Jump to content

Veter_ARH

Forum Members
  • Posts

    39
  • Joined

  • Last visited

Equipment

  • Keenetic
    GiGA KN-1011

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Veter_ARH's Achievements

Member

Member (2/5)

5

Reputation

  1. Не исправлено в KN-1111 4.00.A.5.0-0 Янв 29 22:04:05 ipsec 07[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Янв 29 22:04:05 ipsec 07[IKE] remote host is behind NAT Янв 29 22:04:05 ipsec 06[IKE] received 41 cert requests for an unknown ca Янв 29 22:04:05 ipsec 06[CFG] looking for peer configs matching 127.0.0.1[%any]...95.***.***.***[172.17.0.89] Янв 29 22:04:05 ipsec 06[CFG] selected peer config 'VirtualIPServerIKE2' Янв 29 22:04:05 ipsec 06[IKE] initiating EAP_IDENTITY method (id 0x00) Янв 29 22:04:05 ipsec 06[IKE] peer supports MOBIKE, but disabled in config Янв 29 22:04:05 ipsec 06[IKE] authentication of '***.keenetic.pro' (myself) with RSA signature successful Янв 29 22:04:05 ipsec 06[IKE] sending end entity cert "CN=***.keenetic.pro" Янв 29 22:04:05 ipsec 06[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=R3" Янв 29 22:04:06 ipsec 07[IKE] received retransmit of request with ID 1, retransmitting response Янв 29 22:04:06 ipsec 07[IKE] received message ID 1, expected 2, ignored Янв 29 22:04:06 ipsec 09[IKE] received message ID 1, expected 2, ignored Янв 29 22:04:07 ipsec 06[IKE] received retransmit of request with ID 1, retransmitting response Янв 29 22:04:07 ipsec 06[IKE] received message ID 1, expected 2, ignored Янв 29 22:04:07 ipsec 05[IKE] received message ID 1, expected 2, ignored Янв 29 22:04:35 ipsec 07[JOB] deleting half open IKE_SA with 95.**.**.** after timeout
  2. На других роутерах с данной версией прошивки нет такой проблемы
  3. KN-1111 4.0 Alpha 4 Белый IP, режим работы (IPv4): авто (Включен прямой доступ). Сыплет вот такие ошибки. Янв 25 16:12:22 ipsec 06[CFG] selected peer config 'VirtualIPServerIKE2' Янв 25 16:12:22 ipsec 06[IKE] initiating EAP_IDENTITY method (id 0x00) Янв 25 16:12:22 ipsec 06[IKE] peer supports MOBIKE, but disabled in config Янв 25 16:12:22 ipsec 06[IKE] authentication of '****.keenetic.pro' (myself) with RSA signature successful Янв 25 16:12:22 ipsec 06[IKE] sending end entity cert "CN=****.keenetic.pro" Янв 25 16:12:22 ipsec 06[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=R3" Янв 25 16:12:22 ipsec 08[IKE] received retransmit of request with ID 1, retransmitting response Янв 25 16:12:22 ipsec 08[IKE] received message ID 1, expected 2, ignored Янв 25 16:12:22 ipsec 09[IKE] received message ID 1, expected 2, ignored Янв 25 16:12:23 ipsec 05[IKE] received retransmit of request with ID 1, retransmitting response Янв 25 16:12:23 ipsec 05[IKE] received message ID 1, expected 2, ignored Янв 25 16:12:23 ipsec 06[IKE] received message ID 1, expected 2, ignored Янв 25 16:12:35 ndnproxy answer from wrong socket, ignore.
  4. KN-1111 4.00.A.4.0-0 БАГ: L2TP/IPsec сервер, не устанавливает соединении, высыпает ошибки. Янв 24 17:27:37 ipsec 09[IKE] sending DPD vendor ID Янв 24 17:27:37 ipsec 09[IKE] sending FRAGMENTATION vendor ID Янв 24 17:27:37 ipsec 09[IKE] sending NAT-T (RFC 3947) vendor ID Янв 24 17:27:37 ipsec 05[IKE] remote host is behind NAT Янв 24 17:27:37 ipsec 05[IKE] linked key for crypto map '(unnamed)' is not found, still searching Янв 24 17:27:37 ipsec 07[IKE] message parsing failed Янв 24 17:27:37 ipsec 07[IKE] ID_PROT request with message ID 0 processing failed Янв 24 17:27:38 ipsec 06[IKE] message parsing failed Янв 24 17:27:38 ipsec 06[IKE] ID_PROT request with message ID 0 processing failed Янв 24 17:27:39 ipsec 09[IKE] message parsing failed Янв 24 17:27:39 ipsec 09[IKE] ID_PROT request with message ID 0 processing failed Янв 24 17:27:42 ipsec 08[IKE] message parsing failed Янв 24 17:27:42 ipsec 08[IKE] ID_PROT request with message ID 0 processing failed
  5. KN-1111 3.9.2 БАГ: L2TP/IPsec сервер, не устанавливает соединении, высыпает ошибки. Draft 4.00.A.3.0-0 тоже самое. Янв 19 20:30:14 ipsec 05[IKE] scheduling rekeying in 28785s Янв 19 20:30:14 ipsec 05[IKE] maximum IKE_SA lifetime 28805s Янв 19 20:30:14 ipsec 05[IKE] DPD not supported by peer, disabled Янв 19 20:30:15 ipsec 06[IKE] received retransmit of request with ID 0, retransmitting response Янв 19 20:30:16 ipsec 08[IKE] received retransmit of request with ID 0, retransmitting response Янв 19 20:30:19 ipsec 06[IKE] received retransmit of request with ID 0, retransmitting response
  6. Тоже отвалился L2TP/IPSec на KN-1111 ip белый, провайдер не блочит. Такое сообщение выдаёт. Янв 19 18:38:49 ipsec 09[IKE] received retransmit of request with ID 0, retransmitting response
  7. Использовал вот такой конфиг: crypto ike proposal VPNL2TPServer encryption 3des encryption des encryption aes-cbc-128 encryption aes-cbc-256 dh-group 2 dh-group 1 dh-group 14 integrity sha1 integrity md5 ! crypto ike policy VPNL2TPServer proposal VPNL2TPServer lifetime 28800 mode ikev1 negotiation-mode main ! crypto ipsec transform-set VPNL2TPServer lifetime 28800 cypher esp-aes-128 cypher esp-3des cypher esp-des hmac esp-sha1-hmac hmac esp-md5-hmac ! crypto ipsec profile VPNL2TPServer dpd-interval 30 dpd-clear identity-local address 0.0.0.0 match-identity-remote any authentication-local pre-share mode transport policy VPNL2TPServer ! crypto ipsec mtu auto crypto map VPNL2TPServer set-peer any set-profile VPNL2TPServer set-transform VPNL2TPServer match-address _WEBADMIN_IPSEC_VPNL2TPServer set-tcpmss pmtu nail-up no reauth-passive virtual-ip no enable l2tp-server range 172.17.80.1 172.17.80.254 l2tp-server interface Bridge0 l2tp-server ipv6cp l2tp-server multi-login l2tp-server lcp echo 30 3 l2tp-server enable enable ! Для подключения Huawei B535-232a к keeneticу по L2TP/IPSec, соединения не устанавливает Кинетик пишет в логе: l2tp: new tunnel 53729-37555 created following reception of SCCRQ from хх.142.40.хх:3863 Дек 18 22:05:25 ppp-l2tp l2tp tunnel 53729-37555 (хх.142.40.хх:3863): no acknowledgement from peer after 5 retransmissions, deleting tunnel Помогите с настройкой.
  8. Нужно реализовать IPv6 в Wireguard. Есть VPN Wireguard серверы на IP4 и на IPv6.
  9. KN-1011 3.9 Alpha 2 БАГ: Wireguard - чек бокс не ставиться "Использовать для выхода в интернет"
  10. Домен keenetic.pro снова глючит, работает в режиме только через облако, в режиме прямом доступе домен не работает.
  11. Морда доступна, из сети ростела не доступна морда и пинга нет, проверил с мобильного инета доступ к морде.
×
×
  • Create New...