And now with log.
ikev2_recv: IKE_SA_INIT request from initiator 37.47.4.5:9911 to 31.178.147.125:500 policy 'roadwarrior' id 0, 652 bytes ikev2_recv: ispi 0x5e13d636599e1781 rspi 0x0000000000000000 ikev2_policy2id: srcid FQDN/keibi.viq.im length 16 ikev2_pld_parse: header ispi 0x5e13d636599e1781 rspi 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 652 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 244 ikev2_pld_sa: more than one proposal specified ikev2_pld_sa: more 2 reserved 0 length 136 proposal #1 protoid IKE spisize 0 xforms 15 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id <UNKNOWN:24> ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group <UNKNOWN:24> reserved 0 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP ikev2_nat_detection: peer source 0x5e13d636599e1781 0x0000000000000000 37.47.4.5:9911 ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP encapsulation ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP ikev2_nat_detection: peer destination 0x5e13d636599e1781 0x0000000000000000 31.178.147.125:500 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16 ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS ikev2_pld_notify: signature hash SHA1 (1) ikev2_pld_notify: signature hash SHA2_256 (2) ikev2_pld_notify: signature hash SHA2_384 (3) ikev2_pld_notify: signature hash SHA2_512 (4) ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED sa_state: INIT -> SA_INIT ikev2_sa_negotiate: score 4 sa_stateok: SA_INIT flags 0x0000, require 0x0000 sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) ikev2_sa_responder_dh: want dh MODP_2048, KE has <UNKNOWN:24> ikev2_resp_ike_invalid_ke: rejecting with INVALID_KE_PAYLOAD ikev2_next_payload: length 10 nextpayload NONE ikev2_pld_parse: header ispi 0x5e13d636599e1781 rspi 0x02275a5878cc81a8 nextpayload NOTIFY version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 38 response 1 ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 10 ikev2_pld_notify: protoid NONE spisize 0 type INVALID_KE_PAYLOAD ikev2_msg_send: IKE_SA_INIT response from 31.178.147.125:500 to 37.47.4.5:9911 msgid 0, 38 bytes ikev2_resp_recv: failed to get IKE SA keys sa_state: SA_INIT -> CLOSED from any to any policy 'roadwarrior' config_free_proposals: free 0x1825d2eef480 ikev2_recv: IKE_SA_INIT request from initiator 37.47.4.5:9911 to 31.178.147.125:500 policy 'roadwarrior' id 0, 652 bytes ikev2_recv: ispi 0x5e13d636599e1781 rspi 0x0000000000000000 ikev2_recv: updated SA to peer 37.47.4.5:9911 local 31.178.147.125:500 ikev2_resp_recv: SA already exists ikev2_recv: closing SA sa_free: ispi 0x5e13d636599e1781 rspi 0x02275a5878cc81a8 config_free_proposals: free 0x1825d2eefe00 ikev2_recv: IKE_SA_INIT request from initiator 37.47.4.5:9911 to 31.178.147.125:500 policy 'roadwarrior' id 0, 652 bytes ikev2_recv: ispi 0x5e13d636599e1781 rspi 0x0000000000000000 ikev2_policy2id: srcid FQDN/keibi.viq.im length 16 ikev2_pld_parse: header ispi 0x5e13d636599e1781 rspi 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 652 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 244 ikev2_pld_sa: more than one proposal specified ikev2_pld_sa: more 2 reserved 0 length 136 proposal #1 protoid IKE spisize 0 xforms 15 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id <UNKNOWN:24> ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP ikev2_nat_detection: peer source 0x5e13d636599e1781 0x0000000000000000 37.47.4.5:9911 ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP encapsulation ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP ikev2_nat_detection: peer destination 0x5e13d636599e1781 0x0000000000000000 31.178.147.125:500 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16 ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS ikev2_pld_notify: signature hash SHA1 (1) ikev2_pld_notify: signature hash SHA2_256 (2) ikev2_pld_notify: signature hash SHA2_384 (3) ikev2_pld_notify: signature hash SHA2_512 (4) ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED sa_state: INIT -> SA_INIT ikev2_sa_negotiate: score 4 sa_stateok: SA_INIT flags 0x0000, require 0x0000 sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) ikev2_sa_keys: SKEYSEED with 32 bytes ikev2_sa_keys: S with 80 bytes ikev2_prfplus: T1 with 32 bytes ikev2_prfplus: T2 with 32 bytes ikev2_prfplus: T3 with 32 bytes ikev2_prfplus: T4 with 32 bytes ikev2_prfplus: T5 with 32 bytes ikev2_prfplus: T6 with 32 bytes ikev2_prfplus: T7 with 32 bytes ikev2_prfplus: Tn with 224 bytes ikev2_sa_keys: SK_d with 32 bytes ikev2_sa_keys: SK_ai with 32 bytes ikev2_sa_keys: SK_ar with 32 bytes ikev2_sa_keys: SK_ei with 32 bytes ikev2_sa_keys: SK_er with 32 bytes ikev2_sa_keys: SK_pi with 32 bytes ikev2_sa_keys: SK_pr with 32 bytes ikev2_add_proposals: length 44 ikev2_next_payload: length 48 nextpayload KE ikev2_next_payload: length 264 nextpayload NONCE ikev2_next_payload: length 36 nextpayload NOTIFY ikev2_nat_detection: local source 0x5e13d636599e1781 0x5106f5e9ea6b5555 31.178.147.125:500 ikev2_next_payload: length 28 nextpayload NOTIFY ikev2_nat_detection: local destination 0x5e13d636599e1781 0x5106f5e9ea6b5555 37.47.4.5:9911 ikev2_next_payload: length 28 nextpayload NOTIFY ikev2_next_payload: length 14 nextpayload NONE ikev2_pld_parse: header ispi 0x5e13d636599e1781 rspi 0x5106f5e9ea6b5555 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 446 response 1 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS ikev2_msg_send: IKE_SA_INIT response from 31.178.147.125:500 to 37.47.4.5:9911 msgid 0, 446 bytes config_free_proposals: free 0x1825fe94a400 ikev2_recv: IKE_SA_INIT request from initiator 37.47.4.5:9911 to 31.178.147.125:500 policy 'roadwarrior' id 0, 652 bytes ikev2_recv: ispi 0x5e13d636599e1781 rspi 0x0000000000000000 ikev2_recv: updated SA to peer 37.47.4.5:9911 local 31.178.147.125:500 ikev2_resp_recv: SA already exists
