Setting up VPN on Fedora

Hi, sorry for the delayed response. I did some reading to try to understand SAN (link for any future confused readers https://www.entrust.com/blog/2019/03/what-is-a-san-and-how-is-it-used).

I found out that Sectigo stores my company’s CA. I guess that is why I never needed to download a certificate myself for Ubuntu. I was wondering if I can find the certificates on my Ubuntu virtual machine somewhere and copy them over to my F42?

I checked journalctl -b -t charon-nm on the Ubuntu virtual machine—see next reply as I could fit it within the character limit of this reply.

I tried to redact the log in a more helpful way this time by replacing the username with username and address with address.

Comparing this Ubuntu log with the F42 log, I noticed two differences:

1. The sending packet: from 10.0.2.15[58249] to 131.111.2.3[500] (940 bytes) lines from Ubuntu have a smaller size in bytes than on F42.
2. The logs differ when Ubuntu starts sending cert requests, but F42 does not seem to do this.

I also checked, and the Ubuntu virtual machine I have been testing on is 25.04 (the latest version, as it has better support for my hardware than the stable release). Ubuntu 25.04 is based on Debian 13 (What Debian version are the different Ubuntu versions based on? - Ask Ubuntu), so it is odd that it works on Ubuntu and not Debian 13.

Log part 1/2:

$ nmcli conn up testvpn
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
$ journalctl -b -t charon-nm
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[DMN] Starting charon NetworkManager backend (strongSwan 5.9.13)
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'ldap': failed to load - ldap_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'pkcs11': failed to load - pkcs11_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'tpm': failed to load - tpm_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'rdrand': failed to load - rdrand_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] providers loaded by OpenSSL: legacy default
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'gcrypt': failed to load - gcrypt_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'af-alg': failed to load - af_alg_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'curve25519': failed to load - curve25519_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'chapoly': failed to load - chapoly_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'cmac': failed to load - cmac_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'ctr': failed to load - ctr_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'ccm': failed to load - ccm_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'ntru': failed to load - ntru_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] plugin 'curl': failed to load - curl_plugin_create not found and no plugin file available
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] loaded plugins: nm-backend charon-nm aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pkcs1 pkcs7 sshkey pem openssl pkcs8 fips-prf gmp agent xcbc hmac kdf gcm drbg kernel-netlink socket-default bypass-lan eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 00[JOB] spawning 16 worker threads
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 06[IKE] installed bypass policy for 10.0.2.0/24
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 06[IKE] installed bypass policy for fe80::/64
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 06[IKE] installed bypass policy for fec0::/64
Aug 20 20:55:33 ckl-virtual charon-nm[16812]: 05[CFG] received initiate for NetworkManager connection testvpn
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 05[CFG] using gateway identity 'address'
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 05[CFG] created XFRM interface nm-xfrm-1875516 for NetworkManager connection testvpn
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 14[KNL] interface nm-xfrm-1875516 activated
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 06[KNL] fe80::b4d3:3636:c6ba:6e8b appeared on nm-xfrm-1875516
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 05[IKE] initiating IKE_SA testvpn[1] to 131.111.2.3
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 05[NET] sending packet: from 10.0.2.15[58249] to 131.111.2.3[500] (972 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[NET] received packet: from 131.111.2.3[500] to 10.0.2.15[58249] (38 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[IKE] initiating IKE_SA testvpn[1] to 131.111.2.3
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[NET] sending packet: from 10.0.2.15[58249] to 131.111.2.3[500] (940 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[NET] received packet: from 131.111.2.3[500] to 10.0.2.15[58249] (305 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[CFG] selected proposal: IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/CURVE_25519
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] local host is behind NAT, sending keep alives
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] remote host is behind NAT
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] received cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] received cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] received 1 cert requests for an unknown ca
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=Deutsche Telekom Security GmbH, CN=Telekom Security TLS RSA Root 2023"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=Cybertrust Japan Co., Ltd., CN=SecureSign Root CA15"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=CommScope, CN=CommScope Public Trust RSA Root-02"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P256 Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=RO, O=CERTSIGN SA, OU=certSIGN ROOT CA G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=Cybertrust Japan Co., Ltd., CN=SecureSign Root CA12"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P384 Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=iTrusChina Co.,Ltd., CN=vTrus Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST BR Root CA 1 2020"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=FR, O=Dhimyotis, CN=Certigna"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS ECC Root CA 2021"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=UniTrust, CN=UCA Global G2 Root"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "CN=Atos TrustedRoot 2011, O=Atos, C=DE"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Commercial"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=CommScope, CN=CommScope Public Trust ECC Root-01"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, E=info@e-szigno.hu"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, O=FNMT-RCM, OU=Ceres, 55:04:61=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=SSL Corporation, CN=SSL.com TLS RSA Root CA 2022"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=Deutsche Telekom Security GmbH, CN=Telekom Security TLS ECC Root 2020"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root R46"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=UniTrust, CN=UCA Extended Validation Root"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "O=TeliaSonera, CN=TeliaSonera Root CA v1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, O=Firmaprofesional SA, 55:04:61=VATES-A62634068, CN=FIRMAPROFESIONAL CA ROOT-A WEB"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Certainly, CN=Certainly Root R1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=RO, O=certSIGN, OU=certSIGN ROOT CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P384 Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS RSA Root CA 2021"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=SSL Corporation, CN=SSL.com TLS ECC Root CA 2022"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root R46"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "O=TeliaSonera, CN=TeliaSonera Root CA v1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST EV Root CA 1 2020"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=Deutsche Telekom Security GmbH, CN=Telekom Security TLS RSA Root 2023"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=CommScope, CN=CommScope Public Trust ECC Root-02"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=Cybertrust Japan Co., Ltd., CN=SecureSign Root CA14"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=CommScope, CN=CommScope Public Trust RSA Root-01"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., 55:04:61=VATHU-23584497, CN=e-Szigno Root CA 2017"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "CN=Atos TrustedRoot 2011, O=Atos, C=DE"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=Secure Global CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA CYBER Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=RO, O=certSIGN, OU=certSIGN ROOT CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=UniTrust, CN=UCA Global G2 Root"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS RSA Root CA 2021"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum Trusted Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=SSL Corporation, CN=SSL.com TLS ECC Root CA 2022"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=AT, O=e-commerce monitoring GmbH, CN=GLOBALTRUST 2020"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root E46"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, O=IZENPE S.A., CN=Izenpe.com"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST BR Root CA 1 2020"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=SSL Corporation, CN=SSL.com TLS RSA Root CA 2022"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=CommScope, CN=CommScope Public Trust RSA Root-01"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=HU, L=Budapest, O=NetLock Kft., OU=Tan??s??tv??nykiad??k (Certification Services), CN=NetLock Arany (Class Gold) F??tan??s??tv??ny"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Certainly, CN=Certainly Root E1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=CommScope, CN=CommScope Public Trust ECC Root-01"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=CommScope, CN=CommScope Public Trust ECC Root-02"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=CommScope, CN=CommScope Public Trust RSA Root-02"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, E=info@e-szigno.hu"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=iTrusChina Co.,Ltd., CN=vTrus ECC Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TN, O=Agence Nationale de Certification Electronique, CN=TunTrust Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3"

Log part 2/2:

Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "CN=Atos TrustedRoot Root CA RSA TLS 2021, O=Atos, C=DE"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=HU, L=Budapest, O=NetLock Kft., OU=Tan??s??tv??nykiad??k (Certification Services), CN=NetLock Arany (Class Gold) F??tan??s??tv??ny"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root E46"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Networking"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST EV Root CA 1 2020"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert, Inc., CN=DigiCert TLS ECC P384 Root G5"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=SecureTrust CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia Global Root CA G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=Chunghwa Telecom Co., Ltd., CN=HiPKI Root CA - G1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TN, O=Agence Nationale de Certification Electronique, CN=TunTrust Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA CYBER Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Certainly, CN=Certainly Root E1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., 55:04:61=VATHU-23584497, CN=e-Szigno Root CA 2017"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia Global Root CA G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert, Inc., CN=DigiCert TLS RSA4096 Root G5"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS ECC Root CA 2021"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert, Inc., CN=DigiCert TLS ECC P384 Root G5"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=UniTrust, CN=UCA Extended Validation Root"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=SecureTrust CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "CN=Atos TrustedRoot Root CA ECC TLS 2021, O=Atos, C=DE"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=iTrusChina Co.,Ltd., CN=vTrus ECC Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, O=FNMT-RCM, OU=Ceres, 55:04:61=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, O=IZENPE S.A., CN=Izenpe.com"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root E46"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Certainly, CN=Certainly Root R1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication ECC RootCA1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=ES, O=Firmaprofesional SA, 55:04:61=VATES-A62634068, CN=FIRMAPROFESIONAL CA ROOT-A WEB"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=Chunghwa Telecom Co., Ltd., CN=HiPKI Root CA - G1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=Cybertrust Japan Co., Ltd., CN=SecureSign Root CA14"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P256 Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=FI, O=Telia Finland Oyj, CN=Telia Root CA v2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication ECC RootCA1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum EC-384 CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia Global Root CA G4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=Cybertrust Japan Co., Ltd., CN=SecureSign Root CA15"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=JP, O=Cybertrust Japan Co., Ltd., CN=SecureSign Root CA12"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root E46"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=AT, O=e-commerce monitoring GmbH, CN=GLOBALTRUST 2020"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=DigiCert, Inc., CN=DigiCert TLS RSA4096 Root G5"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum EC-384 CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=iTrusChina Co.,Ltd., CN=vTrus Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Networking"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum Trusted Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=FI, O=Telia Finland Oyj, CN=Telia Root CA v2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia Global Root CA G4"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA1"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "CN=Atos TrustedRoot Root CA ECC TLS 2021, O=Atos, C=DE"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Commercial"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=FR, O=Dhimyotis, CN=Certigna"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "CN=Atos TrustedRoot Root CA RSA TLS 2021, O=Atos, C=DE"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=Deutsche Telekom Security GmbH, CN=Telekom Security TLS ECC Root 2020"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=RO, O=CERTSIGN SA, OU=certSIGN ROOT CA G2"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=Secure Global CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[IKE] establishing CHILD_SA testvpn{1}
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS NBNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 14[IKE] interface change for bypass policy for fe80::/64 (from enp1s0 to nm-xfrm-1875516)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[ENC] splitting IKE message (6575 bytes) into 6 fragments
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[ENC] generating IKE_AUTH request 1 [ EF(1/6) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[ENC] generating IKE_AUTH request 1 [ EF(2/6) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[ENC] generating IKE_AUTH request 1 [ EF(3/6) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[ENC] generating IKE_AUTH request 1 [ EF(4/6) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[ENC] generating IKE_AUTH request 1 [ EF(5/6) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[ENC] generating IKE_AUTH request 1 [ EF(6/6) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (1248 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (1248 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (1248 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (1248 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (1248 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 12[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (644 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 06[NET] received packet: from 131.111.2.3[4500] to 10.0.2.15[34265] (1248 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 06[ENC] parsed IKE_AUTH response 1 [ EF(1/4) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 06[ENC] received fragment #1 of 4, waiting for complete IKE message
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 07[NET] received packet: from 131.111.2.3[4500] to 10.0.2.15[34265] (1248 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 07[ENC] parsed IKE_AUTH response 1 [ EF(2/4) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 07[ENC] received fragment #2 of 4, waiting for complete IKE message
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 08[NET] received packet: from 131.111.2.3[4500] to 10.0.2.15[34265] (1248 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 08[ENC] parsed IKE_AUTH response 1 [ EF(3/4) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 08[ENC] received fragment #3 of 4, waiting for complete IKE message
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[NET] received packet: from 131.111.2.3[4500] to 10.0.2.15[34265] (662 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[ENC] parsed IKE_AUTH response 1 [ EF(4/4) ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[ENC] received fragment #4 of 4, reassembled fragmented IKE message (4219 bytes)
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[ENC] parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[IKE] received end entity cert "C=GB, ST=..., O=..., CN=address"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[IKE] received issuer cert "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG]   using certificate "C=GB, ST=..., O=..., CN=address"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG]   using untrusted intermediate certificate "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG]   using trusted ca certificate "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] certificate policy 1.3.6.1.4.1.6449.1.2.1.3.4 for 'C=GB, ST=..., O=..., CN=address' not allowed by trustchain, ignored
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] certificate policy 2.23.140.1.2.2 for 'C=GB, ST=..., O=..., CN=address' not allowed by trustchain, ignored
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG]   reached self-signed root ca with a path length of 1
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] checking certificate status of "C=GB, ST=..., O=..., CN=address"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG]   requesting ocsp status from 'http://ocsp.sectigo.com' ...
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[LIB] unable to fetch from http://ocsp.sectigo.com, no capable fetcher found
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] ocsp request to http://ocsp.sectigo.com failed
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] ocsp check failed, fallback to crl
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG]   fetching crl from 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl' ...
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[LIB] unable to fetch from http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl, no capable fetcher found
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] crl fetching failed
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] certificate status is not available
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] checking certificate status of "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA"
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG]   requesting ocsp status from 'http://ocsp.usertrust.com' ...
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[LIB] unable to fetch from http://ocsp.usertrust.com, no capable fetcher found
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] ocsp request to http://ocsp.usertrust.com failed
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] ocsp check failed, fallback to crl
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG]   fetching crl from 'http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl' ...
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[LIB] unable to fetch from http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl, no capable fetcher found
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] crl fetching failed
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[CFG] certificate status is not available
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[IKE] authentication of 'address' with RSA_EMSA_PKCS1_SHA2_384 successful
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[IKE] server requested EAP_IDENTITY (id 0x00), sending 'username'
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
Aug 20 20:55:34 ckl-virtual charon-nm[16812]: 11[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (95 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 12[IKE] retransmit 1 of request with message ID 2
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 12[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (95 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 10[NET] received packet: from 131.111.2.3[4500] to 10.0.2.15[34265] (104 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 10[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 10[IKE] server requested EAP_MSCHAPV2 authentication (id 0x01)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 10[ENC] generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 10[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (149 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 14[NET] received packet: from 131.111.2.3[4500] to 10.0.2.15[34265] (112 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 14[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 14[IKE] EAP-MS-CHAPv2 succeeded: '(null)'
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 14[ENC] generating IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 14[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (67 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 15[NET] received packet: from 131.111.2.3[4500] to 10.0.2.15[34265] (65 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 15[ENC] parsed IKE_AUTH response 4 [ EAP/SUCC ]
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 15[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 15[IKE] authentication of 'username' (myself) with EAP
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 15[ENC] generating IKE_AUTH request 5 [ AUTH ]
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 15[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (97 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[NET] received packet: from 131.111.2.3[4500] to 10.0.2.15[34265] (309 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[ENC] parsed IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[IKE] authentication of 'address' with EAP successful
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[IKE] installing new virtual IP 172.16.38.105
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[IKE] peer supports MOBIKE
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[IKE] IKE_SA testvpn[1] established between 10.0.2.15[username]...131.111.2.3[address]
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[IKE] scheduling rekeying in 35909s
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[IKE] maximum IKE_SA lifetime 36509s
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[CFG] selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 06[IKE] CHILD_SA testvpn{1} established with SPIs cb0ae162_i c29e186c_o and TS 172.16.38.105/32 === 0.0.0.0/0 ::/0
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 09[KNL] 172.16.38.105 appeared on nm-xfrm-1875516
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 14[IKE] sending address list update using MOBIKE
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 14[ENC] generating INFORMATIONAL request 6 [ N(ADD_6_ADDR) N(ADD_4_ADDR) ]
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 15[IKE] installed bypass policy for 10.0.2.2/32
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 14[NET] sending packet: from 10.0.2.15[34265] to 131.111.2.3[4500] (93 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 11[NET] received packet: from 131.111.2.3[4500] to 10.0.2.15[34265] (57 bytes)
Aug 20 20:55:38 ckl-virtual charon-nm[16812]: 11[ENC] parsed INFORMATIONAL response 6 [ ]
Aug 20 20:56:55 ckl-virtual charon-nm[16812]: 06[IKE] sending keep alive to 131.111.2.3[4500]

OK, it’s clear. First, your server uses the same kind of configuration as my model, so certificate on server and mschapv2 on client. Somehow strongswan lost the capability to handle system CA’s. Mint suggests doing something with it, but Fedora even does not.

I switched to LetsEncrypt certificate on server according to recipes on internet, and it fails just like yours.
Solution was to copy /etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X1.pem into /etc/strongswan/swanctl/x509ca (hoping not to upset SELinux from original location) and load that in the server certificate field of nm-connection-editor. Succes.

This ISRG_Root_X1.pem is the trusted root certificate of LetsEncrypt, if you can find yours in this folder, the problem is probably solved.

Now I’m surprised again: Linux mint 22 works just like Ubuntu and finds this root certificate.
But according to your report, Debian 13 does not.

Workaround, at least for Letsencrypt:

Place (and restorecon when needed) a file charon-nm.conf in /etc/strongswan/strongswan.d:

charon-nm {
ca_dir = /etc/pki/ca-trust/extracted/pem/directory-hash
}

See:

https://docs.strongswan.org/docs/latest/features/networkManager.html

I do not know whether this is a Fedora bug, I check Debian 13 too. .
The log shows now a long list of CA certs just like Mint.

Amazing, I did this without having to copy any .pem files around, and my VPN now connects—thank you so much!

Debian 13 is fine, may be you made the same mistake as I did: forget a tick in “request an inner IP address”,

So Ubuntu, Debian 13, Mint 22 and Archlinux work without hassle, this looks like a Fedora problem. All CA’s are present there as separate files in /etc/ssl/certs, while Fedora has symlinks with extension .0, apparently invisible for strongswan.
The certificates are stored in bundles.

Glad that it works. May be you can file a bug report?

The problem is already mentioned in bugzilla as https://bugzilla.redhat.com/show_bug.cgi?id=1504016 in 2018. Any certificate signed by someone in the list of default CA’s can be used on a VPN server, rest is DNS spoofing and you’re on the wrong VPN server. So it is known but not changed since Fedora 27 for security reasons. Apparently, other distributions including Windows (?) do not agree with this.