1. Уважаемые посетители форума! Прежде чем помещать в форум новое сообщение о возникшей у Вас проблеме, пожалуйста, поищите ее решение в ответах на часто задаваемые вопросы FAQ, или воспользуйтесь поиском по форуму.
  2. Форум не является системой моментального ответа на вопросы. Если Вам необходимо получить ответ на ваш вопрос в кратчайшие сроки - пожалуйста, позвоните в ближайший к Вам региональный офис D-Link.
faq обучение настройка
Текущее время: Пн июл 21, 2025 17:19

Сообщения без ответов | Активные темы


Список форумов » Маршрутизаторы и Firewall

Часовой пояс: UTC + 3 часа




Начать новую тему Ответить на тему  Страница 1 из 1
  [ Сообщений: 2 ] 
  Предыдущая тема | Следующая тема 
Автор Сообщение
NDV_OD
 Заголовок сообщения: OpenSwan и DIR-330
СообщениеДобавлено: Вт дек 08, 2009 13:23 
Не в сети

Зарегистрирован: Вс июн 07, 2009 14:11
Сообщений: 2
При попытке поднять IPSec между OpenSwan(Linux Openswan U2.4.9/K2.6.24-24-server) и DIR-330(Firmware Version: 1.22)

появляются ошибки, канал живет некоторое время и отваливается. После рестарта dir-330 может восстановится опять

на некоторое время.
X.X.X.X - IP OpenSwan
Y.Y.Y.Y - IP DIR-330
В auth.log постоянно сыпятся ошибки:
Dec 7 19:43:52 server3 pluto[9917]: "test" #52: ERROR: asynchronous network error report on eth1 (sport=500) for message

to Y.Y.Y.Y port 500, complainant Y.Y.Y.Y: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
tcpdump - в то-же время наблюдается следующая картина:
19:43:52.941545 IP Y.Y.Y.Y > X.X.X.X: ICMP Y.Y.Y.Y udp port 500 unreachable, length 472
В логе DIR-330 появляется ошибка и лог замирает:
Dec 7 19:16:20 IPSec IPSec "conn_office3" #4: ASSERTION FAILED at kernel.c:2275: st->st_esp.keymat_len == key_len +
ei->authkeylen

Помогите разобраться что мешает устойчивой работе.
Ниже приведена конфигурация и логи OpenSwan и DIR-330.

ipsec.conf

config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg: plutodebug="control parsing"
#
# ONLY enable plutodebug=all or klipsdebug=all if you are a developer !!
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=no
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
virtual_private=%v4:192.168.3.0/24,%v4:192.168.33.0/24,%v4:192.168.3.0/24,%v4:192.168.46.0/
#
# enable this if you see "failed to find any available worker"
nhelpers=0
plutodebug=none
klipsdebug=none
#interfaces=%defaultroute
interfaces="ipsec0=eth1"

conn test
left=X.X.X.X
leftsubnet=192.168.0.0/24
leftid=X.X.X.X
#leftnexthop=
right=Y.Y.Y.Y
rightid=Y.Y.Y.Y
rightsubnet=192.168.46.0/24
#rightnexthop=%defaultroute
keyexchange=ike
ikelifetime=28800s
keylife=3600s
pfs=yes
compress=no
authby=secret
keyingtries=0
auto=start

ipsec.secrets

# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
: RSA {
# RSA 2048 bits server3 Wed Oct 14 18:05:47 2009
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQOK/Yh8Fr/iaCwn/9Hy9TOuTs1iLMpVzxa754LEF507cDa66DeFSM0pxbRbViz6Pwm6tOqwpd9S+h/1o
Modulus: 0x8afd887c16bfe2682c27ffd1f2f533ae4ecd622cca55cf16bbe782c4179d3b7036bae8378548cd29
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent: 0x172a416a03caa5bc075bfff85328ddf26277905ccc63a283c9fbeb20ae9a3492b3c9d15e
Prime1: 0xf9276b8abe5198ba047595e68d10d637739ac6ca87aeff007e6963534ba8a67893e4e07f7a88d8944
Prime2: 0x8ecf3562a614d61c2e30e532369203269aea884640a400fea4d41d15e6f535972c4179a7dc90c6847
Exponent1: 0xa61a47b1d43665d1584e63ef08b5e424f7bc8487051f54aafef0ece232706efb0d434054fc5b3b
Exponent2: 0x5f34ce41c40de412c975ee2179b6acc4674705842b1800a9c3381363ef4e23ba1d80fbc53db5d9
Coefficient: 0x76ccc32a901c3322f76b66a65420327c422fa23b02478f8ffe9fe851b74856af7aa20ed8ce86
}
Y.Y.Y.Y X.X.X.X : PSK "0xf9276b8abe519"

/var/log/auth.log

Dec 7 19:42:32 server3 pluto[9917]: added connection description "test"
Dec 7 19:42:32 server3 pluto[9917]: "test" #9: initiating Main Mode
Dec 7 19:43:11 server3 pluto[9917]: "test" #35: responding to Main Mode
Dec 7 19:43:11 server3 pluto[9917]: "test" #35: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 7 19:43:11 server3 pluto[9917]: "test" #35: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 7 19:43:11 server3 pluto[9917]: "test" #35: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 7 19:43:11 server3 pluto[9917]: "test" #35: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 7 19:43:11 server3 pluto[9917]: "test" #35: Main mode peer ID is ID_IPV4_ADDR: 'Y.Y.Y.Y'
Dec 7 19:43:11 server3 pluto[9917]: "test" #35: I did not send a certificate because I do not have one.
Dec 7 19:43:11 server3 pluto[9917]: "test" #35: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 7 19:43:11 server3 pluto[9917]: "test" #35: STATE_MAIN_R3: sent MR3, ISAKMP SA established

{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Dec 7 19:43:11 server3 pluto[9917]: "test" #36: responding to Quick Mode {msgid:9d08cdde}
Dec 7 19:43:11 server3 pluto[9917]: "test" #36: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 7 19:43:11 server3 pluto[9917]: "test" #36: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 7 19:43:13 server3 pluto[9917]: "test" #36: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 7 19:43:13 server3 pluto[9917]: "test" #36: STATE_QUICK_R2: IPsec SA established {ESP=>0x59c11463 <0x12b14dc7

xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Dec 7 19:43:13 server3 pluto[9917]: "test" #35: received Delete SA payload: replace IPSEC State #36 in 10 seconds
Dec 7 19:43:13 server3 pluto[9917]: "test" #35: received and ignored informational message
Dec 7 19:43:13 server3 pluto[9917]: "test" #35: received Delete SA payload: deleting ISAKMP State #35
Dec 7 19:43:29 server3 pluto[9917]: "test" #50: responding to Main Mode
Dec 7 19:43:29 server3 pluto[9917]: "test" #50: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 7 19:43:29 server3 pluto[9917]: "test" #50: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 7 19:43:30 server3 pluto[9917]: "test" #50: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 7 19:43:30 server3 pluto[9917]: "test" #50: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 7 19:43:30 server3 pluto[9917]: "test" #50: Main mode peer ID is ID_IPV4_ADDR: 'Y.Y.Y.Y'
Dec 7 19:43:30 server3 pluto[9917]: "test" #50: I did not send a certificate because I do not have one.
Dec 7 19:43:30 server3 pluto[9917]: "test" #50: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 7 19:43:30 server3 pluto[9917]: "test" #50: STATE_MAIN_R3: sent MR3, ISAKMP SA established

{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Dec 7 19:43:30 server3 pluto[9917]: "test" #51: responding to Quick Mode {msgid:4c58c43f}
Dec 7 19:43:30 server3 pluto[9917]: "test" #51: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 7 19:43:30 server3 pluto[9917]: "test" #51: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 7 19:43:30 server3 pluto[9917]: "test" #51: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 7 19:43:30 server3 pluto[9917]: "test" #51: STATE_QUICK_R2: IPsec SA established {ESP=>0xa5d33cef <0xcecbb904

xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Dec 7 19:43:42 server3 pluto[9917]: "test" #9: received Vendor ID payload [Dead Peer Detection]
Dec 7 19:43:42 server3 pluto[9917]: "test" #9: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Dec 7 19:43:42 server3 pluto[9917]: "test" #9: STATE_MAIN_I2: sent MI2, expecting MR2
Dec 7 19:43:42 server3 pluto[9917]: "test" #9: I did not send a certificate because I do not have one.
Dec 7 19:43:42 server3 pluto[9917]: "test" #9: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Dec 7 19:43:42 server3 pluto[9917]: "test" #9: STATE_MAIN_I3: sent MI3, expecting MR3
Dec 7 19:43:42 server3 pluto[9917]: "test" #9: Main mode peer ID is ID_IPV4_ADDR: 'Y.Y.Y.Y'
Dec 7 19:43:42 server3 pluto[9917]: "test" #9: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Dec 7 19:43:42 server3 pluto[9917]: "test" #9: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY

cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
Dec 7 19:43:42 server3 pluto[9917]: "test" #52: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #36 {using

isakmp#9}
Dec 7 19:43:52 server3 pluto[9917]: "test" #52: ERROR: asynchronous network error report on eth1 (sport=500) for message

to Y.Y.Y.Y port 500, complainant Y.Y.Y.Y: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]

tcpdump -i eth1 host Y.Y.Y.Y -n

19:43:11.115909 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident
19:43:11.116429 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 1 R ident
19:43:11.282027 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident
19:43:11.286267 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 1 R ident
19:43:11.420960 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident[E]
19:43:11.421805 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 1 R ident[E]
19:43:11.630301 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 2/others I oakley-quick[E]
19:43:11.635545 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 2/others R oakley-quick[E]
19:43:13.047453 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 2/others I oakley-quick[E]
19:43:13.368322 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 2/others I inf[E]
19:43:13.751364 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 2/others I inf[E]
19:43:13.752270 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 2/others R inf[E]
19:43:29.939489 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident
19:43:29.940324 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 1 R ident
19:43:30.024587 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident
19:43:30.028897 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 1 R ident
19:43:30.097809 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident[E]
19:43:30.098592 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 1 R ident[E]
19:43:30.186783 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 2/others I oakley-quick[E]
19:43:30.191926 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 2/others R oakley-quick[E]
19:43:30.646080 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 2/others I oakley-quick[E]
19:43:33.638855 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 2/others R inf[E]
19:43:42.638705 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 1 I ident
19:43:42.670291 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 R ident
19:43:42.675255 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 1 I ident
19:43:42.869988 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 R ident
19:43:42.874433 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 1 I ident[E]
19:43:42.906335 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 R ident[E]
19:43:42.912690 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 2/others I oakley-quick[E]
19:43:52.907788 IP X.X.X.X.500 > Y.Y.Y.Y.500: isakmp: phase 2/others I oakley-quick[E]
19:43:52.941545 IP Y.Y.Y.Y > X.X.X.X: ICMP Y.Y.Y.Y udp port 500 unreachable, length 472
19:44:02.708809 IP X.X.X.X > Y.Y.Y.Y: ESP(spi=0xa5d33cef,seq=0x1), length 92
19:44:02.736031 IP Y.Y.Y.Y > X.X.X.X: ESP(spi=0xcecbb904,seq=0x1), length 92
19:44:03.711867 IP X.X.X.X > Y.Y.Y.Y: ESP(spi=0xa5d33cef,seq=0x2), length 92
19:44:03.739792 IP Y.Y.Y.Y > X.X.X.X: ESP(spi=0xcecbb904,seq=0x2), length 92

Log DIR-330

Изображение
Изображение

Dec 7 19:15:21 System Activity HTTP https support
Dec 7 19:15:24 PPP PPP pppd 2.4.4 started by (unknown), uid 0
Dec 7 19:15:29 PPP PPP Connect: ppp0 <--> eth0
Dec 7 19:15:31 PPP PPP PAP authentication succeeded
Dec 7 19:15:31 PPP PPP peer from calling number 00:30:48:80:2C:38 authorized
Dec 7 19:15:31 PPP PPP local IP address Y.Y.Y.Y
Dec 7 19:15:31 PPP PPP remote IP address 212.86.232.82
Dec 7 19:15:31 PPP PPP primary DNS address 212.86.236.114
Dec 7 19:15:31 PPP PPP secondary DNS address 213.227.192.130
Dec 7 19:15:40 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Dec 7 19:15:40 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Dec 7 19:15:40 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Dec 7 19:15:40 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Dec 7 19:15:40 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Dec 7 19:15:40 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Dec 7 19:15:40 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Dec 7 19:15:40 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Dec 7 19:15:40 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Dec 7 19:15:40 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Dec 7 19:15:40 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Dec 7 19:15:40 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Dec 7 19:15:40 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Dec 7 19:15:40 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Dec 7 19:15:44 IPSec IPSec added connection description "conn_office3"
Dec 7 19:15:45 IPSec IPSec listening for IKE messages
Dec 7 19:15:45 IPSec IPSec adding interface ipsec0/ppp0 Y.Y.Y.Y
Dec 7 19:15:45 IPSec IPSec adding interface ipsec1/br0 192.168.46.1
Dec 7 19:15:45 IPSec IPSec loading secrets from "/tmp/ipsec.secrets"
Dec 7 19:15:48 IPSec IPSec "conn_office3" #1: initiating Main Mode
Dec 7 19:15:48 IPSec IPSec "conn_office3" #1: main_outI1() st_policy(0x1-0x0) xauth_server(0) xauth_client(0)

modecfg_server(0) modecfg_client(0)
Dec 7 19:15:48 IPSec IPSec "conn_office3" #1: ignoring Vendor ID payload [4f45534a496f60726b636462]
Dec 7 19:15:48 IPSec IPSec "conn_office3" #1: received Vendor ID payload [Dead Peer Detection]
Dec 7 19:15:48 IPSec IPSec "conn_office3" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Dec 7 19:15:48 IPSec IPSec "conn_office3" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Dec 7 19:15:48 IPSec IPSec "conn_office3" #1: Main mode peer ID is ID_IPV4_ADDR: 'X.X.X.X'
Dec 7 19:15:48 IPSec IPSec "conn_office3" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Dec 7 19:15:48 IPSec IPSec "conn_office3" #1: ISAKMP SA established
Dec 7 19:15:48 IPSec IPSec "conn_office3" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS
Dec 7 19:15:50 IPSec IPSec "conn_office3" #2: Dead Peer Detection (RFC3706) enabled
Dec 7 19:15:50 IPSec IPSec "conn_office3" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Dec 7 19:15:50 IPSec IPSec "conn_office3" #2: sent QI2, IPsec SA established
Dec 7 19:15:50 IPSec IPSec shutting down
Dec 7 19:15:50 IPSec IPSec forgetting secrets
Dec 7 19:15:50 IPSec IPSec "conn_office3": deleting connection
Dec 7 19:15:50 IPSec IPSec "conn_office3" #2: deleting state (STATE_QUICK_I2)
Dec 7 19:15:50 IPSec IPSec "conn_office3" #1: deleting state (STATE_MAIN_I4)
Dec 7 19:15:51 IPSec IPSec shutting down interface ipsec1/br0 192.168.46.1
Dec 7 19:15:51 IPSec IPSec shutting down interface ipsec0/ppp0 Y.Y.Y.Y
Dec 7 19:16:00 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Dec 7 19:16:00 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Dec 7 19:16:00 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Dec 7 19:16:00 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Dec 7 19:16:00 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Dec 7 19:16:00 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Dec 7 19:16:00 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Dec 7 19:16:00 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Dec 7 19:16:00 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Dec 7 19:16:00 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Dec 7 19:16:00 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Dec 7 19:16:00 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Dec 7 19:16:00 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Dec 7 19:16:00 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Dec 7 19:16:04 IPSec IPSec added connection description "conn_office3"
Dec 7 19:16:05 IPSec IPSec listening for IKE messages
Dec 7 19:16:05 IPSec IPSec adding interface ipsec0/ppp0 Y.Y.Y.Y
Dec 7 19:16:05 IPSec IPSec adding interface ipsec1/br0 192.168.46.1
Dec 7 19:16:05 IPSec IPSec loading secrets from "/tmp/ipsec.secrets"
Dec 7 19:16:06 IPSec IPSec "conn_office3" #1: initiating Main Mode
Dec 7 19:16:06 IPSec IPSec "conn_office3" #1: main_outI1() st_policy(0x1-0x0) xauth_server(0) xauth_client(0)

modecfg_server(0) modecfg_client(0)
Dec 7 19:16:06 IPSec IPSec "conn_office3" #1: ignoring Vendor ID payload [4f45534a496f60726b636462]
Dec 7 19:16:06 IPSec IPSec "conn_office3" #1: received Vendor ID payload [Dead Peer Detection]
Dec 7 19:16:07 IPSec IPSec "conn_office3" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Dec 7 19:16:07 IPSec IPSec "conn_office3" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Dec 7 19:16:07 IPSec IPSec "conn_office3" #1: Main mode peer ID is ID_IPV4_ADDR: 'X.X.X.X'
Dec 7 19:16:07 IPSec IPSec "conn_office3" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Dec 7 19:16:07 IPSec IPSec "conn_office3" #1: ISAKMP SA established
Dec 7 19:16:07 IPSec IPSec "conn_office3" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS
Dec 7 19:16:07 IPSec IPSec "conn_office3" #2: Dead Peer Detection (RFC3706) enabled
Dec 7 19:16:07 IPSec IPSec "conn_office3" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Dec 7 19:16:07 IPSec IPSec "conn_office3" #2: sent QI2, IPsec SA established
Dec 7 19:16:10 IPSec IPSec "conn_office3" #1: ignoring Delete SA payload: IPSEC SA not found (maybe expired)
Dec 7 19:16:10 IPSec IPSec "conn_office3" #1: received and ignored informational message
Dec 7 19:16:19 IPSec IPSec packet from X.X.X.X:500: ignoring Vendor ID payload [4f45534a496f60726b636462]
Dec 7 19:16:19 IPSec IPSec packet from X.X.X.X:500: received Vendor ID payload [Dead Peer Detection]
Dec 7 19:16:19 IPSec IPSec "conn_office3" #3: responding to Main Mode
Dec 7 19:16:19 IPSec IPSec "conn_office3" #3: transition from state (null) to state STATE_MAIN_R1
Dec 7 19:16:19 IPSec IPSec "conn_office3" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 7 19:16:19 IPSec IPSec "conn_office3" #3: Main mode peer ID is ID_IPV4_ADDR: 'X.X.X.X'
Dec 7 19:16:19 IPSec IPSec "conn_office3" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 7 19:16:19 IPSec IPSec "conn_office3" #3: sent MR3, ISAKMP SA established
Dec 7 19:16:19 IPSec IPSec "conn_office3" #4: responding to Quick Mode
Dec 7 19:16:20 IPSec IPSec "conn_office3" #4: ASSERTION FAILED at kernel.c:2275: st->st_esp.keymat_len == key_len +

ei->authkeylen
Вернуться наверх
 Профиль  
 
NDV_OD
 Заголовок сообщения:
СообщениеДобавлено: Ср дек 09, 2009 12:03 
Не в сети

Зарегистрирован: Вс июн 07, 2009 14:11
Сообщений: 2
Неужели никто ничего не может сказать :(
Вернуться наверх
 Профиль  
 
Показать сообщения за:  Сортировать по:  
Начать новую тему Ответить на тему  Страница 1 из 1
  [ Сообщений: 2 ] 

Список форумов » Маршрутизаторы и Firewall

Часовой пояс: UTC + 3 часа


Кто сейчас на форуме

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 176

Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете добавлять вложения

Найти:
Перейти:  
Создано на основе phpBB® Forum Software © phpBB Group
Русская поддержка phpBB