Jump to content

Recommended Posts

день добрый!

прошу помощи.

пытаюсь связать Omni (KN-1410) Версия ОС3.6.10 и USG60, по схеме "site-to-site with dynamic peer" на pre-shared key.

Keenetic как клиент.

Вроде всё везде прописал, но тоннеля нет. На кенетике в логах

00[DMN] Starting IKE charon daemon (strongSwan 5.8.0, Linux 4.9-ndm-4, mips)
Окт 19 16:34:52 ipsec
00[CFG] loading secrets
Окт 19 16:34:52 ipsec
00[CFG] loaded IKE secret for 10.136.215.118 80.80.80.82
Окт 19 16:34:52 ipsec
00[CFG] loaded 1 RADIUS server configuration
Окт 19 16:34:52 ipsec
00[CFG] starting system time check, interval: 10s
Окт 19 16:34:52 ipsec
00[LIB] loaded plugins: charon ndm-pem random save-keys nonce x509 pubkey openssl xcbc cmac hmac ctr attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-peap xauth-generic xauth-eap error-notify systime-fix unity
Окт 19 16:34:52 ipsec
00[LIB] dropped capabilities, running as uid 65534, gid 65534
Окт 19 16:34:52 ipsec
05[CFG] received stroke: add connection 'vpn_to_of'
Окт 19 16:34:52 ipsec
05[CFG] added configuration 'vpn_to_of'
Окт 19 16:34:52 ipsec
06[CFG] received stroke: initiate 'vpn_to_of'
Окт 19 16:34:52 ipsec
06[IKE] initiating IKE_SA vpn_to_of[1] to 80.80.80.82
Окт 19 16:34:53 ipsec
08[CFG] received proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Окт 19 16:34:53 ipsec
08[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Окт 19 16:34:53 ipsec
08[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Окт 19 16:34:54 ipsec
08[IKE] linked key for crypto map 'vpn_to_of' is not found, still searching
Окт 19 16:34:54 ipsec
08[IKE] authentication of '10.136.215.118' (myself) with pre-shared key
Окт 19 16:34:54 ipsec
08[IKE] establishing CHILD_SA vpn_to_of{1}
Окт 19 16:34:54 ipsec
09[IKE] received message ID 1, expected 0, ignored
Окт 19 16:34:54 ipsec
09[IKE] received message ID 0, expected 1, ignored
Окт 19 16:35:02 ipsec
06[IKE] retransmit 1 of request with message ID 1
Окт 19 16:35:03 ipsec
09[IKE] received message ID 0, expected 1, ignored
Окт 19 16:35:10 ipsec
07[IKE] retransmit 2 of request with message ID 1

На этом история заканчивается. в логах на  стороне uSG60 тишина.

Буду благодарен за советы

Edited by mluxor
Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...