-
Posts
937 -
Joined
-
Last visited
-
Days Won
3
Content Type
Profiles
Forums
Gallery
Downloads
Blogs
Events
Posts posted by dexter
-
-
-
@Le ecureuil, вышел драфт 3.0, а это занчит можно, что-то ломать.
Как обстоят дела с EoIP туннелем в части "tunnel-local-source"?
В крайнем драфте эта бага присутствует. В скрытом посте всё подробно изложено.
- 1
-
Обновил Extra 2, KN-1910, U2 - полет нормальный.
-
U2 успешно окирпичилась без Яндекс ДНС(прочитал пост когда восстановил роутер.) Другие обновлять не буду, т.к. не использую данный компонент, дождусь баг фикса.
@Кинетиковод, спасибо.
-
Вот вам кусок конфига, где тегированные вланы идут между отдельным WAN и LAN портом:
Созданы вланы 100, 101, 102.
! interface GigabitEthernet0 up ! interface GigabitEthernet0/0 rename 1 switchport mode access switchport access vlan 100 up ! interface GigabitEthernet0/1 rename 2 switchport mode access switchport access vlan 100 up ! interface GigabitEthernet0/2 rename 3 switchport mode access switchport access vlan 102 up ! interface GigabitEthernet0/3 rename 4 switchport mode trunk switchport trunk vlan 100 switchport trunk vlan 102 switchport trunk vlan 101 up ! interface GigabitEthernet0/Vlan100 security-level public ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet0/Vlan101 security-level public ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet0/Vlan102 security-level public ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet1 security-level private up ! interface GigabitEthernet1/0 rename 0 up ! interface GigabitEthernet1/Vlan100 security-level public ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet1/Vlan101 rename 101 description 101 security-level private ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet1/Vlan102 security-level public ip dhcp client dns-routes ip dhcp client name-servers up !
И 3 бриджа
interface Bridge0 rename Home description "Home network" inherit GigabitEthernet1/Vlan100 include GigabitEthernet0/Vlan100 include AccessPoint include AccessPoint_5G mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers up ! interface Bridge1 rename Guest description "Guest network" inherit GigabitEthernet1/Vlan102 include GigabitEthernet0/Vlan102 include GuestWiFi mac access-list type none security-level protected ip dhcp client dns-routes ip dhcp client name-servers up ! interface Bridge2 description Vlan101-manage inherit 101 include GigabitEthernet0/Vlan101 mac address хх:хх:хх:хх:хх:хх mac access-list type none security-level private ip address 192.168.1.1 255.255.255.0 ip dhcp client dns-routes ip dhcp client name-servers ip global 700 up !
-
-
Прошивку лучше обновить. У меня на Ultra, порт и в "access" и "trunk" mode. Главное, что бы vid был разный. Все нормально работает, правда есть одна проблема, про неё в разделе 2.15 создана тема. Проявляет она себя только при загрузке устройства.
- 1
-
Понимаю. Я почему спросил, у меня есть планы по замене данной ультры на KN-1910 и в таком случае, не смогу проверить исправили или нет.
-
Да. "Версия NDMS2.11.D.0.0-4"
-
Читаем внимательно ТС просит кнопку "Перегрузка". Нормальная пятничная тема.
Т.е. заходишь в вэб, жмешь. CPU в полку, пинг over 9000.
Может он так кого терроризировать собрался или от инета отучать.
А если серьезно, то перезагружать конечно проще, чем тратить время на решение проблемы.
-
На данную проблему в 2.15 забили? В 2.16 ждать изменений?
-
@Le ecureuil, а такая конфигурация порта допустима на первой ультре:
! interface GigabitEthernet0/2 rename 2 switchport mode access switchport mode trunk switchport access vlan 31 switchport trunk vlan 30 switchport trunk vlan 32 switchport trunk vlan 33 switchport trunk vlan 253 up !
Когда порт и в access and trunk mode?
Провел анализ и выяснил,
(config)> show ip arp ================================================================================ Name IP MAC Interface ================================================================================ 192.168.30.1 00:08:9b:e9:1d:ad Vlan31-management 31.129.205.254 00:1a:6d:29:02:6e ISP 10.228.106.246 a8:f9:4b:89:ab:fb ISP 192.168.30.1 00:08:9b:e9:1d:ac Home 192.168.31.4 00:08:9b:e9:1d:ad Vlan31-management
IP 192.168.30.1 с разными маками появляется только после перезагрузки роутера и через несколько минут пропадает.
При "arp who-has" от кинетика в обоих вланах запись "192.168.30.1 00:08:9b:e9:1d:ad Vlan31-management" более не появляется.
Хотел в поддержку qnap'a написать, но думаю меня там пошлют, т.к. при перезагрузке самого хранилища данного безобразия в arp таблице нет.
- 1
-
Туннель со стороны U1 был UP, но пакеты через него не ходили, туннель не падал, т.к. была инфа в вэбе сколько скачано и отдано.
Со стороны U2 не посмотрел состояние, т.к. после снятия селф-теста все восстановилось.У меня тоже туннель без NAT.
Лог с сервера, читать снизу. Началось всё в 16:50.
Скрытый текстDate,Facility,Severity,Host,Syslogtag,ProcessID,Messagetype,Message "2019-02-05 16:51:09","3","6","border.home","ipsec:","","1"," 13[CFG] looking for peer configs matching XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:51:08","3","6","border.home","ipsec:","","1"," 14[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 " "2019-02-05 16:51:08","3","6","border.home","ipsec:","","1"," 14[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:51:08","3","6","border.home","ipsec:","","1"," 14[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:51:08","3","6","border.home","ipsec:","","1"," 14[IKE] YYY.YYY.YYY.YYY is initiating an IKE_SA " "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.254/255.255.255.0" "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.104.254/255.255.255.0" "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.101.254/255.255.255.0" "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.100.254/255.255.255.0" "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:51:08","1","6","border.home","ndm:","","1"," IpSec::Manager: IP secure connection \"IPIP0\" was stopped." "2019-02-05 16:51:08","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": secured tunnel is down." "2019-02-05 16:51:08","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": IPsec layer is down, shutdown tunnel layer." "2019-02-05 16:51:08","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:51:08","1","3","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" is appeared down." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 10[IKE] IKE_SA deleted " "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 13[IKE] sending DELETE for IKE_SA IPIP0[12] " "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 13[IKE] deleting IKE_SA IPIP0[12] between XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:41","0","6","border.home","ndm:","","1"," kernel: EIP93: release SPI cbcc4483" "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 3 times." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 2 times." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 13[IKE] CHILD_SA closed " "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 13[IKE] received DELETE for ESP CHILD_SA with SPI c594ec53 " "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" shutdown complete." "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 07[CFG] received stroke: terminate 'IPIP0[*]' " "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 08[IKE] sending DELETE for ESP CHILD_SA with SPI cbcc4483 " "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 08[IKE] closing CHILD_SA IPIP0{10} with SPIs cbcc4483_i (872 bytes) c594ec53_o (0 bytes) and TS XXX.XXX.XXX.XXX/32[ipencap] === YYY.YYY.YYY.YYY/32[ipencap] " "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 15[CFG] received stroke: terminate 'IPIP0{*}' " "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 11[CFG] received stroke: unroute 'IPIP0' " "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" shutdown started." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Configurator: IPsec configuration applying is done." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Configurator: start applying IPsec configuration." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Manager: IPsec reconfiguration transaction was created." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Manager: add config for crypto map \"IPIP0\"." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Manager: create IPsec reconfiguration transaction..." "2019-02-05 16:50:40","0","6","border.home","ndm:","","1"," kernel: EIP93: build inbound ESP connection, (SPI=cbcc4483)" "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.254/255.255.255.0" "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.254/255.255.255.0" "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.104.254/255.255.255.0" "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.101.254/255.255.255.0" "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.100.254/255.255.255.0" "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": secured tunnel is ready." "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": IPsec server layer is up, do start tunnel layer." "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 1." "2019-02-05 16:50:39","1","4","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" is up." "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] CHILD_SA IPIP0{10} established with SPIs cbcc4483_i c594ec53_o and TS XXX.XXX.XXX.XXX/32[ipencap] === YYY.YYY.YYY.YYY/32[ipencap] " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] maximum IKE_SA lifetime 28786s " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] scheduling reauthentication in 28766s " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] IKE_SA IPIP0[12] established between XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] destroying duplicate IKE_SA for peer 'IPIP0', received INITIAL_CONTACT " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] found linked key for crypto map 'IPIP0' " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] authentication of 'IPIP0' with pre-shared key successful with linked key " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] selected peer config 'IPIP0' " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] looking for peer configs matching XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:38","3","6","border.home","ipsec:","","1"," 06[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 " "2019-02-05 16:50:38","3","6","border.home","ipsec:","","1"," 06[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:50:38","3","6","border.home","ipsec:","","1"," 06[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:50:38","3","6","border.home","ipsec:","","1"," 06[IKE] YYY.YYY.YYY.YYY is initiating an IKE_SA " "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.254/255.255.255.0" "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.104.254/255.255.255.0" "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.101.254/255.255.255.0" "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.100.254/255.255.255.0" "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:50:38","1","6","border.home","ndm:","","1"," IpSec::Manager: IP secure connection \"IPIP0\" was stopped." "2019-02-05 16:50:38","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": secured tunnel is down." "2019-02-05 16:50:38","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": IPsec layer is down, shutdown tunnel layer." "2019-02-05 16:50:38","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:38","1","3","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" is appeared down." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 3 times." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 2 times." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:29","3","6","border.home","ipsec:","","1"," 14[IKE] CHILD_SA closed " "2019-02-05 16:50:29","3","6","border.home","ipsec:","","1"," 14[IKE] sending DELETE for ESP CHILD_SA with SPI c456d616 " "2019-02-05 16:50:29","3","6","border.home","ipsec:","","1"," 14[IKE] closing CHILD_SA IPIP0{9} with SPIs c456d616_i (0 bytes) cff7da2a_o (0 bytes) and TS XXX.XXX.XXX.XXX/32[ipencap] === YYY.YYY.YYY.YYY/32[ipencap] " "2019-02-05 16:50:29","3","6","border.home","ipsec:","","1"," 14[IKE] received DELETE for ESP CHILD_SA with SPI cff7da2a " "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": secured tunnel is ready." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": IPsec server layer is up, do start tunnel layer." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 1." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" was renegotiated." "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] CHILD_SA IPIP0{9} established with SPIs c456d616_i cff7da2a_o and TS XXX.XXX.XXX.XXX/32[ipencap] === YYY.YYY.YYY.YYY/32[ipencap] " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] maximum IKE_SA lifetime 28784s " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] scheduling reauthentication in 28764s " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] IKE_SA IPIP0[11] established between XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] found linked key for crypto map 'IPIP0' " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] authentication of 'IPIP0' with pre-shared key successful with linked key " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] selected peer config 'IPIP0' " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] looking for peer configs matching XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:26","3","6","border.home","ipsec:","","1"," 09[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 " "2019-02-05 16:50:26","3","6","border.home","ipsec:","","1"," 09[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:50:26","3","6","border.home","ipsec:","","1"," 09[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:50:26","3","6","border.home","ipsec:","","1"," 09[IKE] YYY.YYY.YYY.YYY is initiating an IKE_SA " "2019-02-05 16:50:26","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:26","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:25","0","6","border.home","ndm:","","1"," kernel: EIP93: release SPI c1ed8c88" "2019-02-05 16:50:25","0","6","border.home","ndm:","","1"," kernel: EIP93: release SPI cb83f225" "2019-02-05 16:50:25","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 2 times." "2019-02-05 16:50:25","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:25","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:25","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 1." "2019-02-05 16:50:25","3","6","border.home","ipsec:","","1"," 11[IKE] IKE_SA deleted " "2019-02-05 16:50:25","3","6","border.home","ipsec:","","1"," 11[IKE] deleting IKE_SA IPIP0[10] between XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:25","3","6","border.home","ipsec:","","1"," 11[IKE] received DELETE for IKE_SA IPIP0[10] " "2019-02-05 16:50:08","3","6","border.home","named[523]:","","1"," dumpstats complete" "2019-02-05 16:50:08","3","6","border.home","named[523]:","","1"," received control channel command 'stats'" "2019-02-05 16:50:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "2019-02-05 16:50:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "2019-02-05 16:50:07","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:07","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "2019-02-05 16:49:09","3","6","border.home","named[523]:","","1"," dumpstats complete" "2019-02-05 16:49:09","3","6","border.home","named[523]:","","1"," received control channel command 'stats'"
XXX.XXX.XXX.XXX - белый IP сервера U2.
YYY.YYY.YYY.YYY - белый IP клиента U1.
И лог с клиентаСкрытый текст"2019-02-05 16:53:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:53:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:53:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:53:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI c63ea1f3 " "2019-02-05 16:53:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs c63ea1f3_i (0 bytes) c1a7ab2d_o (942 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:53:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI c1a7ab2d " "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:53:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=c1a7ab2d)" "2019-02-05 16:52:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:52:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:52:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:52:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI c27cd31c " "2019-02-05 16:52:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs c27cd31c_i (0 bytes) c9bb2e2e_o (872 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:52:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI c9bb2e2e " "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=c9bb2e2e)" "2019-02-05 16:52:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:52:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:52:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:52:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:52:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI cbf4c882 " "2019-02-05 16:52:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs cbf4c882_i (0 bytes) cf4d7583_o (872 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:52:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI cf4d7583 " "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=cf4d7583)" "2019-02-05 16:52:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:51:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:51:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:51:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:51:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:51:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI c3f1c2bb " "2019-02-05 16:51:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs c3f1c2bb_i (0 bytes) c51415a5_o (872 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:51:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI c51415a5 " "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=c51415a5)" "2019-02-05 16:51:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:51:26","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:51:26","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Syslog: last message repeated 2 times." "2019-02-05 16:51:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:51:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:51:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI c594ec53 " "2019-02-05 16:51:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs c594ec53_i (0 bytes) cbcc4483_o (872 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:51:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI cbcc4483 " "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=cbcc4483)" "2019-02-05 16:51:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:51:11","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 1." "2019-02-05 16:51:11","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 11[IKE] IKE_SA deleted " "2019-02-05 16:51:10","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 10[IKE] sending DELETE for IKE_SA IPIP0[9] " "2019-02-05 16:51:10","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 10[IKE] deleting IKE_SA IPIP0[9] between YYY.YYY.YYY.YYY[IPIP0]...XXX.XXX.XXX.XXX[IPIP0] " "2019-02-05 16:51:10","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 10[IKE] reauthenticating IKE_SA IPIP0[9] " "2019-02-05 16:50:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "2019-02-05 16:50:54","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:54","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket."
-
Фигня какая-то.
Это интерфейсы наса:
[~] # ifconfig eth0 Link encap:Ethernet HWaddr XX:XX:XX:E9:1D:AC inet addr:192.168.30.1 Bcast:192.168.30.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:72751863 errors:0 dropped:4146 overruns:0 frame:0 TX packets:105725765 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:55889993644 (52.0 GiB) TX bytes:120979308908 (112.6 GiB) Memory:d0700000-d077ffff eth1 Link encap:Ethernet HWaddr XX:XX:XX:E9:1D:AD UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4047104 errors:0 dropped:1 overruns:0 frame:0 TX packets:226893 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:265339536 (253.0 MiB) TX bytes:50136598 (47.8 MiB) Memory:d0600000-d067ffff lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:315049 errors:0 dropped:0 overruns:0 frame:0 TX packets:315049 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:125653000 (119.8 MiB) TX bytes:125653000 (119.8 MiB) qvs0 Link encap:Ethernet HWaddr XX:XX:XX:E9:1D:AD inet addr:192.168.31.4 Bcast:192.168.31.255 Mask:255.255.255.0 inet6 addr: fe80::208:9bff:fee9:1dad/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3866878 errors:0 dropped:16580 overruns:0 frame:0 TX packets:118828 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:184734579 (176.1 MiB) TX bytes:29827192 (28.4 MiB) vnet0 Link encap:Ethernet HWaddr FE:54:00:24:3C:0B inet6 addr: fe80::fc54:ff:fe24:3c0b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99296 errors:0 dropped:0 overruns:0 frame:0 TX packets:3816209 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:19776634 (18.8 MiB) TX bytes:247598694 (236.1 MiB) [~] #
IP 192.168.30.1 - это нас. Этот адрес настроен на отдельном порту наса и воткнут в первый порт кинетика.
Второй порт наса включен во второй порт кинетика и представляет из себя бридж qvs0=eth1+vnet0.
Что-то я в ступор впал, откуда 192.168.30.1 на интерфейсе с маком XX:XX:XX:e9:1d:ad он в Bridge0 должен быть с маком XX:XX:XX:e9:1d:aс.
Ещё и в GigabitEthernet0/Vlan31 при таком конфиге свитча кинетика
interface GigabitEthernet0/1 rename 1 switchport mode access switchport access vlan 30 up ! interface GigabitEthernet0/2 rename 2 switchport mode access switchport mode trunk switchport access vlan 31 switchport trunk vlan 30 switchport trunk vlan 32 switchport trunk vlan 33 switchport trunk vlan 253 up !
Хотя физически он воткнут interface GigabitEthernet0/1, на interface GigabitEthernet0/2 - - - switchport trunk vlan 30 идет на виртуальную машину.
-
Я уже не раз писал, что происходит очень редко спонтанное падение IPIP туннеля.
Туннель с IPSec поднят между Ultra1 в качестве клиента и Ultra 2 в качестве сервера.
Упало сегодня в 16:45, а поднялось само после того как я на Ultra 1 снял селф-тест в 18:55.
Оба роутера имеют белые IP и находятся в одной сети провайдера.
Ниже постом 2 селф-теста.
U1 - снят когда туннель не работал(после этого соединение поднялось).
U2 - после возобновления работы туннеля.
-
Спасибо, вечером проверю.
-
У меня нормально селф-тест сохраняется.
- 1
-
Ultra 1 установил данный компонент. Нормально работает.
У меня доступ без пароля.
Может дело в парольном доступе или типе ФС у тех у кого не работает. У меня на флешке ext3.
На U2 так же не испытываю проблем. Клиент в обоих случаях Win 10 из проводника.
- 1
-
Установил данную прошивку. После загрузки в журнале:
Фев 3 00:51:12 ndm Hotspot::Account: system failed [0xcffd05ab]. Фев 3 00:51:48 ndm Core::Syslog: last message repeated 11 times.
Селф-тест постом ниже.
-
EoIP туннель с IPSec вам в помощь.
-
Отключил данный компонент на 2.15.A.4.0-3. Предварительно удалив оттуда ТД КN-1910. При этом отвалился доступ к вэб. Через несколько минут доступ появился, но при вводе логина с паролем в вэб не пускает(проверьте логин/пароль). В этот момент у меня была запущена консоль, я сохранил стартап конфиг, там пароль совпадает с сохраненным. Запустил:
(config)> system debug Core::Debug: System debug enabled. (config)> no system debug Core::Debug: System debug disabled. (config)> copy ndm:/self-test OPKG:/self-test.txt
На этом консоль повисла и селф-тест на флешку не сохранился.
Теперь не пускает и в консоль. При соединении просит логин, затем пароль и после ввода пароля больше ничего не происходит. В Cli не попасть. Скрипты которые запускаются с флешки через ndmq так же висят. К счастью, лог посылается на лог сервер (лог читать снизу).
Скрытый текст"Today 21:25:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1590 seconds." "Today 21:24:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1560 seconds." "Today 21:24:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1530 seconds." "Today 21:23:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1500 seconds." "Today 21:23:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1470 seconds." "Today 21:22:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1440 seconds." "Today 21:22:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1410 seconds." "Today 21:21:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1380 seconds." "Today 21:21:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1350 seconds." "Today 21:20:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1320 seconds." "Today 21:20:29","10","5","border.home","dropbear[2592]:","","1"," Password auth succeeded for 'root' from 192.168.100.10:58358" "Today 21:20:17","10","6","border.home","dropbear[2592]:","","1"," Child connection from 192.168.100.10:58358" "Today 21:20:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1290 seconds." "Today 21:19:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1260 seconds." "Today 21:19:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1230 seconds." "Today 21:18:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1200 seconds." "Today 21:18:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1170 seconds." "Today 21:17:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1140 seconds." "Today 21:17:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1110 seconds." "Today 21:16:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1080 seconds." "Today 21:16:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1050 seconds." "Today 21:15:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1020 seconds." "Today 21:15:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 990 seconds." "Today 21:14:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 960 seconds." "Today 21:14:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 930 seconds." "Today 21:13:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 900 seconds." "Today 21:13:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 870 seconds." "Today 21:12:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 840 seconds." "Today 21:12:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 810 seconds." "Today 21:11:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 780 seconds." "Today 21:11:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 750 seconds." "Today 21:10:52","10","6","border.home","dropbear:","","1"," Child connection from 192.168.100.10:58059" "Today 21:10:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 720 seconds." "Today 21:10:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 690 seconds." "Today 21:09:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 660 seconds." "Today 21:09:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 630 seconds." "Today 21:08:43","1","6","border.home","ndm:","","1"," Core::Debug: system debug disabled." "Today 21:08:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 600 seconds." "Today 21:08:22","1","6","border.home","ndm:","","1"," Core::Debug: system debug enabled." "Today 21:08:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 570 seconds." "Today 21:07:34","10","6","border.home","dropbear:","","1"," Child connection from 192.168.100.26:60604" "Today 21:07:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 540 seconds." "Today 21:07:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 510 seconds." "Today 21:06:49","10","6","border.home","dropbear:","","1"," Child connection from 192.168.100.26:60595" "Today 21:06:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 480 seconds." "Today 21:06:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 450 seconds." "Today 21:05:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 420 seconds." "Today 21:05:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 390 seconds." "Today 21:04:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 360 seconds." "Today 21:04:18","1","3","border.home","ndm:","","1"," FileSystem::Repository: failed to open destination: \"OPKG:/\"." "Today 21:04:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 330 seconds." "Today 21:03:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 300 seconds." "Today 21:03:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 270 seconds." "Today 21:02:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 240 seconds." "Today 21:02:21","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: configuration saved." "Today 21:02:17","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: saving configuration..." "Today 21:02:12","1","6","border.home","ndm:","","1"," Core::Authenticator: password set has been changed for user \"admin\"." "Today 21:02:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 210 seconds." "Today 21:01:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 180 seconds." "Today 21:01:16","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": set access VLAN ID: 100." "Today 21:01:12","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": access mode enabled." "Today 21:01:06","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": mixed mode disabled." "Today 21:01:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 150 seconds." "Today 21:01:01","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": removed access VLAN ID." "Today 21:00:54","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": removed trunk VLAN ID." "Today 21:00:49","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": trunk mode disabled." "Today 21:00:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 120 seconds." "Today 21:00:24","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 21:00:24","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 21:00:09","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 21:00:09","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 21:00:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 90 seconds." "Today 20:59:53","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 20:59:53","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 20:59:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 60 seconds." "Today 20:59:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 30 seconds." "Today 20:57:19","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: configuration saved." "Today 20:57:15","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: saving configuration..." "Today 20:57:15","1","6","border.home","ndm:","","1"," Mws::Controller: disabled." "Today 20:57:09","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 20:57:09","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 20:57:09","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:57:09","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "Today 20:57:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:57:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "Today 20:56:41","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: configuration saved." "Today 20:56:38","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: saving configuration..." "Today 20:56:09","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 20:56:09","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 20:56:09","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:56:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "Today 20:56:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:56:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "Today 20:55:57","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": removed trunk VLAN ID: 100." "Today 20:55:14","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: configuration saved." "Today 20:55:10","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: saving configuration..." "Today 20:55:08","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 20:55:08","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 20:55:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:55:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket."
После перезагрузки доступ к роутеру появился.
-
Работает, спасибо.
-
Да, проблема есть и из прошивки в прошивку ни куда не девается.
-
@Le ecureuil, а по моему скрытому посту есть какая информация по EoIP туннелю или скрытый пост не опубликовался? Или нужно это вопрос в теме про 2.15 задавать?
KN-1910 Апр 2 21:04:22 ndm Hotspot::Account: system failed [0xcffd0656].
in 3.1
Posted · Edited by dexter
Тема
получила продолжение. Как я говорил, я заменил Ultra 1 на KN-1910 и в логе увидел постоянные Hotspot::Account: system failed. Если Ультра 1 прекращала спамить в журнал, то тут ничего не прекращается.
Всё описание есть в теме по ссылке. Постом ниже будет селф-тест.
Я продолжаю использовать конструкцию конфига:
interface GigabitEthernet0 up ! interface GigabitEthernet0/0 rename 1 switchport mode access switchport access vlan 30 up ! interface GigabitEthernet0/1 rename 2 switchport mode access switchport mode trunk switchport access vlan 31 switchport trunk vlan 30 switchport trunk vlan 32 switchport trunk vlan 33 switchport trunk vlan 253 up ! interface GigabitEthernet0/2 rename 3 switchport mode access switchport access vlan 32 up ! interface GigabitEthernet0/3 rename 4 switchport mode trunk switchport trunk vlan 30 switchport trunk vlan 31 switchport trunk vlan 32 switchport trunk vlan 33 up !