Здравствуйте.
Есть: два офиса, интернет в обоих - PPPoE поверх ADSL (ADSL-модемы Acorp в режиме моста) с динамическими адресами (настроены на dyndns.org). Для объединения решили использовать два DIR-330. Прошивка в обоих DIR330A1_FW122B04.bin
Проблема: после перезагрузки не поднимается туннель. Для поднятия приходится заходить на роутеры и нажимать кнопку Save settings. После этого тоннель поднимается и все работает. :-/ :-\
Пробовал: изменять режимы Main/Aggresive, Keep Alive / DPD, включать-выключать PFS, менять алгоритмы шифрования. Не помогает.
Конфигурация первого роутера:
Второй настроен "зеркально".
Лог первого роутера:
Jan 1 05:00:02 System Activity HTTP https support
Jan 1 05:00:04 PPP PPP pppd 2.4.4 started by (unknown), uid 0
Jan 1 05:00:09 PPP PPP Connect: ppp0 <--> eth0
Jan 1 05:00:09 PPP PPP CHAP authentication succeeded
Jan 1 05:00:09 PPP PPP peer from calling number 00:24:14:A1:E5:18 authorized
Jan 1 05:00:09 PPP PPP local IP address 123.123.123.123
Jan 1 05:00:09 PPP PPP remote IP address 10.62.72.121
Jan 1 05:00:09 PPP PPP primary DNS address 212.120.160.130
Jan 1 05:00:09 PPP PPP secondary DNS address 212.120.173.34
Jan 1 05:00:11 System Activity DDNS IP address for alias 'office1.dyndns.org' needs update to '123.123.123.123'
Jan 1 05:00:11 System Activity DDNS Alias 'office1.dyndns.org' to IP '123.123.123.123' updated successful.
Jan 1 05:00:19 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Jan 1 05:00:19 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Jan 1 05:00:19 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Jan 1 05:00:19 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Jan 1 05:00:19 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Jan 1 05:00:23 IPSec IPSec added connection description "conn_gse"
Jan 1 05:00:24 IPSec IPSec listening for IKE messages
Jan 1 05:00:24 IPSec IPSec adding interface ipsec0/ppp0 123.123.123.123
Jan 1 05:00:24 IPSec IPSec adding interface ipsec1/br0 192.168.8.3
Jan 1 05:00:24 IPSec IPSec loading secrets from "/tmp/ipsec.secrets"
Jan 1 05:00:28 IPSec IPSec "conn_gse" #1: initiating Main Mode
Jan 1 05:00:28 IPSec IPSec "conn_gse" #1: main_outI1() st_policy(0x1-0x0) xauth_server(0) xauth_client(0) modecfg_server(0) modecfg_client(0)
Jan 1 05:00:28 IPSec IPSec shutting down
Jan 1 05:00:28 IPSec IPSec forgetting secrets
Jan 1 05:00:28 IPSec IPSec "conn_gse": deleting connection
Jan 1 05:00:28 IPSec IPSec "conn_gse" #1: deleting state (STATE_MAIN_I1)
Jan 1 05:00:29 IPSec IPSec shutting down interface ipsec1/br0 192.168.8.3
Jan 1 05:00:29 IPSec IPSec shutting down interface ipsec0/ppp0 123.123.123.123
Jan 1 05:00:37 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Jan 1 05:00:37 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Jan 1 05:00:37 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Jan 1 05:00:37 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 1 05:00:37 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 1 05:00:37 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Jan 1 05:00:37 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 1 05:00:37 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 1 05:00:37 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 1 05:00:37 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 1 05:00:37 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Jan 1 05:00:37 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Jan 1 05:00:37 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Jan 1 05:00:37 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Jan 1 05:00:41 IPSec IPSec added connection description "conn_gse"
Jan 1 05:00:42 IPSec IPSec listening for IKE messages
Jan 1 05:00:42 IPSec IPSec adding interface ipsec0/ppp0 123.123.123.123
Jan 1 05:00:42 IPSec IPSec adding interface ipsec1/br0 192.168.8.3
Jan 1 05:00:42 IPSec IPSec loading secrets from "/tmp/ipsec.secrets"
Jan 1 05:00:44 IPSec IPSec "conn_gse" #1: initiating Main Mode
Jan 1 05:00:44 IPSec IPSec "conn_gse" #1: main_outI1() st_policy(0x1-0x0) xauth_server(0) xauth_client(0) modecfg_server(0) modecfg_client(0)
Jan 1 05:00:55 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Jan 1 05:00:55 IPSec IPSec packet from 150.150.150.150:500: initial Main Mode message received on 123.123.123.123:500 but no connection has been authorized with policy=PSK
Jan 1 05:01:05 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Jan 1 05:01:05 IPSec IPSec packet from 150.150.150.150:500: initial Main Mode message received on 123.123.123.123:500 but no connection has been authorized with policy=PSK
Jan 1 05:01:25 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Jan 1 05:01:25 IPSec IPSec packet from 150.150.150.150:500: initial Main Mode message received on 123.123.123.123:500 but no connection has been authorized with policy=PSK
Jan 1 05:02:05 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Jan 1 05:02:05 IPSec IPSec packet from 150.150.150.150:500: initial Main Mode message received on 123.123.123.123:500 but no connection has been authorized with policy=PSK
Jan 1 05:02:45 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Jan 1 05:02:45 IPSec IPSec packet from 150.150.150.150:500: initial Main Mode message received on 123.123.123.123:500 but no connection has been authorized with policy=PSK
Jan 1 05:03:25 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Jan 1 05:03:25 IPSec IPSec packet from 150.150.150.150:500: initial Main Mode message received on 123.123.123.123:500 but no connection has been authorized with policy=PSK
Jan 1 05:04:05 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Jan 1 05:04:05 IPSec IPSec packet from 150.150.150.150:500: initial Main Mode message received on 123.123.123.123:500 but no connection has been authorized with policy=PSK
Jan 1 05:04:45 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Jan 1 05:04:45 IPSec IPSec packet from 150.150.150.150:500: initial Main Mode message received on 123.123.123.123:500 but no connection has been authorized with policy=PSK
Jan 1 05:05:25 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Jan 1 05:05:25 IPSec IPSec packet from 150.150.150.150:500: initial Main Mode message received on 123.123.123.123:500 but no connection has been authorized with policy=PSK
< тут нажата Save Settings
Jan 1 05:05:51 IPSec IPSec shutting down
Jan 1 05:05:51 IPSec IPSec forgetting secrets
Jan 1 05:05:51 IPSec IPSec "conn_gse": deleting connection
Jan 1 05:05:51 IPSec IPSec "conn_gse" #1: deleting state (STATE_MAIN_I1)
Jan 1 05:05:51 IPSec IPSec shutting down interface ipsec1/br0 192.168.8.3
Jan 1 05:05:51 IPSec IPSec shutting down interface ipsec0/ppp0 123.123.123.123
Jan 1 05:05:58 System Activity HTTP https support
Apr 4 14:58:00 System Activity DDNS IP address for alias 'office1.dyndns.org' needs update to '123.123.123.123'
Apr 4 14:58:01 System Activity DDNS Alias 'office1.dyndns.org' to IP '123.123.123.123' updated successful.
Apr 4 14:58:07 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Apr 4 14:58:07 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Apr 4 14:58:07 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Apr 4 14:58:07 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 4 14:58:07 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Apr 4 14:58:07 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Apr 4 14:58:07 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Apr 4 14:58:07 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Apr 4 14:58:07 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Apr 4 14:58:07 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Apr 4 14:58:07 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Apr 4 14:58:08 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Apr 4 14:58:08 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Apr 4 14:58:08 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Apr 4 14:58:11 IPSec IPSec shutting down
Apr 4 14:58:23 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Apr 4 14:58:23 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Apr 4 14:58:23 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Apr 4 14:58:23 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 4 14:58:23 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Apr 4 14:58:23 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Apr 4 14:58:23 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Apr 4 14:58:23 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Apr 4 14:58:23 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Apr 4 14:58:23 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Apr 4 14:58:23 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Apr 4 14:58:23 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Apr 4 14:58:23 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Apr 4 14:58:23 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Apr 4 14:58:27 IPSec IPSec added connection description "conn_gse"
Apr 4 14:58:27 IPSec IPSec listening for IKE messages
Apr 4 14:58:27 IPSec IPSec adding interface ipsec1/br0 192.168.8.3
Apr 4 14:58:27 IPSec IPSec adding interface ipsec0/ppp0 123.123.123.123
Apr 4 14:58:27 IPSec IPSec loading secrets from "/tmp/ipsec.secrets"
Apr 4 14:58:30 IPSec IPSec "conn_gse" #1: initiating Main Mode
Apr 4 14:58:30 IPSec IPSec "conn_gse" #1: main_outI1() st_policy(0x1-0x0) xauth_server(0) xauth_client(0) modecfg_server(0) modecfg_client(0)
Apr 4 14:58:40 IPSec IPSec "conn_gse" #1: ERROR: asynchronous network error report on ppp0 for message to 150.150.150.150 port 500, complainant 150.150.150.150: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
Apr 4 14:59:00 IPSec IPSec "conn_gse" #1: ERROR: asynchronous network error report on ppp0 for message to 150.150.150.150 port 500, complainant 150.150.150.150: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
Apr 4 14:59:12 IPSec IPSec packet from 150.150.150.150:500: received Vendor ID payload [Dead Peer Detection]
Apr 4 14:59:12 IPSec IPSec "conn_gse" #2: responding to Main Mode
Apr 4 14:59:12 IPSec IPSec "conn_gse" #2: transition from state (null) to state STATE_MAIN_R1
Apr 4 14:59:12 IPSec IPSec "conn_gse" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 4 14:59:12 IPSec IPSec "conn_gse" #2: Main mode peer ID is ID_IPV4_ADDR: '150.150.150.150'
Apr 4 14:59:12 IPSec IPSec "conn_gse" #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 4 14:59:12 IPSec IPSec "conn_gse" #2: sent MR3, ISAKMP SA established
Apr 4 14:59:12 IPSec IPSec "conn_gse" #3: responding to Quick Mode
Apr 4 14:59:12 IPSec IPSec "conn_gse" #3: transition from state (null) to state STATE_QUICK_R1
Apr 4 14:59:12 IPSec IPSec "conn_gse" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS
Apr 4 14:59:13 IPSec IPSec "conn_gse" #3: Dead Peer Detection (RFC3706) enabled
Apr 4 14:59:13 IPSec IPSec "conn_gse" #3: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 4 14:59:13 IPSec IPSec "conn_gse" #3: IPsec SA established
Apr 4 14:59:13 IPSec IPSec "conn_gse" #4: Dead Peer Detection (RFC3706) enabled
Apr 4 14:59:13 IPSec IPSec "conn_gse" #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Apr 4 14:59:13 IPSec IPSec "conn_gse" #4: sent QI2, IPsec SA established
Apr 4 14:59:40 IPSec IPSec "conn_gse" #1: received Vendor ID payload [Dead Peer Detection]
Apr 4 14:59:40 IPSec IPSec "conn_gse" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 4 14:59:41 IPSec IPSec "conn_gse" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 4 14:59:41 IPSec IPSec "conn_gse" #1: Main mode peer ID is ID_IPV4_ADDR: '150.150.150.150'
Apr 4 14:59:41 IPSec IPSec "conn_gse" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 4 14:59:41 IPSec IPSec "conn_gse" #1: ISAKMP SA established
Apr 4 14:59:41 IPSec IPSec "conn_gse" #5: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS
Apr 4 14:59:41 IPSec IPSec "conn_gse" #5: Dead Peer Detection (RFC3706) enabled
Apr 4 14:59:41 IPSec IPSec "conn_gse" #5: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Apr 4 14:59:41 IPSec IPSec "conn_gse" #5: sent QI2, IPsec SA established
Лог второго роутера:
Jan 1 05:00:02 System Activity HTTP https support
Jan 1 05:00:04 PPP PPP pppd 2.4.4 started by (unknown), uid 0
Jan 1 05:00:09 PPP PPP Connect: ppp0 <--> eth0
Jan 1 05:00:10 PPP PPP CHAP authentication succeeded
Jan 1 05:00:10 PPP PPP peer from calling number 00:24:14:A1:DA:18 authorized
Jan 1 05:00:10 PPP PPP local IP address 150.150.150.150
Jan 1 05:00:10 PPP PPP remote IP address 10.62.72.122
Jan 1 05:00:10 PPP PPP primary DNS address 212.120.160.130
Jan 1 05:00:10 PPP PPP secondary DNS address 212.120.173.34
Jan 1 05:00:11 System Activity DDNS IP address for alias 'office2.dyndns.org' needs update to '150.150.150.150'
Jan 1 05:00:11 System Activity DDNS Alias 'office2.dyndns.org' to IP '150.150.150.150' updated successful.
Jan 1 05:00:19 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Jan 1 05:00:19 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Jan 1 05:00:19 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 1 05:00:19 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Jan 1 05:00:20 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Jan 1 05:00:20 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Jan 1 05:00:20 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Jan 1 05:00:24 IPSec IPSec added connection description "conn_gsi"
Jan 1 05:00:24 IPSec IPSec listening for IKE messages
Jan 1 05:00:24 IPSec IPSec adding interface ipsec0/ppp0 150.150.150.150
Jan 1 05:00:24 IPSec IPSec adding interface ipsec1/br0 192.168.0.1
Jan 1 05:00:24 IPSec IPSec loading secrets from "/tmp/ipsec.secrets"
Jan 1 05:00:28 IPSec IPSec "conn_gsi" #1: initiating Main Mode
Jan 1 05:00:28 IPSec IPSec "conn_gsi" #1: main_outI1() st_policy(0x1-0x0) xauth_server(0) xauth_client(0) modecfg_server(0) modecfg_client(0)
Jan 1 05:00:28 IPSec IPSec "conn_gsi" #1: ERROR: asynchronous network error report on ppp0 for message to 123.123.123.123 port 500, complainant 123.123.123.123: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
Jan 1 05:00:28 IPSec IPSec shutting down
Jan 1 05:00:28 IPSec IPSec forgetting secrets
Jan 1 05:00:28 IPSec IPSec "conn_gsi": deleting connection
Jan 1 05:00:28 IPSec IPSec "conn_gsi" #1: deleting state (STATE_MAIN_I1)
Jan 1 05:00:29 IPSec IPSec shutting down interface ipsec1/br0 192.168.0.1
Jan 1 05:00:29 IPSec IPSec shutting down interface ipsec0/ppp0 150.150.150.150
Jan 1 05:00:38 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Jan 1 05:00:38 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Jan 1 05:00:38 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Jan 1 05:00:38 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 1 05:00:38 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 1 05:00:38 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Jan 1 05:00:38 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 1 05:00:38 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 1 05:00:38 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 1 05:00:38 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 1 05:00:38 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Jan 1 05:00:38 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Jan 1 05:00:38 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Jan 1 05:00:38 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Jan 1 05:00:42 IPSec IPSec added connection description "conn_gsi"
Jan 1 05:00:42 IPSec IPSec listening for IKE messages
Jan 1 05:00:42 IPSec IPSec adding interface ipsec0/ppp0 150.150.150.150
Jan 1 05:00:42 IPSec IPSec adding interface ipsec1/br0 192.168.0.1
Jan 1 05:00:42 IPSec IPSec loading secrets from "/tmp/ipsec.secrets"
Jan 1 05:00:44 IPSec IPSec "conn_gsi" #1: initiating Main Mode
Jan 1 05:00:44 IPSec IPSec "conn_gsi" #1: main_outI1() st_policy(0x1-0x0) xauth_server(0) xauth_client(0) modecfg_server(0) modecfg_client(0)
Jan 1 05:05:54 IPSec IPSec "conn_gsi" #1: ERROR: asynchronous network error report on ppp0 for message to 123.123.123.123 port 500, complainant 123.123.123.123: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
< тут нажата Save Settings
Jan 1 05:06:17 IPSec IPSec shutting down
Jan 1 05:06:17 IPSec IPSec forgetting secrets
Jan 1 05:06:17 IPSec IPSec "conn_gsi": deleting connection
Jan 1 05:06:17 IPSec IPSec "conn_gsi" #1: deleting state (STATE_MAIN_I1)
Jan 1 05:06:17 IPSec IPSec shutting down interface ipsec1/br0 192.168.0.1
Jan 1 05:06:17 IPSec IPSec shutting down interface ipsec0/ppp0 150.150.150.150
Jan 1 05:06:24 System Activity HTTP https support
Apr 4 14:58:37 System Activity DDNS IP address for alias 'office2.dyndns.org' needs update to '150.150.150.150'
Apr 4 14:58:37 System Activity DDNS Alias 'office2.dyndns.org' to IP '150.150.150.150' updated successful.
Apr 4 14:58:44 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Apr 4 14:58:44 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Apr 4 14:58:44 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Apr 4 14:58:44 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 4 14:58:44 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Apr 4 14:58:44 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Apr 4 14:58:44 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Apr 4 14:58:44 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Apr 4 14:58:44 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Apr 4 14:58:44 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Apr 4 14:58:44 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Apr 4 14:58:45 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Apr 4 14:58:45 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Apr 4 14:58:45 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Apr 4 14:58:50 IPSec IPSec shutting down
Apr 4 14:59:04 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Apr 4 14:59:04 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Apr 4 14:59:04 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Apr 4 14:59:04 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 4 14:59:04 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Apr 4 14:59:04 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Apr 4 14:59:04 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Apr 4 14:59:04 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Apr 4 14:59:04 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Apr 4 14:59:04 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Apr 4 14:59:04 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Apr 4 14:59:05 IPSec IPSec Could not change to directory '/tmp/ipsec.d/cacerts'
Apr 4 14:59:05 IPSec IPSec Could not change to directory '/tmp/ipsec.d/crls'
Apr 4 14:59:05 IPSec IPSec OpenPGP certificate file '/tmp/pgpcert.pgp' not found
Apr 4 14:59:09 IPSec IPSec added connection description "conn_gsi"
Apr 4 14:59:09 IPSec IPSec listening for IKE messages
Apr 4 14:59:09 IPSec IPSec adding interface ipsec1/br0 192.168.0.1
Apr 4 14:59:09 IPSec IPSec adding interface ipsec0/ppp0 150.150.150.150
Apr 4 14:59:09 IPSec IPSec loading secrets from "/tmp/ipsec.secrets"
Apr 4 14:59:11 IPSec IPSec "conn_gsi" #1: initiating Main Mode
Apr 4 14:59:11 IPSec IPSec "conn_gsi" #1: main_outI1() st_policy(0x1-0x0) xauth_server(0) xauth_client(0) modecfg_server(0) modecfg_client(0)
Apr 4 14:59:11 IPSec IPSec "conn_gsi" #1: received Vendor ID payload [Dead Peer Detection]
Apr 4 14:59:12 IPSec IPSec "conn_gsi" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 4 14:59:12 IPSec IPSec "conn_gsi" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 4 14:59:12 IPSec IPSec "conn_gsi" #1: Main mode peer ID is ID_IPV4_ADDR: '123.123.123.123'
Apr 4 14:59:12 IPSec IPSec "conn_gsi" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 4 14:59:12 IPSec IPSec "conn_gsi" #1: ISAKMP SA established
Apr 4 14:59:12 IPSec IPSec "conn_gsi" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS
Apr 4 14:59:13 IPSec IPSec "conn_gsi" #2: Dead Peer Detection (RFC3706) enabled
Apr 4 14:59:13 IPSec IPSec "conn_gsi" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Apr 4 14:59:13 IPSec IPSec "conn_gsi" #2: sent QI2, IPsec SA established
Apr 4 14:59:13 IPSec IPSec "conn_gsi" #3: responding to Quick Mode
Apr 4 14:59:13 IPSec IPSec "conn_gsi" #3: transition from state (null) to state STATE_QUICK_R1
Apr 4 14:59:13 IPSec IPSec "conn_gsi" #3: Dead Peer Detection (RFC3706) enabled
Apr 4 14:59:13 IPSec IPSec "conn_gsi" #3: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 4 14:59:13 IPSec IPSec "conn_gsi" #3: IPsec SA established
Apr 4 14:59:40 IPSec IPSec packet from 123.123.123.123:500: received Vendor ID payload [Dead Peer Detection]
Apr 4 14:59:40 IPSec IPSec "conn_gsi" #4: responding to Main Mode
Apr 4 14:59:40 IPSec IPSec "conn_gsi" #4: transition from state (null) to state STATE_MAIN_R1
Apr 4 14:59:40 IPSec IPSec "conn_gsi" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 4 14:59:41 IPSec IPSec "conn_gsi" #4: Main mode peer ID is ID_IPV4_ADDR: '123.123.123.123'
Apr 4 14:59:41 IPSec IPSec "conn_gsi" #4: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 4 14:59:41 IPSec IPSec "conn_gsi" #4: sent MR3, ISAKMP SA established
Apr 4 14:59:41 IPSec IPSec "conn_gsi" #5: responding to Quick Mode
Apr 4 14:59:41 IPSec IPSec "conn_gsi" #5: transition from state (null) to state STATE_QUICK_R1
Apr 4 14:59:41 IPSec IPSec "conn_gsi" #5: Dead Peer Detection (RFC3706) enabled
Apr 4 14:59:41 IPSec IPSec "conn_gsi" #5: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 4 14:59:41 IPSec IPSec "conn_gsi" #5: IPsec SA established
Вход
Регистрация
FAQ
Поиск
