- 0
3.9 Beta 2: После перезагрузки не подключается IPSec-клиент (телефон) к IPSec-серверу
Asked by
stakp,
-
Recently Browsing 0 members
- No registered users viewing this page.
Asked by
stakp,
Question
stakp
После перезагрузки настроенный и включенный IPsec VPN не подключается с клиента (телефон)
Если включить/выключить в вёбе тоггл IPsec VPN - всё начинает работать.
[I] Nov 12 14:41:35 ipsec: 06[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:41:38 ipsec: 09[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:41:41 ipsec: 06[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:41:45 ipsec: 07[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:41:48 ipsec: 13[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:41:51 ipsec: 06[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:41:52 ipsec: 12[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:41:57 ipsec: 16[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:42:00 ipsec: 13[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:42:02 ipsec: 07[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:42:35 ndm: IpSec::Manager: service enabled.
[I] Nov 12 14:42:35 ndm: IpSec::Manager: crypto ike policy "VirtualIPServer" removed.
[I] Nov 12 14:42:35 ndm: IpSec::Manager: crypto ipsec profile "VirtualIPServer" removed.
[I] Nov 12 14:42:35 ndm: Network::Acl: "_WEBADMIN_IPSEC_VirtualIPServer" access list removed.
[I] Nov 12 14:42:35 ndm: Network::Acl: rule accepted.
[I] Nov 12 14:42:35 ndm: IpSec::Manager: "VirtualIPServer": crypto ike policy successfully created.
[I] Nov 12 14:42:35 ndm: IpSec::Manager: "VirtualIPServer": crypto ipsec profile successfully created.
[I] Nov 12 14:42:35 ndm: IpSec::ManagerVirtualIp: Virtual IP server successfully enabled.
[I] Nov 12 14:42:35 ndm: Core::System::StartupConfig: saving (coala/rci).
[I] Nov 12 14:42:36 ndm: IpSec::Manager: service enabled.
[I] Nov 12 14:42:36 ndm: IpSec::Manager: crypto ike policy "VirtualIPServer" removed.
[I] Nov 12 14:42:36 ndm: IpSec::Manager: crypto ipsec profile "VirtualIPServer" removed.
[I] Nov 12 14:42:36 ndm: Network::Acl: "_WEBADMIN_IPSEC_VirtualIPServer" access list removed.
[I] Nov 12 14:42:36 ndm: Network::Acl: rule accepted.
[I] Nov 12 14:42:36 ndm: IpSec::Manager: "VirtualIPServer": crypto ike policy successfully created.
[I] Nov 12 14:42:36 ndm: IpSec::Manager: "VirtualIPServer": crypto ipsec profile successfully created.
[I] Nov 12 14:42:36 ndm: IpSec::ManagerVirtualIp: Virtual IP server successfully enabled.
[I] Nov 12 14:42:36 ndm: Core::System::StartupConfig: saving (coala/rci).
[I] Nov 12 14:42:38 ndm: IpSec::Manager: create IPsec reconfiguration transaction...
[I] Nov 12 14:42:38 ndm: IpSec::Manager: "VPNL2TPServer": crypto map administratively disabled, skipping.
[I] Nov 12 14:42:38 ndm: IpSec::Manager: add config for crypto map "VirtualIPServer".
[I] Nov 12 14:42:38 ndm: IpSec::Manager: IPsec reconfiguration transaction was created.
[I] Nov 12 14:42:38 ndm: IpSec::Configurator: start applying IPsec configuration.
[I] Nov 12 14:42:38 ndhcps: NDM DHCP server stopped (exit status: 0).
[I] Nov 12 14:42:38 ndm: IpSec::Configurator: IPsec configuration applying is done.
[I] Nov 12 14:42:38 ndm: Core::System::StartupConfig: configuration saved.
[I] Nov 12 14:42:38 ipsec: 15[CFG] loaded 0 entries for attr plugin configuration
[I] Nov 12 14:42:38 ipsec: 15[CFG] loaded 1 RADIUS server configuration
[C] Nov 12 14:42:38 ndm: IpSec::Vici::Socket: system failed [0xcffd0482], unload: connection 'VirtualIPServer' not found.
[C] Nov 12 14:42:38 ndm: IpSec::Vici::Config: "VirtualIPServer": system failed [0xcffd0176], unable to unload conn: input/output error (5).
[C] Nov 12 14:42:38 ndm: IpSec::Vici::Socket: system failed [0xcffd049a].
[C] Nov 12 14:42:38 ndm: IpSec::Vici::Config: "VirtualIPServer": system failed [0xcffd019a], unable to unload pool: input/output error (5).
[C] Nov 12 14:42:38 ndm: IpSec::Vici::Socket: system failed [0xcffd049a].
[C] Nov 12 14:42:38 ndm: IpSec::Vici::Config: "VirtualIPServer": system failed [0xcffd01d1], unable to load pool: input/output error (5).
[C] Nov 12 14:42:38 ndm: IpSec::Vici::Socket: system failed [0xcffd049a].
[C] Nov 12 14:42:38 ndm: IpSec::Vici::Config: "VirtualIPServer": system failed [0xcffd03e3], unable to load conn: input/output error (5).
[I] Nov 12 14:42:38 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] Nov 12 14:42:38 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.
[I] Nov 12 14:42:38 ipsec: 11[CFG] vici terminate IKE_SA 'VirtualIPServer'
[I] Nov 12 14:42:38 ipsec: 11[CFG] vici terminate CHILD_SA 'VirtualIPServer'
[I] Nov 12 14:42:38 ndm: IpSec::Configurator: crypto map "VirtualIPServer" shutdown.
[I] Nov 12 14:42:40 ndhcps: NDM DHCP Server, v3.2.51.
[I] Nov 12 14:42:40 ndm: Core::Server: started Session /var/run/ndm.core.socket.
[I] Nov 12 14:42:40 ndm: Core::Session: client disconnected.
[I] Nov 12 14:43:02 ipsec: 07[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:43:05 ipsec: 12[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:43:09 ipsec: 06[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:43:12 ipsec: 08[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:43:15 ipsec: 12[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:43:19 ipsec: 12[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:43:22 ipsec: 16[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:43:24 ipsec: 09[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:43:28 ipsec: 10[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:43:31 ipsec: 07[IKE] no IKE config found for хх.хх.хх.19...хх.хх.хх.102, sending NO_PROPOSAL_CHOSEN
[I] Nov 12 14:44:38 ndm: IpSec::Manager: service disabled.
[I] Nov 12 14:44:38 ndm: IpSec::Manager: crypto ike policy "VirtualIPServer" removed.
[I] Nov 12 14:44:38 ndm: IpSec::Manager: crypto ipsec profile "VirtualIPServer" removed.
[I] Nov 12 14:44:38 ndm: Network::Acl: "_WEBADMIN_IPSEC_VirtualIPServer" access list removed.
[I] Nov 12 14:44:38 ndm: Network::Acl: rule accepted.
[I] Nov 12 14:44:38 ndm: IpSec::Manager: "VirtualIPServer": crypto ike policy successfully created.
[I] Nov 12 14:44:38 ndm: IpSec::Manager: "VirtualIPServer": crypto ipsec profile successfully created.
[I] Nov 12 14:44:38 ndm: IpSec::ManagerVirtualIp: Virtual IP server successfully enabled.
[I] Nov 12 14:44:38 ndm: Core::System::StartupConfig: saving (http/rci).
[I] Nov 12 14:44:40 ipsec: 16[CFG] vici terminate IKE_SA 'VirtualIPServer'
[I] Nov 12 14:44:40 ipsec: 16[CFG] vici terminate CHILD_SA 'VirtualIPServer'
[I] Nov 12 14:44:40 ndm: IpSec::Configurator: crypto map "VirtualIPServer" stopped.
[I] Nov 12 14:44:40 ndhcps: NDM DHCP server stopped (exit status: 0).
[I] Nov 12 14:44:40 ipsec: 00[DMN] SIGINT received, shutting down
[I] Nov 12 14:44:42 ndm: Core::System::StartupConfig: configuration saved.
[I] Nov 12 14:44:42 ndm: IpSec::Manager: service enabled.
[I] Nov 12 14:44:42 ndm: IpSec::Manager: crypto ike policy "VirtualIPServer" removed.
[I] Nov 12 14:44:42 ndm: IpSec::Manager: crypto ipsec profile "VirtualIPServer" removed.
[I] Nov 12 14:44:42 ndm: Network::Acl: "_WEBADMIN_IPSEC_VirtualIPServer" access list removed.
[I] Nov 12 14:44:42 ndm: Network::Acl: rule accepted.
[I] Nov 12 14:44:42 ndm: IpSec::Manager: "VirtualIPServer": crypto ike policy successfully created.
[I] Nov 12 14:44:42 ndm: IpSec::Manager: "VirtualIPServer": crypto ipsec profile successfully created.
[I] Nov 12 14:44:42 ndm: IpSec::ManagerVirtualIp: Virtual IP server successfully enabled.
[I] Nov 12 14:44:42 ndm: Core::System::StartupConfig: saving (http/rci).
[I] Nov 12 14:44:44 ndm: IpSec::Manager: create IPsec reconfiguration transaction...
[I] Nov 12 14:44:44 ndm: IpSec::Manager: "VPNL2TPServer": crypto map administratively disabled, skipping.
[I] Nov 12 14:44:44 ndm: IpSec::Manager: add config for crypto map "VirtualIPServer".
[I] Nov 12 14:44:44 ndm: IpSec::Manager: IPsec reconfiguration transaction was created.
[I] Nov 12 14:44:44 ndm: IpSec::Configurator: start applying IPsec configuration.
[I] Nov 12 14:44:44 ndm: IpSec::Configurator: IPsec configuration applying is done.
[I] Nov 12 14:44:45 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] Nov 12 14:44:45 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.
[I] Nov 12 14:44:46 ndm: Core::System::StartupConfig: configuration saved.
[I] Nov 12 14:44:46 ndhcps: NDM DHCP Server, v3.2.51.
[I] Nov 12 14:44:46 ndm: Core::Server: started Session /var/run/ndm.core.socket.
[I] Nov 12 14:44:46 ndm: Core::Session: client disconnected.
[I] Nov 12 14:44:46 ipsec: Starting strongSwan 5.9.7 IPsec [starter]...
[I] Nov 12 14:44:47 ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.7, Linux 4.9-ndm-5, aarch64)
[I] Nov 12 14:44:47 ipsec: 00[LIB] providers loaded by OpenSSL: legacy default
[I] Nov 12 14:44:47 ipsec: 00[CFG] loading secrets
[I] Nov 12 14:44:47 ipsec: 00[CFG] loaded 1 RADIUS server configuration
[I] Nov 12 14:44:47 ipsec: 00[CFG] enabling systime-fix, threshold: Tue Jan 1 00:00:00 2030
[I] Nov 12 14:44:47 ipsec: 00[CFG]
[I] Nov 12 14:44:47 ipsec: 00[CFG] starting system time check, interval: 10s
[I] Nov 12 14:44:47 ipsec: 00[LIB] loaded plugins: charon ndm-pem random save-keys nonce x509 pubkey pkcs7 pem openssl pkcs8 xcbc cmac hmac ctr attr kernel-netlink resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-peap xauth-generic xauth-eap error-notify systime-fix unity counters
[I] Nov 12 14:44:47 ipsec: 00[LIB] dropped capabilities, running as uid 65534, gid 65534
[I] Nov 12 14:44:47 ndm: Io::UnixStreamSocket: connected after 1 retries.
[I] Nov 12 14:44:47 ipsec: 05[CFG] loaded IKE shared key with id 'VirtualIPServer-PSK' for: '%any'
[I] Nov 12 14:44:47 ipsec: 09[CFG] loaded IKE shared key with id 'VirtualIPServer-PSK' for: 'mykeenetic.net'
[I] Nov 12 14:44:47 ipsec: 10[CFG] loaded NTLM shared key with id 'USRNM-SERVER-XAUTH' for: 'USRNM'
[I] Nov 12 14:44:47 ipsec: 09[CFG] loaded 1 RADIUS server configuration
[I] Nov 12 14:44:47 ipsec: 12[CFG] added vici pool VirtualIPServer: 172.20.0.1, 256 entries
[I] Nov 12 14:44:47 ipsec: 03[CFG] added vici connection: VirtualIPServer
[I] Nov 12 14:44:59 ipsec: 11[IKE] received NAT-T (RFC 3947) vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] received XAuth vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] received Cisco Unity vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] received FRAGMENTATION vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] received DPD vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] хх.хх.хх.102 is initiating a Main Mode IKE_SA
[I] Nov 12 14:44:59 ipsec: 11[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
[I] Nov 12 14:44:59 ipsec: 11[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
[I] Nov 12 14:44:59 ipsec: 11[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
[I] Nov 12 14:44:59 ipsec: 11[IKE] sending XAuth vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] sending DPD vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] sending FRAGMENTATION vendor ID
[I] Nov 12 14:44:59 ipsec: 11[IKE] sending NAT-T (RFC 3947) vendor ID
[I] Nov 12 14:44:59 ipsec: 13[IKE] remote host is behind NAT
[I] Nov 12 14:44:59 ipsec: 13[IKE] linked key for crypto map '(unnamed)' is not found, still searching
[I] Nov 12 14:44:59 ipsec: 15[CFG] looking for XAuthInitPSK peer configs matching хх.хх.хх.19...хх.хх.хх.102[10.200.41.30]
[I] Nov 12 14:44:59 ipsec: 15[CFG] selected peer config "VirtualIPServer"
[I] Nov 12 14:44:59 ipsec: 12[IKE] EAP-MS-CHAPv2 succeeded: 'Welcome2strongSwan'
[I] Nov 12 14:44:59 ipsec: 12[IKE] XAuth authentication of 'USRNM' successful
[I] Nov 12 14:44:59 ipsec: 14[IKE] IKE_SA VirtualIPServer[1] established between 92.101.159.19[mykeenetic.net]...хх.хх.хх.102[10.200.41.30]
[I] Nov 12 14:44:59 ipsec: 14[IKE] scheduling rekeying in 27965s
[I] Nov 12 14:44:59 ipsec: 14[IKE] scheduling reauthentication in 28778s
[I] Nov 12 14:44:59 ipsec: 14[IKE] maximum IKE_SA lifetime 30845s
[I] Nov 12 14:44:59 ipsec: 05[IKE] peer requested virtual IP %any
Link to comment
Share on other sites
3 answers to this question
Recommended Posts