Yes, I have also analyzed debug information.
But without any real results
Here are the logs from the fortigate and the vyos
-------------Logs Fortigate-------------
2024-08-11 12:33:15.723505 ike 0:IPsec-VPN01:572: initiator received SA_INIT response
2024-08-11 12:33:15.723529 ike 0:IPsec-VPN01:572: processing notify type NAT_DETECTION_SOURCE_IP
2024-08-11 12:33:15.723616 ike 0:IPsec-VPN01:572: processing NAT-D payload
2024-08-11 12:33:15.723650 ike 0:IPsec-VPN01:572: NAT not detected
2024-08-11 12:33:15.723672 ike 0:IPsec-VPN01:572: process NAT-D
2024-08-11 12:33:15.723693 ike 0:IPsec-VPN01:572: processing notify type NAT_DETECTION_DESTINATION_IP
2024-08-11 12:33:15.723746 ike 0:IPsec-VPN01:572: processing NAT-D payload
2024-08-11 12:33:15.723787 ike 0:IPsec-VPN01:572: NAT detected: ME
2024-08-11 12:33:15.723807 ike 0:IPsec-VPN01:572: process NAT-D
2024-08-11 12:33:15.723825 ike 0:IPsec-VPN01:572: processing notify type FRAGMENTATION_SUPPORTED
2024-08-11 12:33:15.723876 ike 0:IPsec-VPN01:572: processing notify type CHILDLESS_IKEV2_SUPPORTED
2024-08-11 12:33:15.723928 ike 0:IPsec-VPN01:572: processing notify type 16404
2024-08-11 12:33:15.723987 ike 0:IPsec-VPN01:572: incoming proposal:
2024-08-11 12:33:15.724008 ike 0:IPsec-VPN01:572: proposal id = 1:
2024-08-11 12:33:15.724026 ike 0:IPsec-VPN01:572: protocol = IKEv2:
2024-08-11 12:33:15.724045 ike 0:IPsec-VPN01:572: encapsulation = IKEv2/none
2024-08-11 12:33:15.724063 ike 0:IPsec-VPN01:572: type=ENCR, val=AES_CBC (key_len = 256)
2024-08-11 12:33:15.724082 ike 0:IPsec-VPN01:572: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2024-08-11 12:33:15.724100 ike 0:IPsec-VPN01:572: type=PRF, val=PRF_HMAC_SHA2_512
2024-08-11 12:33:15.724119 ike 0:IPsec-VPN01:572: type=DH_GROUP, val=ECP521.
2024-08-11 12:33:15.724145 ike 0:IPsec-VPN01:572: matched proposal id 1
2024-08-11 12:33:15.724164 ike 0:IPsec-VPN01:572: proposal id = 1:
2024-08-11 12:33:15.724181 ike 0:IPsec-VPN01:572: protocol = IKEv2:
2024-08-11 12:33:15.724198 ike 0:IPsec-VPN01:572: encapsulation = IKEv2/none
2024-08-11 12:33:15.724216 ike 0:IPsec-VPN01:572: type=ENCR, val=AES_CBC (key_len = 256)
2024-08-11 12:33:15.724234 ike 0:IPsec-VPN01:572: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2024-08-11 12:33:15.724252 ike 0:IPsec-VPN01:572: type=PRF, val=PRF_HMAC_SHA2_512
2024-08-11 12:33:15.724270 ike 0:IPsec-VPN01:572: type=DH_GROUP, val=ECP521.
2024-08-11 12:33:15.724288 ike 0:IPsec-VPN01:572: lifetime=28800
2024-08-11 12:33:15.743421 ike 0:IPsec-VPN01:572: IKE SA 241b2045416ec9c6/254d37d022d7965e SK_ei 32:9485B32CCC28E412706B6EC1705509A259AC27257B9BEB61E15A75E2E286CB52
2024-08-11 12:33:15.743494 ike 0:IPsec-VPN01:572: IKE SA 241b2045416ec9c6/254d37d022d7965e SK_er 32:039631709F8C664EC05964B1D9CFA2184BE87646EAB71DB2A5D72708D2AA41DF
2024-08-11 12:33:15.743534 ike 0:IPsec-VPN01:572: IKE SA 241b2045416ec9c6/254d37d022d7965e SK_ai 64:13D8DA456F16EF1D997BA70101E97B8946205E3767F2C07761E083AF0EFE798670EE1D4D8E60EABDE7411547218D4B13FC222E99A6BB22C5C593589E05CBFACF
2024-08-11 12:33:15.743572 ike 0:IPsec-VPN01:572: IKE SA 241b2045416ec9c6/254d37d022d7965e SK_ar 64:4A29B618B5EF1316BA61EA5C49344D604B67A5BAE8490A58112DA0AC4135032277EB3175440E6E878A29D7EB220B031226335B7FA054F8ADB3BC1BFEDF64258E
2024-08-11 12:33:15.743671 ike 0:IPsec-VPN01:572: initiator preparing AUTH msg
2024-08-11 12:33:15.743776 ike 0:IPsec-VPN01:572: sending INITIAL-CONTACT
2024-08-11 12:33:15.743845 ike 0:IPsec-VPN01:572: enc 290000280200000065347967716C51726C5961764741374F314A75423835553761436349327A79702700000800004000290000480200000016C1A0006D19E854AF29C037CB210A189DF4337435AD1BD7CB9A6E08AC1BFF59B25678936D19501D5F068982436A95BD1C475553DA5B3BFDA31559D978A8134E21000008000040242C00002C00000028010304032EF9CC8B0300000C0100000C800E0100030000080300000E00000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF03020103
2024-08-11 12:33:15.743956 ike 0:IPsec-VPN01:572: detected NAT
2024-08-11 12:33:15.743985 ike 0:IPsec-VPN01:572: NAT-T float port 4500
2024-08-11 12:33:15.744020 ike 0:IPsec-VPN01:572: out 241B2045416EC9C6254D37D022D7965E2E202308000000010000013023000114AF686135B83EA4CA19F327BB141A99082C33153916AB49A018F6449297D9EFE3FF7C2CD66E6F28A523B4119D5B4231FA5458849732FF5688AEE2F97AEE67F57842876B05ECCEDB9D0CA4652D37F6725495BC69BFFFFC5C9481745E1F6965885E9EC0B87BF54FD90F044AB8F7C0240AE8CB436FB65B0FA8244CF76A9D1B7FB19CE85DED23BE787EA4AC549A1D5EF85FF59B759407279BF31B3A4CDF9B26FC34EC171E5EB1BA25C05078BC85308AABD5E42ACF16BC73C11FCFCC94F1F14937758E12EFAD4A76E43CCC5A5B985BDF0462F9266C101B690E80B2EBCB3959D6DC0961D773818CDF3415B0089AA0D31FC68BCCBF08F94F766EDD72DB11766A28F4BFB75A3088CC6EF4513468FC0966C9FAB28F
2024-08-11 12:33:15.744124 ike 0:IPsec-VPN01:572: sent IKE msg (AUTH): :4500->:4500, len=304, vrf=0, id=241b2045416ec9c6/254d37d022d7965e:00000001
2024-08-11 12:33:16.440699 ike 0: comes :4500->:4500,ifindex=60,vrf=0…
2024-08-11 12:33:16.440765 ike 0: IKEv2 exchange=AUTH_RESPONSE id=241b2045416ec9c6/254d37d022d7965e:00000001 len=288
2024-08-11 12:33:16.440789 ike 0: in 241B2045416EC9C6254D37D022D7965E2E20232000000001000001202400010439A746BFB0C974E9D40E2E86ED79209C70A21820C174CF9CE1FE7132DBD619698B46F238313C63CDC66B242837425C05F571B8B0EF7A1A901744A575D1D3FA97D58576DE5992248399B7D2F9838C177D50CFC611DE7785679F1E87187011E0B39787283DB07722FDA5966FB86A2854686678348CB2066D6CE752605427FCA97A85B7FB39013913C9CA6CE503097322B1AACE3F23A34B847788FF7C601B0A7421971D8B81DBBABCA4B74E6AFE1D335493852BFC13DC94DD46F8CB258A90BB0AAE395AF4BE9B032D7C1EA79DB2A8F0D894BCDFA279CD079D6A886512E3D1F420081E51544F03FC3793055577FEC0FBD37DBBB17AFD82B46FB82E1D81DC4FC5D141
2024-08-11 12:33:16.440937 ike 0:IPsec-VPN01:572: dec 241B2045416EC9C6254D37D022D7965E2E20232000000001000000EC24000004270000280200000065347967716C51726C5961764741374F314A75423835553761436349327A79702100004802000000B2A8B6D5093FA5619F364ACC6389CCD4CA8F911B987354A3572C23458E70750EE0BE07163924CD25769489FB2E242626E03814F3A910D81860C379ADAB4F77202C00002C0000002801030403CA8E44D90300000C0100000C800E0100030000080300000E00000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF
2024-08-11 12:33:16.440984 ike 0:IPsec-VPN01:572: initiator received AUTH msg
2024-08-11 12:33:16.441006 ike 0:IPsec-VPN01:572: received peer identifier FQDN ‘e4ygqlQrlYavGA7O1JuB85U7aCcI2zyp’
2024-08-11 12:33:16.441093 ike 0:IPsec-VPN01:572: auth verify done
2024-08-11 12:33:16.441113 ike 0:IPsec-VPN01:572: initiator AUTH continuation
2024-08-11 12:33:16.441132 ike 0:IPsec-VPN01:572: authentication succeeded
2024-08-11 12:33:16.441161 ike 0:IPsec-VPN01:572: established IKE SA 241b2045416ec9c6/254d37d022d7965e
2024-08-11 12:33:16.441264 ike 0:IPsec-VPN01:572: check peer route: if_addr4_rcvd=0, if_addr6_rcvd=0, mode_cfg=0
2024-08-11 12:33:16.441451 ike 0:IPsec-VPN01: set oper up
2024-08-11 12:33:16.441480 ike 0:IPsec-VPN01: schedule auto-negotiate
2024-08-11 12:33:16.441896 ike 0:IPsec-VPN01:572:1949: peer proposal:
2024-08-11 12:33:16.441932 ike 0:IPsec-VPN01:572:1949: TSr_0 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:16.441962 ike 0:IPsec-VPN01:572:1949: TSi_0 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:16.441990 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: comparing selectors
2024-08-11 12:33:16.442020 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: matched by rfc-rule-2
2024-08-11 12:33:16.442045 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: phase2 matched by subset
2024-08-11 12:33:16.442072 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: accepted proposal:
2024-08-11 12:33:16.442100 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: TSr_0 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:16.442129 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: TSi_0 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:16.442156 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: autokey
2024-08-11 12:33:16.442183 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: incoming child SA proposal:
2024-08-11 12:33:16.442209 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: proposal id = 1:
2024-08-11 12:33:16.442233 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: protocol = ESP:
2024-08-11 12:33:16.442256 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: encapsulation = TUNNEL
2024-08-11 12:33:16.442282 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: type=ENCR, val=AES_CBC (key_len = 256)
2024-08-11 12:33:16.442307 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: type=INTEGR, val=SHA512
2024-08-11 12:33:16.442331 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: type=ESN, val=NO
2024-08-11 12:33:16.442355 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: PFS is disabled
2024-08-11 12:33:16.442383 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: matched proposal id 1
2024-08-11 12:33:16.442408 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: proposal id = 1:
2024-08-11 12:33:16.442431 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: protocol = ESP:
2024-08-11 12:33:16.442455 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: encapsulation = TUNNEL
2024-08-11 12:33:16.442479 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: type=ENCR, val=AES_CBC (key_len = 256)
2024-08-11 12:33:16.442504 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: type=INTEGR, val=SHA512
2024-08-11 12:33:16.444103 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: type=ESN, val=NO
2024-08-11 12:33:16.444255 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: PFS is disabled
2024-08-11 12:33:16.444387 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: lifetime=28800
2024-08-11 12:33:16.444609 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: replay protection enabled
2024-08-11 12:33:16.444863 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: set sa life soft seconds=28501.
2024-08-11 12:33:16.445112 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: set sa life hard seconds=28800.
2024-08-11 12:33:16.445605 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: IPsec SA selectors #src=1 #dst=1
2024-08-11 12:33:16.445757 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: src 0 7 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:16.445896 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: dst 0 7 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:16.446029 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: add IPsec SA: SPIs=2ef9cc8b/ca8e44d9
2024-08-11 12:33:16.446170 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: IPsec SA dec spi 2ef9cc8b key 32:A445C9EDD71EE53B905924ADA18D3BE36BCE1F81BB16F0847BE2BB9F5DCF2F0F auth 64:25B6DD5349A1B23D045C8A0222EC4A9028E8119B1E1F45EABA4BD3BB10E4CEDCCF0D556CD1E137A9B49887ED3C5918740FF785E4059C8C539DF66E1D66A95C8A
2024-08-11 12:33:16.446418 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: IPsec SA enc spi ca8e44d9 key 32:AC7736E424FE95111F3D02671E72EFE780CB75E9AAD5C8C29E90CB71DD867044 auth 64:D44C56443388B170DB9D5746922329305063D5F988BDFA0CE78712EB4488B616F9021575CFE86D2439178A2FA8A14BF5B460C10F35DA670344DFC76981E7175B
2024-08-11 12:33:16.447042 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: added IPsec SA: SPIs=2ef9cc8b/ca8e44d9
2024-08-11 12:33:16.447366 ike 0:IPsec-VPN01:572:IPsec-VPN01:1949: sending SNMP tunnel UP trap
2024-08-11 12:33:20.141521 ike shrank heap by 155648 bytes
2024-08-11 12:33:29.691569 ike 0:IPsec-VPN01: deleting
2024-08-11 12:33:29.691787 ike 0:IPsec-VPN01: flushing
2024-08-11 12:33:29.691988 ike 0:IPsec-VPN01: deleting IPsec SA with SPI ca8e44d9
2024-08-11 12:33:29.692117 ike 0:IPsec-VPN01:IPsec-VPN01: deleted IPsec SA with SPI ca8e44d9, SA count: 0
2024-08-11 12:33:29.692144 ike 0:IPsec-VPN01: sending SNMP tunnel DOWN trap for IPsec-VPN01
2024-08-11 12:33:29.692370 ike 0:IPsec-VPN01: flushed
2024-08-11 12:33:29.692513 ike 0:IPsec-VPN01:572:1950: send informational
2024-08-11 12:33:29.692566 ike 0:IPsec-VPN01:572: enc 00000008010000000706050403020107
2024-08-11 12:33:29.692695 ike 0:IPsec-VPN01:572: out 241B2045416EC9C6254D37D022D7965E2E20250800000002000000602A0000441AE4619C36255EC718B797667C1586D19D5E34C8729607AA29CACA812A0B09C648B68FDED28A206270D659F25FAF763E6B81958A9A34DE0A8E1D60F3511E1D0C
2024-08-11 12:33:29.692784 ike 0:IPsec-VPN01:572: sent IKE msg (INFORMATIONAL): :4500->:4500, len=96, vrf=0, id=241b2045416ec9c6/254d37d022d7965e:00000002
2024-08-11 12:33:29.692911 ike 0:IPsec-VPN01: reset NAT-T
2024-08-11 12:33:29.693001 ike 0:IPsec-VPN01: deleted
2024-08-11 12:33:29.693026 ike 0:IPsec-VPN01: schedule auto-negotiate
2024-08-11 12:33:29.693295 ike 0: unknown SPI 2ef9cc8b 60 :4500->
2024-08-11 12:33:29.693326 ike 0:: send HA sync query conn scope=3 mode=4
2024-08-11 12:33:29.701491 ike 0:IPsec-VPN01:IPsec-VPN01: IPsec SA connect 60 → :0
2024-08-11 12:33:29.701559 ike 0:IPsec-VPN01:IPsec-VPN01: config found
2024-08-11 12:33:29.701633 ike 0:IPsec-VPN01: created connection: 0x8dcce70 60 → :500.
2024-08-11 12:33:29.701671 ike 0:IPsec-VPN01: IPsec SA connect 60 → :500 negotiating
2024-08-11 12:33:29.701727 ike 0:IPsec-VPN01: no suitable IKE_SA, queuing CHILD_SA request and initiating IKE_SA negotiation
2024-08-11 12:33:29.701802 ike 0:IPsec-VPN01:573: create NAT-D hash local /500 remote /500
2024-08-11 12:33:29.701853 ike 0:IPsec-VPN01:573: out B60EE57984CD53C0000000000000000021202208000000000000013C220000300000002C010100040300000C0100000C800E01000300000802000007030000080300000E00000008040000152800008C0015000000F6222CB81EA0F7ECB669D27AF176B256DC83216B70C623CDDAD6327F521353477C429333906836DAE0D823BE3BD46122AA592FA3B0BE40824ECA674D3E47A59C260189CF7B502975FB2DA674D91CD19A2052F74811B60B92722D7ACD4D749444414B1A325834B4FE6F1AD756D84BAA35491E4EB2245DB8B545DFF971C7400E693F77D8290000247A1F14341612CDBE20CAEDA139CF91AB6C95FBBF224315E9F38A36087150CF452900001C0000400420681D1DDD0F254C44A7363471E83462E4B45BB02900001C00004005E2340B3F4B465DD767C70E0D3A407253DC317BAF000000080000402E
2024-08-11 12:33:29.701970 ike 0:IPsec-VPN01:573: sent IKE msg (SA_INIT): :500->:500, len=316, vrf=0, id=b60ee57984cd53c0/0000000000000000
2024-08-11 12:33:30.107167 ike 0: comes :4500->:4500,ifindex=60,vrf=0…
2024-08-11 12:33:30.107245 ike 0: IKEv2 exchange=INFORMATIONAL_RESPONSE id=241b2045416ec9c6/254d37d022d7965e:00000002 len=96
2024-08-11 12:33:30.107273 ike 0: in 241B2045416EC9C6254D37D022D7965E2E20252000000002000000600000004408B7E9005BD9133E74677ED0AC9987CBB4F9A2F8BC09081F5F0893ADEDBAD9644F235828E68AEB4768B209F6AABA01D3B62AE403ACF438E3F8A334DA81AED185
2024-08-11 12:33:30.122321 ike 0: comes :500->:500,ifindex=60,vrf=0…
2024-08-11 12:33:30.122380 ike 0: IKEv2 exchange=SA_INIT_RESPONSE id=b60ee57984cd53c0/962ae942c8bc83ee len=332
2024-08-11 12:33:30.122409 ike 0: in B60EE57984CD53C0962AE942C8BC83EE21202220000000000000014C220000300000002C010100040300000C0100000C800E0100030000080300000E030000080200000700000008040000152800008C001500000011167E022A8928520A37ECB55C5D61D40F165DD40CEC2E7D60DDFDAC57AB3DBA316D2C302BCE5FEFDB2818B8941091D342A42D7BC17CC5EADC380EE2F43F622B5C017B1C2C87D81F7419FFFDAEA9D1DA3E6880649861454FA42E92AEA5FA9DE84B05155E10274F2A04D3FF575A5FFD69F9FE93CC8CC3B6E6E0C078E7CF9A8D359B260929000024A53255F4B65152C4A8D561D0253A15D3166536CFCD7AAA0F8F24EE2844A426302900001C0000400484218EB0F66D95AADA99C7771511CE5F1301EBE82900001C00004005E00813A4AC8ECDDBA5685DC2524A4EE5A07EE0E0290000080000402E29000008000040220000000800004014
2024-08-11 12:33:30.122471 ike 0:IPsec-VPN01:573: initiator received SA_INIT response
2024-08-11 12:33:30.122494 ike 0:IPsec-VPN01:573: processing notify type NAT_DETECTION_SOURCE_IP
2024-08-11 12:33:30.122578 ike 0:IPsec-VPN01:573: processing NAT-D payload
2024-08-11 12:33:30.122606 ike 0:IPsec-VPN01:573: NAT not detected
2024-08-11 12:33:30.122627 ike 0:IPsec-VPN01:573: process NAT-D
2024-08-11 12:33:30.122645 ike 0:IPsec-VPN01:573: processing notify type NAT_DETECTION_DESTINATION_IP
2024-08-11 12:33:30.122694 ike 0:IPsec-VPN01:573: processing NAT-D payload
2024-08-11 12:33:30.122716 ike 0:IPsec-VPN01:573: NAT detected: ME
2024-08-11 12:33:30.122735 ike 0:IPsec-VPN01:573: process NAT-D
2024-08-11 12:33:30.122753 ike 0:IPsec-VPN01:573: processing notify type FRAGMENTATION_SUPPORTED
2024-08-11 12:33:30.122802 ike 0:IPsec-VPN01:573: processing notify type CHILDLESS_IKEV2_SUPPORTED
2024-08-11 12:33:30.122853 ike 0:IPsec-VPN01:573: processing notify type 16404
2024-08-11 12:33:30.122908 ike 0:IPsec-VPN01:573: incoming proposal:
2024-08-11 12:33:30.122928 ike 0:IPsec-VPN01:573: proposal id = 1:
2024-08-11 12:33:30.122946 ike 0:IPsec-VPN01:573: protocol = IKEv2:
2024-08-11 12:33:30.122964 ike 0:IPsec-VPN01:573: encapsulation = IKEv2/none
2024-08-11 12:33:30.122982 ike 0:IPsec-VPN01:573: type=ENCR, val=AES_CBC (key_len = 256)
2024-08-11 12:33:30.123001 ike 0:IPsec-VPN01:573: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2024-08-11 12:33:30.123018 ike 0:IPsec-VPN01:573: type=PRF, val=PRF_HMAC_SHA2_512
2024-08-11 12:33:30.123036 ike 0:IPsec-VPN01:573: type=DH_GROUP, val=ECP521.
2024-08-11 12:33:30.123062 ike 0:IPsec-VPN01:573: matched proposal id 1
2024-08-11 12:33:30.123080 ike 0:IPsec-VPN01:573: proposal id = 1:
2024-08-11 12:33:30.123097 ike 0:IPsec-VPN01:573: protocol = IKEv2:
2024-08-11 12:33:30.123115 ike 0:IPsec-VPN01:573: encapsulation = IKEv2/none
2024-08-11 12:33:30.123133 ike 0:IPsec-VPN01:573: type=ENCR, val=AES_CBC (key_len = 256)
2024-08-11 12:33:30.123150 ike 0:IPsec-VPN01:573: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2024-08-11 12:33:30.123167 ike 0:IPsec-VPN01:573: type=PRF, val=PRF_HMAC_SHA2_512
2024-08-11 12:33:30.123184 ike 0:IPsec-VPN01:573: type=DH_GROUP, val=ECP521.
2024-08-11 12:33:30.123201 ike 0:IPsec-VPN01:573: lifetime=28800
2024-08-11 12:33:30.142935 ike 0:IPsec-VPN01:573: IKE SA b60ee57984cd53c0/962ae942c8bc83ee SK_ei 32:18EBCD4929B0D8F617BE61804F17E53DAE8AFE746D68F6E958773E4BB98E1B4C
2024-08-11 12:33:30.143005 ike 0:IPsec-VPN01:573: IKE SA b60ee57984cd53c0/962ae942c8bc83ee SK_er 32:D117D5E06C4EB2B2BA1C86BB1D2830BCB33B79E22412DCAFB1228D24139445B0
2024-08-11 12:33:30.143043 ike 0:IPsec-VPN01:573: IKE SA b60ee57984cd53c0/962ae942c8bc83ee SK_ai 64:EC71D54E5AC77272E4995BE5759B9436FC5E831AB846E43F65239819A16B313723D3219359092AC53664BFD953D7B1B1E65F583162BB9998D67F0A3A4704C4D6
2024-08-11 12:33:30.143080 ike 0:IPsec-VPN01:573: IKE SA b60ee57984cd53c0/962ae942c8bc83ee SK_ar 64:146CB8AA22AC8BD6FC3DA56B7E7E48D72CEDF865FD65B2C14E20F72DB0E89376FD01E444CCA12FA9B40EEA7DC72473342F493E4D4DF263163D6BCE31E9B445F3
2024-08-11 12:33:30.143298 ike 0:IPsec-VPN01:573: initiator preparing AUTH msg
2024-08-11 12:33:30.143397 ike 0:IPsec-VPN01:573: sending INITIAL-CONTACT
2024-08-11 12:33:30.143459 ike 0:IPsec-VPN01:573: enc 290000280200000065347967716C51726C5961764741374F314A75423835553761436349327A797027000008000040002900004802000000890929B238B3AE1D8E68D7CEDCA1403D3D58DA523A54F0C7A27A50D988915C8EB616E971EF989A31F34D08016ED6BA6AF6E5F252AE0AB7CAB7332762BE824D4521000008000040242C00002C00000028010304032EF9CC8C0300000C0100000C800E0100030000080300000E00000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF03020103
2024-08-11 12:33:30.143561 ike 0:IPsec-VPN01:573: detected NAT
2024-08-11 12:33:30.143590 ike 0:IPsec-VPN01:573: NAT-T float port 4500
2024-08-11 12:33:30.143623 ike 0:IPsec-VPN01:573: out B60EE57984CD53C0962AE942C8BC83EE2E20230800000001000001302300011483960C098100E4C2FAD23EC8DF21436A7D55FA3D91C195DF646B57DD9CD5D7BDF35C412C5FA277B963FD2A71D98350499F8CFEE899D50E08C80D21CB5AA3735E9FF3D592FA558766A9A490AA2BE5D8F2EF4F606166AA28EF5670D7F256D725956E5DB034965D2C2BF49E3FA6C743262CBA114085BE0DB6D70CD53F9FF5FE9D25ED2F60607DAB7D19EE469514B41B2D5CFC8B19A5B2775237F413CA92749435802A2664C0BC422BF4E861C8C36180FF0338FC050A60FEC9558C3C8882436E0C901090D57FB2D56127455D80F2B25707FD6F5E4BBCC2E78931A6CDA7D02F79343777B3968D3733F6A07D77E40EB6D5A67A539E38D45435434E403E9D507661221226AD095DC5C0B6D718716567A2F2DF75
2024-08-11 12:33:30.143731 ike 0:IPsec-VPN01:573: sent IKE msg (AUTH): :4500->:4500, len=304, vrf=0, id=b60ee57984cd53c0/962ae942c8bc83ee:00000001
2024-08-11 12:33:30.146633 ike shrank heap by 159744 bytes
2024-08-11 12:33:30.721668 ike 0:IPsec-VPN01:IPsec-VPN01: IPsec SA connect 60 → :0
2024-08-11 12:33:30.721727 ike 0:IPsec-VPN01:IPsec-VPN01: using existing connection
2024-08-11 12:33:30.721751 ike 0:IPsec-VPN01:IPsec-VPN01: traffic triggered, serial=1 1:172.16.0.1:2048->1:8.8.8.8:0
2024-08-11 12:33:30.721772 ike 0:IPsec-VPN01:IPsec-VPN01: config found
2024-08-11 12:33:30.721790 ike 0:IPsec-VPN01: request is on the queue
2024-08-11 12:33:30.918205 ike 0: comes :4500->:4500,ifindex=60,vrf=0…
2024-08-11 12:33:30.918276 ike 0: IKEv2 exchange=AUTH_RESPONSE id=b60ee57984cd53c0/962ae942c8bc83ee:00000001 len=288
2024-08-11 12:33:30.918301 ike 0: in B60EE57984CD53C0962AE942C8BC83EE2E2023200000000100000120240001045AA7205B8B4EDDC434AAC1772C70C9F21E982E255391981C4299792ABF42A6AC8B2E3395B069E678E7CC4A7D9E903FCA44E7362B5C4AB540C8F7C5B0F00161B1A96BC228A7E8C4133C99D710035214819C0A9B16EEA562C41A563266D440EC5CD36BF9BF780E86E5D8675542282CD4C04394D04AAE73A152FA904677F4227383410626FF6911DF1D48C7D37B7626B0210D0BBC47058A462EEA0D337E4B19CEF82A92856ECC3671394633B12641ED0E16684F1C436DC61B1E3B9498542F40D750AEE0B5A694EF3A9C471166FBED49716E1780BED4D5ADBDB3C1C27C3D4CF2AAFBC19798B47AC504C6B10580D2D3442F55994D73D34FF45CD2BE664C808D19FCF0
2024-08-11 12:33:30.918433 ike 0:IPsec-VPN01:573: dec B60EE57984CD53C0962AE942C8BC83EE2E20232000000001000000EC24000004270000280200000065347967716C51726C5961764741374F314A75423835553761436349327A797021000048020000002D909FAE8F9EE0ABE4423C75C1F4DF1078E40DE8B2620E998CDCBE8204BEB41DD5C0A2E2DBA82562FDB7C50D43926509F416DE7BCC880D1379F78823E9A5E7062C00002C0000002801030403C01E7D6A0300000C0100000C800E0100030000080300000E00000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF
2024-08-11 12:33:30.918482 ike 0:IPsec-VPN01:573: initiator received AUTH msg
2024-08-11 12:33:30.918505 ike 0:IPsec-VPN01:573: received peer identifier FQDN ‘e4ygqlQrlYavGA7O1JuB85U7aCcI2zyp’
2024-08-11 12:33:30.918595 ike 0:IPsec-VPN01:573: auth verify done
2024-08-11 12:33:30.918617 ike 0:IPsec-VPN01:573: initiator AUTH continuation
2024-08-11 12:33:30.918635 ike 0:IPsec-VPN01:573: authentication succeeded
2024-08-11 12:33:30.918664 ike 0:IPsec-VPN01:573: established IKE SA b60ee57984cd53c0/962ae942c8bc83ee
2024-08-11 12:33:30.918780 ike 0:IPsec-VPN01:573: check peer route: if_addr4_rcvd=0, if_addr6_rcvd=0, mode_cfg=0
2024-08-11 12:33:30.918947 ike 0:IPsec-VPN01: set oper up
2024-08-11 12:33:30.918968 ike 0:IPsec-VPN01: schedule auto-negotiate
2024-08-11 12:33:30.919170 ike 0:IPsec-VPN01:573:1951: peer proposal:
2024-08-11 12:33:30.919197 ike 0:IPsec-VPN01:573:1951: TSr_0 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:30.919223 ike 0:IPsec-VPN01:573:1951: TSi_0 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:30.919243 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: comparing selectors
2024-08-11 12:33:30.919266 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: matched by rfc-rule-2
2024-08-11 12:33:30.919285 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: phase2 matched by subset
2024-08-11 12:33:30.919306 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: accepted proposal:
2024-08-11 12:33:30.919327 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: TSr_0 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:30.919349 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: TSi_0 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:30.919369 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: autokey
2024-08-11 12:33:30.919391 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: incoming child SA proposal:
2024-08-11 12:33:30.919411 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: proposal id = 1:
2024-08-11 12:33:30.919430 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: protocol = ESP:
2024-08-11 12:33:30.919448 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: encapsulation = TUNNEL
2024-08-11 12:33:30.919468 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: type=ENCR, val=AES_CBC (key_len = 256)
2024-08-11 12:33:30.919488 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: type=INTEGR, val=SHA512
2024-08-11 12:33:30.919506 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: type=ESN, val=NO
2024-08-11 12:33:30.919539 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: PFS is disabled
2024-08-11 12:33:30.919580 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: matched proposal id 1
2024-08-11 12:33:30.919600 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: proposal id = 1:
2024-08-11 12:33:30.919618 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: protocol = ESP:
2024-08-11 12:33:30.919636 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: encapsulation = TUNNEL
2024-08-11 12:33:30.919655 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: type=ENCR, val=AES_CBC (key_len = 256)
2024-08-11 12:33:30.919674 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: type=INTEGR, val=SHA512
2024-08-11 12:33:30.919693 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: type=ESN, val=NO
2024-08-11 12:33:30.919712 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: PFS is disabled
2024-08-11 12:33:30.919729 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: lifetime=28800
2024-08-11 12:33:30.919809 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: replay protection enabled
2024-08-11 12:33:30.919834 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: set sa life soft seconds=28500.
2024-08-11 12:33:30.919854 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: set sa life hard seconds=28800.
2024-08-11 12:33:30.919911 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: IPsec SA selectors #src=1 #dst=1
2024-08-11 12:33:30.919954 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: src 0 7 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:30.919979 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: dst 0 7 0:0.0.0.0-255.255.255.255:0
2024-08-11 12:33:30.919999 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: add IPsec SA: SPIs=2ef9cc8c/c01e7d6a
2024-08-11 12:33:30.920020 ike 0:IPsec-VPN01:573:IPsec-VPN01:1951: IPsec SA dec spi 2ef9cc8c key 32:20F725F30604DDD5F6E84F40AB6BB6B9B990976C254E8EF021CF07829F8D3BED auth 64:BAAA1CD4FA06730C6EE685997DEB1AB516592528DF19DE9E5EE392769D4AA9C1B9FC2CC3AEA546D4DDC3032CF8D1FA0EA2012C273262CFCFE2E593BE676B2BCD
------------Logs Vyos------------
Aug 11 11:41:33 charon[2739]: 08[IKE] <14> is initiating an IKE_SA
Aug 11 11:41:33 charon-systemd[2739]: is initiating an IKE_SA
Aug 11 11:41:33 charon[2739]: 08[CFG] <14> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521
Aug 11 11:41:33 charon-systemd[2739]: selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521
Aug 11 11:41:33 charon[2739]: 08[IKE] <14> remote host is behind NAT
Aug 11 11:41:33 charon-systemd[2739]: remote host is behind NAT
Aug 11 11:41:33 charon[2739]: 08[ENC] <14> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
Aug 11 11:41:33 charon-systemd[2739]: generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
Aug 11 11:41:33 charon[2739]: 08[NET] <14> sending packet: from [500] to [500] (332 bytes)
Aug 11 11:41:33 charon-systemd[2739]: sending packet: from [500] to [500] (332 bytes)
Aug 11 11:41:33 charon[2739]: 06[NET] <14> received packet: from [4500] to [4500] (336 bytes)
Aug 11 11:41:33 charon-systemd[2739]: received packet: from [4500] to [4500] (336 bytes)
Aug 11 11:41:33 charon[2739]: 06[ENC] <14> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) AUTH N(MSG_ID_SYN_SUP) SA TSi TSr ]
Aug 11 11:41:33 charon[2739]: 06[CFG] <14> looking for peer configs matching [%any]…[Local/PeerID]
Aug 11 11:41:33 charon-systemd[2739]: parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) AUTH N(MSG_ID_SYN_SUP) SA TSi TSr ]
Aug 11 11:41:33 charon-systemd[2739]: looking for peer configs matching [%any]…[Local/PeerID]
Aug 11 11:41:34 charon[2739]: 06[CFG] <IPsec01|14> selected peer config ‘IPsec01’
Aug 11 11:41:34 charon[2739]: 06[IKE] <IPsec01|14> authentication of ‘Local/PeerID’ with pre-shared key successful
Aug 11 11:41:34 charon-systemd[2739]: selected peer config ‘IPsec01’
Aug 11 11:41:34 charon[2739]: 06[IKE] <IPsec01|14> authentication of ‘Local/PeerID’ (myself) with pre-shared key
Aug 11 11:41:34 charon-systemd[2739]: authentication of ‘Local/PeerID’ with pre-shared key successful
Aug 11 11:41:34 charon[2739]: 06[IKE] <IPsec01|14> IKE_SA IPsec01[14] established between [Local/PeerID]…[Local/PeerID]
Aug 11 11:41:34 charon-systemd[2739]: authentication of ‘Local/PeerID’ (myself) with pre-shared key
Aug 11 11:41:34 charon[2739]: 06[IKE] <IPsec01|14> scheduling rekeying in 27721s
Aug 11 11:41:34 charon-systemd[2739]: IKE_SA IPsec01[14] established between [Local/PeerID]…[Local/PeerID]
Aug 11 11:41:34 charon[2739]: 06[IKE] <IPsec01|14> maximum IKE_SA lifetime 30601s
Aug 11 11:41:34 charon-systemd[2739]: scheduling rekeying in 27721s
Aug 11 11:41:34 charon[2739]: 06[CFG] <IPsec01|14> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_512_256/NO_EXT_SEQ
Aug 11 11:41:34 charon-systemd[2739]: maximum IKE_SA lifetime 30601s
Aug 11 11:41:34 charon[2739]: 06[IKE] <IPsec01|14> CHILD_SA IPsec01-vti{10} established with SPIs cb21c7e4_i f7550330_o and TS 0.0.0.0/0 === 0.0.0.0/0
Aug 11 11:41:34 charon-systemd[2739]: selected proposal: ESP:AES_CBC_256/HMAC_SHA2_512_256/NO_EXT_SEQ
Aug 11 11:41:34 charon-systemd[2739]: CHILD_SA IPsec01-vti{10} established with SPIs cb21c7e4_i f7550330_o and TS 0.0.0.0/0 === 0.0.0.0/0
Aug 11 11:41:34 vti-up-down[3288]: Interface vti0 up-client IPsec01-vti
Aug 11 11:41:34 sudo[3307]: root : PWD=/ ; USER=root ; COMMAND=/usr/sbin/dmidecode -t 4
Aug 11 11:41:34 sudo[3307]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
Aug 11 11:41:34 sudo[3307]: pam_unix(sudo:session): session closed for user root
Aug 11 11:41:34 vti-up-down[3288]: Interface vti0 is admin up …
Aug 11 11:41:34 charon[2739]: 06[ENC] <IPsec01|14> generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
Aug 11 11:41:34 charon-systemd[2739]: generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
Aug 11 11:41:34 charon[2739]: 06[NET] <IPsec01|14> sending packet: from [4500] to [4500] (288 bytes)
Aug 11 11:41:34 charon-systemd[2739]: parsed INFORMATIONAL request 226
Aug 11 11:41:34 charon-systemd[2739]: sending packet: from [4500] to [4500] (288 bytes)