D-Link • Просмотр темы - DIR-330 рвет рабочий IPSec-туннель каждые 30-40 минут.

Сообщения без ответов | Активные темы

Список форумов » Маршрутизаторы и Firewall

Часовой пояс: UTC + 3 часа

DIR-330 рвет рабочий IPSec-туннель каждые 30-40 минут.

Модераторы: Sergei Asmankin, Sergik, Vitaliy Korkunov

Страница 1 из 1

[ 1 сообщение ]

Предыдущая тема | Следующая тема

Автор

Сообщение

Adalante

Заголовок сообщения: DIR-330 рвет рабочий IPSec-туннель каждые 30-40 минут.

Добавлено: Пт фев 12, 2016 11:24

Зарегистрирован: Пт ноя 09, 2007 23:03
Сообщений: 19

К моему DFL-260E (2.60.02.02-24265 May 27 2014) подходит два IPSec: через Netgear и через DIR-330 (Current Firmware Version 1.23 Firmware Date Sep 13 2011). Оба туннеля рабочие. Маршруты, allow-ы и все такое настроены. И все, что мне нужно работает. Но почему-то DIR-330 раз в 30-40 минут самовольно разрывает канал. Даже в момент активности канала. Keep-alive и DPD пробовал (на обоих концах) - не помогает. Netgear при тех же настройках ведет себя стабильно. Сперва думал, что может проблема в lifetime параметре, но разрывы происходят намного раньше, чем истечет lifetime.

Логи с DIR-330
Feb 10 23:58:15 IPSec IPSec shutting down
Feb 10 23:58:15 IPSec IPSec forgetting secrets
Feb 10 23:58:15 IPSec IPSec "conn_VPNTunneling": deleting connection
Feb 10 23:58:15 IPSec IPSec "conn_VPNTunneling" #2: deleting state (STATE_QUICK_R2)
Feb 10 23:58:16 IPSec IPSec "conn_VPNTunneling" #1: deleting state (STATE_MAIN_R3)
Feb 10 23:58:17 IPSec IPSec shutting down interface ipsec0/ppp0 WAN-IP
Feb 10 23:58:17 IPSec IPSec shutting down interface ipsec1/br0 192.168.10.1
Feb 10 23:58:28 IPSec IPSec Starting Pluto (Openswan Version 1.0.10)
Feb 10 23:58:28 IPSec IPSec including X.509 patch with traffic selectors (Version 0.9.42)
Feb 10 23:58:28 IPSec IPSec including NAT-Traversal patch (Version 0.6) [disabled]
Feb 10 23:58:28 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_DES_CBC: Ok (ret=0)
Feb 10 23:58:28 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Feb 10 23:58:28 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Feb 10 23:58:28 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Feb 10 23:58:28 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Feb 10 23:58:28 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Feb 10 23:58:28 IPSec IPSec ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Feb 10 23:58:28 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Feb 10 23:58:28 IPSec IPSec ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Feb 10 23:58:32 IPSec IPSec added connection description "conn_VPNTunneling"
Feb 10 23:58:33 IPSec IPSec listening for IKE messages
Feb 10 23:58:33 IPSec IPSec adding interface ipsec1/br0 192.168.10.1
Feb 10 23:58:33 IPSec IPSec adding interface ipsec0/ppp0 WAN-IP
Feb 10 23:58:37 IPSec IPSec "conn_VPNTunneling" #1: initiating Main Mode
Feb 10 23:58:37 IPSec IPSec "conn_VPNTunneling" #1: main_outI1() st_policy(0x1-0x0) xauth_server(0) xauth_client(0) modecfg_server(0) modecfg_client(0)
Feb 10 23:58:37 IPSec IPSec "conn_VPNTunneling" #1: ignoring Vendor ID payload [8f9cc94e01248ecdf147594c284b213b]
Feb 10 23:58:37 IPSec IPSec "conn_VPNTunneling" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Feb 10 23:58:37 IPSec IPSec "conn_VPNTunneling" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Feb 10 23:58:37 IPSec IPSec "conn_VPNTunneling" #1: Main mode peer ID is ID_IPV4_ADDR: 'WAN-IP'
Feb 10 23:58:37 IPSec IPSec "conn_VPNTunneling" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Feb 10 23:58:37 IPSec IPSec "conn_VPNTunneling" #1: ISAKMP SA established
Feb 10 23:58:37 IPSec IPSec "conn_VPNTunneling" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Feb 10 23:58:38 IPSec IPSec "conn_VPNTunneling" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Feb 10 23:58:38 IPSec IPSec "conn_VPNTunneling" #2: sent QI2, IPsec SA established
Feb 10 23:58:38 IPSec IPSec "conn_VPNTunneling" #2: retransmitting in response to duplicate packet; already STATE_QUICK_I2
Feb 10 23:58:48 IPSec IPSec packet from WAN-IP:500: ignoring Vendor ID payload [8f9cc94e01248ecdf147594c284b213b]
Feb 10 23:58:48 IPSec IPSec "conn_VPNTunneling" #3: responding to Main Mode
Feb 10 23:58:48 IPSec IPSec "conn_VPNTunneling" #3: transition from state (null) to state STATE_MAIN_R1
Feb 10 23:58:49 IPSec IPSec "conn_VPNTunneling" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 10 23:58:49 IPSec IPSec "conn_VPNTunneling" #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Feb 10 23:58:49 IPSec IPSec "conn_VPNTunneling" #3: Main mode peer ID is ID_IPV4_ADDR: 'WAN-IP'
Feb 10 23:58:49 IPSec IPSec "conn_VPNTunneling" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 10 23:58:49 IPSec IPSec "conn_VPNTunneling" #3: sent MR3, ISAKMP SA established
Feb 10 23:58:49 IPSec IPSec "conn_VPNTunneling" #4: responding to Quick Mode
Feb 10 23:58:49 IPSec IPSec "conn_VPNTunneling" #4: transition from state (null) to state STATE_QUICK_R1
Feb 10 23:58:49 IPSec IPSec "conn_VPNTunneling" #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Feb 10 23:58:49 IPSec IPSec "conn_VPNTunneling" #4: IPsec SA established
Feb 10 23:59:45 IPSec IPSec shutting down

Вложения:

001.jpg [ 131.33 KiB | Просмотров: 1297 ]

Вернуться наверх

Страница 1 из 1

[ 1 сообщение ]

Список форумов » Маршрутизаторы и Firewall

Часовой пояс: UTC + 3 часа

Кто сейчас на форуме

Сейчас этот форум просматривают: Google [Bot] и гости: 76

Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете добавлять вложения