Dale Posted November 15, 2020 Share Posted November 15, 2020 (edited) Недавно пришлось перейти к другому VPN провайдеру, потому что старый перестал поддерживать L2TP/IPSec и PPTP соединения, у нового наблюдаю такую ситуацию: устанавливается соединение, например в 01:34, проходит какое-то количество времени, успешно проходит rekey в 04:25, а в 07:16, когда казалось бы должен произойти второй rekey, вместо него вижу в логе: [I] Nov 15 07:16:38 ipsec: 08[IKE] integrity check failed [I] Nov 15 07:16:38 ipsec: 08[IKE] CREATE_CHILD_SA request with message ID 0 processing failed [E] Nov 15 07:16:38 ndm: IpSec::Configurator: IKE message parsing error for crypto map "IKE0". [W] Nov 15 07:16:38 ndm: IpSec::Configurator: (possibly because of wrong pre-shared key). [I] Nov 15 07:16:38 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [W] Nov 15 07:16:38 ndm: IpSec::Configurator: fallback peer is not defined for crypto map "IKE0", retry. [I] Nov 15 07:16:38 ndm: IpSec::Configurator: "IKE0": schedule reconnect for crypto map. [I] Nov 15 07:16:38 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. И соединение разрывается. Полный кусок лога приведен ниже: Скрытый текст [I] Nov 15 01:34:25 ndm: Network::Interface::Tunnel: "IKE0": resolved destination 178.170.146.1 (de1.pointtoserver.com). [I] Nov 15 01:34:25 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 01:34:25 ndm: Network::Interface::Tunnel: "IKE0": resolved source 93.100.188.xxx. [I] Nov 15 01:34:25 ndm: Network::Interface::Tunnel: "IKE0": added host route to tunnel destination endpoint 178.170.146.1 via 93.100.176.1. [I] Nov 15 01:34:25 ndm: IpSec::Interface::Ike: "IKE0": updating client IP secure configuration. [I] Nov 15 01:34:25 ndm: IpSec::Manager: "IKE0": IP secure connection was added. [I] Nov 15 01:34:26 ndm: Core::ConfigurationSaver: configuration saved. [I] Nov 15 01:34:27 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 01:34:27 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 01:34:27 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 01:34:27 ndm: IpSec::Manager: add config for crypto map "IKE0". [I] Nov 15 01:34:27 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 01:34:28 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 01:34:28 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 01:34:28 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 15 01:34:28 ipsec: 08[CFG] rereading secrets [I] Nov 15 01:34:28 ipsec: 08[CFG] loading secrets [I] Nov 15 01:34:28 ipsec: 08[CFG] loaded IKE secret for %any [I] Nov 15 01:34:28 ipsec: 08[CFG] loaded IKE secret for @mykeenetic.net [I] Nov 15 01:34:28 ipsec: 08[CFG] loaded EAP secret for purevpn0sxxxxxx [I] Nov 15 01:34:28 ipsec: 08[CFG] loaded NTLM secret for xxxxxx [I] Nov 15 01:34:28 ipsec: 08[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 15 01:34:28 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 01:34:28 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 01:34:28 ipsec: 14[CFG] received stroke: delete connection 'VPNL2TPServer' [I] Nov 15 01:34:28 ipsec: 14[CFG] deleted connection 'VPNL2TPServer' [I] Nov 15 01:34:28 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 15 01:34:28 ipsec: 11[CFG] received stroke: add connection 'VPNL2TPServer' [I] Nov 15 01:34:28 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 15 01:34:28 ipsec: 11[CFG] added configuration 'VPNL2TPServer' [I] Nov 15 01:34:28 ipsec: 15[CFG] received stroke: add connection 'IKE0' [I] Nov 15 01:34:28 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 15 01:34:28 ipsec: 15[CFG] added configuration 'IKE0' [I] Nov 15 01:34:28 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 01:34:28 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 01:34:28 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 01:34:28 ipsec: 12[CFG] received stroke: initiate 'IKE0' [I] Nov 15 01:34:28 ndm: IpSec::Configurator: "IKE0": crypto map initialized. [I] Nov 15 01:34:28 ipsec: 03[IKE] initiating IKE_SA IKE0[13] to 178.170.146.1 [I] Nov 15 01:34:28 ipsec: 10[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID [I] Nov 15 01:34:28 ipsec: 10[IKE] received MS-Negotiation Discovery Capable vendor ID [I] Nov 15 01:34:28 ipsec: 10[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 01:34:28 ipsec: 10[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 01:34:28 ipsec: 10[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 01:34:28 ipsec: 10[IKE] faking NAT situation to enforce UDP encapsulation [I] Nov 15 01:34:28 ipsec: 10[CFG] no IDi configured, fall back on IP address [I] Nov 15 01:34:28 ipsec: 10[IKE] establishing CHILD_SA IKE0{11} [I] Nov 15 01:34:29 ipsec: 06[IKE] received end entity cert "CN=*.pointtoserver.com" [I] Nov 15 01:34:29 ipsec: 06[IKE] received issuer cert "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA" [I] Nov 15 01:34:29 ipsec: 06[IKE] received issuer cert "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority" [I] Nov 15 01:34:29 ipsec: 06[CFG] using certificate "CN=*.pointtoserver.com" [I] Nov 15 01:34:29 ipsec: 06[CFG] using untrusted intermediate certificate "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA" [I] Nov 15 01:34:29 ipsec: 06[CFG] system time out of sync, skipping certificate lifetime check [I] Nov 15 01:34:29 ipsec: 06[CFG] using trusted ca certificate "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority" [I] Nov 15 01:34:29 ipsec: 06[CFG] system time out of sync, skipping certificate lifetime check [I] Nov 15 01:34:29 ipsec: 06[CFG] system time out of sync, skipping certificate lifetime check [I] Nov 15 01:34:29 ipsec: 06[CFG] reached self-signed root ca with a path length of 1 [I] Nov 15 01:34:29 ipsec: 06[IKE] authentication of 'CN=*.pointtoserver.com' with RSA signature successful [I] Nov 15 01:34:29 ipsec: 06[IKE] server requested EAP_IDENTITY (id 0x00), sending 'purevpn0sxxxxxx' [I] Nov 15 01:34:29 ipsec: 11[IKE] server requested EAP_MSCHAPV2 authentication (id 0x01) [I] Nov 15 01:34:29 ipsec: 04[IKE] EAP-MS-CHAPv2 succeeded: '(null)' [I] Nov 15 01:34:30 ipsec: 15[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established [I] Nov 15 01:34:30 ipsec: 15[IKE] authentication of '93.100.188.xxx' (myself) with EAP [I] Nov 15 01:34:30 ipsec: 13[IKE] authentication of 'CN=*.pointtoserver.com' with EAP successful [I] Nov 15 01:34:30 ipsec: 13[IKE] IKE_SA IKE0[13] established between 93.100.188.xxx[93.100.188.xxx]...178.170.146.1[CN=*.pointtoserver.com] [I] Nov 15 01:34:30 ipsec: 13[IKE] scheduling reauthentication in 28770s [I] Nov 15 01:34:30 ipsec: 13[IKE] maximum IKE_SA lifetime 28790s [I] Nov 15 01:34:30 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 1, active CHILD SA: 0. [I] Nov 15 01:34:30 ipsec: 13[IKE] installing new virtual IP 178.170.146.95 [I] Nov 15 01:34:30 ipsec: 13[CFG] received proposals: ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ [I] Nov 15 01:34:30 ipsec: 13[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ [I] Nov 15 01:34:30 ipsec: 13[CFG] selected proposal: ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ [I] Nov 15 01:34:30 ipsec: 13[IKE] CHILD_SA IKE0{11} established with SPIs c15a04de_i c466b7aa_o and TS 178.170.146.95/32 === 0.0.0.0/0 [W] Nov 15 01:34:30 ndm: IpSec::Configurator: crypto map "IKE0" is up. [I] Nov 15 01:34:30 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 1, active CHILD SA: 1. [I] Nov 15 01:34:30 ipsec: 08[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 15 01:34:30 ipsec: 08[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 15 01:34:30 ipsec: 08[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 15 01:34:30 ipsec: 08[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 15 01:34:30 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 01:34:30 ndm: IpSec::Interface::Ike: "IKE0": IPsec client layer is up. [I] Nov 15 01:34:30 ndm: Network::Interface::Ip: "IKE0": IP address is 178.170.146.95/32. [I] Nov 15 01:34:30 ndm: IpSec::Interface::Ike: "IKE0": adding nameserver 178.170.146.3. [I] Nov 15 01:34:30 ndm: Dns::Manager: name server 178.170.146.3 added, domain (default). [I] Nov 15 01:34:30 ndm: IpSec::Interface::Ike: "IKE0": add route to nameserver 178.170.146.3 via IKE0. [I] Nov 15 01:34:30 ndm: IpSec::Interface::Ike: "IKE0": interface "IKE0" is global, priority 61481. [I] Nov 15 01:34:30 ndm: IpSec::Interface::Ike: "IKE0": adding default route via IKE0. [I] Nov 15 01:34:30 ndm: IpSec::Interface::Ike: "IKE0": secured tunnel is ready. [I] Nov 15 01:34:30 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 01:34:30 coalagent: updating configuration... [I] Nov 15 01:34:31 ndm: Network::InterfaceFlusher: flushed GigabitEthernet1 conntrack and route cache. [I] Nov 15 01:34:31 ndm: Http::Nginx: loaded SSL certificate for "xxx.keenetic.io". [I] Nov 15 01:34:31 ndm: Http::Nginx: loaded SSL certificate for "xxx.keenetic.pro". [I] Nov 15 01:34:31 ndm: Http::Nginx: activated proxy modem.xxx.keenetic.pro to http://192.168.99.1:80. [I] Nov 15 01:34:32 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 15 01:34:32 ndm: Core::Session: client disconnected. [I] Nov 15 01:34:32 ndm: Http::Manager: updated configuration. [I] Nov 15 01:34:32 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 15 01:34:32 ndm: Dns::Manager: deleted record "xxx.keenetic.pro", address 78.47.125.180. [I] Nov 15 01:34:32 ndm: Dns::Manager: added static record for "xxx.keenetic.pro", address 78.47.125.180. [I] Nov 15 01:34:32 ndm: Core::Session: client disconnected. [I] Nov 15 01:34:33 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 01:34:33 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 01:34:33 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 01:34:33 ndm: IpSec::Manager: add config for crypto map "IKE0". [I] Nov 15 01:34:33 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 01:34:33 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 01:34:33 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 01:34:33 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 01:34:33 ipsec: 11[CFG] received stroke: delete connection 'VPNL2TPServer' [I] Nov 15 01:34:33 ipsec: 11[CFG] deleted connection 'VPNL2TPServer' [I] Nov 15 01:34:33 ipsec: 12[CFG] received stroke: delete connection 'IKE0' [I] Nov 15 01:34:33 ipsec: 12[CFG] deleted connection 'IKE0' [I] Nov 15 01:34:33 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 15 01:34:33 ipsec: 13[CFG] received stroke: add connection 'VPNL2TPServer' [I] Nov 15 01:34:33 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 15 01:34:33 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 15 01:34:33 ipsec: 13[CFG] added configuration 'VPNL2TPServer' [I] Nov 15 01:34:33 ipsec: 08[CFG] received stroke: add connection 'IKE0' [I] Nov 15 01:34:33 ipsec: 08[CFG] added configuration 'IKE0' [I] Nov 15 01:34:33 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 01:34:33 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 01:34:33 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 01:34:38 coalagent: updating configuration... [I] Nov 15 01:34:48 ndm: Core::System::Clock: system time has been changed. [I] Nov 15 01:34:48 ndm: Ntp::Client: time synchronized with "time.google.com". [I] Nov 15 01:54:04 ndm: Netfilter::Util::Conntrack: flushed 1 IPv4 connections for 192.168.1.57. [I] Nov 15 01:54:16 coalagent: updating configuration... [I] Nov 15 01:57:46 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 02:09:43 ndm: Netfilter::Util::Conntrack: flushed 7 IPv4 connections for 192.168.1.84. [I] Nov 15 02:10:14 coalagent: updating configuration... [I] Nov 15 02:27:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 02:34:48 ndm: Core::System::Clock: system time has been changed. [I] Nov 15 02:34:48 ndm: Ntp::Client: time synchronized with "time.google.com". [I] Nov 15 02:57:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 03:27:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 03:34:48 ndm: Core::System::Clock: system time has been changed. [I] Nov 15 03:34:48 ndm: Ntp::Client: time synchronized with "time.google.com". [I] Nov 15 03:57:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 04:25:38 ipsec: 13[IKE] 178.170.146.1 is initiating an IKE_SA [I] Nov 15 04:25:38 ipsec: 13[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC=192/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=192/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 [I] Nov 15 04:25:38 ipsec: 13[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 04:25:38 ipsec: 13[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 [I] Nov 15 04:25:39 ipsec: 13[IKE] scheduling reauthentication in 28770s [I] Nov 15 04:25:39 ipsec: 13[IKE] maximum IKE_SA lifetime 28790s [I] Nov 15 04:25:39 ipsec: 13[IKE] IKE_SA IKE0[14] rekeyed between 93.100.188.xxx[93.100.188.xxx]...178.170.146.1[CN=*.pointtoserver.com] [I] Nov 15 04:25:39 ipsec: 13[IKE] rescheduling reauthentication in 18501s after rekeying, lifetime reduced to 18521s [I] Nov 15 04:25:39 ipsec: 07[IKE] received DELETE for IKE_SA IKE0[13] [I] Nov 15 04:25:39 ipsec: 07[IKE] deleting IKE_SA IKE0[13] between 93.100.188.xxx[93.100.188.xxx]...178.170.146.1[CN=*.pointtoserver.com] [I] Nov 15 04:25:39 ipsec: 07[IKE] IKE_SA deleted [I] Nov 15 04:27:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 04:34:48 ndm: Core::System::Clock: system time has been changed. [I] Nov 15 04:34:48 ndm: Ntp::Client: time synchronized with "time.google.com". [I] Nov 15 04:57:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 05:27:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 05:32:22 ndm: Netfilter::Util::Conntrack: flushed 4 IPv4 connections for 192.168.1.84. [I] Nov 15 05:34:48 ndm: Core::System::Clock: system time has been changed. [I] Nov 15 05:34:48 ndm: Ntp::Client: time synchronized with "time.google.com". [I] Nov 15 05:57:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 06:27:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 06:34:48 ndm: Core::System::Clock: system time has been changed. [I] Nov 15 06:34:48 ndm: Ntp::Client: time synchronized with "time.google.com". [I] Nov 15 06:52:09 ndm: Netfilter::Util::Conntrack: flushed 2 IPv4 connections for 192.168.1.57. [I] Nov 15 06:52:49 coalagent: updating configuration... [I] Nov 15 06:57:47 ndhcpc: GigabitEthernet1: received ACK for 93.100.188.xxx from 93.100.176.1 lease 3600 sec. [I] Nov 15 07:16:38 ipsec: 08[IKE] integrity check failed [I] Nov 15 07:16:38 ipsec: 08[IKE] CREATE_CHILD_SA request with message ID 0 processing failed [E] Nov 15 07:16:38 ndm: IpSec::Configurator: IKE message parsing error for crypto map "IKE0". [W] Nov 15 07:16:38 ndm: IpSec::Configurator: (possibly because of wrong pre-shared key). [I] Nov 15 07:16:38 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [W] Nov 15 07:16:38 ndm: IpSec::Configurator: fallback peer is not defined for crypto map "IKE0", retry. [I] Nov 15 07:16:38 ndm: IpSec::Configurator: "IKE0": schedule reconnect for crypto map. [I] Nov 15 07:16:38 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. [I] Nov 15 07:16:38 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:16:38 ndm: IpSec::Manager: "IKE0": IP secure connection and keys was deleted. [I] Nov 15 07:16:38 ndm: Network::InterfaceFlusher: flushed IKE0 conntrack and route cache. [I] Nov 15 07:16:39 ndm: Http::Nginx: loaded SSL certificate for "xxx.keenetic.io". [I] Nov 15 07:16:39 ndm: Http::Nginx: loaded SSL certificate for "xxx.keenetic.pro". [I] Nov 15 07:16:39 ipsec: 10[IKE] integrity check failed [I] Nov 15 07:16:39 ipsec: 10[IKE] CREATE_CHILD_SA request with message ID 0 processing failed [I] Nov 15 07:16:39 ndm: Http::Nginx: activated proxy modem.xxx.keenetic.pro to http://192.168.99.1:80. [E] Nov 15 07:16:39 ndm: IpSec::Configurator: IKE message parsing error for crypto map "IKE0". [W] Nov 15 07:16:39 ndm: IpSec::Configurator: (possibly because of wrong pre-shared key). [I] Nov 15 07:16:39 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [W] Nov 15 07:16:39 ndm: IpSec::Configurator: fallback peer is not defined for crypto map "IKE0", retry. [I] Nov 15 07:16:39 ndm: IpSec::Configurator: "IKE0": schedule reconnect for crypto map. [I] Nov 15 07:16:39 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 15 07:16:39 ndm: Core::Session: client disconnected. [I] Nov 15 07:16:39 ndm: Http::Manager: updated configuration. [I] Nov 15 07:16:39 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. [I] Nov 15 07:16:39 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:16:39 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 15 07:16:39 ndm: Core::Session: client disconnected. [I] Nov 15 07:16:40 ipsec: 15[IKE] integrity check failed [I] Nov 15 07:16:40 ipsec: 15[IKE] CREATE_CHILD_SA request with message ID 0 processing failed [E] Nov 15 07:16:40 ndm: IpSec::Configurator: IKE message parsing error for crypto map "IKE0". [W] Nov 15 07:16:40 ndm: IpSec::Configurator: (possibly because of wrong pre-shared key). [I] Nov 15 07:16:40 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [W] Nov 15 07:16:40 ndm: IpSec::Configurator: fallback peer is not defined for crypto map "IKE0", retry. [I] Nov 15 07:16:40 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. [I] Nov 15 07:16:40 ndm: IpSec::Configurator: "IKE0": schedule reconnect for crypto map. [I] Nov 15 07:16:40 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:16:40 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:16:40 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:16:40 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:16:40 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:16:40 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:16:40 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:16:40 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 15 07:16:40 ipsec: 04[CFG] rereading secrets [I] Nov 15 07:16:40 ipsec: 04[CFG] loading secrets [I] Nov 15 07:16:40 ipsec: 04[CFG] loaded IKE secret for %any [I] Nov 15 07:16:40 ipsec: 04[CFG] loaded IKE secret for @mykeenetic.net [I] Nov 15 07:16:40 ipsec: 04[CFG] loaded NTLM secret for xxx [I] Nov 15 07:16:40 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 07:16:40 ipsec: 04[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 15 07:16:40 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:16:40 ipsec: 13[CFG] received stroke: delete connection 'VPNL2TPServer' [I] Nov 15 07:16:40 ipsec: 13[CFG] deleted connection 'VPNL2TPServer' [I] Nov 15 07:16:40 ipsec: 07[CFG] received stroke: delete connection 'IKE0' [I] Nov 15 07:16:40 ipsec: 07[CFG] deleted connection 'IKE0' [I] Nov 15 07:16:41 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 15 07:16:41 ipsec: 11[CFG] received stroke: add connection 'VPNL2TPServer' [I] Nov 15 07:16:41 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 15 07:16:41 ipsec: 11[CFG] added configuration 'VPNL2TPServer' [I] Nov 15 07:16:41 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 15 07:16:41 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:16:41 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:16:41 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 07:16:41 ndm: IpSec::Configurator: crypto map "IKE0" shutdown started. [I] Nov 15 07:16:41 ipsec: 09[CFG] received stroke: unroute 'IKE0' [I] Nov 15 07:16:41 ipsec: 12[CFG] received stroke: terminate 'IKE0{*}' [I] Nov 15 07:16:41 ipsec: 03[IKE] closing CHILD_SA IKE0{11} with SPIs c15a04de_i (807197010 bytes) c466b7aa_o (224120198 bytes) and TS 178.170.146.95/32 === 0.0.0.0/0 [I] Nov 15 07:16:41 ipsec: 03[IKE] sending DELETE for ESP CHILD_SA with SPI c15a04de [I] Nov 15 07:16:41 ipsec: 06[CFG] received stroke: terminate 'IKE0[*]' [I] Nov 15 07:16:41 ndm: IpSec::Configurator: crypto map "IKE0" shutdown complete. [I] Nov 15 07:16:43 ipsec: 04[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 15 07:16:43 ipsec: 04[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 15 07:16:43 ipsec: 04[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 15 07:16:43 ipsec: 04[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 15 07:16:43 ipsec: 13[IKE] integrity check failed [I] Nov 15 07:16:43 ipsec: 13[IKE] CREATE_CHILD_SA request with message ID 0 processing failed [I] Nov 15 07:16:43 ndm: IpSec::Interface::Ike: "IKE0": secure tunnel is down: retry to resolve remote endpoint. [I] Nov 15 07:16:45 ndm: Network::Interface::Tunnel: "IKE0": resolved destination 172.94.13.1 (de1.pointtoserver.com). [I] Nov 15 07:16:45 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:16:45 ndm: Network::Interface::Tunnel: "IKE0": resolved source 93.100.188.xxx. [I] Nov 15 07:16:46 ndm: Network::Interface::Tunnel: "IKE0": added host route to tunnel destination endpoint 172.94.13.1 via 93.100.176.1. [I] Nov 15 07:16:46 ndm: IpSec::Manager: "IKE0": IP secure connection was added. [I] Nov 15 07:16:46 ndm: IpSec::Interface::Ike: "IKE0": updating client IP secure configuration. [I] Nov 15 07:16:48 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:16:48 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:16:48 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:16:48 ndm: IpSec::Manager: add config for crypto map "IKE0". [I] Nov 15 07:16:48 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:16:48 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:16:48 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:16:48 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 15 07:16:48 ipsec: 11[CFG] rereading secrets [I] Nov 15 07:16:48 ipsec: 11[CFG] loading secrets [I] Nov 15 07:16:48 ipsec: 11[CFG] loaded IKE secret for %any [I] Nov 15 07:16:48 ipsec: 11[CFG] loaded IKE secret for @mykeenetic.net [I] Nov 15 07:16:48 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 07:16:48 ipsec: 11[CFG] loaded EAP secret for purevpn0sxxxxxx [I] Nov 15 07:16:48 ipsec: 11[CFG] loaded NTLM secret for xxx [I] Nov 15 07:16:48 ipsec: 11[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 15 07:16:48 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:16:48 ipsec: 14[CFG] received stroke: delete connection 'VPNL2TPServer' [I] Nov 15 07:16:48 ipsec: 14[CFG] deleted connection 'VPNL2TPServer' [I] Nov 15 07:16:48 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 15 07:16:48 ipsec: 08[CFG] received stroke: add connection 'VPNL2TPServer' [I] Nov 15 07:16:48 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 15 07:16:48 ipsec: 08[CFG] added configuration 'VPNL2TPServer' [I] Nov 15 07:16:48 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 15 07:16:48 ipsec: 03[CFG] received stroke: add connection 'IKE0' [I] Nov 15 07:16:48 ipsec: 03[CFG] added configuration 'IKE0' [I] Nov 15 07:16:48 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:16:48 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:16:48 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 07:16:48 ipsec: 07[CFG] received stroke: initiate 'IKE0' [I] Nov 15 07:16:48 ndm: IpSec::Configurator: "IKE0": crypto map initialized. [I] Nov 15 07:16:48 ipsec: 15[IKE] initiating IKE_SA IKE0[15] to 172.94.13.1 [I] Nov 15 07:16:48 ipsec: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID [I] Nov 15 07:16:48 ipsec: 08[IKE] received MS-Negotiation Discovery Capable vendor ID [I] Nov 15 07:16:48 ipsec: 08[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 07:16:48 ipsec: 08[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 07:16:48 ipsec: 08[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 07:16:48 ipsec: 08[IKE] faking NAT situation to enforce UDP encapsulation [I] Nov 15 07:16:48 ipsec: 08[CFG] no IDi configured, fall back on IP address [I] Nov 15 07:16:48 ipsec: 08[IKE] establishing CHILD_SA IKE0{12} [I] Nov 15 07:16:49 ipsec: 03[IKE] retransmit 1 of request with message ID 0 [I] Nov 15 07:16:50 ipsec: 11[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 15 07:16:50 ipsec: 11[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 15 07:16:50 ipsec: 11[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 15 07:16:50 ipsec: 11[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 15 07:16:50 ipsec: 08[IKE] integrity check failed [I] Nov 15 07:16:50 ipsec: 08[IKE] CREATE_CHILD_SA request with message ID 0 processing failed [E] Nov 15 07:16:50 ndm: IpSec::Configurator: IKE message parsing error for crypto map "IKE0". [W] Nov 15 07:16:50 ndm: IpSec::Configurator: (possibly because of wrong pre-shared key). [I] Nov 15 07:16:50 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [W] Nov 15 07:16:50 ndm: IpSec::Configurator: fallback peer is not defined for crypto map "IKE0", retry. [I] Nov 15 07:16:50 ndm: IpSec::Configurator: "IKE0": schedule reconnect for crypto map. [I] Nov 15 07:16:50 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. [I] Nov 15 07:16:50 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:16:50 ndm: IpSec::Manager: "IKE0": IP secure connection and keys was deleted. [I] Nov 15 07:16:50 ipsec: 11[IKE] received end entity cert "CN=*.pointtoserver.com" [I] Nov 15 07:16:50 ipsec: 11[IKE] received issuer cert "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA" [I] Nov 15 07:16:50 ipsec: 11[CFG] using certificate "CN=*.pointtoserver.com" [I] Nov 15 07:16:50 ipsec: 11[CFG] using untrusted intermediate certificate "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA" [I] Nov 15 07:16:50 ipsec: 11[CFG] system time out of sync, skipping certificate lifetime check [I] Nov 15 07:16:50 ipsec: 11[CFG] using trusted ca certificate "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority" [I] Nov 15 07:16:50 ipsec: 11[CFG] system time out of sync, skipping certificate lifetime check [I] Nov 15 07:16:50 ipsec: 11[CFG] system time out of sync, skipping certificate lifetime check [I] Nov 15 07:16:50 ipsec: 11[CFG] reached self-signed root ca with a path length of 1 [I] Nov 15 07:16:50 ipsec: 11[IKE] authentication of 'CN=*.pointtoserver.com' with RSA signature successful [I] Nov 15 07:16:50 ipsec: 11[IKE] server requested EAP_IDENTITY (id 0x00), sending 'purevpn0sxxxxxx' [I] Nov 15 07:16:50 ipsec: 11[IKE] server requested EAP_MSCHAPV2 authentication (id 0x01) [I] Nov 15 07:16:50 ipsec: 11[IKE] EAP-MS-CHAPv2 succeeded: '(null)' [I] Nov 15 07:16:51 ipsec: 03[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established [I] Nov 15 07:16:51 ipsec: 03[IKE] authentication of '93.100.188.xxx' (myself) with EAP [I] Nov 15 07:16:51 ipsec: 14[IKE] authentication of 'CN=*.pointtoserver.com' with EAP successful [I] Nov 15 07:16:51 ipsec: 14[IKE] IKE_SA IKE0[15] established between 93.100.188.xxx[93.100.188.xxx]...172.94.13.1[CN=*.pointtoserver.com] [I] Nov 15 07:16:51 ipsec: 14[IKE] scheduling reauthentication in 28768s [I] Nov 15 07:16:51 ipsec: 14[IKE] maximum IKE_SA lifetime 28788s [I] Nov 15 07:16:51 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 1, active CHILD SA: 0. [I] Nov 15 07:16:51 ipsec: 14[IKE] installing new virtual IP 172.94.13.59 [I] Nov 15 07:16:51 ipsec: 14[CFG] received proposals: ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ [I] Nov 15 07:16:51 ipsec: 14[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ [I] Nov 15 07:16:51 ipsec: 14[CFG] selected proposal: ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ [I] Nov 15 07:16:51 ipsec: 14[IKE] CHILD_SA IKE0{12} established with SPIs caf5bd1b_i 93d1e7d4_o and TS 172.94.13.59/32 === 0.0.0.0/0 [W] Nov 15 07:16:51 ndm: IpSec::Configurator: crypto map "IKE0" is up. [I] Nov 15 07:16:51 ndm: IpSec::Configurator: reconnection for crypto map "IKE0" was cancelled. [I] Nov 15 07:16:51 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 1, active CHILD SA: 1. [I] Nov 15 07:16:51 ndm: IpSec::Interface::Ike: "IKE0": IPsec client layer is up. [I] Nov 15 07:16:51 ndm: Network::Interface::Ip: "IKE0": IP address is 172.94.13.59/32. [I] Nov 15 07:16:51 ndm: IpSec::Interface::Ike: "IKE0": adding nameserver 172.94.13.3. [I] Nov 15 07:16:51 ndm: Dns::Manager: name server 172.94.13.3 added, domain (default). [I] Nov 15 07:16:51 ndm: IpSec::Interface::Ike: "IKE0": add route to nameserver 172.94.13.3 via IKE0. [I] Nov 15 07:16:51 ndm: IpSec::Interface::Ike: "IKE0": interface "IKE0" is global, priority 61481. [I] Nov 15 07:16:51 ndm: IpSec::Interface::Ike: "IKE0": adding default route via IKE0. [I] Nov 15 07:16:51 ndm: IpSec::Interface::Ike: "IKE0": secured tunnel is ready. [I] Nov 15 07:16:51 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [W] Nov 15 07:16:51 kernel: nikecli0: Local routing loop detected! [I] Nov 15 07:16:51 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [W] Nov 15 07:16:51 kernel: nikecli0: Local routing loop detected! [I] Nov 15 07:16:52 ndm: Network::InterfaceFlusher: flushed GigabitEthernet1 conntrack and route cache. [W] Nov 15 07:16:52 kernel: nikecli0: Local routing loop detected! [I] Nov 15 07:16:52 ndm: Http::Nginx: loaded SSL certificate for "xxx.keenetic.io". [I] Nov 15 07:16:52 ndm: Http::Nginx: loaded SSL certificate for "xxx.keenetic.pro". [I] Nov 15 07:16:52 ndm: Http::Nginx: activated proxy modem.xxx.keenetic.pro to http://192.168.99.1:80. [I] Nov 15 07:16:52 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 15 07:16:52 ndm: Core::Session: client disconnected. [I] Nov 15 07:16:52 ndm: Http::Manager: updated configuration. [I] Nov 15 07:16:52 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 15 07:16:52 ndm: Core::Session: client disconnected. [I] Nov 15 07:16:54 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:16:54 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:16:54 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:16:54 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:16:54 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:16:54 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:16:54 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 15 07:16:54 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. [I] Nov 15 07:16:54 ipsec: 08[CFG] rereading secrets [I] Nov 15 07:16:54 ipsec: 08[CFG] loading secrets [I] Nov 15 07:16:54 ipsec: 08[CFG] loaded IKE secret for %any [I] Nov 15 07:16:54 ipsec: 08[CFG] loaded IKE secret for @mykeenetic.net [I] Nov 15 07:16:54 ipsec: 08[CFG] loaded NTLM secret for xxxxxx [I] Nov 15 07:16:54 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 07:16:54 ipsec: 08[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 15 07:16:54 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:16:54 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:16:54 ipsec: 11[CFG] received stroke: delete connection 'VPNL2TPServer' [I] Nov 15 07:16:54 ipsec: 11[CFG] deleted connection 'VPNL2TPServer' [I] Nov 15 07:16:54 ipsec: 09[CFG] received stroke: delete connection 'IKE0' [I] Nov 15 07:16:54 ipsec: 09[CFG] deleted connection 'IKE0' [I] Nov 15 07:16:54 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 15 07:16:54 ipsec: 13[CFG] received stroke: add connection 'VPNL2TPServer' [I] Nov 15 07:16:54 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 15 07:16:54 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 15 07:16:54 ipsec: 13[CFG] added configuration 'VPNL2TPServer' [I] Nov 15 07:16:54 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:16:54 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:16:54 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 07:16:54 ndm: Network::InterfaceFlusher: flushed IKE0 conntrack and route cache. [I] Nov 15 07:16:54 ndm: IpSec::Configurator: crypto map "IKE0" shutdown started. [I] Nov 15 07:16:54 ipsec: 07[CFG] received stroke: unroute 'IKE0' [I] Nov 15 07:16:54 ipsec: 11[CFG] received stroke: terminate 'IKE0{*}' [I] Nov 15 07:16:54 ipsec: 04[IKE] closing CHILD_SA IKE0{12} with SPIs caf5bd1b_i (12618 bytes) 93d1e7d4_o (5322 bytes) and TS 172.94.13.59/32 === 0.0.0.0/0 [I] Nov 15 07:16:54 ipsec: 04[IKE] sending DELETE for ESP CHILD_SA with SPI caf5bd1b [I] Nov 15 07:16:54 ipsec: 09[IKE] received DELETE for ESP CHILD_SA with SPI 93d1e7d4 [I] Nov 15 07:16:54 ipsec: 09[IKE] CHILD_SA closed [I] Nov 15 07:16:54 ndm: IpSec::Configurator: crypto map "IKE0" shutdown complete. [I] Nov 15 07:16:55 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:16:55 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:16:55 ndm: Http::Nginx: loaded SSL certificate for "xxx.keenetic.io". [I] Nov 15 07:16:55 ndm: Http::Nginx: loaded SSL certificate for "xxx.keenetic.pro". [I] Nov 15 07:16:55 ndm: Http::Nginx: activated proxy modem.xxx.keenetic.pro to http://192.168.99.1:80. [I] Nov 15 07:16:55 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 15 07:16:55 ndm: Core::Session: client disconnected. [I] Nov 15 07:16:55 ndm: Http::Manager: updated configuration. [I] Nov 15 07:16:55 ndm: IpSec::Interface::Ike: "IKE0": secure tunnel is down: retry to resolve remote endpoint. [I] Nov 15 07:16:55 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 15 07:16:55 ipsec: 14[IKE] traffic selectors 0.0.0.0/0 ::/0 === 0.0.0.0/0 ::/0 unacceptable [I] Nov 15 07:16:55 ndm: Core::Session: client disconnected. [I] Nov 15 07:16:55 ipsec: 14[IKE] failed to establish CHILD_SA, keeping IKE_SA [I] Nov 15 07:16:56 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:16:56 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:16:56 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:16:56 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:16:56 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:16:56 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:16:56 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:16:56 ipsec: 08[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 15 07:16:56 ipsec: 08[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 15 07:16:56 ipsec: 08[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 15 07:16:56 ipsec: 08[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 15 07:16:56 ipsec: 15[CFG] received stroke: terminate 'IKE0[*]' [I] Nov 15 07:16:56 ipsec: 14[IKE] deleting IKE_SA IKE0[15] between 93.100.188.xxx[93.100.188.xxx]...172.94.13.1[CN=*.pointtoserver.com] [I] Nov 15 07:16:56 ipsec: 14[IKE] sending DELETE for IKE_SA IKE0[15] [I] Nov 15 07:16:56 ipsec: 04[IKE] IKE_SA deleted [I] Nov 15 07:16:57 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 07:16:57 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:16:57 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:16:57 ndm: Network::Interface::Tunnel: "IKE0": resolved destination 172.94.23.1 (de1.pointtoserver.com). [I] Nov 15 07:16:57 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:16:57 ndm: Network::Interface::Tunnel: "IKE0": resolved source 93.100.188.xxx. [I] Nov 15 07:16:58 ndm: Network::Interface::Tunnel: "IKE0": added host route to tunnel destination endpoint 172.94.23.1 via 93.100.176.1. [I] Nov 15 07:16:58 ndm: IpSec::Interface::Ike: "IKE0": updating client IP secure configuration. [I] Nov 15 07:16:58 ndm: IpSec::Manager: "IKE0": IP secure connection was added. [I] Nov 15 07:16:58 ipsec: 13[IKE] retransmit 2 of request with message ID 0 [I] Nov 15 07:17:00 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:17:00 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:17:00 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:17:00 ndm: IpSec::Manager: add config for crypto map "IKE0". [I] Nov 15 07:17:00 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:17:00 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:17:00 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:17:00 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 15 07:17:00 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 07:17:00 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:17:00 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:17:00 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:17:00 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 07:17:01 ndm: IpSec::Configurator: "IKE0": crypto map initialized. [I] Nov 15 07:17:04 ipsec: 13[IKE] integrity check failed [I] Nov 15 07:17:04 ipsec: 13[IKE] CREATE_CHILD_SA request with message ID 0 processing failed [E] Nov 15 07:17:04 ndm: IpSec::Configurator: IKE message parsing error for crypto map "IKE0". [W] Nov 15 07:17:04 ndm: IpSec::Configurator: (possibly because of wrong pre-shared key). [I] Nov 15 07:17:04 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [W] Nov 15 07:17:04 ndm: IpSec::Configurator: fallback peer is not defined for crypto map "IKE0", retry. [I] Nov 15 07:17:04 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. [I] Nov 15 07:17:04 ndm: IpSec::Configurator: "IKE0": schedule reconnect for crypto map. [I] Nov 15 07:17:04 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:17:04 ndm: IpSec::Manager: "IKE0": IP secure connection and keys was deleted. [I] Nov 15 07:17:06 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:17:06 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:17:06 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:17:06 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:17:06 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:17:06 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:17:06 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 15 07:17:06 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 07:17:06 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:17:06 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:17:06 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:17:07 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 07:17:07 ndm: IpSec::Configurator: crypto map "IKE0" shutdown started. [I] Nov 15 07:17:07 ndm: IpSec::Configurator: crypto map "IKE0" shutdown complete. [I] Nov 15 07:17:08 ipsec: 03[IKE] retransmit 3 of request with message ID 0 [I] Nov 15 07:17:09 ndm: IpSec::Interface::Ike: "IKE0": secure tunnel is down: retry to resolve remote endpoint. [I] Nov 15 07:17:11 ndm: Network::Interface::Tunnel: "IKE0": resolved destination 172.94.24.1 (de1.pointtoserver.com). [I] Nov 15 07:17:11 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:17:11 ndm: Network::Interface::Tunnel: "IKE0": resolved source 93.100.188.xxx. [I] Nov 15 07:17:11 ndm: Network::Interface::Tunnel: "IKE0": added host route to tunnel destination endpoint 172.94.24.1 via 93.100.176.1. [I] Nov 15 07:17:11 ndm: IpSec::Manager: "IKE0": IP secure connection was added. [I] Nov 15 07:17:11 ndm: IpSec::Interface::Ike: "IKE0": updating client IP secure configuration. [I] Nov 15 07:17:13 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:17:13 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:17:13 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:17:13 ndm: IpSec::Manager: add config for crypto map "IKE0". [I] Nov 15 07:17:13 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:17:13 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:17:13 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:17:13 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 15 07:17:13 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 07:17:13 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:17:13 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:17:13 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:17:14 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 07:17:14 ndm: IpSec::Configurator: "IKE0": crypto map initialized. [I] Nov 15 07:17:18 ipsec: 04[IKE] retransmit 4 of request with message ID 0 [I] Nov 15 07:17:29 ndm: Dns::Manager: deleted record "xxx.keenetic.pro", address 78.47.125.180. [I] Nov 15 07:17:29 ndm: Dns::Manager: added static record for "xxx.keenetic.pro", address 78.47.125.180. [I] Nov 15 07:17:30 ipsec: 14[IKE] retransmit 5 of request with message ID 0 [I] Nov 15 07:17:32 ipsec: 14[IKE] integrity check failed [I] Nov 15 07:17:32 ipsec: 14[IKE] CREATE_CHILD_SA request with message ID 0 processing failed [E] Nov 15 07:17:32 ndm: IpSec::Configurator: IKE message parsing error for crypto map "IKE0". [W] Nov 15 07:17:32 ndm: IpSec::Configurator: (possibly because of wrong pre-shared key). [I] Nov 15 07:17:32 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [W] Nov 15 07:17:32 ndm: IpSec::Configurator: fallback peer is not defined for crypto map "IKE0", retry. [I] Nov 15 07:17:32 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. [I] Nov 15 07:17:32 ndm: IpSec::Configurator: "IKE0": schedule reconnect for crypto map. [I] Nov 15 07:17:32 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:17:32 ndm: IpSec::Manager: "IKE0": IP secure connection and keys was deleted. [I] Nov 15 07:17:34 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:17:34 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:17:34 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:17:34 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:17:34 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:17:34 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:17:34 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 15 07:17:34 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 07:17:34 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:17:34 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:17:34 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:17:35 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 07:17:35 ndm: IpSec::Configurator: crypto map "IKE0" shutdown started. [C] Nov 15 07:17:36 ndm: IpSec::Configurator: system failed [0xcffd00a5]. [C] Nov 15 07:17:36 ndm: IpSec::Configurator: system failed [0xcffd00aa], code = -1. [C] Nov 15 07:17:36 ndm: IpSec::Configurator: system failed [0xcffd00a5]. [C] Nov 15 07:17:36 ndm: IpSec::Configurator: system failed [0xcffd00aa], code = -1. [I] Nov 15 07:17:36 ndm: IpSec::Configurator: crypto map "IKE0" shutdown complete. [I] Nov 15 07:17:37 ndm: IpSec::Interface::Ike: "IKE0": secure tunnel is down: retry to resolve remote endpoint. [I] Nov 15 07:17:39 ndm: Network::Interface::Tunnel: "IKE0": resolved destination 172.94.23.1 (de1.pointtoserver.com). [I] Nov 15 07:17:39 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:17:39 ndm: Network::Interface::Tunnel: "IKE0": resolved source 93.100.188.xxx. [I] Nov 15 07:17:40 ndm: Network::Interface::Tunnel: "IKE0": added host route to tunnel destination endpoint 172.94.23.1 via 93.100.176.1. [I] Nov 15 07:17:40 ndm: IpSec::Interface::Ike: "IKE0": updating client IP secure configuration. [I] Nov 15 07:17:40 ndm: IpSec::Manager: "IKE0": IP secure connection was added. [I] Nov 15 07:17:42 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:17:42 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:17:42 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:17:42 ndm: IpSec::Manager: add config for crypto map "IKE0". [I] Nov 15 07:17:42 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:17:42 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:17:42 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:17:42 ndm: IpSec::Configurator: start reloading IKE keys task. [C] Nov 15 07:17:43 ndm: IpSec::Configurator: system failed [0xcffd00a5]. [C] Nov 15 07:17:43 ndm: IpSec::Configurator: system failed [0xcffd00aa], code = -1. [I] Nov 15 07:17:43 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 07:17:43 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:17:43 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:17:43 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:17:43 ipsec: 10[IKE] retransmit 6 of request with message ID 0 [I] Nov 15 07:17:43 ndm: IpSec::Configurator: reloading IPsec config task done. [C] Nov 15 07:17:44 ndm: IpSec::Configurator: system failed [0xcffd00a5]. [C] Nov 15 07:17:44 ndm: IpSec::Configurator: system failed [0xcffd00aa], code = -1. [C] Nov 15 07:17:44 ndm: IpSec::Configurator: "IKE0": system failed [0xcffd05b3]. [I] Nov 15 07:17:44 ndm: IpSec::Configurator: "IKE0": crypto map initialized. [I] Nov 15 07:17:57 ipsec: 09[IKE] retransmit 7 of request with message ID 0 [I] Nov 15 07:18:13 ipsec: 09[IKE] retransmit 8 of request with message ID 0 [I] Nov 15 07:18:29 ipsec: 07[IKE] integrity check failed [I] Nov 15 07:18:29 ipsec: 07[IKE] CREATE_CHILD_SA request with message ID 0 processing failed [E] Nov 15 07:18:29 ndm: IpSec::Configurator: IKE message parsing error for crypto map "IKE0". [W] Nov 15 07:18:29 ndm: IpSec::Configurator: (possibly because of wrong pre-shared key). [I] Nov 15 07:18:29 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [W] Nov 15 07:18:29 ndm: IpSec::Configurator: fallback peer is not defined for crypto map "IKE0", retry. [I] Nov 15 07:18:29 ndm: IpSec::Configurator: "IKE0": schedule reconnect for crypto map. [I] Nov 15 07:18:29 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. [I] Nov 15 07:18:29 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:18:29 ndm: IpSec::Manager: "IKE0": IP secure connection and keys was deleted. [I] Nov 15 07:18:30 ipsec: 09[IKE] giving up after 8 retransmits [E] Nov 15 07:18:30 ndm: IpSec::Configurator: remote peer of crypto map "IKE0" is down. [I] Nov 15 07:18:30 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [W] Nov 15 07:18:30 ndm: IpSec::Configurator: fallback peer is not defined for crypto map "IKE0", retry. [I] Nov 15 07:18:30 ndm: IpSec::Interface::Ike: "IKE0": IPsec layer is down, shutdown. [I] Nov 15 07:18:30 ndm: IpSec::Configurator: "IKE0": schedule reconnect for crypto map. [I] Nov 15 07:18:30 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:18:30 ipsec: 09[IKE] installing new virtual IP 178.170.146.95 [I] Nov 15 07:18:30 ipsec: 09[IKE] restarting CHILD_SA IKE0 [I] Nov 15 07:18:30 ipsec: 09[IKE] initiating IKE_SA IKE0[16] to 178.170.146.1 [I] Nov 15 07:18:30 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [I] Nov 15 07:18:30 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [I] Nov 15 07:18:30 ipsec: 04[CFG] received stroke: delete connection 'VPNL2TPServer' [I] Nov 15 07:18:30 ipsec: 14[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID [I] Nov 15 07:18:30 ipsec: 14[IKE] received MS-Negotiation Discovery Capable vendor ID [I] Nov 15 07:18:30 ipsec: 11[CFG] rereading secrets [I] Nov 15 07:18:30 ipsec: 10[CFG] received stroke: initiate 'IKE0' [I] Nov 15 07:18:30 ipsec: 15[CFG] rereading secrets [I] Nov 15 07:18:30 ipsec: 04[CFG] deleted connection 'VPNL2TPServer' [I] Nov 15 07:18:30 ipsec: 15[CFG] loading secrets [I] Nov 15 07:18:30 ipsec: 15[CFG] loaded IKE secret for %any [I] Nov 15 07:18:30 ipsec: 15[CFG] loaded IKE secret for @mykeenetic.net [I] Nov 15 07:18:30 ipsec: 15[CFG] loaded EAP secret for purevpn0sxxxxxx [I] Nov 15 07:18:30 ipsec: 15[CFG] loaded NTLM secret for xxxxxx [I] Nov 15 07:18:30 ipsec: 15[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 15 07:18:30 ipsec: 11[CFG] loading secrets [I] Nov 15 07:18:30 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 15 07:18:30 ipsec: 11[CFG] loaded IKE secret for %any [I] Nov 15 07:18:30 ipsec: 14[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 07:18:30 ipsec: 11[CFG] loaded IKE secret for @mykeenetic.net [I] Nov 15 07:18:30 ipsec: 11[CFG] loaded EAP secret for purevpn0sxxxxxx [I] Nov 15 07:18:30 ipsec: 11[CFG] loaded NTLM secret for xxxxxx [I] Nov 15 07:18:30 ipsec: 10[CFG] no config named 'IKE0' [I] Nov 15 07:18:30 ipsec: 11[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 15 07:18:30 ipsec: 12[CFG] received stroke: terminate 'IKE0{*}' [I] Nov 15 07:18:30 ipsec: 13[CFG] received stroke: unroute 'IKE0' [I] Nov 15 07:18:30 ipsec: 08[CFG] received stroke: terminate 'IKE0[*]' [I] Nov 15 07:18:30 ipsec: 14[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 07:18:30 ipsec: 14[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 15 07:18:30 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 15 07:18:30 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 15 07:18:30 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [I] Nov 15 07:18:30 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:18:30 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:18:30 ndm: IpSec::CryptoMapInfo: "IKE0": crypto map active IKE SA: 0, active CHILD SA: 0. [I] Nov 15 07:18:30 ipsec: 14[IKE] faking NAT situation to enforce UDP encapsulation [I] Nov 15 07:18:30 ipsec: 14[CFG] no IDi configured, fall back on IP address [I] Nov 15 07:18:30 ipsec: 14[IKE] establishing CHILD_SA IKE0{13} reqid 9 [I] Nov 15 07:18:30 ipsec: 12[CFG] no CHILD_SA named 'IKE0' found [I] Nov 15 07:18:30 ipsec: 13[IKE] destroying IKE_SA in state CONNECTING without notification [I] Nov 15 07:18:30 ipsec: 07[CFG] rereading secrets [I] Nov 15 07:18:30 ipsec: 07[CFG] loading secrets [I] Nov 15 07:18:30 ipsec: 07[CFG] loaded IKE secret for %any [I] Nov 15 07:18:30 ipsec: 07[CFG] loaded IKE secret for @mykeenetic.net [I] Nov 15 07:18:30 ipsec: 07[CFG] loaded EAP secret for purevpn0sxxxxxx [I] Nov 15 07:18:30 ipsec: 07[CFG] loaded NTLM secret for xxx [I] Nov 15 07:18:30 ipsec: 07[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 15 07:18:30 ipsec: 04[CFG] received stroke: initiate 'IKE0' [I] Nov 15 07:18:30 ipsec: 04[CFG] no config named 'IKE0' [I] Nov 15 07:18:30 ipsec: 09[CFG] rereading secrets [I] Nov 15 07:18:30 ipsec: 09[CFG] loading secrets [I] Nov 15 07:18:30 ipsec: 09[CFG] loaded IKE secret for %any [I] Nov 15 07:18:30 ipsec: 09[CFG] loaded IKE secret for @mykeenetic.net [I] Nov 15 07:18:30 ipsec: 09[CFG] loaded EAP secret for purevpn0sxxxxxx [I] Nov 15 07:18:30 ipsec: 09[CFG] loaded NTLM secret for xxxxxx [I] Nov 15 07:18:30 ipsec: 09[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 15 07:18:31 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:18:31 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:18:31 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:18:31 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:18:31 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 15 07:18:31 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 15 07:18:31 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 15 07:18:31 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 15 07:18:31 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 15 07:18:32 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 15 07:18:32 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 15 07:18:32 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 15 07:18:32 ndm: IpSec::Configurator: crypto map "IKE0" shutdown started. [I] Nov 15 07:18:32 ndm: IpSec::Configurator: crypto map "IKE0" shutdown complete. [I] Nov 15 07:18:33 ipsec: 15[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 15 07:18:33 ipsec: 15[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 15 07:18:33 ipsec: 15[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 15 07:18:33 ipsec: 15[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 15 07:18:33 ipsec: 08[CFG] received stroke: unroute 'IKE0' [I] Nov 15 07:18:33 ipsec: 04[CFG] received stroke: add connection 'VPNL2TPServer' [I] Nov 15 07:18:33 ipsec: 04[CFG] added configuration 'VPNL2TPServer' [I] Nov 15 07:18:33 ipsec: 03[CFG] rereading secrets [I] Nov 15 07:18:33 ipsec: 03[CFG] loading secrets [I] Nov 15 07:18:33 ipsec: 03[CFG] loaded IKE secret for %any [I] Nov 15 07:18:33 ipsec: 03[CFG] loaded IKE secret for @mykeenetic.net [I] Nov 15 07:18:33 ipsec: 03[CFG] loaded NTLM secret for xxxxxx [I] Nov 15 07:18:33 ipsec: 03[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 15 07:18:33 ipsec: 11[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 15 07:18:33 ipsec: 11[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 15 07:18:33 ipsec: 11[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 15 07:18:33 ipsec: 11[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 15 07:18:33 ipsec: 13[CFG] received stroke: unroute 'IKE0' [I] Nov 15 07:18:33 ipsec: 06[CFG] received stroke: terminate 'IKE0{*}' [I] Nov 15 07:18:33 ipsec: 06[CFG] no CHILD_SA named 'IKE0' found [I] Nov 15 07:18:33 ipsec: 08[CFG] received stroke: terminate 'IKE0[*]' [I] Nov 15 07:18:33 ipsec: 08[CFG] no IKE_SA named 'IKE0' found [I] Nov 15 07:18:33 ipsec: 04[CFG] received stroke: add connection 'IKE0' [I] Nov 15 07:18:33 ipsec: 04[CFG] added configuration 'IKE0' [I] Nov 15 07:18:33 ipsec: 12[CFG] received stroke: delete connection 'VPNL2TPServer' [I] Nov 15 07:18:33 ipsec: 12[CFG] deleted connection 'VPNL2TPServer' [I] Nov 15 07:18:33 ipsec: 15[CFG] received stroke: delete connection 'IKE0' [I] Nov 15 07:18:33 ipsec: 15[CFG] deleted connection 'IKE0' [I] Nov 15 07:18:33 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 15 07:18:33 ipsec: 10[CFG] received stroke: add connection 'VPNL2TPServer' [I] Nov 15 07:18:33 ipsec: 10[CFG] added configuration 'VPNL2TPServer' [I] Nov 15 07:18:33 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 15 07:18:33 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 15 07:18:33 ipsec: 09[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 15 07:18:33 ipsec: 09[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 15 07:18:33 ipsec: 09[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 15 07:18:33 ipsec: 09[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 15 07:18:33 ipsec: 07[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 15 07:18:33 ipsec: 07[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 15 07:18:33 ipsec: 07[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 15 07:18:33 ipsec: 07[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 15 07:18:34 ndm: IpSec::Interface::Ike: "IKE0": secure tunnel is down: retry to resolve remote endpoint. [I] Nov 15 07:18:35 ipsec: 03[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 15 07:18:35 ipsec: 03[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 15 07:18:35 ipsec: 03[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 15 07:18:35 ipsec: 03[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 15 07:18:36 ndm: Network::Interface::Tunnel: "IKE0": resolved destination 172.94.13.1 (de1.pointtoserver.com). [I] Nov 15 07:18:36 ndm: Network::Interface::Ip: "IKE0": IP address cleared. [I] Nov 15 07:18:36 ndm: Network::Interface::Tunnel: "IKE0": resolved source 93.100.188.xxx. [I] Nov 15 07:18:36 ndm: Network::Interface::Tunnel: "IKE0": added host route to tunnel destination endpoint 172.94.13.1 via 93.100.176.1. [I] Nov 15 07:18:36 ndm: IpSec::Manager: "IKE0": IP secure connection was added. [I] Nov 15 07:18:36 ndm: IpSec::Interface::Ike: "IKE0": updating client IP secure configuration. [I] Nov 15 07:18:38 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 15 07:18:38 ndm: IpSec::Manager: "VirtualIPServer": crypto map administratively disabled, skipping. [I] Nov 15 07:18:38 ndm: IpSec::Manager: add config for crypto map "VPNL2TPServer". [I] Nov 15 07:18:38 ndm: IpSec::Manager: add config for crypto map "IKE0". [I] Nov 15 07:18:38 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 15 07:18:38 ndm: IpSec::Configurator: start applying IPsec configuration. xxxxxx Селфтест с этими событиями приложен сообщением ниже. Это можно как-то починить с моей стороны? Роутер Ultra II, прошивка 3.5.2. PS Есть заявка в техподдержке 517114 Edited November 15, 2020 by Dale Quote Link to comment Share on other sites More sharing options...
Dale Posted November 25, 2020 Author Share Posted November 25, 2020 Решение проблемы в моем случае оказалось таким: после ручной установки времени жизни ключей через interface IKE0 ipsec proposal lifetime меньше, чем фактически используемый сервером интервал, клиентом инициируется процедура rekey и она проходит штатно, без разрывов соединения такого рода, как описаны в шапке. Кто был виновником проблемы - клиент или сервер, установить не удалось. Единственный баг, который очень хотелось бы, чтобы пофиксили разработчики ( @Le ecureuil, это возможно?) - сбрасывается время соединения, хотя фактически оно не разрывалось, а происходил rekey по инициативе клиента (при прохождении процедуры rekey по инициативе сервера время не сбрасывается, все работает штатно). 1 Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted November 25, 2020 Share Posted November 25, 2020 2 часа назад, Dale сказал: Решение проблемы в моем случае оказалось таким: после ручной установки времени жизни ключей через interface IKE0 ipsec proposal lifetime меньше, чем фактически используемый сервером интервал, клиентом инициируется процедура rekey и она проходит штатно, без разрывов соединения такого рода, как описаны в шапке. Кто был виновником проблемы - клиент или сервер, установить не удалось. Единственный баг, который очень хотелось бы, чтобы пофиксили разработчики ( @Le ecureuil, это возможно?) - сбрасывается время соединения, хотя фактически оно не разрывалось, а происходил rekey по инициативе клиента (при прохождении процедуры rekey по инициативе сервера время не сбрасывается, все работает штатно). Отлично, принято. Quote Link to comment Share on other sites More sharing options...
Павел Сычев Posted July 27, 2022 Share Posted July 27, 2022 OS version3.8.3 Баг присутствует Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.