mluxor Posted October 19, 2021 Share Posted October 19, 2021 (edited) день добрый! прошу помощи. пытаюсь связать Omni (KN-1410) Версия ОС3.6.10 и USG60, по схеме "site-to-site with dynamic peer" на pre-shared key. Keenetic как клиент. Вроде всё везде прописал, но тоннеля нет. На кенетике в логах 00[DMN] Starting IKE charon daemon (strongSwan 5.8.0, Linux 4.9-ndm-4, mips) Окт 19 16:34:52 ipsec 00[CFG] loading secrets Окт 19 16:34:52 ipsec 00[CFG] loaded IKE secret for 10.136.215.118 80.80.80.82 Окт 19 16:34:52 ipsec 00[CFG] loaded 1 RADIUS server configuration Окт 19 16:34:52 ipsec 00[CFG] starting system time check, interval: 10s Окт 19 16:34:52 ipsec 00[LIB] loaded plugins: charon ndm-pem random save-keys nonce x509 pubkey openssl xcbc cmac hmac ctr attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-peap xauth-generic xauth-eap error-notify systime-fix unity Окт 19 16:34:52 ipsec 00[LIB] dropped capabilities, running as uid 65534, gid 65534 Окт 19 16:34:52 ipsec 05[CFG] received stroke: add connection 'vpn_to_of' Окт 19 16:34:52 ipsec 05[CFG] added configuration 'vpn_to_of' Окт 19 16:34:52 ipsec 06[CFG] received stroke: initiate 'vpn_to_of' Окт 19 16:34:52 ipsec 06[IKE] initiating IKE_SA vpn_to_of[1] to 80.80.80.82 Окт 19 16:34:53 ipsec 08[CFG] received proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Окт 19 16:34:53 ipsec 08[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Окт 19 16:34:53 ipsec 08[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Окт 19 16:34:54 ipsec 08[IKE] linked key for crypto map 'vpn_to_of' is not found, still searching Окт 19 16:34:54 ipsec 08[IKE] authentication of '10.136.215.118' (myself) with pre-shared key Окт 19 16:34:54 ipsec 08[IKE] establishing CHILD_SA vpn_to_of{1} Окт 19 16:34:54 ipsec 09[IKE] received message ID 1, expected 0, ignored Окт 19 16:34:54 ipsec 09[IKE] received message ID 0, expected 1, ignored Окт 19 16:35:02 ipsec 06[IKE] retransmit 1 of request with message ID 1 Окт 19 16:35:03 ipsec 09[IKE] received message ID 0, expected 1, ignored Окт 19 16:35:10 ipsec 07[IKE] retransmit 2 of request with message ID 1 На этом история заканчивается. в логах на стороне uSG60 тишина. Буду благодарен за советы Edited October 19, 2021 by mluxor Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted November 6, 2021 Share Posted November 6, 2021 Лучше в поддержке спросить. Quote Link to comment Share on other sites More sharing options...
Дмитрий Усков Posted February 4, 2023 Share Posted February 4, 2023 Добрый! Таже проблема тока пытаюсь связать Keenetic Runner 4G (KN-2210) Версия ОС3.9ю2 и USG40, по схеме "site-to-site with dynamic peer" на pre-shared key. При первичной настройки туннель поднялся и где то часа два работал. Поле перегрузка Keenetic больше не поднимался и теже ошибки "06[IKE] retransmit 1 of request with message ID 0" Тех поддержка молчит. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.