-- Journal begins at Sun 2023-01-29 14:29:14 CET, ends at Wed 2023-02-01 08:13:23 CET. --
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.8, Linux 6.1.8-amd64-vyos, x86_64)
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] PKCS11 module '<name>' lacks library path
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[PTS] TPM 2.0 - could not load "libtss2-tcti-tabrmd.so.0"
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[LIB] plugin 'tpm': failed to load - tpm_plugin_create returned NULL
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[NET] using forecast interface eth2.1291
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] loaded 0 RADIUS server configurations
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[CFG] HA config misses local/remote address
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[LIB] loaded plugins: charon test-vectors pkcs11 aesni aes rc2 sha2 sha1 md5 mgf1 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm drbg curl attr kernel-netlink resolve socket-default connmark forecast stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire addrblock counters
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jan 29 14:29:31 vpn-hn-hh-01-01 charon[2586]: 00[JOB] spawning 16 worker threads
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 08[CFG] loaded certificate '5c:1d:2c:07:fc:20:71:c6:b0:87:93:af:37:93:4a:51:38:b1:ff:6e'
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 12[CFG] loaded certificate 'c5:0d:c0:b1:9b:92:2b:09:a0:c3:9d:db:e2:47:41:fa:cd:58:f0:1c'
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 01[CFG] loaded RSA private key
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 08[CFG] added vici connection: vpn-hn-wl-01
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 08[CFG] initiating 'vpn-hn-wl-01-tunnel-1'
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 08[IKE] <vpn-hn-wl-01|1> initiating IKE_SA vpn-hn-wl-01[1] to <PUBLIC-IP-SITE-B>
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 08[ENC] <vpn-hn-wl-01|1> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 08[NET] <vpn-hn-wl-01|1> sending packet: from 10.12.4.241[500] to <PUBLIC-IP-SITE-B>[500] (464 bytes)
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 13[NET] <vpn-hn-wl-01|1> received packet: from <PUBLIC-IP-SITE-B>[500] to 10.12.4.241[500] (464 bytes)
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 13[ENC] <vpn-hn-wl-01|1> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 13[CFG] <vpn-hn-wl-01|1> selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 13[IKE] <vpn-hn-wl-01|1> local host is behind NAT, sending keep alives
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 13[IKE] <vpn-hn-wl-01|1> remote host is behind NAT
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 13[IKE] <vpn-hn-wl-01|1> authentication of 'vpn-hn-hh-01-01' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 13[IKE] <vpn-hn-wl-01|1> establishing CHILD_SA vpn-hn-wl-01-tunnel-1{1}
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 13[ENC] <vpn-hn-wl-01|1> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 13[NET] <vpn-hn-wl-01|1> sending packet: from 10.12.4.241[4500] to <PUBLIC-IP-SITE-B>[4500] (524 bytes)
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 01[NET] <vpn-hn-wl-01|1> received packet: from <PUBLIC-IP-SITE-B>[4500] to 10.12.4.241[4500] (76 bytes)
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 01[ENC] <vpn-hn-wl-01|1> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Jan 29 14:29:32 vpn-hn-hh-01-01 charon[2586]: 01[IKE] <vpn-hn-wl-01|1> received AUTHENTICATION_FAILED notify error
Jan 29 14:32:20 vpn-hn-hh-01-01 charon[2586]: 08[CFG] vici initiate IKE_SA 'vpn-hn-wl-02', me (null), other (null), limits 0
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 01[CFG] vici initiate IKE_SA 'vpn-hn-wl-01', me (null), other (null), limits 0
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 15[IKE] <vpn-hn-wl-01|2> initiating IKE_SA vpn-hn-wl-01[2] to <PUBLIC-IP-SITE-B>
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 15[ENC] <vpn-hn-wl-01|2> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 15[NET] <vpn-hn-wl-01|2> sending packet: from 10.12.4.241[500] to <PUBLIC-IP-SITE-B>[500] (464 bytes)
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 12[NET] <vpn-hn-wl-01|2> received packet: from <PUBLIC-IP-SITE-B>[500] to 10.12.4.241[500] (464 bytes)
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 12[ENC] <vpn-hn-wl-01|2> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 12[CFG] <vpn-hn-wl-01|2> selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 12[IKE] <vpn-hn-wl-01|2> local host is behind NAT, sending keep alives
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 12[IKE] <vpn-hn-wl-01|2> remote host is behind NAT
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 12[IKE] <vpn-hn-wl-01|2> authentication of 'vpn-hn-hh-01-01' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 12[ENC] <vpn-hn-wl-01|2> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 12[NET] <vpn-hn-wl-01|2> sending packet: from 10.12.4.241[4500] to <PUBLIC-IP-SITE-B>[4500] (444 bytes)
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 15[NET] <vpn-hn-wl-01|2> received packet: from <PUBLIC-IP-SITE-B>[4500] to 10.12.4.241[4500] (76 bytes)
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 15[ENC] <vpn-hn-wl-01|2> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Jan 29 14:32:24 vpn-hn-hh-01-01 charon[2586]: 15[IKE] <vpn-hn-wl-01|2> received AUTHENTICATION_FAILED notify error