Jump to content

Makson

Forum Members
  • Posts

    5
  • Joined

  • Last visited

Equipment

  • Keenetic
    EXTRA 3.8.7

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Makson's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. [I] Nov 23 14:03:24 ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.0, Linux 4.9-ndm-5, mips) [I] Nov 23 14:03:24 ipsec: 00[CFG] loading secrets [I] Nov 23 14:03:24 ipsec: 00[CFG] loaded IKE secret for 31.132.209.49 82.116.X.X [I] Nov 23 14:03:24 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 23 14:03:24 ipsec: 00[CFG] starting system time check, interval: 10s [I] Nov 23 14:03:24 ipsec: 00[LIB] loaded plugins: charon ndm-pem random save-keys nonce x509 pubkey openssl xcbc cmac hmac ctr attr kernel-netlink resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-peap xauth-generic xauth-eap error-notify systime-fix unity counters [I] Nov 23 14:03:24 ipsec: 00[LIB] dropped capabilities, running as uid 65534, gid 65534 [I] Nov 23 14:03:24 ipsec: 05[CFG] received stroke: add connection 'vpn_tunnel_to_msk' [I] Nov 23 14:03:24 ipsec: 05[CFG] added configuration 'vpn_tunnel_to_msk' [I] Nov 23 14:03:42 ipsec: 05[IKE] received NAT-T (RFC 3947) vendor ID [I] Nov 23 14:03:42 ipsec: 05[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID [I] Nov 23 14:03:42 ipsec: 05[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID [I] Nov 23 14:03:42 ipsec: 05[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID [I] Nov 23 14:03:42 ipsec: 05[IKE] 82.116.X.X is initiating a Main Mode IKE_SA [I] Nov 23 14:03:42 ipsec: 05[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 23 14:03:42 ipsec: 05[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 [I] Nov 23 14:03:42 ipsec: 05[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 [I] Nov 23 14:03:42 ipsec: 05[IKE] sending DPD vendor ID [I] Nov 23 14:03:42 ipsec: 05[IKE] sending NAT-T (RFC 3947) vendor ID [I] Nov 23 14:03:52 ipsec: 06[IKE] received retransmit of request with ID 0, retransmitting response [I] Nov 23 14:04:12 ipsec: Core::Syslog: last message repeated 2 times. [I] Nov 23 14:04:12 ipsec: 05[JOB] deleting half open IKE_SA with 82.116.X.X after timeout [I] Nov 23 14:04:13 ndm: UPnP::Service: "System": redirect rule added: tcp FastEthernet0/Vlan2:17000 -> 192.168.10.63:6036. [I] Nov 23 14:04:13 ndm: UPnP::Service: "System": forward rule added: tcp FastEthernet0/Vlan2 -> 192.168.10.63:6036. [I] Nov 23 14:04:22 ipsec: 07[IKE] received NAT-T (RFC 3947) vendor ID [I] Nov 23 14:04:22 ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID [I] Nov 23 14:04:22 ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID [I] Nov 23 14:04:22 ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID [I] Nov 23 14:04:22 ipsec: 07[IKE] 82.116.X.X is initiating a Main Mode IKE_SA [I] Nov 23 14:04:22 ipsec: 07[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 23 14:04:22 ipsec: 07[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 [I] Nov 23 14:04:22 ipsec: 07[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 [I] Nov 23 14:04:22 ipsec: 07[IKE] sending DPD vendor ID [I] Nov 23 14:04:22 ipsec: 07[IKE] sending NAT-T (RFC 3947) vendor ID [I] Nov 23 14:04:32 ipsec: 07[IKE] received retransmit of request with ID 0, retransmitting response [I] Nov 23 14:04:52 ipsec: 09[JOB] deleting half open IKE_SA with 82.116.X.X after timeout [I] Nov 23 14:05:21 ipsec: 07[IKE] received NAT-T (RFC 3947) vendor ID [I] Nov 23 14:05:21 ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID [I] Nov 23 14:05:21 ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID [I] Nov 23 14:05:21 ipsec: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID [I] Nov 23 14:05:21 ipsec: 07[IKE] 82.116.X.X is initiating a Main Mode IKE_SA [I] Nov 23 14:05:21 ipsec: 07[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 23 14:05:21 ipsec: 07[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 [I] Nov 23 14:05:21 ipsec: 07[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 [I] Nov 23 14:05:21 ipsec: 07[IKE] sending DPD vendor ID [I] Nov 23 14:05:21 ipsec: 07[IKE] sending NAT-T (RFC 3947) vendor ID [I] Nov 23 14:05:31 ipsec: 06[IKE] received retransmit of request with ID 0, retransmitting response
  2. Со стороны другого оборудования: Nov 23 11:11:59.894: ISAKMP:(0): beginning Main Mode exchange Nov 23 11:11:59.894: ISAKMP:(0): sending packet to 31.132.x.x my_port 500 peer_port 500 (I) MM_NO_STATE Nov 23 11:11:59.894: ISAKMP:(0):Sending an IKE IPv4 Packet. atmservice# Nov 23 11:12:06.046: ISAKMP (2756): received packet from 31.132.x.x dport 4500 sport 4500 Global (R) QM_IDLE Получается: cisco ему шлет запрос на порт 500 а он отвечает с 4500, поскольку за NAT находится
  3. Доброго всем времени суток. Роутер EXTRA - Установленная версия 3.8.7 Прошу помощи в нескольких вопросах: 1. Нужно ли открывать и как правильно открыть порты и протоколы для IPSec туннеля. 500, 4500? Это в политиках файрволла, в политиках NAT? В NAT попробовал сделать правило на разрешение ICMP - работает. 2. На wan порте по DHCP от провайдера получает устройство ip серый 10.174.5.17, но провайдер выдал и белый ip 31.132.X.X и при обращении на него - мы попадаем на keenetic, работает проброс 80, 443, 3389 итд. Выкладываю настройки туннеля. Не работает. с другой стороны Zywal 310, на нем десяток туннелей с разным оборудованием, все норм. не пойму куда тут копать.
×
×
  • Create New...