D-Link • Просмотр темы - ipsec di-824 и Racoon (Debian 5.0 2.6.26)

Сообщения без ответов | Активные темы

Список форумов » Маршрутизаторы и Firewall

Часовой пояс: UTC + 3 часа

ipsec di-824 и Racoon (Debian 5.0 2.6.26)

Модераторы: Sergei Asmankin, Sergik, Vitaliy Korkunov

Страница 1 из 1

[ Сообщений: 2 ]

Предыдущая тема | Следующая тема

Автор

Сообщение

MIXa-sp

Заголовок сообщения: ipsec di-824 и Racoon (Debian 5.0 2.6.26)

Добавлено: Пт сен 10, 2010 10:24

Зарегистрирован: Пт сен 10, 2010 09:46
Сообщений: 9

racoon.conf

Код:

log debug2;
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";
 
padding 
{ 
maximum_length 20; 
randomize off; 
strict_check off; 
exclusive_tail off; 
} 

listen 
{ 
isakmp xx.xx.xx.xx [500]; 
#strict_address;
#isakmp_natt xx.xx.xx.xx [4500];
} 

timer 
{ 
# These value can be changed per remote node. 
counter 5; 
interval 20 sec; 
persend 1; 

# timer for waiting to complete each phase. 
phase1 30 sec; 
phase2 15 sec; 
} 

remote 9yy.yy.yy.yy
{ 
exchange_mode main,base; 
doi ipsec_doi; 
situation identity_only; 

my_identifier address xx.xx.xx.xx; 
peers_identifier address yy.yy.yy.yy; 

nonce_size 16; 
lifetime time 3600 sec; 
initial_contact on; 
support_proxy off; 
proposal_check obey; 
support_mip6 on;

proposal { 
encryption_algorithm 3des; 
hash_algorithm md5; 
authentication_method pre_shared_key ; 
dh_group 2; 
}
generate_policy off; 
} 

sainfo subnet 172.29.0.0/24 any address 172.30.0.0/24 any
{ 
pfs_group 2; 
lifetime time 3600 sec; 
encryption_algorithm 3des ; 
authentication_algorithm hmac_md5; 
compression_algorithm deflate ; 
}

ipsec.conf

Код:

#!/usr/sbin/setkey -f

flush;
spdflush;
spdadd 172.29.0.0/24 172.30.0.0/24 any -P out ipsec esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require;
spdadd 172.30.0.0/24 172.29.0.0/24 any -P in ipsec esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require;

di-824 Firmware Version: v2.10, Mon, Dec 29 2008

Код:

IKE Proposal group2 3des md5 3600 sec
IPSEC Proposal group2 esp 3des md5 3600 sec

log di-824

Код:

Sunday October 10, 2010 07:11:23 Receive IKE M1(INIT) : xx.xx.xx.xx --> yy.yy.yy.yy
Sunday October 10, 2010 07:11:23 Try to match with ENC:3DES AUTH:PSK HASH:MD5 Group:Group2
Sunday October 10, 2010 07:11:23 Send IKE M2(RESP) : yy.yy.yy.yy --> xx.xx.xx.xx
Sunday October 10, 2010 07:11:29 IKED re-TX : RESP to xx.xx.xx.xx
Sunday October 10, 2010 07:11:34 IKED re-TX : RESP to xx.xx.xx.xx
Sunday October 10, 2010 07:11:42 receiving a re-Tx MM msg, response the last msg
Sunday October 10, 2010 07:11:42 IKED re-TX : MM to xx.xx.xx.xx
Sunday October 10, 2010 07:11:53 IKED re-TX : RESP to xx.xx.xx.xx
Sunday October 10, 2010 07:12:01 receiving a re-Tx MM msg, response the last msg
Sunday October 10, 2010 07:12:01 IKED re-TX : MM to xx.xx.xx.xx
Sunday October 10, 2010 07:12:02 Send IKE (INFO) : delete yy.yy.yy.yy -> xx.xx.xx.xx phase 1
Sunday October 10, 2010 07:12:02 IKE phase1 (ISAKMP SA) remove : yy.yy.yy.yy <-> xx.xx.xx.xx

log racoon

Код:

Foreground mode.
2010-09-10 11:19:21: INFO: @(#)ipsec-tools 0.7.3 (http://ipsec-tools.sourceforge.net)
2010-09-10 11:19:21: INFO: @(#)This product linked OpenSSL 0.9.8o 01 Jun 2010 (http://www.openssl.org/)
2010-09-10 11:19:21: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2010-09-10 11:19:22: WARNING: /etc/racoon/racoon.conf:47: "support_mip6" it is obsoleted.  use "support_proxy".
2010-09-10 11:19:22: DEBUG2: lifetime = 3600
2010-09-10 11:19:22: DEBUG2: lifebyte = 0
2010-09-10 11:19:22: DEBUG2: encklen=0
2010-09-10 11:19:22: DEBUG2: p:1 t:1
2010-09-10 11:19:22: DEBUG2: 3DES-CBC(5)
2010-09-10 11:19:22: DEBUG2: MD5(1)
2010-09-10 11:19:22: DEBUG2: 1024-bit MODP group(2)
2010-09-10 11:19:22: DEBUG2: pre-shared key(1)
2010-09-10 11:19:22: DEBUG2: 
2010-09-10 11:19:22: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2010-09-10 11:19:22: DEBUG: getsainfo params: loc='172.29.0.0/24', rmt='172.30.0.0/24', peer='NULL', id=0
2010-09-10 11:19:22: DEBUG: getsainfo pass #2
2010-09-10 11:19:22: DEBUG2: parse successed.
2010-09-10 11:19:22: DEBUG: open /var/run/racoon/racoon.sock as racoon management.
2010-09-10 11:19:22: INFO: xx.xx.xx.xx[500] used as isakmp port (fd=5)
2010-09-10 11:19:22: INFO: xx.xx.xx.xx[500] used for NAT-T
2010-09-10 11:19:22: DEBUG: pk_recv: retry[0] recv() 
2010-09-10 11:19:22: DEBUG: get pfkey X_SPDDUMP message
2010-09-10 11:19:22: DEBUG2: 
02120000 1c000300 01000000 b35a0000 03000500 ff180000 02000000 ac1d0000
00000000 00000000 03000600 ff180000 02000000 ac1e0000 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 d44f894c 00000000 f9db894c 00000000
08001200 02000200 61010000 00000080 30003200 02020000 00000000 00000000
02000000 0a5b7d4d 00000000 00000000 02000000 5d6452c5 00000000 00000000
2010-09-10 11:19:22: DEBUG: pk_recv: retry[0] recv() 
2010-09-10 11:19:22: DEBUG: get pfkey X_SPDDUMP message
2010-09-10 11:19:22: DEBUG2: 
02120000 1c000100 02000000 b35a0000 03000500 ff180000 02000000 ac1e0000
00000000 00000000 03000600 ff180000 02000000 ac1d0000 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 d44f894c 00000000 00000000 00000000
08001200 02000100 68010000 00000080 30003200 02020000 00000000 00000000
02000000 5d6452c5 00000000 00000000 02000000 0a5b7d4d 00000000 00000000
2010-09-10 11:19:22: DEBUG: sub:0xbf80bd48: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in
2010-09-10 11:19:22: DEBUG: db :0xb88524c0: 172.29.0.0/24[0] 172.30.0.0/24[0] proto=any dir=out
2010-09-10 11:19:22: DEBUG: pk_recv: retry[0] recv() 
2010-09-10 11:19:22: DEBUG: get pfkey X_SPDDUMP message
2010-09-10 11:19:22: DEBUG2: 
02120000 1c000100 00000000 b35a0000 03000500 ff180000 02000000 ac1e0000
00000000 00000000 03000600 ff180000 02000000 ac1d0000 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 d44f894c 00000000 00000000 00000000
08001200 02000300 72010000 00000080 30003200 02020000 00000000 00000000
02000000 5d6452c5 00000000 00000000 02000000 0a5b7d4d 00000000 00000000
2010-09-10 11:19:22: DEBUG: sub:0xbf80bd48: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=fwd
2010-09-10 11:19:22: DEBUG: db :0xb88524c0: 172.29.0.0/24[0] 172.30.0.0/24[0] proto=any dir=out
2010-09-10 11:19:22: DEBUG: sub:0xbf80bd48: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=fwd
2010-09-10 11:19:22: DEBUG: db :0xb8853778: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in
2010-09-10 11:19:22: DEBUG: pk_recv: retry[0] recv() 
2010-09-10 11:19:22: DEBUG: get pfkey ACQUIRE message
2010-09-10 11:19:22: DEBUG2: 
02060003 0b000000 b3060000 00000000 03000500 00200000 02000000 0a5b7d4d
00000000 00000000 03000600 00200000 02000000 5d6452c5 00000000 00000000
02001200 02000200 61010000 00000000 01000d00 20000000
2010-09-10 11:19:22: DEBUG: suitable outbound SP found: 172.29.0.0/24[0] 172.30.0.0/24[0] proto=any dir=out.
2010-09-10 11:19:22: DEBUG: sub:0xbf80bc48: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in
2010-09-10 11:19:22: DEBUG: db :0xb88524c0: 172.29.0.0/24[0] 172.30.0.0/24[0] proto=any dir=out
2010-09-10 11:19:22: DEBUG: sub:0xbf80bc48: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in
2010-09-10 11:19:22: DEBUG: db :0xb8853778: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in
2010-09-10 11:19:22: DEBUG: suitable inbound SP found: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in.
2010-09-10 11:19:22: DEBUG: new acquire 172.29.0.0/24[0] 172.30.0.0/24[0] proto=any dir=out
2010-09-10 11:19:22: DEBUG: configuration found for yy.yy.yy.yy.
2010-09-10 11:19:22: DEBUG: getsainfo params: loc='172.29.0.0/24', rmt='172.30.0.0/24', peer='NULL', id=0
2010-09-10 11:19:22: DEBUG: getsainfo pass #2
2010-09-10 11:19:22: DEBUG: evaluating sainfo: loc='172.29.0.0/24', rmt='172.30.0.0/24', peer='ANY', id=0
2010-09-10 11:19:22: DEBUG: check and compare ids : values matched (IPv4_subnet)
2010-09-10 11:19:22: DEBUG: cmpid target: '172.29.0.0/24'
2010-09-10 11:19:22: DEBUG: cmpid source: '172.29.0.0/24'
2010-09-10 11:19:22: DEBUG: check and compare ids : values matched (IPv4_subnet)
2010-09-10 11:19:22: DEBUG: cmpid target: '172.30.0.0/24'
2010-09-10 11:19:22: DEBUG: cmpid source: '172.30.0.0/24'
2010-09-10 11:19:22: DEBUG: selected sainfo: loc='172.29.0.0/24', rmt='172.30.0.0/24', peer='ANY', id=0
2010-09-10 11:19:22: DEBUG:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2010-09-10 11:19:22: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2010-09-10 11:19:22: DEBUG: in post_acquire
2010-09-10 11:19:22: DEBUG: configuration found for yy.yy.yy.yy.
2010-09-10 11:19:22: INFO: IPsec-SA request for yy.yy.yy.yy queued due to no phase1 found.
2010-09-10 11:19:22: DEBUG: ===
2010-09-10 11:19:22: INFO: initiate new phase 1 negotiation: xx.xx.xx.xx[500]<=>yy.yy.yy.yy[500]
2010-09-10 11:19:22: INFO: begin Identity Protection mode.
2010-09-10 11:19:22: DEBUG: new cookie:
88e8f20467bd6f93 
2010-09-10 11:19:22: DEBUG: add payload of len 48, next type 13
2010-09-10 11:19:22: DEBUG: add payload of len 16, next type 0
2010-09-10 11:19:22: DEBUG: 100 bytes from xx.xx.xx.xx[500] to yy.yy.yy.yy[500]
2010-09-10 11:19:22: DEBUG: sockname xx.xx.xx.xx[500]
2010-09-10 11:19:22: DEBUG: send packet from xx.xx.xx.xx[500]
2010-09-10 11:19:22: DEBUG: send packet to yy.yy.yy.yy[500]
2010-09-10 11:19:22: DEBUG: src4 xx.xx.xx.xx[500]
2010-09-10 11:19:22: DEBUG: dst4 yy.yy.yy.yy[500]
2010-09-10 11:19:22: DEBUG: 1 times of 100 bytes message will be sent to yy.yy.yy.yy[500]
2010-09-10 11:19:22: DEBUG: 
88e8f204 67bd6f93 00000000 00000000 01100200 00000000 00000064 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c0e10
80010005 80030001 80020001 80040002 00000014 afcad713 68a1f1c9 6b8696fc
77570100
2010-09-10 11:19:22: DEBUG: resend phase1 packet 88e8f20467bd6f93:0000000000000000
2010-09-10 11:19:23: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:23: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:23: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:24: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:24: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:24: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:25: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:25: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:25: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:26: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:26: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:26: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:27: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:27: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:27: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:28: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:28: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:28: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:29: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:29: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:29: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:30: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:30: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:30: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:31: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:31: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:31: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:32: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:32: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:32: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:33: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:33: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:33: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:34: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:34: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:34: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:35: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:35: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:35: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:36: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:36: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:36: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:37: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:37: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:37: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:38: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:38: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:38: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:39: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:39: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:39: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:40: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:40: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:40: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:41: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:41: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:41: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:42: DEBUG: 100 bytes from xx.xx.xx.xx[500] to yy.yy.yy.yy[500]
2010-09-10 11:19:42: DEBUG: sockname xx.xx.xx.xx[500]
2010-09-10 11:19:42: DEBUG: send packet from xx.xx.xx.xx[500]
2010-09-10 11:19:42: DEBUG: send packet to yy.yy.yy.yy[500]
2010-09-10 11:19:42: DEBUG: src4 xx.xx.xx.xx[500]
2010-09-10 11:19:42: DEBUG: dst4 yy.yy.yy.yy[500]
2010-09-10 11:19:42: DEBUG: 1 times of 100 bytes message will be sent to yy.yy.yy.yy[500]
2010-09-10 11:19:42: DEBUG: 
88e8f204 67bd6f93 00000000 00000000 01100200 00000000 00000064 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c0e10
80010005 80030001 80020001 80040002 00000014 afcad713 68a1f1c9 6b8696fc
77570100
2010-09-10 11:19:42: DEBUG: resend phase1 packet 88e8f20467bd6f93:0000000000000000
2010-09-10 11:19:42: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:42: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:42: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:43: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:43: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:43: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:44: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:44: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:44: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:45: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:45: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:45: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:46: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:46: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:46: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:47: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:47: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:47: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:48: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:48: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:48: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:49: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:49: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:49: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:50: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:50: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:50: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:51: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:51: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:51: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:52: DEBUG2: CHKPH1THERE: extract_port.
2010-09-10 11:19:52: DEBUG2: CHKPH1THERE: found a ph1 wop.
2010-09-10 11:19:52: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:53: DEBUG: pk_recv: retry[0] recv() 
2010-09-10 11:19:53: DEBUG: get pfkey ACQUIRE message
2010-09-10 11:19:53: DEBUG2: 
02060003 0b000000 b4060000 00000000 03000500 00200000 02000000 0a5b7d4d
00000000 00000000 03000600 00200000 02000000 5d6452c5 00000000 00000000
02001200 02000262 61010000 001c0001 01000d00 20000000
2010-09-10 11:19:53: DEBUG: Zombie ph2 found, expiring it
2010-09-10 11:19:53: INFO: phase2 sa expired xx.xx.xx.xx-yy.yy.yy.yy
2010-09-10 11:19:53: DEBUG: suitable outbound SP found: 172.29.0.0/24[0] 172.30.0.0/24[0] proto=any dir=out.
2010-09-10 11:19:53: DEBUG: sub:0xbf80bc48: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in
2010-09-10 11:19:53: DEBUG: db :0xb88524c0: 172.29.0.0/24[0] 172.30.0.0/24[0] proto=any dir=out
2010-09-10 11:19:53: DEBUG: sub:0xbf80bc48: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in
2010-09-10 11:19:53: DEBUG: db :0xb8853778: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in
2010-09-10 11:19:53: DEBUG: suitable inbound SP found: 172.30.0.0/24[0] 172.29.0.0/24[0] proto=any dir=in.
2010-09-10 11:19:53: DEBUG: new acquire 172.29.0.0/24[0] 172.30.0.0/24[0] proto=any dir=out
2010-09-10 11:19:53: DEBUG: configuration found for yy.yy.yy.yy.
2010-09-10 11:19:53: DEBUG: getsainfo params: loc='172.29.0.0/24', rmt='172.30.0.0/24', peer='NULL', id=0
2010-09-10 11:19:53: DEBUG: getsainfo pass #2
2010-09-10 11:19:53: DEBUG: evaluating sainfo: loc='172.29.0.0/24', rmt='172.30.0.0/24', peer='ANY', id=0
2010-09-10 11:19:53: DEBUG: check and compare ids : values matched (IPv4_subnet)
2010-09-10 11:19:53: DEBUG: cmpid target: '172.29.0.0/24'
2010-09-10 11:19:53: DEBUG: cmpid source: '172.29.0.0/24'
2010-09-10 11:19:53: DEBUG: check and compare ids : values matched (IPv4_subnet)
2010-09-10 11:19:53: DEBUG: cmpid target: '172.30.0.0/24'
2010-09-10 11:19:53: DEBUG: cmpid source: '172.30.0.0/24'
2010-09-10 11:19:53: DEBUG: selected sainfo: loc='172.29.0.0/24', rmt='172.30.0.0/24', peer='ANY', id=0
2010-09-10 11:19:53: DEBUG:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2010-09-10 11:19:53: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2010-09-10 11:19:53: DEBUG: in post_acquire
2010-09-10 11:19:53: DEBUG: configuration found for yy.yy.yy.yy.
2010-09-10 11:19:53: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
2010-09-10 11:19:53: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP yy.yy.yy.yy[0]->xx.xx.xx.xx[0] 
2010-09-10 11:19:53: INFO: delete phase 2 handler.
2010-09-10 11:19:53: DEBUG: an undead schedule has been deleted.
2010-09-10 11:19:54: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:19:54: DEBUG2: getph1byaddr: start
2010-09-10 11:19:54: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:19:54: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:19:54: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:19:54: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:19:54: DEBUG2: matched
2010-09-10 11:19:54: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:19:54: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:55: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:19:55: DEBUG2: getph1byaddr: start
2010-09-10 11:19:55: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:19:55: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:19:55: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:19:55: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:19:55: DEBUG2: matched
2010-09-10 11:19:55: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:19:55: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:56: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:19:56: DEBUG2: getph1byaddr: start
2010-09-10 11:19:56: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:19:56: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:19:56: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:19:56: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:19:56: DEBUG2: matched
2010-09-10 11:19:56: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:19:56: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:57: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:19:57: DEBUG2: getph1byaddr: start
2010-09-10 11:19:57: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:19:57: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:19:57: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:19:57: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:19:57: DEBUG2: matched
2010-09-10 11:19:57: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:19:57: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:58: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:19:58: DEBUG2: getph1byaddr: start
2010-09-10 11:19:58: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:19:58: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:19:58: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:19:58: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:19:58: DEBUG2: matched
2010-09-10 11:19:58: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:19:58: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:19:59: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:19:59: DEBUG2: getph1byaddr: start
2010-09-10 11:19:59: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:19:59: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:19:59: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:19:59: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:19:59: DEBUG2: matched
2010-09-10 11:19:59: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:19:59: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:00: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:00: DEBUG2: getph1byaddr: start
2010-09-10 11:20:00: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:00: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:00: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:00: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:00: DEBUG2: matched
2010-09-10 11:20:00: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:00: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:01: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:01: DEBUG2: getph1byaddr: start
2010-09-10 11:20:01: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:01: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:01: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:01: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:01: DEBUG2: matched
2010-09-10 11:20:01: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:01: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:02: DEBUG: 100 bytes from xx.xx.xx.xx[500] to yy.yy.yy.yy[500]
2010-09-10 11:20:02: DEBUG: sockname xx.xx.xx.xx[500]
2010-09-10 11:20:02: DEBUG: send packet from xx.xx.xx.xx[500]
2010-09-10 11:20:02: DEBUG: send packet to yy.yy.yy.yy[500]
2010-09-10 11:20:02: DEBUG: src4 xx.xx.xx.xx[500]
2010-09-10 11:20:02: DEBUG: dst4 yy.yy.yy.yy[500]
2010-09-10 11:20:02: DEBUG: 1 times of 100 bytes message will be sent to yy.yy.yy.yy[500]
2010-09-10 11:20:02: DEBUG: 
88e8f204 67bd6f93 00000000 00000000 01100200 00000000 00000064 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c0e10
80010005 80030001 80020001 80040002 00000014 afcad713 68a1f1c9 6b8696fc
77570100
2010-09-10 11:20:02: DEBUG: resend phase1 packet 88e8f20467bd6f93:0000000000000000
2010-09-10 11:20:02: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:02: DEBUG2: getph1byaddr: start
2010-09-10 11:20:02: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:02: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:02: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:02: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:02: DEBUG2: matched
2010-09-10 11:20:02: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:02: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:03: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:03: DEBUG2: getph1byaddr: start
2010-09-10 11:20:03: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:03: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:03: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:03: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:03: DEBUG2: matched
2010-09-10 11:20:03: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:03: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:04: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:04: DEBUG2: getph1byaddr: start
2010-09-10 11:20:04: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:04: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:04: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:04: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:04: DEBUG2: matched
2010-09-10 11:20:04: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:04: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:05: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:05: DEBUG2: getph1byaddr: start
2010-09-10 11:20:05: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:05: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:05: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:05: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:05: DEBUG2: matched
2010-09-10 11:20:05: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:05: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:06: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:06: DEBUG2: getph1byaddr: start
2010-09-10 11:20:06: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:06: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:06: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:06: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:06: DEBUG2: matched
2010-09-10 11:20:06: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:06: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:07: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:07: DEBUG2: getph1byaddr: start
2010-09-10 11:20:07: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:07: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:07: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:07: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:07: DEBUG2: matched
2010-09-10 11:20:07: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:07: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:08: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:08: DEBUG2: getph1byaddr: start
2010-09-10 11:20:08: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:08: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:08: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:08: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:08: DEBUG2: matched
2010-09-10 11:20:08: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:08: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:09: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:09: DEBUG2: getph1byaddr: start
2010-09-10 11:20:09: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:09: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:09: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:09: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:09: DEBUG2: matched
2010-09-10 11:20:09: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:09: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:10: DEBUG2: CHKPH1THERE: searching byaddr.
2010-09-10 11:20:10: DEBUG2: getph1byaddr: start
2010-09-10 11:20:10: DEBUG2: local: xx.xx.xx.xx[500]
2010-09-10 11:20:10: DEBUG2: remote: yy.yy.yy.yy[500]
2010-09-10 11:20:10: DEBUG2: p->local: xx.xx.xx.xx[500]
2010-09-10 11:20:10: DEBUG2: p->remote: yy.yy.yy.yy[500]
2010-09-10 11:20:10: DEBUG2: matched
2010-09-10 11:20:10: DEBUG2: CHKPH1THERE: found byaddr.
2010-09-10 11:20:10: DEBUG2: CHKPH1THERE: no established ph1 handler found
2010-09-10 11:20:10: INFO: caught signal 2
2010-09-10 11:20:10: DEBUG: pk_recv: retry[0] recv() 
2010-09-10 11:20:10: DEBUG: get pfkey FLUSH message
2010-09-10 11:20:10: DEBUG2: 
02090000 02000000 00000000 b35a0000
2010-09-10 11:20:10: DEBUG2: flushing all ph2 handlers...
2010-09-10 11:20:10: DEBUG2: skipping ph2 handler (state 2)
2010-09-10 11:20:10: DEBUG: an undead schedule has been deleted.
2010-09-10 11:20:11: DEBUG: call pfkey_send_dump
2010-09-10 11:20:11: DEBUG: pk_recv: retry[0] recv() 
2010-09-10 11:20:11: DEBUG: an undead schedule has been deleted.
2010-09-10 11:20:11: INFO: racoon shutdown

Вернуться наверх

MIXa-sp

Заголовок сообщения:

Добавлено: Ср сен 15, 2010 08:25

Зарегистрирован: Пт сен 10, 2010 09:46
Сообщений: 9

в статусе соединение пишет Idle life time 0. Пакеты не проход.

Вернуться наверх

Страница 1 из 1

[ Сообщений: 2 ]

Список форумов » Маршрутизаторы и Firewall

Часовой пояс: UTC + 3 часа

Кто сейчас на форуме

Сейчас этот форум просматривают: Google [Bot] и гости: 63

Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете добавлять вложения