRE_trusted_post { } chain filter_IN_trusted { jump filter_IN_trusted_pre jump filter_IN_trusted_log jump filter_IN_trusted_deny jump filter_IN_trusted_allow jump filter_IN_trusted_post accept } chain filter_IN_trusted_pre { } chain filter_IN_trusted_log { } chain filter_IN_trusted_deny { } chain filter_IN_trusted_allow { } chain filter_IN_trusted_post { } chain filter_FWDI_trusted { jump filter_FWDI_trusted_pre jump filter_FWDI_trusted_log jump filter_FWDI_trusted_deny jump filter_FWDI_trusted_allow jump filter_FWDI_trusted_post accept } chain filter_FWDI_trusted_pre { } chain filter_FWDI_trusted_log { } chain filter_FWDI_trusted_deny { } chain filter_FWDI_trusted_allow { } chain filter_FWDI_trusted_post { } chain filter_FWDO_trusted { jump filter_FWDO_trusted_pre jump filter_FWDO_trusted_log jump filter_FWDO_trusted_deny jump filter_FWDO_trusted_allow jump filter_FWDO_trusted_post accept } chain filter_FWDO_trusted_pre { } chain filter_FWDO_trusted_log { } chain filter_FWDO_trusted_deny { } chain filter_FWDO_trusted_allow { } chain filter_FWDO_trusted_post { } } table ip firewalld { chain nat_PREROUTING { type nat hook prerouting priority dstnat + 10; policy accept; jump nat_PREROUTING_ZONES_SOURCE jump nat_PREROUTING_ZONES } chain nat_PREROUTING_ZONES_SOURCE { ip saddr 222.184.0.0/13 goto nat_PRE_drop ip saddr 185.156.72.0/22 goto nat_PRE_drop ip saddr 167.71.222.137 goto nat_PRE_drop ip saddr 45.145.64.0/22 goto nat_PRE_drop ip saddr 92.63.192.0/20 goto nat_PRE_drop ip saddr 45.129.33.0/24 goto nat_PRE_drop ip saddr 87.251.64.0/20 goto nat_PRE_drop ip saddr 193.32.160.0/22 goto nat_PRE_drop ip saddr 94.102.48.0/20 goto nat_PRE_drop ip saddr 77.89.192.0/18 goto nat_PRE_drop ip saddr 185.175.92.0/22 goto nat_PRE_drop ip saddr 185.176.24.0/22 goto nat_PRE_drop ip saddr 185.232.28.0/22 goto nat_PRE_drop ip saddr 185.153.196.0/22 goto nat_PRE_drop ip saddr 114.32.0.0/12 goto nat_PRE_drop ip saddr 89.248.160.0/20 goto nat_PRE_drop ip saddr 193.27.228.0/23 goto nat_PRE_drop ip saddr 31.10.5.0/24 goto nat_PRE_drop ip saddr 194.26.29.0/24 goto nat_PRE_drop ip saddr 58.48.0.0/13 goto nat_PRE_drop ip saddr 45.145.64.22 goto nat_PRE_drop ip saddr 92.63.192.0/20 goto nat_PRE_drop ip saddr 195.54.160.0/23 goto nat_PRE_drop ip saddr 194.26.25.0/24 goto nat_PRE_drop } chain nat_PREROUTING_ZONES { iifname "tun-gw5" goto nat_PRE_trusted iifname "dummy0" goto nat_PRE_trusted iifname "eth0" goto nat_PRE_trusted iifname "enp1s0u2u4" goto nat_PRE_public iifname "wlan0" goto nat_PRE_trusted goto nat_PRE_trusted } chain nat_POSTROUTING { type nat hook postrouting priority srcnat + 10; policy accept; jump nat_POSTROUTING_ZONES_SOURCE jump nat_POSTROUTING_ZONES } chain nat_POSTROUTING_ZONES_SOURCE { ip daddr 222.184.0.0/13 goto nat_POST_drop ip daddr 185.156.72.0/22 goto nat_POST_drop ip daddr 167.71.222.137 goto nat_POST_drop ip daddr 45.145.64.0/22 goto nat_POST_drop ip daddr 92.63.192.0/20 goto nat_POST_drop ip daddr 45.129.33.0/24 goto nat_POST_drop ip daddr 87.251.64.0/20 goto nat_POST_drop ip daddr 193.32.160.0/22 goto nat_POST_drop ip daddr 94.102.48.0/20 goto nat_POST_drop ip daddr 77.89.192.0/18 goto nat_POST_drop ip daddr 185.175.92.0/22 goto nat_POST_drop ip daddr 185.176.24.0/22 goto nat_POST_drop ip daddr 185.232.28.0/22 goto nat_POST_drop ip daddr 185.153.196.0/22 goto nat_POST_drop ip daddr 114.32.0.0/12 goto nat_POST_drop ip daddr 89.248.160.0/20 goto nat_POST_drop ip daddr 193.27.228.0/23 goto nat_POST_drop ip daddr 31.10.5.0/24 goto nat_POST_drop ip daddr 194.26.29.0/24 goto nat_POST_drop ip daddr 58.48.0.0/13 goto nat_POST_drop ip daddr 45.145.64.22 goto nat_POST_drop ip daddr 92.63.192.0/20 goto nat_POST_drop ip daddr 195.54.160.0/23 goto nat_POST_drop ip daddr 194.26.25.0/24 goto nat_POST_drop } chain nat_POSTROUTING_ZONES { oifname "tun-gw5" goto nat_POST_trusted oifname "dummy0" goto nat_POST_trusted oifname "eth0" goto nat_POST_trusted oifname "enp1s0u2u4" goto nat_POST_public oifname "wlan0" goto nat_POST_trusted goto nat_POST_trusted } chain nat_PRE_drop { jump nat_PRE_drop_pre jump nat_PRE_drop_log jump nat_PRE_drop_deny jump nat_PRE_drop_allow jump nat_PRE_drop_post } chain nat_PRE_drop_pre { } chain nat_PRE_drop_log { } chain nat_PRE_drop_deny { } chain nat_PRE_drop_allow { } chain nat_PRE_drop_post { } chain nat_POST_drop { jump nat_POST_drop_pre jump nat_POST_drop_log jump nat_POST_drop_deny jump nat_POST_drop_allow jump nat_POST_drop_post } chain nat_POST_drop_pre { } chain nat_POST_drop_log { } chain nat_POST_drop_deny { } chain nat_POST_drop_allow { } chain nat_POST_drop_post { } chain nat_PRE_public { jump nat_PRE_public_pre jump nat_PRE_public_log jump nat_PRE_public_deny jump nat_PRE_public_allow jump nat_PRE_public_post } chain nat_PRE_public_pre { } chain nat_PRE_public_log { } chain nat_PRE_public_deny { } chain nat_PRE_public_allow { } chain nat_PRE_public_post { } chain nat_POST_public { jump nat_POST_public_pre jump nat_POST_public_log jump nat_POST_public_deny jump nat_POST_public_allow jump nat_POST_public_post } chain nat_POST_public_pre { } chain nat_POST_public_log { } chain nat_POST_public_deny { } chain nat_POST_public_allow { } chain nat_POST_public_post { } chain nat_PRE_trusted { jump nat_PRE_trusted_pre jump nat_PRE_trusted_log jump nat_PRE_trusted_deny jump nat_PRE_trusted_allow jump nat_PRE_trusted_post } chain nat_PRE_trusted_pre { } chain nat_PRE_trusted_log { } chain nat_PRE_trusted_deny { } chain nat_PRE_trusted_allow { } chain nat_PRE_trusted_post { } chain nat_POST_trusted { jump nat_POST_trusted_pre jump nat_POST_trusted_log jump nat_POST_trusted_deny jump nat_POST_trusted_allow jump nat_POST_trusted_post } chain nat_POST_trusted_pre { } chain nat_POST_trusted_log { } chain nat_POST_trusted_deny { } chain nat_POST_trusted_allow { } chain nat_POST_trusted_post { } } table ip6 firewalld { chain nat_PREROUTING { type nat hook prerouting priority dstnat + 10; policy accept; jump nat_PREROUTING_ZONES_SOURCE jump nat_PREROUTING_ZONES } chain nat_PREROUTING_ZONES_SOURCE { } chain nat_PREROUTING_ZONES { iifname "tun-gw5" goto nat_PRE_trusted iifname "dummy0" goto nat_PRE_trusted iifname "eth0" goto nat_PRE_trusted iifname "enp1s0u2u4" goto nat_PRE_public iifname "wlan0" goto nat_PRE_trusted goto nat_PRE_trusted } chain nat_POSTROUTING { type nat hook postrouting priority srcnat + 10; policy accept; jump nat_POSTROUTING_ZONES_SOURCE jump nat_POSTROUTING_ZONES } chain nat_POSTROUTING_ZONES_SOURCE { } chain nat_POSTROUTING_ZONES { oifname "tun-gw5" goto nat_POST_trusted oifname "dummy0" goto nat_POST_trusted oifname "eth0" goto nat_POST_trusted oifname "enp1s0u2u4" goto nat_POST_public oifname "wlan0" goto nat_POST_trusted goto nat_POST_trusted } chain nat_PRE_drop { jump nat_PRE_drop_pre jump nat_PRE_drop_log jump nat_PRE_drop_deny jump nat_PRE_drop_allow jump nat_PRE_drop_post } chain nat_PRE_drop_pre { } chain nat_PRE_drop_log { } chain nat_PRE_drop_deny { } chain nat_PRE_drop_allow { } chain nat_PRE_drop_post { } chain nat_POST_drop { jump nat_POST_drop_pre jump nat_POST_drop_log jump nat_POST_drop_deny jump nat_POST_drop_allow jump nat_POST_drop_post } chain nat_POST_drop_pre { } chain nat_POST_drop_log { } chain nat_POST_drop_deny { } chain nat_POST_drop_allow { } chain nat_POST_drop_post { } chain nat_PRE_public { jump nat_PRE_public_pre jump nat_PRE_public_log jump nat_PRE_public_deny jump nat_PRE_public_allow jump nat_PRE_public_post } chain nat_PRE_public_pre { } chain nat_PRE_public_log { } chain nat_PRE_public_deny { } chain nat_PRE_public_allow { } chain nat_PRE_public_post { } chain nat_POST_public { jump nat_POST_public_pre jump nat_POST_public_log jump nat_POST_public_deny jump nat_POST_public_allow jump nat_POST_public_post } chain nat_POST_public_pre { } chain nat_POST_public_log { } chain nat_POST_public_deny { } chain nat_POST_public_allow { } chain nat_POST_public_post { } chain nat_PRE_trusted { jump nat_PRE_trusted_pre jump nat_PRE_trusted_log jump nat_PRE_trusted_deny jump nat_PRE_trusted_allow jump nat_PRE_trusted_post } chain nat_PRE_trusted_pre { } chain nat_PRE_trusted_log { } chain nat_PRE_trusted_deny { } chain nat_PRE_trusted_allow { } chain nat_PRE_trusted_post { } chain nat_POST_trusted { jump nat_POST_trusted_pre jump nat_POST_trusted_log jump nat_POST_trusted_deny jump nat_POST_trusted_allow jump nat_POST_trusted_post } chain nat_POST_trusted_pre { } chain nat_POST_trusted_log { } chain nat_POST_trusted_deny { } chain nat_POST_trusted_allow { } chain nat_POST_trusted_post { } } + nft list tables table ip filter table ip6 filter table bridge filter table ip security table ip raw table ip mangle table ip nat table ip6 security table ip6 raw table ip6 mangle table ip6 nat table bridge nat table inet firewalld table ip firewalld table ip6 firewalld + nft list chains table ip filter { chain INPUT { type filter hook input priority filter; policy accept; } chain FORWARD { type filter hook forward priority filter; policy accept; } chain OUTPUT { type filter hook output priority filter; policy accept; } } table ip6 filter { chain INPUT { type filter hook input priority filter; policy accept; } chain FORWARD { type filter hook forward priority filter; policy accept; } chain OUTPUT { type filter hook output priority filter; policy accept; } } table bridge filter { chain INPUT { type filter hook input priority filter; policy accept; } chain FORWARD { type filter hook forward priority filter; policy accept; } chain OUTPUT { type filter hook output priority filter; policy accept; } } table ip security { chain INPUT { type filter hook input priority 150; policy accept; } chain FORWARD { type filter hook forward priority 150; policy accept; } chain OUTPUT { type filter hook output priority 150; policy accept; } } table ip raw { chain PREROUTING { type filter hook prerouting priority raw; policy accept; } chain OUTPUT { type filter hook output priority raw; policy accept; } } table ip mangle { chain PREROUTING { type filter hook prerouting priority mangle; policy accept; } chain INPUT { type filter hook input priority mangle; policy accept; } chain FORWARD { type filter hook forward priority mangle; policy accept; } chain OUTPUT { type route hook output priority mangle; policy accept; } chain POSTROUTING { type filter hook postrouting priority mangle; policy accept; } } table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } chain INPUT { type nat hook input priority 100; policy accept; } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; } chain OUTPUT { type nat hook output priority -100; policy accept; } } table ip6 security { chain INPUT { type filter hook input priority 150; policy accept; } chain FORWARD { type filter hook forward priority 150; policy accept; } chain OUTPUT { type filter hook output priority 150; policy accept; } } table ip6 raw { chain PREROUTING { type filter hook prerouting priority raw; policy accept; } chain OUTPUT { type filter hook output priority raw; policy accept; } } table ip6 mangle { chain PREROUTING { type filter hook prerouting priority mangle; policy accept; } chain INPUT { type filter hook input priority mangle; policy accept; } chain FORWARD { type filter hook forward priority mangle; policy accept; } chain OUTPUT { type route hook output priority mangle; policy accept; } chain POSTROUTING { type filter hook postrouting priority mangle; policy accept; } } table ip6 nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } chain INPUT { type nat hook input priority 100; policy accept; } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; } chain OUTPUT { type nat hook output priority -100; policy accept; } } table bridge nat { chain PREROUTING { type filter hook prerouting priority dstnat; policy accept; } chain OUTPUT { type filter hook output priority out; policy accept; } chain POSTROUTING { type filter hook postrouting priority srcnat; policy accept; } } table inet firewalld { chain raw_PREROUTING { type filter hook prerouting priority raw + 10; policy accept; } chain raw_PREROUTING_ZONES_SOURCE { } chain raw_PREROUTING_ZONES { } chain mangle_PREROUTING { type filter hook prerouting priority mangle + 10; policy accept; } chain mangle_PREROUTING_ZONES_SOURCE { } chain mangle_PREROUTING_ZONES { } chain filter_INPUT { type filter hook input priority filter + 10; policy accept; } chain filter_FORWARD { type filter hook forward priority filter + 10; policy accept; } chain filter_OUTPUT { type filter hook output priority filter + 10; policy accept; } chain filter_INPUT_ZONES_SOURCE { } chain filter_INPUT_ZONES { } chain filter_FORWARD_IN_ZONES_SOURCE { } chain filter_FORWARD_IN_ZONES { } chain filter_FORWARD_OUT_ZONES_SOURCE { } chain filter_FORWARD_OUT_ZONES { } chain raw_PRE_drop { } chain raw_PRE_drop_pre { } chain raw_PRE_drop_log { } chain raw_PRE_drop_deny { } chain raw_PRE_drop_allow { } chain raw_PRE_drop_post { } chain mangle_PRE_drop { } chain mangle_PRE_drop_pre { } chain mangle_PRE_drop_log { } chain mangle_PRE_drop_deny { } chain mangle_PRE_drop_allow { } chain mangle_PRE_drop_post { } chain filter_IN_drop { } chain filter_IN_drop_pre { } chain filter_IN_drop_log { } chain filter_IN_drop_deny { } chain filter_IN_drop_allow { } chain filter_IN_drop_post { } chain filter_FWDI_drop { } chain filter_FWDI_drop_pre { } chain filter_FWDI_drop_log { } chain filter_FWDI_drop_deny { } chain filter_FWDI_drop_allow { } chain filter_FWDI_drop_post { } chain filter_FWDO_drop { } chain filter_FWDO_drop_pre { } chain filter_FWDO_drop_log { } chain filter_FWDO_drop_deny { } chain filter_FWDO_drop_allow { } chain filter_FWDO_drop_post { } chain raw_PRE_public { } chain raw_PRE_public_pre { } chain raw_PRE_public_log { } chain raw_PRE_public_deny { } chain raw_PRE_public_allow { } chain raw_PRE_public_post { } chain filter_IN_public { } chain filter_IN_public_pre { } chain filter_IN_public_log { } chain filter_IN_public_deny { } chain filter_IN_public_allow { } chain filter_IN_public_post { } chain mangle_PRE_public { } chain mangle_PRE_public_pre { } chain mangle_PRE_public_log { } chain mangle_PRE_public_deny { } chain mangle_PRE_public_allow { } chain mangle_PRE_public_post { } chain filter_FWDI_public { } chain filter_FWDI_public_pre { } chain filter_FWDI_public_log { } chain filter_FWDI_public_deny { } chain filter_FWDI_public_allow { } chain filter_FWDI_public_post { } chain filter_FWDO_public { } chain filter_FWDO_public_pre { } chain filter_FWDO_public_log { } chain filter_FWDO_public_deny { } chain filter_FWDO_public_allow { } chain filter_FWDO_public_post { } chain raw_PRE_trusted { } chain raw_PRE_trusted_pre { } chain raw_PRE_trusted_log { } chain raw_PRE_trusted_deny { } chain raw_PRE_trusted_allow { } chain raw_PRE_trusted_post { } chain mangle_PRE_trusted { } chain mangle_PRE_trusted_pre { } chain mangle_PRE_trusted_log { } chain mangle_PRE_trusted_deny { } chain mangle_PRE_trusted_allow { } chain mangle_PRE_trusted_post { } chain filter_IN_trusted { } chain filter_IN_trusted_pre { } chain filter_IN_trusted_log { } chain filter_IN_trusted_deny { } chain filter_IN_trusted_allow { } chain filter_IN_trusted_post { } chain filter_FWDI_trusted { } chain filter_FWDI_trusted_pre { } chain filter_FWDI_trusted_log { } chain filter_FWDI_trusted_deny { } chain filter_FWDI_trusted_allow { } chain filter_FWDI_trusted_post { } chain filter_FWDO_trusted { } chain filter_FWDO_trusted_pre { } chain filter_FWDO_trusted_log { } chain filter_FWDO_trusted_deny { } chain filter_FWDO_trusted_allow { } chain filter_FWDO_trusted_post { } } table ip firewalld { chain nat_PREROUTING { type nat hook prerouting priority dstnat + 10; policy accept; } chain nat_PREROUTING_ZONES_SOURCE { } chain nat_PREROUTING_ZONES { } chain nat_POSTROUTING { type nat hook postrouting priority srcnat + 10; policy accept; } chain nat_POSTROUTING_ZONES_SOURCE { } chain nat_POSTROUTING_ZONES { } chain nat_PRE_drop { } chain nat_PRE_drop_pre { } chain nat_PRE_drop_log { } chain nat_PRE_drop_deny { } chain nat_PRE_drop_allow { } chain nat_PRE_drop_post { } chain nat_POST_drop { } chain nat_POST_drop_pre { } chain nat_POST_drop_log { } chain nat_POST_drop_deny { } chain nat_POST_drop_allow { } chain nat_POST_drop_post { } chain nat_PRE_public { } chain nat_PRE_public_pre { } chain nat_PRE_public_log { } chain nat_PRE_public_deny { } chain nat_PRE_public_allow { } chain nat_PRE_public_post { } chain nat_POST_public { } chain nat_POST_public_pre { } chain nat_POST_public_log { } chain nat_POST_public_deny { } chain nat_POST_public_allow { } chain nat_POST_public_post { } chain nat_PRE_trusted { } chain nat_PRE_trusted_pre { } chain nat_PRE_trusted_log { } chain nat_PRE_trusted_deny { } chain nat_PRE_trusted_allow { } chain nat_PRE_trusted_post { } chain nat_POST_trusted { } chain nat_POST_trusted_pre { } chain nat_POST_trusted_log { } chain nat_POST_trusted_deny { } chain nat_POST_trusted_allow { } chain nat_POST_trusted_post { } } table ip6 firewalld { chain nat_PREROUTING { type nat hook prerouting priority dstnat + 10; policy accept; } chain nat_PREROUTING_ZONES_SOURCE { } chain nat_PREROUTING_ZONES { } chain nat_POSTROUTING { type nat hook postrouting priority srcnat + 10; policy accept; } chain nat_POSTROUTING_ZONES_SOURCE { } chain nat_POSTROUTING_ZONES { } chain nat_PRE_drop { } chain nat_PRE_drop_pre { } chain nat_PRE_drop_log { } chain nat_PRE_drop_deny { } chain nat_PRE_drop_allow { } chain nat_PRE_drop_post { } chain nat_POST_drop { } chain nat_POST_drop_pre { } chain nat_POST_drop_log { } chain nat_POST_drop_deny { } chain nat_POST_drop_allow { } chain nat_POST_drop_post { } chain nat_PRE_public { } chain nat_PRE_public_pre { } chain nat_PRE_public_log { } chain nat_PRE_public_deny { } chain nat_PRE_public_allow { } chain nat_PRE_public_post { } chain nat_POST_public { } chain nat_POST_public_pre { } chain nat_POST_public_log { } chain nat_POST_public_deny { } chain nat_POST_public_allow { } chain nat_POST_public_post { } chain nat_PRE_trusted { } chain nat_PRE_trusted_pre { } chain nat_PRE_trusted_log { } chain nat_PRE_trusted_deny { } chain nat_PRE_trusted_allow { } chain nat_PRE_trusted_post { } chain nat_POST_trusted { } chain nat_POST_trusted_pre { } chain nat_POST_trusted_log { } chain nat_POST_trusted_deny { } chain nat_POST_trusted_allow { } chain nat_POST_trusted_post { } } + ip -4 route show table all default via XX.XX.XX.129 dev enp1s0u2u4 proto static metric 100 10.5.28.0/24 dev dummy0 proto kernel scope link src 10.5.28.1 metric 550 10.5.30.0/24 dev tun-gw5 proto static scope link src 10.5.28.1 metric 676 XX.XX.XX.128/25 dev enp1s0u2u4 proto kernel scope link src XX.XX.XX.246 metric 100 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.96 metric 101 broadcast 10.5.28.0 dev dummy0 table local proto kernel scope link src 10.5.28.1 local 10.5.28.1 dev dummy0 table local proto kernel scope host src 10.5.28.1 broadcast 10.5.28.255 dev dummy0 table local proto kernel scope link src 10.5.28.1 broadcast XX.XX.XX.128 dev enp1s0u2u4 table local proto kernel scope link src XX.XX.XX.246 local XX.XX.XX.246 dev enp1s0u2u4 table local proto kernel scope host src XX.XX.XX.246 broadcast XX.XX.XX.255 dev enp1s0u2u4 table local proto kernel scope link src XX.XX.XX.246 broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 broadcast 192.168.1.0 dev eth0 table local proto kernel scope link src 192.168.1.96 local 192.168.1.96 dev eth0 table local proto kernel scope host src 192.168.1.96 broadcast 192.168.1.255 dev eth0 table local proto kernel scope link src 192.168.1.96 + ip -4 addr show 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 inet 192.168.1.96/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0 valid_lft 33358sec preferred_lft 33358sec 3: enp1s0u2u4: mtu 1500 qdisc fq_codel state UP group default qlen 1000 inet XX.XX.XX.246/25 brd XX.XX.XX.255 scope global noprefixroute enp1s0u2u4 valid_lft forever preferred_lft forever 6: dummy0: mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 inet 10.5.28.1/24 brd 10.5.28.255 scope global noprefixroute dummy0 valid_lft forever preferred_lft forever + ip link show 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether dc:a6:32:95:88:c7 brd ff:ff:ff:ff:ff:ff 3: enp1s0u2u4: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 00:e0:4c:08:24:fc brd ff:ff:ff:ff:ff:ff 4: wlan0: mtu 1500 qdisc fq_codel state DOWN mode DORMANT group default qlen 1000 link/ether 16:1a:43:36:12:5d brd ff:ff:ff:ff:ff:ff 5: wlp1s0u1u1: mtu 1500 qdisc mq state DOWN mode DORMANT group default qlen 1000 link/ether 82:07:89:b8:0b:9f brd ff:ff:ff:ff:ff:ff 6: dummy0: mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 82:fb:08:42:af:b5 brd ff:ff:ff:ff:ff:ff 7: gre0@NONE: mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/gre 0.0.0.0 brd 0.0.0.0 8: gretap0@NONE: mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 9: erspan0@NONE: mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 14: tun-gw5@NONE: mtu 1476 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/gre XX.XX.XX.246 peer XX.XX.XX.245 + echo '*** Now reproduce your issue ***' *** Now reproduce your issue *** + sleep 300 + systemctl stop strongswan-starter.service + cat /var/log/charon_debug.log Fri, 2020-08-14, 17:37:39 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.4.49-v8.1.el8, aarch64) Fri, 2020-08-14, 17:37:39 00[CFG] PKCS11 module '' lacks library path Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'pkcs11': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'tpm': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'aes': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'des': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'rc2': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'sha2': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'sha1': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'md4': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'md5': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'mgf1': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'random': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'nonce': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'x509': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'revocation': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'constraints': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'acert': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'pubkey': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'pkcs1': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'pkcs7': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'pkcs8': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'pkcs12': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'pgp': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'dnskey': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'sshkey': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'ipseckey': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'pem': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] openssl FIPS mode(2) - enabled Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'openssl': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'gcrypt': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'fips-prf': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'gmp': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'curve25519': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'chapoly': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'xcbc': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'cmac': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'hmac': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'ctr': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'ccm': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'gcm': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'drbg': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'newhope': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'curl': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'attr': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'kernel-netlink': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'resolve': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'socket-default': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'farp': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'stroke': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'vici': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'sql': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'updown': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-identity': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-sim': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-sim-file': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-aka': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-aka-3gpp': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-aka-3gpp2': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-md5': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-gtc': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-mschapv2': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-dynamic': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-radius': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-tls': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-ttls': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'eap-peap': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'xauth-generic': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'xauth-eap': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'xauth-pam': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'xauth-noauth': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'dhcp': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'ha': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'ext-auth': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'led': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'duplicheck': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'unity': loaded successfully Fri, 2020-08-14, 17:37:39 00[LIB] plugin 'counters': loaded successfully Fri, 2020-08-14, 17:37:39 00[KNL] known interfaces and IP addresses: Fri, 2020-08-14, 17:37:39 00[KNL] lo Fri, 2020-08-14, 17:37:39 00[KNL] 127.0.0.1 Fri, 2020-08-14, 17:37:39 00[KNL] ::1 Fri, 2020-08-14, 17:37:39 00[KNL] eth0 Fri, 2020-08-14, 17:37:39 00[KNL] 192.168.1.96 Fri, 2020-08-14, 17:37:39 00[KNL] fe80::318c:caa5:2b0a:27e2 Fri, 2020-08-14, 17:37:39 00[KNL] enp1s0u2u4 Fri, 2020-08-14, 17:37:39 00[KNL] XX.XX.XX.246 Fri, 2020-08-14, 17:37:39 00[KNL] 2606:6580:3000:2:9469:9ac5:fbc6:9622 Fri, 2020-08-14, 17:37:39 00[KNL] fe80::5ccd:602d:2be1:b155 Fri, 2020-08-14, 17:37:39 00[KNL] wlan0 Fri, 2020-08-14, 17:37:39 00[KNL] wlp1s0u1u1 Fri, 2020-08-14, 17:37:39 00[KNL] dummy0 Fri, 2020-08-14, 17:37:39 00[KNL] 10.5.28.1 Fri, 2020-08-14, 17:37:39 00[KNL] fe80::59d9:d2c6:bbfd:68a2 Fri, 2020-08-14, 17:37:39 00[KNL] tun-gw5 Fri, 2020-08-14, 17:37:39 00[KNL] fe80::f599:ce50:26dc:bfdd Fri, 2020-08-14, 17:37:39 00[LIB] feature PUBKEY:BLISS in plugin 'pem' has unmet dependency: PUBKEY:BLISS Fri, 2020-08-14, 17:37:39 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA Fri, 2020-08-14, 17:37:39 00[LIB] feature CUSTOM:ipseckey in plugin 'ipseckey' has unmet dependency: RESOLVER Fri, 2020-08-14, 17:37:39 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA Fri, 2020-08-14, 17:37:39 00[LIB] feature PRIVKEY:BLISS in plugin 'pem' has unmet dependency: PRIVKEY:BLISS Fri, 2020-08-14, 17:37:39 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST Fri, 2020-08-14, 17:37:39 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224 Fri, 2020-08-14, 17:37:39 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256 Fri, 2020-08-14, 17:37:39 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384 Fri, 2020-08-14, 17:37:39 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512 Fri, 2020-08-14, 17:37:39 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224 Fri, 2020-08-14, 17:37:39 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256 Fri, 2020-08-14, 17:37:39 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384 Fri, 2020-08-14, 17:37:39 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512 Fri, 2020-08-14, 17:37:39 00[LIB] feature DH:NEWHOPE_128 in plugin 'newhope' has unmet dependency: XOF:XOF_SHAKE128 Fri, 2020-08-14, 17:37:39 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts' Fri, 2020-08-14, 17:37:39 00[CFG] loaded ca certificate "C=US, O=W*******, CN=Root CA" from '/etc/strongswan/ipsec.d/cacerts/windtalker.crt' Fri, 2020-08-14, 17:37:39 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts' Fri, 2020-08-14, 17:37:39 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts' Fri, 2020-08-14, 17:37:39 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts' Fri, 2020-08-14, 17:37:39 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls' Fri, 2020-08-14, 17:37:39 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets' Fri, 2020-08-14, 17:37:39 00[CFG] loading secrets from '/etc/strongswan/ipsec.d/secrets/gw1' Fri, 2020-08-14, 17:37:39 00[CFG] loaded RSA private key from '/etc/strongswan/ipsec.d/private/gw1.key' Fri, 2020-08-14, 17:37:39 00[LIB] feature CUSTOM:sql in plugin 'sql' has unmet dependency: DATABASE:any Fri, 2020-08-14, 17:37:39 00[CFG] opening triplet file /etc/strongswan/ipsec.d/triplets.dat failed: No such file or directory Fri, 2020-08-14, 17:37:39 00[LIB] feature CUSTOM:eap-sim-file-triplets in plugin 'eap-sim-file' failed to load Fri, 2020-08-14, 17:37:39 00[LIB] feature CUSTOM:sim-card in plugin 'eap-sim-file' has unmet dependency: CUSTOM:eap-sim-file-triplets Fri, 2020-08-14, 17:37:39 00[LIB] feature CUSTOM:sim-provider in plugin 'eap-sim-file' has unmet dependency: CUSTOM:eap-sim-file-triplets Fri, 2020-08-14, 17:37:39 00[CFG] loaded 0 RADIUS server configurations Fri, 2020-08-14, 17:37:39 00[CFG] HA config misses local/remote address Fri, 2020-08-14, 17:37:39 00[LIB] feature CUSTOM:ha in plugin 'ha' failed to load Fri, 2020-08-14, 17:37:39 00[CFG] no script for ext-auth script defined, disabled Fri, 2020-08-14, 17:37:39 00[LIB] feature CUSTOM:ext_auth in plugin 'ext-auth' failed to load Fri, 2020-08-14, 17:37:39 00[LIB] unloading plugin 'ipseckey' without loaded features Fri, 2020-08-14, 17:37:39 00[LIB] unloading plugin 'newhope' without loaded features Fri, 2020-08-14, 17:37:39 00[LIB] unloading plugin 'sql' without loaded features Fri, 2020-08-14, 17:37:39 00[LIB] unloading plugin 'eap-sim-file' without loaded features Fri, 2020-08-14, 17:37:39 00[LIB] unloading plugin 'ha' without loaded features Fri, 2020-08-14, 17:37:39 00[LIB] unloading plugin 'ext-auth' without loaded features Fri, 2020-08-14, 17:37:39 00[LIB] loaded plugins: charon pkcs11 tpm aes des rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 chapoly xcbc cmac hmac ctr ccm gcm drbg curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp led duplicheck unity counters Fri, 2020-08-14, 17:37:39 00[LIB] unable to load 21 plugin features (18 due to unmet dependencies) Fri, 2020-08-14, 17:37:39 00[JOB] spawning 16 worker threads Fri, 2020-08-14, 17:37:39 01[LIB] created thread 01 [17742] Fri, 2020-08-14, 17:37:39 02[LIB] created thread 02 [17743] Fri, 2020-08-14, 17:37:39 03[LIB] created thread 03 [17744] Fri, 2020-08-14, 17:37:39 04[LIB] created thread 04 [17745] Fri, 2020-08-14, 17:37:39 05[LIB] created thread 05 [17746] Fri, 2020-08-14, 17:37:39 06[LIB] created thread 06 [17747] Fri, 2020-08-14, 17:37:39 08[LIB] created thread 08 [17749] Fri, 2020-08-14, 17:37:39 09[LIB] created thread 09 [17750] Fri, 2020-08-14, 17:37:39 07[LIB] created thread 07 [17748] Fri, 2020-08-14, 17:37:39 10[LIB] created thread 10 [17751] Fri, 2020-08-14, 17:37:39 11[LIB] created thread 11 [17752] Fri, 2020-08-14, 17:37:39 12[LIB] created thread 12 [17753] Fri, 2020-08-14, 17:37:39 13[LIB] created thread 13 [17754] Fri, 2020-08-14, 17:37:39 14[LIB] created thread 14 [17755] Fri, 2020-08-14, 17:37:39 15[LIB] created thread 15 [17756] Fri, 2020-08-14, 17:37:39 16[LIB] created thread 16 [17757] Fri, 2020-08-14, 17:37:39 05[CFG] received stroke: add connection 'tunnel-gw5' Fri, 2020-08-14, 17:37:39 05[CFG] conn tunnel-gw5 Fri, 2020-08-14, 17:37:39 05[CFG] left=XX.XX.XX.246 Fri, 2020-08-14, 17:37:39 05[CFG] leftauth=pubkey Fri, 2020-08-14, 17:37:39 05[CFG] leftid=C=US, O=W*******, CN=gw1 Fri, 2020-08-14, 17:37:39 05[CFG] leftcert=gw1.crt Fri, 2020-08-14, 17:37:39 05[CFG] right=XX.XX.XX.245 Fri, 2020-08-14, 17:37:39 05[CFG] rightauth=pubkey Fri, 2020-08-14, 17:37:39 05[CFG] rightid=C=US, O=W*******, CN=gw5 Fri, 2020-08-14, 17:37:39 05[CFG] ike=aes256-sha2_256-modp1024! Fri, 2020-08-14, 17:37:39 05[CFG] esp=aes256-sha2_256! Fri, 2020-08-14, 17:37:39 05[CFG] dpddelay=30 Fri, 2020-08-14, 17:37:39 05[CFG] dpdtimeout=120 Fri, 2020-08-14, 17:37:39 05[CFG] dpdaction=3 Fri, 2020-08-14, 17:37:39 05[CFG] sha256_96=no Fri, 2020-08-14, 17:37:39 05[CFG] mediation=no Fri, 2020-08-14, 17:37:39 05[CFG] keyexchange=ikev2 Fri, 2020-08-14, 17:37:39 05[KNL] XX.XX.XX.245 is not a local address or the interface is down Fri, 2020-08-14, 17:37:39 05[CFG] loaded certificate "C=US, O=W*******, CN=gw1" from 'gw1.crt' Fri, 2020-08-14, 17:37:39 05[CFG] added configuration 'tunnel-gw5' Fri, 2020-08-14, 17:37:39 08[CFG] received stroke: initiate 'tunnel-gw5' Fri, 2020-08-14, 17:37:39 08[IKE] queueing IKE_VENDOR task Fri, 2020-08-14, 17:37:39 08[IKE] queueing IKE_INIT task Fri, 2020-08-14, 17:37:39 08[IKE] queueing IKE_NATD task Fri, 2020-08-14, 17:37:39 08[IKE] queueing IKE_CERT_PRE task Fri, 2020-08-14, 17:37:39 08[IKE] queueing IKE_AUTH task Fri, 2020-08-14, 17:37:39 08[IKE] queueing IKE_CERT_POST task Fri, 2020-08-14, 17:37:39 08[IKE] queueing IKE_CONFIG task Fri, 2020-08-14, 17:37:39 08[IKE] queueing IKE_AUTH_LIFETIME task Fri, 2020-08-14, 17:37:39 08[IKE] queueing IKE_MOBIKE task Fri, 2020-08-14, 17:37:39 08[IKE] queueing CHILD_CREATE task Fri, 2020-08-14, 17:37:39 08[IKE] activating new tasks Fri, 2020-08-14, 17:37:39 08[IKE] activating IKE_VENDOR task Fri, 2020-08-14, 17:37:39 08[IKE] activating IKE_INIT task Fri, 2020-08-14, 17:37:39 08[IKE] activating IKE_NATD task Fri, 2020-08-14, 17:37:39 08[IKE] activating IKE_CERT_PRE task Fri, 2020-08-14, 17:37:39 08[IKE] activating IKE_AUTH task Fri, 2020-08-14, 17:37:39 08[IKE] activating IKE_CERT_POST task Fri, 2020-08-14, 17:37:39 08[IKE] activating IKE_CONFIG task Fri, 2020-08-14, 17:37:39 08[IKE] activating CHILD_CREATE task Fri, 2020-08-14, 17:37:39 08[IKE] activating IKE_AUTH_LIFETIME task Fri, 2020-08-14, 17:37:39 08[IKE] activating IKE_MOBIKE task Fri, 2020-08-14, 17:37:39 08[IKE] initiating IKE_SA tunnel-gw5[1] to XX.XX.XX.245 Fri, 2020-08-14, 17:37:39 08[IKE] IKE_SA tunnel-gw5[1] state change: CREATED => CONNECTING Fri, 2020-08-14, 17:37:39 08[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Fri, 2020-08-14, 17:37:39 08[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Fri, 2020-08-14, 17:37:39 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Fri, 2020-08-14, 17:37:39 08[NET] sending packet: from XX.XX.XX.246[500] to XX.XX.XX.245[500] (336 bytes) Fri, 2020-08-14, 17:37:39 09[NET] received packet: from XX.XX.XX.245[500] to XX.XX.XX.246[500] (369 bytes) Fri, 2020-08-14, 17:37:39 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] Fri, 2020-08-14, 17:37:39 09[IKE] received FRAGMENTATION_SUPPORTED notify Fri, 2020-08-14, 17:37:39 09[IKE] received SIGNATURE_HASH_ALGORITHMS notify Fri, 2020-08-14, 17:37:39 09[IKE] received CHILDLESS_IKEV2_SUPPORTED notify Fri, 2020-08-14, 17:37:39 09[CFG] selecting proposal: Fri, 2020-08-14, 17:37:39 09[CFG] proposal matches Fri, 2020-08-14, 17:37:39 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Fri, 2020-08-14, 17:37:39 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Fri, 2020-08-14, 17:37:39 09[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Fri, 2020-08-14, 17:37:39 09[CFG] received supported signature hash algorithms: sha256 sha384 sha512 identity Fri, 2020-08-14, 17:37:39 09[IKE] received cert request for "C=US, O=W*******, CN=Root CA" Fri, 2020-08-14, 17:37:39 09[IKE] reinitiating already active tasks Fri, 2020-08-14, 17:37:39 09[IKE] IKE_CERT_PRE task Fri, 2020-08-14, 17:37:39 09[IKE] IKE_AUTH task Fri, 2020-08-14, 17:37:39 09[IKE] sending cert request for "C=US, O=W*******, CN=Root CA" Fri, 2020-08-14, 17:37:39 09[IKE] authentication of 'C=US, O=W*******, CN=gw1' (myself) with RSA_EMSA_PKCS1_SHA2_384 successful Fri, 2020-08-14, 17:37:39 09[IKE] sending end entity cert "C=US, O=W*******, CN=gw1" Fri, 2020-08-14, 17:37:39 09[CFG] proposing traffic selectors for us: Fri, 2020-08-14, 17:37:39 09[CFG] XX.XX.XX.246/32[gre] Fri, 2020-08-14, 17:37:39 09[CFG] proposing traffic selectors for other: Fri, 2020-08-14, 17:37:39 09[CFG] XX.XX.XX.245/32[gre] Fri, 2020-08-14, 17:37:39 09[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ Fri, 2020-08-14, 17:37:39 09[IKE] establishing CHILD_SA tunnel-gw5{1} Fri, 2020-08-14, 17:37:39 09[KNL] got SPI c5901459 Fri, 2020-08-14, 17:37:39 09[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ] Fri, 2020-08-14, 17:37:39 09[ENC] splitting IKE message (2304 bytes) into 2 fragments Fri, 2020-08-14, 17:37:39 09[ENC] generating IKE_AUTH request 1 [ EF(1/2) ] Fri, 2020-08-14, 17:37:39 09[ENC] generating IKE_AUTH request 1 [ EF(2/2) ] Fri, 2020-08-14, 17:37:39 09[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (1236 bytes) Fri, 2020-08-14, 17:37:39 09[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (1140 bytes) Fri, 2020-08-14, 17:37:40 07[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (1236 bytes) Fri, 2020-08-14, 17:37:40 07[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ] Fri, 2020-08-14, 17:37:40 07[ENC] received fragment #1 of 2, waiting for complete IKE message Fri, 2020-08-14, 17:37:40 10[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (1028 bytes) Fri, 2020-08-14, 17:37:40 10[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ] Fri, 2020-08-14, 17:37:40 10[ENC] received fragment #2 of 2, reassembled fragmented IKE message (2192 bytes) Fri, 2020-08-14, 17:37:40 10[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) ] Fri, 2020-08-14, 17:37:40 10[IKE] received end entity cert "C=US, O=W*******, CN=gw5" Fri, 2020-08-14, 17:37:40 10[IKE] received USE_TRANSPORT_MODE notify Fri, 2020-08-14, 17:37:40 10[CFG] using certificate "C=US, O=W*******, CN=gw5" Fri, 2020-08-14, 17:37:40 10[CFG] certificate "C=US, O=W*******, CN=gw5" key: 4096 bit RSA Fri, 2020-08-14, 17:37:40 10[CFG] using trusted ca certificate "C=US, O=W*******, CN=Root CA" Fri, 2020-08-14, 17:37:40 10[CFG] checking certificate status of "C=US, O=W*******, CN=gw5" Fri, 2020-08-14, 17:37:40 10[CFG] ocsp check skipped, no ocsp found Fri, 2020-08-14, 17:37:40 10[CFG] certificate status is not available Fri, 2020-08-14, 17:37:40 10[CFG] certificate "C=US, O=W*******, CN=Root CA" key: 4096 bit RSA Fri, 2020-08-14, 17:37:40 10[CFG] reached self-signed root ca with a path length of 0 Fri, 2020-08-14, 17:37:40 10[IKE] authentication of 'C=US, O=W*******, CN=gw5' with RSA_EMSA_PKCS1_SHA2_384 successful Fri, 2020-08-14, 17:37:40 10[IKE] IKE_SA tunnel-gw5[1] established between XX.XX.XX.246[C=US, O=W*******, CN=gw1]...XX.XX.XX.245[C=US, O=W*******, CN=gw5] Fri, 2020-08-14, 17:37:40 10[IKE] IKE_SA tunnel-gw5[1] state change: CONNECTING => ESTABLISHED Fri, 2020-08-14, 17:37:40 10[IKE] scheduling reauthentication in 2525s Fri, 2020-08-14, 17:37:40 10[IKE] maximum IKE_SA lifetime 3065s Fri, 2020-08-14, 17:37:40 10[CFG] selecting proposal: Fri, 2020-08-14, 17:37:40 10[CFG] proposal matches Fri, 2020-08-14, 17:37:40 10[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ Fri, 2020-08-14, 17:37:40 10[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ Fri, 2020-08-14, 17:37:40 10[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ Fri, 2020-08-14, 17:37:40 10[CFG] selecting traffic selectors for us: Fri, 2020-08-14, 17:37:40 10[CFG] config: XX.XX.XX.246/32[gre], received: XX.XX.XX.246/32[gre] => match: XX.XX.XX.246/32[gre] Fri, 2020-08-14, 17:37:40 10[CFG] selecting traffic selectors for other: Fri, 2020-08-14, 17:37:40 10[CFG] config: XX.XX.XX.245/32[gre], received: XX.XX.XX.245/32[gre] => match: XX.XX.XX.245/32[gre] Fri, 2020-08-14, 17:37:40 10[CHD] CHILD_SA tunnel-gw5{1} state change: CREATED => INSTALLING Fri, 2020-08-14, 17:37:40 10[CHD] using AES_CBC for encryption Fri, 2020-08-14, 17:37:40 10[CHD] using HMAC_SHA2_256_128 for integrity Fri, 2020-08-14, 17:37:40 10[CHD] adding inbound ESP SA Fri, 2020-08-14, 17:37:40 10[CHD] SPI 0xc5901459, src XX.XX.XX.245 dst XX.XX.XX.246 Fri, 2020-08-14, 17:37:40 10[KNL] adding SAD entry with SPI c5901459 and reqid {1} Fri, 2020-08-14, 17:37:40 10[KNL] using encryption algorithm AES_CBC with key size 256 Fri, 2020-08-14, 17:37:40 10[KNL] using integrity algorithm HMAC_SHA2_256_128 with key size 256 Fri, 2020-08-14, 17:37:40 10[KNL] using replay window of 32 packets Fri, 2020-08-14, 17:37:40 10[KNL] HW offload: no Fri, 2020-08-14, 17:37:40 10[CHD] adding outbound ESP SA Fri, 2020-08-14, 17:37:40 10[CHD] SPI 0xc2adcbd9, src XX.XX.XX.246 dst XX.XX.XX.245 Fri, 2020-08-14, 17:37:40 10[KNL] adding SAD entry with SPI c2adcbd9 and reqid {1} Fri, 2020-08-14, 17:37:40 10[KNL] using encryption algorithm AES_CBC with key size 256 Fri, 2020-08-14, 17:37:40 10[KNL] using integrity algorithm HMAC_SHA2_256_128 with key size 256 Fri, 2020-08-14, 17:37:40 10[KNL] using replay window of 0 packets Fri, 2020-08-14, 17:37:40 10[KNL] HW offload: no Fri, 2020-08-14, 17:37:40 10[KNL] adding policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in [priority 366975, refcount 1] Fri, 2020-08-14, 17:37:40 10[KNL] adding policy XX.XX.XX.246/32[gre] === XX.XX.XX.245/32[gre] out [priority 366975, refcount 1] Fri, 2020-08-14, 17:37:40 10[IKE] CHILD_SA tunnel-gw5{1} established with SPIs c5901459_i c2adcbd9_o and TS XX.XX.XX.246/32[gre] === XX.XX.XX.245/32[gre] Fri, 2020-08-14, 17:37:40 10[CHD] CHILD_SA tunnel-gw5{1} state change: INSTALLING => INSTALLED Fri, 2020-08-14, 17:37:40 10[IKE] received AUTH_LIFETIME of 2629s, scheduling reauthentication in 2089s Fri, 2020-08-14, 17:37:40 10[IKE] peer supports MOBIKE Fri, 2020-08-14, 17:37:40 10[IKE] got additional MOBIKE peer address: 192.168.1.95 Fri, 2020-08-14, 17:37:40 10[IKE] got additional MOBIKE peer address: 10.5.30.1 Fri, 2020-08-14, 17:37:40 10[IKE] got additional MOBIKE peer address: 2606:6580:3000:2:eb45:bdc6:1758:c0a8 Fri, 2020-08-14, 17:37:40 10[IKE] activating new tasks Fri, 2020-08-14, 17:37:40 10[IKE] nothing to initiate Fri, 2020-08-14, 17:37:44 06[CFG] vici client 1 connected Fri, 2020-08-14, 17:37:44 08[CFG] vici client 1 registered for: list-sa Fri, 2020-08-14, 17:37:44 11[CFG] vici client 1 requests: list-sas Fri, 2020-08-14, 17:37:44 11[KNL] querying SAD entry with SPI c5901459 Fri, 2020-08-14, 17:37:44 11[KNL] querying SAD entry with SPI c2adcbd9 Fri, 2020-08-14, 17:37:44 16[CFG] vici client 1 disconnected Fri, 2020-08-14, 17:37:44 06[CFG] vici client 2 connected Fri, 2020-08-14, 17:37:44 08[CFG] vici client 2 registered for: list-conn Fri, 2020-08-14, 17:37:44 11[CFG] vici client 2 requests: list-conns Fri, 2020-08-14, 17:37:44 04[CFG] vici client 2 disconnected Fri, 2020-08-14, 17:38:10 08[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:38:10 08[ENC] parsed INFORMATIONAL request 0 [ ] Fri, 2020-08-14, 17:38:10 08[ENC] generating INFORMATIONAL response 0 [ ] Fri, 2020-08-14, 17:38:10 08[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:38:10 07[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:38:10 07[KNL] querying SAD entry with SPI c5901459 Fri, 2020-08-14, 17:38:16 12[KNL] interface wlan0 deactivated Fri, 2020-08-14, 17:38:16 14[KNL] interface wlan0 activated Fri, 2020-08-14, 17:38:17 16[KNL] creating roam job due to address/link change Fri, 2020-08-14, 17:38:17 16[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:38:17 16[IKE] keeping connection path XX.XX.XX.246 - XX.XX.XX.245 Fri, 2020-08-14, 17:38:17 16[IKE] sending address list update using MOBIKE Fri, 2020-08-14, 17:38:17 16[IKE] queueing IKE_MOBIKE task Fri, 2020-08-14, 17:38:17 16[IKE] activating new tasks Fri, 2020-08-14, 17:38:17 16[IKE] activating IKE_MOBIKE task Fri, 2020-08-14, 17:38:17 16[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:38:17 16[ENC] generating INFORMATIONAL request 2 [ N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_4_ADDR) ] Fri, 2020-08-14, 17:38:17 16[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:38:17 16[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (128 bytes) Fri, 2020-08-14, 17:38:17 09[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:38:17 09[ENC] parsed INFORMATIONAL response 2 [ ] Fri, 2020-08-14, 17:38:17 09[IKE] activating new tasks Fri, 2020-08-14, 17:38:17 09[IKE] nothing to initiate Fri, 2020-08-14, 17:38:40 09[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:38:40 09[KNL] querying SAD entry with SPI c5901459 Fri, 2020-08-14, 17:38:47 08[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:38:47 08[ENC] parsed INFORMATIONAL request 1 [ ] Fri, 2020-08-14, 17:38:48 08[ENC] generating INFORMATIONAL response 1 [ ] Fri, 2020-08-14, 17:38:48 08[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:38:48 07[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:38:48 07[KNL] querying SAD entry with SPI c5901459 Fri, 2020-08-14, 17:39:18 16[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:39:18 16[KNL] querying SAD entry with SPI c5901459 Fri, 2020-08-14, 17:39:18 16[IKE] sending DPD request Fri, 2020-08-14, 17:39:18 16[IKE] queueing IKE_MOBIKE task Fri, 2020-08-14, 17:39:18 16[IKE] activating new tasks Fri, 2020-08-14, 17:39:18 16[IKE] activating IKE_MOBIKE task Fri, 2020-08-14, 17:39:18 16[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:39:18 16[ENC] generating INFORMATIONAL request 3 [ ] Fri, 2020-08-14, 17:39:18 16[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:39:18 16[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:39:18 09[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:39:18 09[ENC] parsed INFORMATIONAL response 3 [ ] Fri, 2020-08-14, 17:39:18 09[IKE] activating new tasks Fri, 2020-08-14, 17:39:18 09[IKE] nothing to initiate Fri, 2020-08-14, 17:39:48 11[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:39:48 11[KNL] querying SAD entry with SPI c5901459 Fri, 2020-08-14, 17:39:48 11[IKE] sending DPD request Fri, 2020-08-14, 17:39:48 11[IKE] queueing IKE_MOBIKE task Fri, 2020-08-14, 17:39:48 11[IKE] activating new tasks Fri, 2020-08-14, 17:39:48 11[IKE] activating IKE_MOBIKE task Fri, 2020-08-14, 17:39:48 11[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:39:48 11[ENC] generating INFORMATIONAL request 4 [ ] Fri, 2020-08-14, 17:39:48 11[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:39:48 11[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:39:48 12[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:39:48 12[ENC] parsed INFORMATIONAL response 4 [ ] Fri, 2020-08-14, 17:39:48 12[IKE] activating new tasks Fri, 2020-08-14, 17:39:48 12[IKE] nothing to initiate Fri, 2020-08-14, 17:40:05 16[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (128 bytes) Fri, 2020-08-14, 17:40:05 16[ENC] parsed INFORMATIONAL request 2 [ N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_4_ADDR) ] Fri, 2020-08-14, 17:40:05 16[IKE] got additional MOBIKE peer address: 192.168.1.95 Fri, 2020-08-14, 17:40:05 16[IKE] got additional MOBIKE peer address: 2606:6580:3000:2:eb45:bdc6:1758:c0a8 Fri, 2020-08-14, 17:40:05 16[IKE] got additional MOBIKE peer address: 10.5.30.1 Fri, 2020-08-14, 17:40:05 16[ENC] generating INFORMATIONAL response 2 [ ] Fri, 2020-08-14, 17:40:05 16[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:40:18 11[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:40:18 11[KNL] querying SAD entry with SPI c5901459 Fri, 2020-08-14, 17:40:34 13[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:40:34 13[KNL] querying SAD entry with SPI c5901459 Fri, 2020-08-14, 17:40:34 13[IKE] sending DPD request Fri, 2020-08-14, 17:40:34 13[IKE] queueing IKE_MOBIKE task Fri, 2020-08-14, 17:40:34 13[IKE] activating new tasks Fri, 2020-08-14, 17:40:34 13[IKE] activating IKE_MOBIKE task Fri, 2020-08-14, 17:40:34 13[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:40:34 13[ENC] generating INFORMATIONAL request 5 [ ] Fri, 2020-08-14, 17:40:34 13[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:40:34 13[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:40:34 14[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:40:34 14[ENC] parsed INFORMATIONAL response 5 [ ] Fri, 2020-08-14, 17:40:34 14[IKE] activating new tasks Fri, 2020-08-14, 17:40:34 14[IKE] nothing to initiate Fri, 2020-08-14, 17:41:04 09[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:41:17 06[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:41:17 06[ENC] parsed INFORMATIONAL request 3 [ ] Fri, 2020-08-14, 17:41:17 06[ENC] generating INFORMATIONAL response 3 [ ] Fri, 2020-08-14, 17:41:17 06[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:41:17 10[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:41:46 13[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:41:46 13[IKE] sending DPD request Fri, 2020-08-14, 17:41:46 13[IKE] queueing IKE_MOBIKE task Fri, 2020-08-14, 17:41:46 13[IKE] activating new tasks Fri, 2020-08-14, 17:41:46 13[IKE] activating IKE_MOBIKE task Fri, 2020-08-14, 17:41:46 13[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:41:46 13[ENC] generating INFORMATIONAL request 6 [ ] Fri, 2020-08-14, 17:41:46 13[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:41:46 13[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:41:46 14[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:41:46 14[ENC] parsed INFORMATIONAL response 6 [ ] Fri, 2020-08-14, 17:41:46 14[IKE] activating new tasks Fri, 2020-08-14, 17:41:46 14[IKE] nothing to initiate Fri, 2020-08-14, 17:41:56 05[KNL] interface wlp1s0u1u1 deactivated Fri, 2020-08-14, 17:41:56 06[KNL] interface wlp1s0u1u1 activated Fri, 2020-08-14, 17:41:56 10[KNL] creating roam job due to address/link change Fri, 2020-08-14, 17:41:56 10[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:41:56 10[IKE] keeping connection path XX.XX.XX.246 - XX.XX.XX.245 Fri, 2020-08-14, 17:41:56 10[IKE] sending address list update using MOBIKE Fri, 2020-08-14, 17:41:56 10[IKE] queueing IKE_MOBIKE task Fri, 2020-08-14, 17:41:56 10[IKE] activating new tasks Fri, 2020-08-14, 17:41:56 10[IKE] activating IKE_MOBIKE task Fri, 2020-08-14, 17:41:56 10[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:41:56 10[ENC] generating INFORMATIONAL request 7 [ N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_4_ADDR) ] Fri, 2020-08-14, 17:41:56 10[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:41:56 10[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (128 bytes) Fri, 2020-08-14, 17:41:56 07[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:41:56 07[ENC] parsed INFORMATIONAL response 7 [ ] Fri, 2020-08-14, 17:41:56 07[IKE] activating new tasks Fri, 2020-08-14, 17:41:56 07[IKE] nothing to initiate Fri, 2020-08-14, 17:42:16 16[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:42:26 08[KNL] querying policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:42:26 08[IKE] sending DPD request Fri, 2020-08-14, 17:42:26 08[IKE] queueing IKE_MOBIKE task Fri, 2020-08-14, 17:42:26 08[IKE] activating new tasks Fri, 2020-08-14, 17:42:26 08[IKE] activating IKE_MOBIKE task Fri, 2020-08-14, 17:42:26 08[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:42:26 08[ENC] generating INFORMATIONAL request 8 [ ] Fri, 2020-08-14, 17:42:26 08[KNL] using XX.XX.XX.246 as address to reach XX.XX.XX.245/32 Fri, 2020-08-14, 17:42:26 08[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:42:26 07[NET] received packet: from XX.XX.XX.245[4500] to XX.XX.XX.246[4500] (80 bytes) Fri, 2020-08-14, 17:42:26 07[ENC] parsed INFORMATIONAL response 8 [ ] Fri, 2020-08-14, 17:42:26 07[IKE] activating new tasks Fri, 2020-08-14, 17:42:26 07[IKE] nothing to initiate Fri, 2020-08-14, 17:42:44 00[DMN] signal of type SIGINT received. Shutting down Fri, 2020-08-14, 17:42:44 00[IKE] queueing IKE_DELETE task Fri, 2020-08-14, 17:42:44 00[IKE] activating new tasks Fri, 2020-08-14, 17:42:44 00[IKE] activating IKE_DELETE task Fri, 2020-08-14, 17:42:44 00[IKE] deleting IKE_SA tunnel-gw5[1] between XX.XX.XX.246[C=US, O=W*******, CN=gw1]...XX.XX.XX.245[C=US, O=W*******, CN=gw5] Fri, 2020-08-14, 17:42:44 00[IKE] IKE_SA tunnel-gw5[1] state change: ESTABLISHED => DELETING Fri, 2020-08-14, 17:42:44 00[IKE] sending DELETE for IKE_SA tunnel-gw5[1] Fri, 2020-08-14, 17:42:44 00[ENC] generating INFORMATIONAL request 9 [ D ] Fri, 2020-08-14, 17:42:44 00[NET] sending packet: from XX.XX.XX.246[4500] to XX.XX.XX.245[4500] (80 bytes) Fri, 2020-08-14, 17:42:44 00[IKE] IKE_SA tunnel-gw5[1] state change: DELETING => DESTROYING Fri, 2020-08-14, 17:42:44 00[CHD] CHILD_SA tunnel-gw5{1} state change: INSTALLED => DESTROYING Fri, 2020-08-14, 17:42:44 00[KNL] deleting policy XX.XX.XX.246/32[gre] === XX.XX.XX.245/32[gre] out Fri, 2020-08-14, 17:42:44 00[KNL] deleting policy XX.XX.XX.245/32[gre] === XX.XX.XX.246/32[gre] in Fri, 2020-08-14, 17:42:44 00[KNL] deleting SAD entry with SPI c5901459 Fri, 2020-08-14, 17:42:44 00[KNL] deleted SAD entry with SPI c5901459 Fri, 2020-08-14, 17:42:44 00[KNL] deleting SAD entry with SPI c2adcbd9 Fri, 2020-08-14, 17:42:44 00[KNL] deleted SAD entry with SPI c2adcbd9 Script done on 2020-08-14 17:42:44+00:00