dexter
-
Posts
937 -
Joined
-
Last visited
-
Days Won
3
Content Type
Profiles
Forums
Gallery
Downloads
Blogs
Events
Posts posted by dexter
-
-
-
@Le ecureuil, вышел драфт 3.0, а это занчит можно, что-то ломать.
Как обстоят дела с EoIP туннелем в части "tunnel-local-source"?
В крайнем драфте эта бага присутствует. В скрытом посте всё подробно изложено.
-
1
-
-
Обновил Extra 2, KN-1910, U2 - полет нормальный.
-
U2 успешно окирпичилась без Яндекс ДНС(прочитал пост когда восстановил роутер.) Другие обновлять не буду, т.к. не использую данный компонент, дождусь баг фикса.
@Кинетиковод, спасибо.
-
Вот вам кусок конфига, где тегированные вланы идут между отдельным WAN и LAN портом:
Созданы вланы 100, 101, 102.
! interface GigabitEthernet0 up ! interface GigabitEthernet0/0 rename 1 switchport mode access switchport access vlan 100 up ! interface GigabitEthernet0/1 rename 2 switchport mode access switchport access vlan 100 up ! interface GigabitEthernet0/2 rename 3 switchport mode access switchport access vlan 102 up ! interface GigabitEthernet0/3 rename 4 switchport mode trunk switchport trunk vlan 100 switchport trunk vlan 102 switchport trunk vlan 101 up ! interface GigabitEthernet0/Vlan100 security-level public ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet0/Vlan101 security-level public ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet0/Vlan102 security-level public ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet1 security-level private up ! interface GigabitEthernet1/0 rename 0 up ! interface GigabitEthernet1/Vlan100 security-level public ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet1/Vlan101 rename 101 description 101 security-level private ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet1/Vlan102 security-level public ip dhcp client dns-routes ip dhcp client name-servers up !И 3 бриджа
interface Bridge0 rename Home description "Home network" inherit GigabitEthernet1/Vlan100 include GigabitEthernet0/Vlan100 include AccessPoint include AccessPoint_5G mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers up ! interface Bridge1 rename Guest description "Guest network" inherit GigabitEthernet1/Vlan102 include GigabitEthernet0/Vlan102 include GuestWiFi mac access-list type none security-level protected ip dhcp client dns-routes ip dhcp client name-servers up ! interface Bridge2 description Vlan101-manage inherit 101 include GigabitEthernet0/Vlan101 mac address хх:хх:хх:хх:хх:хх mac access-list type none security-level private ip address 192.168.1.1 255.255.255.0 ip dhcp client dns-routes ip dhcp client name-servers ip global 700 up ! -
Всё есть.
Поставьте "ip global xxx"
-
Прошивку лучше обновить. У меня на Ultra, порт и в "access" и "trunk" mode. Главное, что бы vid был разный. Все нормально работает, правда есть одна проблема, про неё в разделе 2.15 создана тема. Проявляет она себя только при загрузке устройства.
-
1
-
-
Понимаю. Я почему спросил, у меня есть планы по замене данной ультры на KN-1910 и в таком случае, не смогу проверить исправили или нет.
-
Да. "Версия NDMS2.11.D.0.0-4"
-
Читаем внимательно ТС просит кнопку "Перегрузка". Нормальная пятничная тема.
Т.е. заходишь в вэб, жмешь. CPU в полку, пинг over 9000.
Может он так кого терроризировать собрался или от инета отучать.
А если серьезно, то перезагружать конечно проще, чем тратить время на решение проблемы.
-
На данную проблему в 2.15 забили? В 2.16 ждать изменений?
-
@Le ecureuil, а такая конфигурация порта допустима на первой ультре:
! interface GigabitEthernet0/2 rename 2 switchport mode access switchport mode trunk switchport access vlan 31 switchport trunk vlan 30 switchport trunk vlan 32 switchport trunk vlan 33 switchport trunk vlan 253 up !Когда порт и в access and trunk mode?
Провел анализ и выяснил,
(config)> show ip arp ================================================================================ Name IP MAC Interface ================================================================================ 192.168.30.1 00:08:9b:e9:1d:ad Vlan31-management 31.129.205.254 00:1a:6d:29:02:6e ISP 10.228.106.246 a8:f9:4b:89:ab:fb ISP 192.168.30.1 00:08:9b:e9:1d:ac Home 192.168.31.4 00:08:9b:e9:1d:ad Vlan31-managementIP 192.168.30.1 с разными маками появляется только после перезагрузки роутера и через несколько минут пропадает.
При "arp who-has" от кинетика в обоих вланах запись "192.168.30.1 00:08:9b:e9:1d:ad Vlan31-management" более не появляется.
Хотел в поддержку qnap'a написать, но думаю меня там пошлют, т.к. при перезагрузке самого хранилища данного безобразия в arp таблице нет.
-
1
-
-
Туннель со стороны U1 был UP, но пакеты через него не ходили, туннель не падал, т.к. была инфа в вэбе сколько скачано и отдано.
Со стороны U2 не посмотрел состояние, т.к. после снятия селф-теста все восстановилось.У меня тоже туннель без NAT.
Лог с сервера, читать снизу. Началось всё в 16:50.
Скрытый текстDate,Facility,Severity,Host,Syslogtag,ProcessID,Messagetype,Message "2019-02-05 16:51:09","3","6","border.home","ipsec:","","1"," 13[CFG] looking for peer configs matching XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:51:08","3","6","border.home","ipsec:","","1"," 14[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 " "2019-02-05 16:51:08","3","6","border.home","ipsec:","","1"," 14[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:51:08","3","6","border.home","ipsec:","","1"," 14[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:51:08","3","6","border.home","ipsec:","","1"," 14[IKE] YYY.YYY.YYY.YYY is initiating an IKE_SA " "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.254/255.255.255.0" "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.104.254/255.255.255.0" "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.101.254/255.255.255.0" "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.100.254/255.255.255.0" "2019-02-05 16:51:08","0","6","border.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:51:08","1","6","border.home","ndm:","","1"," IpSec::Manager: IP secure connection \"IPIP0\" was stopped." "2019-02-05 16:51:08","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": secured tunnel is down." "2019-02-05 16:51:08","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": IPsec layer is down, shutdown tunnel layer." "2019-02-05 16:51:08","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:51:08","1","3","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" is appeared down." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 10[IKE] IKE_SA deleted " "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 13[IKE] sending DELETE for IKE_SA IPIP0[12] " "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 13[IKE] deleting IKE_SA IPIP0[12] between XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:41","0","6","border.home","ndm:","","1"," kernel: EIP93: release SPI cbcc4483" "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 3 times." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 2 times." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:41","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 13[IKE] CHILD_SA closed " "2019-02-05 16:50:41","3","6","border.home","ipsec:","","1"," 13[IKE] received DELETE for ESP CHILD_SA with SPI c594ec53 " "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" shutdown complete." "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 07[CFG] received stroke: terminate 'IPIP0[*]' " "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 08[IKE] sending DELETE for ESP CHILD_SA with SPI cbcc4483 " "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 08[IKE] closing CHILD_SA IPIP0{10} with SPIs cbcc4483_i (872 bytes) c594ec53_o (0 bytes) and TS XXX.XXX.XXX.XXX/32[ipencap] === YYY.YYY.YYY.YYY/32[ipencap] " "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 15[CFG] received stroke: terminate 'IPIP0{*}' " "2019-02-05 16:50:40","3","6","border.home","ipsec:","","1"," 11[CFG] received stroke: unroute 'IPIP0' " "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" shutdown started." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Configurator: IPsec configuration applying is done." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Configurator: start applying IPsec configuration." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Manager: IPsec reconfiguration transaction was created." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Manager: add config for crypto map \"IPIP0\"." "2019-02-05 16:50:40","1","6","border.home","ndm:","","1"," IpSec::Manager: create IPsec reconfiguration transaction..." "2019-02-05 16:50:40","0","6","border.home","ndm:","","1"," kernel: EIP93: build inbound ESP connection, (SPI=cbcc4483)" "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.254/255.255.255.0" "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.254/255.255.255.0" "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.104.254/255.255.255.0" "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.101.254/255.255.255.0" "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.100.254/255.255.255.0" "2019-02-05 16:50:39","0","6","border.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": secured tunnel is ready." "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": IPsec server layer is up, do start tunnel layer." "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 1." "2019-02-05 16:50:39","1","4","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" is up." "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] CHILD_SA IPIP0{10} established with SPIs cbcc4483_i c594ec53_o and TS XXX.XXX.XXX.XXX/32[ipencap] === YYY.YYY.YYY.YYY/32[ipencap] " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] maximum IKE_SA lifetime 28786s " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] scheduling reauthentication in 28766s " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] IKE_SA IPIP0[12] established between XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:39","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] destroying duplicate IKE_SA for peer 'IPIP0', received INITIAL_CONTACT " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] found linked key for crypto map 'IPIP0' " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[IKE] authentication of 'IPIP0' with pre-shared key successful with linked key " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] selected peer config 'IPIP0' " "2019-02-05 16:50:39","3","6","border.home","ipsec:","","1"," 05[CFG] looking for peer configs matching XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:38","3","6","border.home","ipsec:","","1"," 06[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 " "2019-02-05 16:50:38","3","6","border.home","ipsec:","","1"," 06[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:50:38","3","6","border.home","ipsec:","","1"," 06[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:50:38","3","6","border.home","ipsec:","","1"," 06[IKE] YYY.YYY.YYY.YYY is initiating an IKE_SA " "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.254/255.255.255.0" "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.104.254/255.255.255.0" "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.101.254/255.255.255.0" "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.100.254/255.255.255.0" "2019-02-05 16:50:38","0","6","border.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:50:38","1","6","border.home","ndm:","","1"," IpSec::Manager: IP secure connection \"IPIP0\" was stopped." "2019-02-05 16:50:38","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": secured tunnel is down." "2019-02-05 16:50:38","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": IPsec layer is down, shutdown tunnel layer." "2019-02-05 16:50:38","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:38","1","3","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" is appeared down." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 3 times." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 2 times." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:29","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:29","3","6","border.home","ipsec:","","1"," 14[IKE] CHILD_SA closed " "2019-02-05 16:50:29","3","6","border.home","ipsec:","","1"," 14[IKE] sending DELETE for ESP CHILD_SA with SPI c456d616 " "2019-02-05 16:50:29","3","6","border.home","ipsec:","","1"," 14[IKE] closing CHILD_SA IPIP0{9} with SPIs c456d616_i (0 bytes) cff7da2a_o (0 bytes) and TS XXX.XXX.XXX.XXX/32[ipencap] === YYY.YYY.YYY.YYY/32[ipencap] " "2019-02-05 16:50:29","3","6","border.home","ipsec:","","1"," 14[IKE] received DELETE for ESP CHILD_SA with SPI cff7da2a " "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": secured tunnel is ready." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," Network::Interface::SecureIPTunnel: \"IPIP0\": IPsec server layer is up, do start tunnel layer." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 1." "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::Configurator: crypto map \"IPIP0\" was renegotiated." "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] CHILD_SA IPIP0{9} established with SPIs c456d616_i cff7da2a_o and TS XXX.XXX.XXX.XXX/32[ipencap] === YYY.YYY.YYY.YYY/32[ipencap] " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ " "2019-02-05 16:50:27","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] maximum IKE_SA lifetime 28784s " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] scheduling reauthentication in 28764s " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] IKE_SA IPIP0[11] established between XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] found linked key for crypto map 'IPIP0' " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[IKE] authentication of 'IPIP0' with pre-shared key successful with linked key " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] selected peer config 'IPIP0' " "2019-02-05 16:50:27","3","6","border.home","ipsec:","","1"," 13[CFG] looking for peer configs matching XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:26","3","6","border.home","ipsec:","","1"," 09[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 " "2019-02-05 16:50:26","3","6","border.home","ipsec:","","1"," 09[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:50:26","3","6","border.home","ipsec:","","1"," 09[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 " "2019-02-05 16:50:26","3","6","border.home","ipsec:","","1"," 09[IKE] YYY.YYY.YYY.YYY is initiating an IKE_SA " "2019-02-05 16:50:26","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:50:26","1","6","border.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:50:25","0","6","border.home","ndm:","","1"," kernel: EIP93: release SPI c1ed8c88" "2019-02-05 16:50:25","0","6","border.home","ndm:","","1"," kernel: EIP93: release SPI cb83f225" "2019-02-05 16:50:25","1","6","border.home","ndm:","","1"," Core::Syslog: last message repeated 2 times." "2019-02-05 16:50:25","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:25","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 0." "2019-02-05 16:50:25","1","6","border.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 1." "2019-02-05 16:50:25","3","6","border.home","ipsec:","","1"," 11[IKE] IKE_SA deleted " "2019-02-05 16:50:25","3","6","border.home","ipsec:","","1"," 11[IKE] deleting IKE_SA IPIP0[10] between XXX.XXX.XXX.XXX[IPIP0]...YYY.YYY.YYY.YYY[IPIP0] " "2019-02-05 16:50:25","3","6","border.home","ipsec:","","1"," 11[IKE] received DELETE for IKE_SA IPIP0[10] " "2019-02-05 16:50:08","3","6","border.home","named[523]:","","1"," dumpstats complete" "2019-02-05 16:50:08","3","6","border.home","named[523]:","","1"," received control channel command 'stats'" "2019-02-05 16:50:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "2019-02-05 16:50:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "2019-02-05 16:50:07","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:07","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "2019-02-05 16:49:09","3","6","border.home","named[523]:","","1"," dumpstats complete" "2019-02-05 16:49:09","3","6","border.home","named[523]:","","1"," received control channel command 'stats'"XXX.XXX.XXX.XXX - белый IP сервера U2.
YYY.YYY.YYY.YYY - белый IP клиента U1.
И лог с клиентаСкрытый текст"2019-02-05 16:53:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:53:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:53:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:53:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI c63ea1f3 " "2019-02-05 16:53:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs c63ea1f3_i (0 bytes) c1a7ab2d_o (942 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:53:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI c1a7ab2d " "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:53:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:53:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=c1a7ab2d)" "2019-02-05 16:52:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:52:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:52:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:52:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI c27cd31c " "2019-02-05 16:52:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs c27cd31c_i (0 bytes) c9bb2e2e_o (872 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:52:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI c9bb2e2e " "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:52:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=c9bb2e2e)" "2019-02-05 16:52:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:52:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:52:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:52:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:52:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI cbf4c882 " "2019-02-05 16:52:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs cbf4c882_i (0 bytes) cf4d7583_o (872 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:52:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI cf4d7583 " "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:52:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=cf4d7583)" "2019-02-05 16:52:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:51:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:51:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:51:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:51:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:51:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI c3f1c2bb " "2019-02-05 16:51:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs c3f1c2bb_i (0 bytes) c51415a5_o (872 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:51:55","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI c51415a5 " "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:51:55","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=c51415a5)" "2019-02-05 16:51:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:51:26","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: start reloading netfilter configuration..." "2019-02-05 16:51:26","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Syslog: last message repeated 2 times." "2019-02-05 16:51:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 1, active CHILD SA: 0." "2019-02-05 16:51:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] CHILD_SA closed " "2019-02-05 16:51:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] sending DELETE for ESP CHILD_SA with SPI c594ec53 " "2019-02-05 16:51:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] closing CHILD_SA IPIP0{1} with SPIs c594ec53_i (0 bytes) cbcc4483_o (872 bytes) and TS YYY.YYY.YYY.YYY/32[ipencap] === XXX.XXX.XXX.XXX/32[ipencap] " "2019-02-05 16:51:25","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 09[IKE] received DELETE for ESP CHILD_SA with SPI cbcc4483 " "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.254.253/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.253.253/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.32.254/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.31.254/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Enable SMB fastpath for 192.168.30.254/255.255.255.0" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: Disable SMB fastpath" "2019-02-05 16:51:25","0","6","ip-ip.bikovo-17.home","ndm:","","1"," kernel: EIP93: build outbound ESP connection, (SPI=cbcc4483)" "2019-02-05 16:51:25","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::IpSecNetfilter: netfilter configuration reloading is done." "2019-02-05 16:51:11","1","6","ip-ip.bikovo-17.home","ndm:","","1"," IpSec::Configurator: \"IPIP0\": crypto map active IKE SA: 0, active CHILD SA: 1." "2019-02-05 16:51:11","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 11[IKE] IKE_SA deleted " "2019-02-05 16:51:10","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 10[IKE] sending DELETE for IKE_SA IPIP0[9] " "2019-02-05 16:51:10","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 10[IKE] deleting IKE_SA IPIP0[9] between YYY.YYY.YYY.YYY[IPIP0]...XXX.XXX.XXX.XXX[IPIP0] " "2019-02-05 16:51:10","3","6","ip-ip.bikovo-17.home","ipsec:","","1"," 10[IKE] reauthenticating IKE_SA IPIP0[9] " "2019-02-05 16:50:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:55","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "2019-02-05 16:50:54","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Session: client disconnected." "2019-02-05 16:50:54","1","6","ip-ip.bikovo-17.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." -
Фигня какая-то.
Это интерфейсы наса:
[~] # ifconfig eth0 Link encap:Ethernet HWaddr XX:XX:XX:E9:1D:AC inet addr:192.168.30.1 Bcast:192.168.30.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:72751863 errors:0 dropped:4146 overruns:0 frame:0 TX packets:105725765 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:55889993644 (52.0 GiB) TX bytes:120979308908 (112.6 GiB) Memory:d0700000-d077ffff eth1 Link encap:Ethernet HWaddr XX:XX:XX:E9:1D:AD UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4047104 errors:0 dropped:1 overruns:0 frame:0 TX packets:226893 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:265339536 (253.0 MiB) TX bytes:50136598 (47.8 MiB) Memory:d0600000-d067ffff lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:315049 errors:0 dropped:0 overruns:0 frame:0 TX packets:315049 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:125653000 (119.8 MiB) TX bytes:125653000 (119.8 MiB) qvs0 Link encap:Ethernet HWaddr XX:XX:XX:E9:1D:AD inet addr:192.168.31.4 Bcast:192.168.31.255 Mask:255.255.255.0 inet6 addr: fe80::208:9bff:fee9:1dad/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3866878 errors:0 dropped:16580 overruns:0 frame:0 TX packets:118828 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:184734579 (176.1 MiB) TX bytes:29827192 (28.4 MiB) vnet0 Link encap:Ethernet HWaddr FE:54:00:24:3C:0B inet6 addr: fe80::fc54:ff:fe24:3c0b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99296 errors:0 dropped:0 overruns:0 frame:0 TX packets:3816209 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:19776634 (18.8 MiB) TX bytes:247598694 (236.1 MiB) [~] #IP 192.168.30.1 - это нас. Этот адрес настроен на отдельном порту наса и воткнут в первый порт кинетика.
Второй порт наса включен во второй порт кинетика и представляет из себя бридж qvs0=eth1+vnet0.
Что-то я в ступор впал, откуда 192.168.30.1 на интерфейсе с маком XX:XX:XX:e9:1d:ad он в Bridge0 должен быть с маком XX:XX:XX:e9:1d:aс.
Ещё и в GigabitEthernet0/Vlan31 при таком конфиге свитча кинетика
interface GigabitEthernet0/1 rename 1 switchport mode access switchport access vlan 30 up ! interface GigabitEthernet0/2 rename 2 switchport mode access switchport mode trunk switchport access vlan 31 switchport trunk vlan 30 switchport trunk vlan 32 switchport trunk vlan 33 switchport trunk vlan 253 up !Хотя физически он воткнут interface GigabitEthernet0/1, на interface GigabitEthernet0/2 - - - switchport trunk vlan 30 идет на виртуальную машину.
-
Я уже не раз писал, что происходит очень редко спонтанное падение IPIP туннеля.
Туннель с IPSec поднят между Ultra1 в качестве клиента и Ultra 2 в качестве сервера.
Упало сегодня в 16:45, а поднялось само после того как я на Ultra 1 снял селф-тест в 18:55.
Оба роутера имеют белые IP и находятся в одной сети провайдера.
Ниже постом 2 селф-теста.
U1 - снят когда туннель не работал(после этого соединение поднялось).
U2 - после возобновления работы туннеля.
-
Спасибо, вечером проверю.
-
У меня нормально селф-тест сохраняется.
-
1
-
-
Ultra 1 установил данный компонент. Нормально работает.
У меня доступ без пароля.
Может дело в парольном доступе или типе ФС у тех у кого не работает. У меня на флешке ext3.
На U2 так же не испытываю проблем. Клиент в обоих случаях Win 10 из проводника.
-
1
-
-
Установил данную прошивку. После загрузки в журнале:
Фев 3 00:51:12 ndm Hotspot::Account: system failed [0xcffd05ab]. Фев 3 00:51:48 ndm Core::Syslog: last message repeated 11 times.Селф-тест постом ниже.
-
EoIP туннель с IPSec вам в помощь.
-
Отключил данный компонент на 2.15.A.4.0-3. Предварительно удалив оттуда ТД КN-1910. При этом отвалился доступ к вэб. Через несколько минут доступ появился, но при вводе логина с паролем в вэб не пускает(проверьте логин/пароль). В этот момент у меня была запущена консоль, я сохранил стартап конфиг, там пароль совпадает с сохраненным. Запустил:
(config)> system debug Core::Debug: System debug enabled. (config)> no system debug Core::Debug: System debug disabled. (config)> copy ndm:/self-test OPKG:/self-test.txtНа этом консоль повисла и селф-тест на флешку не сохранился.
Теперь не пускает и в консоль. При соединении просит логин, затем пароль и после ввода пароля больше ничего не происходит. В Cli не попасть. Скрипты которые запускаются с флешки через ndmq так же висят. К счастью, лог посылается на лог сервер (лог читать снизу).
Скрытый текст"Today 21:25:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1590 seconds." "Today 21:24:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1560 seconds." "Today 21:24:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1530 seconds." "Today 21:23:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1500 seconds." "Today 21:23:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1470 seconds." "Today 21:22:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1440 seconds." "Today 21:22:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1410 seconds." "Today 21:21:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1380 seconds." "Today 21:21:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1350 seconds." "Today 21:20:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1320 seconds." "Today 21:20:29","10","5","border.home","dropbear[2592]:","","1"," Password auth succeeded for 'root' from 192.168.100.10:58358" "Today 21:20:17","10","6","border.home","dropbear[2592]:","","1"," Child connection from 192.168.100.10:58358" "Today 21:20:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1290 seconds." "Today 21:19:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1260 seconds." "Today 21:19:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1230 seconds." "Today 21:18:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1200 seconds." "Today 21:18:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1170 seconds." "Today 21:17:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1140 seconds." "Today 21:17:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1110 seconds." "Today 21:16:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1080 seconds." "Today 21:16:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1050 seconds." "Today 21:15:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 1020 seconds." "Today 21:15:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 990 seconds." "Today 21:14:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 960 seconds." "Today 21:14:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 930 seconds." "Today 21:13:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 900 seconds." "Today 21:13:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 870 seconds." "Today 21:12:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 840 seconds." "Today 21:12:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 810 seconds." "Today 21:11:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 780 seconds." "Today 21:11:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 750 seconds." "Today 21:10:52","10","6","border.home","dropbear:","","1"," Child connection from 192.168.100.10:58059" "Today 21:10:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 720 seconds." "Today 21:10:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 690 seconds." "Today 21:09:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 660 seconds." "Today 21:09:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 630 seconds." "Today 21:08:43","1","6","border.home","ndm:","","1"," Core::Debug: system debug disabled." "Today 21:08:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 600 seconds." "Today 21:08:22","1","6","border.home","ndm:","","1"," Core::Debug: system debug enabled." "Today 21:08:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 570 seconds." "Today 21:07:34","10","6","border.home","dropbear:","","1"," Child connection from 192.168.100.26:60604" "Today 21:07:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 540 seconds." "Today 21:07:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 510 seconds." "Today 21:06:49","10","6","border.home","dropbear:","","1"," Child connection from 192.168.100.26:60595" "Today 21:06:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 480 seconds." "Today 21:06:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 450 seconds." "Today 21:05:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 420 seconds." "Today 21:05:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 390 seconds." "Today 21:04:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 360 seconds." "Today 21:04:18","1","3","border.home","ndm:","","1"," FileSystem::Repository: failed to open destination: \"OPKG:/\"." "Today 21:04:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 330 seconds." "Today 21:03:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 300 seconds." "Today 21:03:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 270 seconds." "Today 21:02:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 240 seconds." "Today 21:02:21","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: configuration saved." "Today 21:02:17","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: saving configuration..." "Today 21:02:12","1","6","border.home","ndm:","","1"," Core::Authenticator: password set has been changed for user \"admin\"." "Today 21:02:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 210 seconds." "Today 21:01:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 180 seconds." "Today 21:01:16","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": set access VLAN ID: 100." "Today 21:01:12","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": access mode enabled." "Today 21:01:06","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": mixed mode disabled." "Today 21:01:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 150 seconds." "Today 21:01:01","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": removed access VLAN ID." "Today 21:00:54","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": removed trunk VLAN ID." "Today 21:00:49","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": trunk mode disabled." "Today 21:00:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 120 seconds." "Today 21:00:24","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 21:00:24","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 21:00:09","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 21:00:09","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 21:00:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 90 seconds." "Today 20:59:53","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 20:59:53","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 20:59:34","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 60 seconds." "Today 20:59:04","1","4","border.home","ndm:","","1"," Event::Acceptor: sending \"Event::Type::DbKey\" to \"Core::Server\" 30 seconds." "Today 20:57:19","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: configuration saved." "Today 20:57:15","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: saving configuration..." "Today 20:57:15","1","6","border.home","ndm:","","1"," Mws::Controller: disabled." "Today 20:57:09","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 20:57:09","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 20:57:09","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:57:09","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "Today 20:57:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:57:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "Today 20:56:41","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: configuration saved." "Today 20:56:38","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: saving configuration..." "Today 20:56:09","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 20:56:09","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 20:56:09","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:56:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "Today 20:56:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:56:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket." "Today 20:55:57","1","6","border.home","ndm:","","1"," Network::Interface::Switch: \"GigabitEthernet0/5\": removed trunk VLAN ID: 100." "Today 20:55:14","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: configuration saved." "Today 20:55:10","1","6","border.home","ndm:","","1"," Core::ConfigurationSaver: saving configuration..." "Today 20:55:08","3","6","border.home","named[493]:","","1"," dumpstats complete" "Today 20:55:08","3","6","border.home","named[493]:","","1"," received control channel command 'stats'" "Today 20:55:08","1","6","border.home","ndm:","","1"," Core::Session: client disconnected." "Today 20:55:08","1","6","border.home","ndm:","","1"," Core::Server: started Session /var/run/ndm.core.socket."После перезагрузки доступ к роутеру появился.
-
Работает, спасибо.
-
Да, проблема есть и из прошивки в прошивку ни куда не девается.
-
@Le ecureuil, а по моему скрытому посту есть какая информация по EoIP туннелю или скрытый пост не опубликовался? Или нужно это вопрос в теме про 2.15 задавать?
KN-1910 Апр 2 21:04:22 ndm Hotspot::Account: system failed [0xcffd0656].
in 3.1
Posted · Edited by dexter
Тема
получила продолжение. Как я говорил, я заменил Ultra 1 на KN-1910 и в логе увидел постоянные Hotspot::Account: system failed. Если Ультра 1 прекращала спамить в журнал, то тут ничего не прекращается.
Всё описание есть в теме по ссылке. Постом ниже будет селф-тест.
Я продолжаю использовать конструкцию конфига:
interface GigabitEthernet0 up ! interface GigabitEthernet0/0 rename 1 switchport mode access switchport access vlan 30 up ! interface GigabitEthernet0/1 rename 2 switchport mode access switchport mode trunk switchport access vlan 31 switchport trunk vlan 30 switchport trunk vlan 32 switchport trunk vlan 33 switchport trunk vlan 253 up ! interface GigabitEthernet0/2 rename 3 switchport mode access switchport access vlan 32 up ! interface GigabitEthernet0/3 rename 4 switchport mode trunk switchport trunk vlan 30 switchport trunk vlan 31 switchport trunk vlan 32 switchport trunk vlan 33 up !