#21
|
|||
|
|||
Re: 12-STABLE+racoon
Sergey Anohin написал(а) к Eugene Grosbein в Feb 19 00:43:19 по местному времени:
Нello, Eugene! EG> Но уже подозрительно, что через внешний интерфейс с реальными IP EG> на сервере у тебя трафик идёт только в одну сторону EG> и если это только входящие пакеты, то виноват сервер, EG> раз оно только что зашифрованные пакеты сам же и не отправляет - EG> может быть, твой файрвол на сервере их гробит. если без дебага, лог подключения и отключения, ну тут пишет типа все ок NATT 2019-02-15 00:40:44: INFO: respond new phase 1 negotiation: 85.113.221.175[500]<=>2.94.173.77[500] 2019-02-15 00:40:44: INFO: begin Identity Protection mode. 2019-02-15 00:40:44: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY 2019-02-15 00:40:44: INFO: received Vendor ID: RFC 3947 2019-02-15 00:40:44: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 2019-02-15 00:40:44: INFO: received Vendor ID: FRAGMENTATION 2019-02-15 00:40:44: [2.94.173.77] INFO: Selected NAT-T version: RFC 3947 2019-02-15 00:40:44: ERROR: invalid DН group 20. 2019-02-15 00:40:44: ERROR: invalid DН group 19. 2019-02-15 00:40:44: [85.113.221.175] INFO: Нashing 85.113.221.175[500] with algo #2 2019-02-15 00:40:44: INFO: NAT-D payload #0 verified 2019-02-15 00:40:44: [2.94.173.77] INFO: Нashing 2.94.173.77[500] with algo #2 2019-02-15 00:40:44: INFO: NAT-D payload #1 doesn't match 2019-02-15 00:40:44: INFO: NAT detected: PEER 2019-02-15 00:40:44: [2.94.173.77] INFO: Нashing 2.94.173.77[500] with algo #2 2019-02-15 00:40:44: [85.113.221.175] INFO: Нashing 85.113.221.175[500] with algo #2 2019-02-15 00:40:44: INFO: Adding remote and local NAT-D payloads. 2019-02-15 00:40:44: INFO: NAT-T: ports changed to: 2.94.173.77[4500]<->85.113.221.175[4500] 2019-02-15 00:40:44: INFO: ISAKMP-SA established 85.113.221.175[4500]-2.94.173.77[4500] spi:ecd38e7c1f0be2e6:73064c16956de425 2019-02-15 00:40:44: INFO: respond new phase 2 negotiation: 85.113.221.175[4500]<=>2.94.173.77[4500] 2019-02-15 00:40:44: INFO: Update the generated policy : 2.94.173.77/32[1701] 85.113.221.175/32[1701] proto=udp dir=in reqid=0 2019-02-15 00:40:44: INFO: Adjusting my encmode UDP-Transport->Transport 2019-02-15 00:40:44: INFO: Adjusting peer's encmode UDP-Transport(4)->Transport(2) 2019-02-15 00:40:44: WARNING: authtype mismatched: my:hmac-md5 peer:hmac-sha 2019-02-15 00:40:44: INFO: IPsec-SA established: ESP/Transport 85.113.221.175[4500]->2.94.173.77[4500] spi=31187633(0x1dbe2b1) 2019-02-15 00:40:44: INFO: IPsec-SA established: ESP/Transport 85.113.221.175[4500]->2.94.173.77[4500] spi=3858192037(0xe5f756a5) 2019-02-15 00:41:46: INFO: deleting a generated policy. 2019-02-15 00:41:46: INFO: purged IPsec-SA proto_id=ESP spi=3858192037. 2019-02-15 00:41:46: ERROR: pfkey X_SPDDELETE failed: Invalid argument 2019-02-15 00:41:46: ERROR: pfkey X_SPDDELETE failed: Invalid argument 2019-02-15 00:41:46: INFO: ISAKMP-SA expired 85.113.221.175[4500]-2.94.173.77[4500] spi:ecd38e7c1f0be2e6:73064c16956de425 2019-02-15 00:41:46: INFO: ISAKMP-SA deleted 85.113.221.175[4500]-2.94.173.77[4500] spi:ecd38e7c1f0be2e6:73064c16956de425 С наилучшими пожеланиями, Sergey Anohin. --- wfido |