T@rkus Posted January 13, 2017 Share Posted January 13, 2017 Giga II v2.09(AAFS.3)A0 Роутер не может установить соединение по L2TP/IPsec к сервису HideMy. Обратился в тех поддержку сервиса но те после непродолжительной переписки предположили,что дело в роутере. Markus Saar (inCloak Network) Jan 13, 01:32 MSK У вас все настройки верны, вероятно проблема в роутере. Попробуйте обновить прошивку. T@rkus Jan 12, 17:58 MSK Повторный ввод общего ключа IPSec: incloaknetwork результата не дал. По прежнему не подключается. По PPTP соединение устанавливается без проблем. Но нужно L2TP/IPsec. Прилагаю скрин системного журнала роутера. Attachment(s)2017-01-12_175341.png Oliver Tonisson (inCloak Network) Jan 12, 17:45 MSK Здравствуйте. Проверьте правильность ввода общего ключа IPSec: incloaknetwork Попробуйте изменить тип подключения на РРТР Quote Link to comment Share on other sites More sharing options...
Александр Рыжов Posted January 13, 2017 Share Posted January 13, 2017 Не «утверждают», а говорят «вероятно». Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted January 13, 2017 Share Posted January 13, 2017 А у них есть пробный период бесплатный? Я бы попробовал выяснить, в чем там дело. Quote Link to comment Share on other sites More sharing options...
T@rkus Posted January 13, 2017 Author Share Posted January 13, 2017 2 минуты назад, Александр Рыжов сказал: Не «утверждают», а говорят «вероятно». Ок поправил Только что, Le ecureuil сказал: А у них есть пробный период бесплатный? Я бы попробовал выяснить, в чем там дело. Да сутки. http://hidemy.name/ru/vpn/ Quote Link to comment Share on other sites More sharing options...
T@rkus Posted January 13, 2017 Author Share Posted January 13, 2017 Создал подключение на Windows 7. Все подключается без проблем. Quote Link to comment Share on other sites More sharing options...
T@rkus Posted January 13, 2017 Author Share Posted January 13, 2017 (edited) @Le ecureuil Новый комментарий службы поддержки. Markus Saar (inCloak Network) Jan 13, 13:26 MSK Ваш провайдер предоставляет интернет тоже через L2TP, поэтому конфликт. Не получится настроить одновременно работу двух VPN соединений на одном роутере. Edited January 13, 2017 by T@rkus Quote Link to comment Share on other sites More sharing options...
NikIv Posted January 13, 2017 Share Posted January 13, 2017 Вот причина вообщето: В России начались блокировки VPN http://safe.cnews.ru/news/top/2017-01-12_v_rossii_nachalis_blokirovki_vpn Quote Link to comment Share on other sites More sharing options...
T@rkus Posted January 13, 2017 Author Share Posted January 13, 2017 (edited) 7 минут назад, NikIv сказал: Вот причина вообщето: В России начались блокировки VPN http://safe.cnews.ru/news/top/2017-01-12_v_rossii_nachalis_blokirovki_vpn По PPTP соединение устанавливается без проблем Edited January 13, 2017 by T@rkus Quote Link to comment Share on other sites More sharing options...
NikIv Posted January 13, 2017 Share Posted January 13, 2017 Только что, T@rkus сказал: По PPTP соединение устанавливается без проблем Думаю это не надолго, как только все ответственные получат распоряжение. Quote Link to comment Share on other sites More sharing options...
T@rkus Posted January 13, 2017 Author Share Posted January 13, 2017 Теперь по ходу придется либо PPTP пользоваться либо OpenVPN поднимать Quote Link to comment Share on other sites More sharing options...
anticr Posted January 15, 2017 Share Posted January 15, 2017 (edited) У меня тоже есть похожая проблема c L2TP/IPsec только с сервисом Frootvpn. Так же Giga II v2.09(AAFS.0)A1 Jan 15 16:11:29ndmNetwork::Interface::Base: "L2TP1": interface is up. Jan 15 16:11:32pppd[6830]Plugin pppol2tp.so loaded. Jan 15 16:11:32pppd[6830]pppd 2.4.4-4 started by root, uid 0 Jan 15 16:11:32ndmNetwork::Interface::L2TP: "L2TP1": added host route to 37.235.55.58 via 176.195.0.1. Jan 15 16:11:32pppd[6832]l2tp_control v2.02 Jan 15 16:11:32pppd[6832]l2tp: remote host: 37.235.55.58 Jan 15 16:11:32pppd[6832]l2tp: bind: 176.195.28.183 Jan 15 16:11:34pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 1 Jan 15 16:11:36pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 2 Jan 15 16:11:38pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 3 Jan 15 16:11:40pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 4 Jan 15 16:11:42pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 5 Jan 15 16:11:42pppd[6832]l2tp: sccrq failed, fatal Jan 15 16:11:50pppd[6830]l2tp: control init failed Jan 15 16:11:50pppd[6830]Exit При этом соединения по L2TP и PPTP устанавливаются без проблем Edited January 15, 2017 by anticr Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted January 17, 2017 Share Posted January 17, 2017 Проблема с Hidemy исправлена, в следующих сборках все будет ок. У кого не работает frootvpn - скиньте мне в личку данные для подключения к сервису, проверю (буквально на пару часов). Платить из своих не очень хочется. 2 Quote Link to comment Share on other sites More sharing options...
ndm Posted January 17, 2017 Share Posted January 17, 2017 Исправлено в версии 2.09.A.1.0-1. Quote Link to comment Share on other sites More sharing options...
T@rkus Posted January 18, 2017 Author Share Posted January 18, 2017 10 часов назад, Le ecureuil сказал: Проблема с Hidemy исправлена, в следующих сборках все будет ок. Giga II v2.09(AAFS.1)A1 Не подключается если поднят IPsec VPN Tunnel. Видео и self-test прилагаю. Quote Link to comment Share on other sites More sharing options...
anticr Posted January 18, 2017 Share Posted January 18, 2017 после обновления до v2.09(AAFS.1)A1 пока так же, не идет Скрытый текст Jan 18 15:26:27ndmNetwork::Interface::Base: "L2TP1": interface is up. Jan 18 15:26:30pppd[752]Plugin pppol2tp.so loaded. Jan 18 15:26:30pppd[752]pppd 2.4.4-4 started by root, uid 0 Jan 18 15:26:30ndmNetwork::Interface::L2TP: "L2TP1": added host route to 178.73.195.101 via 109.63.128.1. Jan 18 15:26:30pppd[754]l2tp_control v2.02 Jan 18 15:26:30pppd[754]l2tp: remote host: 178.73.195.101 Jan 18 15:26:30pppd[754]l2tp: bind: 109.63.209.158 Jan 18 15:26:32pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 1 Jan 18 15:26:34pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 2 Jan 18 15:26:36pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 3 Jan 18 15:26:38pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 4 Jan 18 15:26:40pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 5 Jan 18 15:26:40pppd[754]l2tp: sccrq failed, fatal Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted January 18, 2017 Share Posted January 18, 2017 16 часов назад, T@rkus сказал: Giga II v2.09(AAFS.1)A1 Не подключается если поднят IPsec VPN Tunnel. Видео и self-test прилагаю. Там оказалась еще целая россыпь мелких, но противных багов. По идее должно работать в следующей сборке. Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted January 18, 2017 Share Posted January 18, 2017 4 часа назад, anticr сказал: после обновления до v2.09(AAFS.1)A1 пока так же, не идет Показать содержимое Jan 18 15:26:27ndmNetwork::Interface::Base: "L2TP1": interface is up. Jan 18 15:26:30pppd[752]Plugin pppol2tp.so loaded. Jan 18 15:26:30pppd[752]pppd 2.4.4-4 started by root, uid 0 Jan 18 15:26:30ndmNetwork::Interface::L2TP: "L2TP1": added host route to 178.73.195.101 via 109.63.128.1. Jan 18 15:26:30pppd[754]l2tp_control v2.02 Jan 18 15:26:30pppd[754]l2tp: remote host: 178.73.195.101 Jan 18 15:26:30pppd[754]l2tp: bind: 109.63.209.158 Jan 18 15:26:32pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 1 Jan 18 15:26:34pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 2 Jan 18 15:26:36pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 3 Jan 18 15:26:38pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 4 Jan 18 15:26:40pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 5 Jan 18 15:26:40pppd[754]l2tp: sccrq failed, fatal frootvpn пока еще не проверял Quote Link to comment Share on other sites More sharing options...
T@rkus Posted February 13, 2017 Author Share Posted February 13, 2017 Giga II v2.09(AAFS.3)A3 При подключении к HideMy по L2TP/IPsec в логе сыплет зелень. kernel: EIP93: PE ring[102] error: AUTH_ERR Feb 14 02:34:59ndm kernel: EIP93: PE ring[111] error: AUTH_ERR Feb 14 02:34:59ndm kernel: EIP93: PE ring[112] error: AUTH_ERR Feb 14 02:35:01ndm kernel: EIP93: PE ring[113] error: AUTH_ERR Feb 14 02:35:05ndm kernel: EIP93: PE ring[126] error: AUTH_ERR Feb 14 02:35:08ndm kernel: EIP93: PE ring[109] error: AUTH_ERR Feb 14 02:35:09ndm kernel: EIP93: PE ring[23] error: AUTH_ERR Feb 14 02:35:10ndm kernel: EIP93: PE ring[87] error: AUTH_ERR Feb 14 02:35:12ndm kernel: EIP93: PE ring[110] error: AUTH_ERR Feb 14 02:35:16ndm kernel: EIP93: PE ring[60] error: AUTH_ERR Feb 14 02:35:19ndm kernel: EIP93: PE ring[36] error: AUTH_ERR Feb 14 02:35:20ndm kernel: EIP93: PE ring[37] error: AUTH_ERR Feb 14 02:35:21ndm kernel: EIP93: PE ring[38] error: AUTH_ERR Feb 14 02:35:23ndm kernel: EIP93: PE ring[47] error: AUTH_ERR Feb 14 02:35:28ndm kernel: EIP93: PE ring[57] error: AUTH_ERR Feb 14 02:35:39ndm kernel: EIP93: PE ring[96] error: AUTH_ERR Feb 14 02:36:07ndm kernel: EIP93: PE ring[101] error: AUTH_ERR Feb 14 02:37:28ndm kernel: EIP93: PE ring[44] error: AUTH_ERR Feb 14 02:38:20ndm kernel: EIP93: PE ring[103] error: AUTH_ERR Feb 14 02:38:20ndm kernel: EIP93: PE ring[116] error: AUTH_ERR Feb 14 02:38:20ndm kernel: EIP93: PE ring[122] error: AUTH_ERR Feb 14 02:38:20ndm kernel: EIP93: PE ring[7] error: AUTH_ERR Feb 14 02:38:21ndm kernel: EIP93: PE ring[14] error: AUTH_ERR Feb 14 02:38:23ndm kernel: EIP93: PE ring[17] error: AUTH_ERR Feb 14 02:38:27ndm kernel: EIP93: PE ring[32] error: AUTH_ERR Feb 14 02:38:35ndm kernel: EIP93: PE ring[52] error: AUTH_ERR Feb 14 02:38:50ndm kernel: EIP93: PE ring[80] error: AUTH_ERR Feb 14 02:38:51ndm kernel: EIP93: PE ring[87] error: AUTH_ERR Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted February 14, 2017 Share Posted February 14, 2017 Где-то между вами и HideMy наблюдаются искажения пакетов. Quote Link to comment Share on other sites More sharing options...
T@rkus Posted February 14, 2017 Author Share Posted February 14, 2017 (edited) 1 час назад, Le ecureuil сказал: Где-то между вами и HideMy наблюдаются искажения пакетов. Подобная ситуация периодически наблюдается при подключении по L2TP/IPsec и к другим подобным сервисам . Выкл/вкл роутера на время решает проблему. Edited February 14, 2017 by T@rkus Quote Link to comment Share on other sites More sharing options...
datswd Posted November 15, 2021 Share Posted November 15, 2021 (edited) Та же проблема, только не с HideMy, а с собственным L2TP/IPSec (StrongSwan + xl2tp). И да, перезагрузка роутера помогает на какое-то время. Вряд ли дело в искажении пакетов. Три устройства (Android 7.1.1, Android 10, Windows 10), которые выходят в сеть через роутер, подключаются без каких-либо сложностей. Edited November 15, 2021 by datswd Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted November 17, 2021 Share Posted November 17, 2021 В 15.11.2021 в 22:02, datswd сказал: Та же проблема, только не с HideMy, а с собственным L2TP/IPSec (StrongSwan + xl2tp). И да, перезагрузка роутера помогает на какое-то время. Вряд ли дело в искажении пакетов. Три устройства (Android 7.1.1, Android 10, Windows 10), которые выходят в сеть через роутер, подключаются без каких-либо сложностей. Лог когда не работает? Quote Link to comment Share on other sites More sharing options...
datswd Posted November 18, 2021 Share Posted November 18, 2021 (edited) Со стороны Keenetic: [I] Nov 18 20:18:36 ndm: Core::Syslog: the system log has been cleared. [I] Nov 18 20:18:51 ndm: Network::Interface::Base: "L2TP0": interface is up. [I] Nov 18 20:18:51 ndm: IpSec::Manager: service enabled. [I] Nov 18 20:18:51 ndm: Core::ConfigurationSaver: saving configuration... [I] Nov 18 20:18:51 ndm: Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. [I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". [I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). [I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". [I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). [I] Nov 18 20:18:52 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. [I] Nov 18 20:18:52 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. [I] Nov 18 20:18:52 ndm: Network::Interface::L2tp: "L2TP0": using port 41279 as local. [I] Nov 18 20:18:52 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. [I] Nov 18 20:18:52 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. [I] Nov 18 20:18:54 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 18 20:18:54 ndm: IpSec::Manager: add config for crypto map "L2TP0". [I] Nov 18 20:18:54 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 18 20:18:54 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 18 20:18:54 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 18 20:18:54 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:18:54 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:18:55 ndm: Core::ConfigurationSaver: configuration saved. [I] Nov 18 20:18:56 ipsec: Starting strongSwan 5.8.0 IPsec [starter]... [I] Nov 18 20:18:56 ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.0, Linux 4.9-ndm-4, mips) [I] Nov 18 20:18:58 ipsec: 00[CFG] loading secrets [I] Nov 18 20:18:58 ipsec: 00[CFG] loaded IKE secret for cmap:L2TP0 [I] Nov 18 20:18:58 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 18 20:18:58 ipsec: 00[CFG] starting system time check, interval: 10s [I] Nov 18 20:18:58 ipsec: 00[LIB] loaded plugins: charon ndm-pem random save-keys nonce x509 pubkey openssl xcbc cmac hmac ctr attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-peap xauth-generic xauth-eap error-notify systime-fix unity [I] Nov 18 20:18:58 ipsec: 00[LIB] dropped capabilities, running as uid 65534, gid 65534 [I] Nov 18 20:18:58 ipsec: 08[CFG] received stroke: add connection 'L2TP0' [I] Nov 18 20:18:58 ipsec: 08[CFG] added configuration 'L2TP0' [I] Nov 18 20:18:58 ipsec: 03[CFG] received stroke: initiate 'L2TP0' [I] Nov 18 20:18:58 ipsec: 03[IKE] sending DPD vendor ID [I] Nov 18 20:18:58 ipsec: 03[IKE] sending FRAGMENTATION vendor ID [I] Nov 18 20:18:58 ipsec: 03[IKE] sending NAT-T (RFC 3947) vendor ID [I] Nov 18 20:18:58 ipsec: 03[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID [I] Nov 18 20:18:58 ipsec: 03[IKE] initiating Main Mode IKE_SA L2TP0[1] to {Server-IP} [I] Nov 18 20:18:58 ipsec: 12[IKE] received XAuth vendor ID [I] Nov 18 20:18:58 ipsec: 12[IKE] received DPD vendor ID [I] Nov 18 20:18:58 ipsec: 12[IKE] received FRAGMENTATION vendor ID [I] Nov 18 20:18:58 ipsec: 12[IKE] received NAT-T (RFC 3947) vendor ID [I] Nov 18 20:18:58 ipsec: 12[CFG] received proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 18 20:18:58 ipsec: 12[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 [I] Nov 18 20:18:58 ipsec: 12[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 18 20:18:58 ipsec: 09[IKE] found linked key for crypto map 'L2TP0' [I] Nov 18 20:18:58 ipsec: 10[IKE] IKE_SA L2TP0[1] established between {Client-Public-IP}[{Client-Public-IP}]...{Server-IP}[{Server-IP}] [I] Nov 18 20:18:58 ipsec: 10[IKE] scheduling reauthentication in 28772s [I] Nov 18 20:18:58 ipsec: 10[IKE] maximum IKE_SA lifetime 28792s [I] Nov 18 20:18:58 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0. [I] Nov 18 20:18:58 ipsec: 13[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ [I] Nov 18 20:18:58 ipsec: 13[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ [I] Nov 18 20:18:58 ipsec: 13[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ [I] Nov 18 20:18:59 ipsec: 13[IKE] CHILD_SA L2TP0{1} established with SPIs c6792bc8_i cc9e8c51_o and TS {Client-Public-IP}/32[udp/41279] === {Server-IP}/32[udp/l2tp] [W] Nov 18 20:18:59 ndm: IpSec::Configurator: crypto map "L2TP0" is up. [I] Nov 18 20:18:59 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1. [I] Nov 18 20:18:59 ndm: Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer. [I] Nov 18 20:18:59 ndm: Network::Interface::Ppp: "L2TP0": enabled connection via any interface. [I] Nov 18 20:18:59 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:18:59 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:01 l2tp[2152]: Plugin pppol2tp.so loaded. [I] Nov 18 20:19:01 l2tp[2152]: pppd 2.4.4-4 started by root, uid 0 [I] Nov 18 20:19:01 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). [I] Nov 18 20:19:01 pppd_L2TP0: l2tp_control v2.02 [I] Nov 18 20:19:01 pppd_L2TP0: remote host: {Server-IP}:1701 [I] Nov 18 20:19:01 pppd_L2TP0: local bind: {Client-Public-IP}:41279 [I] Nov 18 20:19:03 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 1 [I] Nov 18 20:19:05 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 2 [I] Nov 18 20:19:07 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 3 [I] Nov 18 20:19:09 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 4 [I] Nov 18 20:19:11 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 5 [I] Nov 18 20:19:11 pppd_L2TP0: l2tp: sccrq failed, fatal [I] Nov 18 20:19:11 pppd_L2TP0: l2tp: shutting down control connection [I] Nov 18 20:19:13 pppd_L2TP0: l2tp: shutdown completed [C] Nov 18 20:19:19 pppd_L2TP0: control init failed [E] Nov 18 20:19:19 pppd_L2TP0: Couldn't get channel number: Bad file descriptor [I] Nov 18 20:19:19 pppd_L2TP0: Exit. [E] Nov 18 20:19:19 ndm: Service: "L2TP0": unexpectedly stopped. [I] Nov 18 20:19:19 ndm: Network::Interface::Base: "L2TP0": interface is up. [I] Nov 18 20:19:19 ndm: Network::Interface::Ppp: "L2TP0": disabled connection. [I] Nov 18 20:19:19 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. [I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". [I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). [I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". [I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). [I] Nov 18 20:19:20 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. [I] Nov 18 20:19:20 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. [I] Nov 18 20:19:20 ndm: Network::Interface::L2tp: "L2TP0": using port 41254 as local. [I] Nov 18 20:19:20 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. [I] Nov 18 20:19:20 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. [I] Nov 18 20:19:22 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 18 20:19:22 ndm: IpSec::Manager: add config for crypto map "L2TP0". [I] Nov 18 20:19:22 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 18 20:19:22 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 18 20:19:22 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer. [I] Nov 18 20:19:22 ndm: Network::Interface::Ppp: "L2TP0": disabled connection. [I] Nov 18 20:19:22 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 18 20:19:22 ipsec: 09[CFG] rereading secrets [I] Nov 18 20:19:22 ipsec: 09[CFG] loading secrets [I] Nov 18 20:19:22 ipsec: 09[CFG] loaded IKE secret for cmap:L2TP0 [I] Nov 18 20:19:22 ipsec: 09[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 18 20:19:22 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 18 20:19:22 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:19:22 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 18 20:19:22 ipsec: 14[CFG] received stroke: delete connection 'L2TP0' [I] Nov 18 20:19:22 ipsec: 14[CFG] deleted connection 'L2TP0' [I] Nov 18 20:19:22 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 18 20:19:22 ipsec: 02[CFG] received stroke: add connection 'L2TP0' [I] Nov 18 20:19:22 ipsec: 02[CFG] added configuration 'L2TP0' [I] Nov 18 20:19:22 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 18 20:19:22 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 18 20:19:22 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:22 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". [I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). [I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". [I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). [I] Nov 18 20:19:22 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. [I] Nov 18 20:19:22 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. [I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": using port 41259 as local. [I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. [I] Nov 18 20:19:22 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. [I] Nov 18 20:19:22 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. [I] Nov 18 20:19:24 ipsec: 09[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 18 20:19:24 ipsec: 09[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 18 20:19:24 ipsec: 09[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 18 20:19:24 ipsec: 09[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 18 20:19:24 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown started. [I] Nov 18 20:19:24 ipsec: 07[CFG] received stroke: unroute 'L2TP0' [I] Nov 18 20:19:24 ipsec: 12[CFG] received stroke: terminate 'L2TP0{*}' [I] Nov 18 20:19:24 ipsec: 10[IKE] closing CHILD_SA L2TP0{1} with SPIs c6792bc8_i (0 bytes) cc9e8c51_o (395 bytes) and TS {Client-Public-IP}/32[udp/41279] === {Server-IP}/32[udp/l2tp] [I] Nov 18 20:19:24 ipsec: 11[CFG] received stroke: terminate 'L2TP0[*]' [I] Nov 18 20:19:24 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown complete. [I] Nov 18 20:19:24 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. [I] Nov 18 20:19:24 ndm: Core::Syslog: last message repeated 2 times. [I] Nov 18 20:19:24 ipsec: 10[IKE] sending DELETE for ESP CHILD_SA with SPI c6792bc8 [I] Nov 18 20:19:24 ipsec: 14[IKE] deleting IKE_SA L2TP0[1] between {Client-Public-IP}[{Client-Public-IP}]...{Server-IP}[{Server-IP}] [I] Nov 18 20:19:24 ipsec: 14[IKE] sending DELETE for IKE_SA L2TP0[1] [I] Nov 18 20:19:24 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. [I] Nov 18 20:19:24 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:19:24 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:24 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 18 20:19:24 ndm: IpSec::Manager: add config for crypto map "L2TP0". [I] Nov 18 20:19:24 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 18 20:19:25 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 18 20:19:25 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 18 20:19:25 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 18 20:19:25 ipsec: 02[CFG] rereading secrets [I] Nov 18 20:19:25 ipsec: 02[CFG] loading secrets [I] Nov 18 20:19:25 ipsec: 02[CFG] loaded IKE secret for cmap:L2TP0 [I] Nov 18 20:19:25 ipsec: 02[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 18 20:19:25 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 18 20:19:25 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 18 20:19:25 ipsec: 09[CFG] received stroke: delete connection 'L2TP0' [I] Nov 18 20:19:25 ipsec: 09[CFG] deleted connection 'L2TP0' [I] Nov 18 20:19:25 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 18 20:19:25 ipsec: 08[CFG] received stroke: add connection 'L2TP0' [I] Nov 18 20:19:25 ipsec: 08[CFG] added configuration 'L2TP0' [I] Nov 18 20:19:25 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 18 20:19:25 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:25 ndm: Network::Interface::Base: "L2TP0": interface is down. [I] Nov 18 20:19:25 ndm: IpSec::Manager: service disabled. [I] Nov 18 20:19:25 ndm: Core::ConfigurationSaver: saving configuration... [I] Nov 18 20:19:25 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 18 20:19:25 ndm: Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. [I] Nov 18 20:19:25 ndm: Network::Interface::L2tp: "L2TP0": interface is down. [I] Nov 18 20:19:25 ndm: Network::Interface::L2tp: "L2TP0": interface is down. [I] Nov 18 20:19:25 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. [I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:26 ipsec: 02[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 18 20:19:26 ipsec: 02[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 18 20:19:26 ipsec: 02[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 18 20:19:26 ipsec: 02[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 18 20:19:27 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown started. [I] Nov 18 20:19:27 ipsec: 11[CFG] received stroke: unroute 'L2TP0' [I] Nov 18 20:19:27 ipsec: 15[CFG] received stroke: terminate 'L2TP0{*}' [I] Nov 18 20:19:27 ipsec: 15[CFG] no CHILD_SA named 'L2TP0' found [I] Nov 18 20:19:27 ipsec: 09[CFG] received stroke: terminate 'L2TP0[*]' [I] Nov 18 20:19:27 ipsec: 09[CFG] no IKE_SA named 'L2TP0' found [I] Nov 18 20:19:27 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown complete. [I] Nov 18 20:19:27 ndm: IpSec::Configurator: crypto map "L2TP0" shutdown started. [I] Nov 18 20:19:27 ipsec: 08[CFG] received stroke: unroute 'L2TP0' [I] Nov 18 20:19:27 ipsec: 12[CFG] received stroke: terminate 'L2TP0{*}' [I] Nov 18 20:19:27 ipsec: 12[CFG] no CHILD_SA named 'L2TP0' found [I] Nov 18 20:19:27 ipsec: 13[CFG] received stroke: terminate 'L2TP0[*]' [I] Nov 18 20:19:27 ipsec: 13[CFG] no IKE_SA named 'L2TP0' found [I] Nov 18 20:19:27 ndm: IpSec::Configurator: crypto map "L2TP0" shutdown complete. [I] Nov 18 20:19:27 ipsec: 00[DMN] signal of type SIGINT received. Shutting down [I] Nov 18 20:19:29 ndm: Core::ConfigurationSaver: configuration saved. Со стороны сервера: Nov 18 20:18:59 hostname charon: 07[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (584 bytes) Nov 18 20:18:59 hostname charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V ] Nov 18 20:18:59 hostname charon: 07[IKE] received DPD vendor ID Nov 18 20:18:59 hostname charon: 07[IKE] received FRAGMENTATION vendor ID Nov 18 20:18:59 hostname charon: 07[IKE] received NAT-T (RFC 3947) vendor ID Nov 18 20:18:59 hostname charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Nov 18 20:18:59 hostname charon: 07[IKE] {Client-Public-IP} is initiating a Main Mode IKE_SA Nov 18 20:18:59 hostname charon: 07[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Nov 18 20:18:59 hostname charon: 07[ENC] generating ID_PROT response 0 [ SA V V V V ] Nov 18 20:18:59 hostname charon: 07[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (160 bytes) Nov 18 20:18:59 hostname charon: 08[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (244 bytes) Nov 18 20:18:59 hostname charon: 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Nov 18 20:18:59 hostname charon: 08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Nov 18 20:18:59 hostname charon: 08[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (244 bytes) Nov 18 20:18:59 hostname charon: 09[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (76 bytes) Nov 18 20:18:59 hostname charon: 09[ENC] parsed ID_PROT request 0 [ ID HASH ] Nov 18 20:18:59 hostname charon: 09[CFG] looking for pre-shared key peer configs matching {Server-IP}...{Client-Public-IP}[{Client-Public-IP}] Nov 18 20:18:59 hostname charon: 09[CFG] selected peer config "vpnserver" Nov 18 20:18:59 hostname charon: 09[IKE] IKE_SA vpnserver[5] established between {Server-IP}[{Server-IP}]...{Client-Public-IP}[{Client-Public-IP}] Nov 18 20:18:59 hostname charon: 09[ENC] generating ID_PROT response 0 [ ID HASH ] Nov 18 20:18:59 hostname charon: 09[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (76 bytes) Nov 18 20:18:59 hostname charon: 11[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (300 bytes) Nov 18 20:18:59 hostname charon: 11[ENC] parsed QUICK_MODE request 4167209898 [ HASH SA No ID ID ] Nov 18 20:18:59 hostname charon: 11[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ Nov 18 20:18:59 hostname charon: 11[IKE] received 28800s lifetime, configured 0s Nov 18 20:18:59 hostname charon: 11[ENC] generating QUICK_MODE response 4167209898 [ HASH SA No ID ID ] Nov 18 20:18:59 hostname charon: 11[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (172 bytes) Nov 18 20:19:00 hostname charon: 12[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (60 bytes) Nov 18 20:19:00 hostname charon: 12[ENC] parsed QUICK_MODE request 4167209898 [ HASH ] Nov 18 20:19:00 hostname charon: 12[IKE] CHILD_SA vpnserver{5} established with SPIs cc9e8c51_i c6792bc8_o and TS {Server-IP}/32[udp/l2f] === {Client-Public-IP}/32[udp/41279] Nov 18 20:19:25 hostname charon: 14[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (76 bytes) Nov 18 20:19:25 hostname charon: 14[ENC] parsed INFORMATIONAL_V1 request 2797595098 [ HASH D ] Nov 18 20:19:25 hostname charon: 14[IKE] received DELETE for ESP CHILD_SA with SPI c6792bc8 Nov 18 20:19:25 hostname charon: 14[IKE] closing CHILD_SA vpnserver{5} with SPIs cc9e8c51_i (0 bytes) c6792bc8_o (0 bytes) and TS {Server-IP}/32[udp/l2f] === {Client-Public-IP}/32[udp/41279] Nov 18 20:19:25 hostname charon: 15[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (92 bytes) Nov 18 20:19:25 hostname charon: 15[ENC] parsed INFORMATIONAL_V1 request 944364008 [ HASH D ] Nov 18 20:19:25 hostname charon: 15[IKE] received DELETE for IKE_SA vpnserver[5] Nov 18 20:19:25 hostname charon: 15[IKE] deleting IKE_SA vpnserver[5] between {Server-IP}[{Server-IP}]...{Client-Public-IP}[{Client-Public-IP}] Edited November 18, 2021 by datswd Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted November 21, 2021 Share Posted November 21, 2021 В 18.11.2021 в 20:22, datswd сказал: Со стороны Keenetic: [I] Nov 18 20:18:36 ndm: Core::Syslog: the system log has been cleared. [I] Nov 18 20:18:51 ndm: Network::Interface::Base: "L2TP0": interface is up. [I] Nov 18 20:18:51 ndm: IpSec::Manager: service enabled. [I] Nov 18 20:18:51 ndm: Core::ConfigurationSaver: saving configuration... [I] Nov 18 20:18:51 ndm: Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. [I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". [I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). [I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". [I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). [I] Nov 18 20:18:52 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. [I] Nov 18 20:18:52 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. [I] Nov 18 20:18:52 ndm: Network::Interface::L2tp: "L2TP0": using port 41279 as local. [I] Nov 18 20:18:52 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. [I] Nov 18 20:18:52 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. [I] Nov 18 20:18:54 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 18 20:18:54 ndm: IpSec::Manager: add config for crypto map "L2TP0". [I] Nov 18 20:18:54 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 18 20:18:54 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 18 20:18:54 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 18 20:18:54 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:18:54 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:18:55 ndm: Core::ConfigurationSaver: configuration saved. [I] Nov 18 20:18:56 ipsec: Starting strongSwan 5.8.0 IPsec [starter]... [I] Nov 18 20:18:56 ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.0, Linux 4.9-ndm-4, mips) [I] Nov 18 20:18:58 ipsec: 00[CFG] loading secrets [I] Nov 18 20:18:58 ipsec: 00[CFG] loaded IKE secret for cmap:L2TP0 [I] Nov 18 20:18:58 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 18 20:18:58 ipsec: 00[CFG] starting system time check, interval: 10s [I] Nov 18 20:18:58 ipsec: 00[LIB] loaded plugins: charon ndm-pem random save-keys nonce x509 pubkey openssl xcbc cmac hmac ctr attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-peap xauth-generic xauth-eap error-notify systime-fix unity [I] Nov 18 20:18:58 ipsec: 00[LIB] dropped capabilities, running as uid 65534, gid 65534 [I] Nov 18 20:18:58 ipsec: 08[CFG] received stroke: add connection 'L2TP0' [I] Nov 18 20:18:58 ipsec: 08[CFG] added configuration 'L2TP0' [I] Nov 18 20:18:58 ipsec: 03[CFG] received stroke: initiate 'L2TP0' [I] Nov 18 20:18:58 ipsec: 03[IKE] sending DPD vendor ID [I] Nov 18 20:18:58 ipsec: 03[IKE] sending FRAGMENTATION vendor ID [I] Nov 18 20:18:58 ipsec: 03[IKE] sending NAT-T (RFC 3947) vendor ID [I] Nov 18 20:18:58 ipsec: 03[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID [I] Nov 18 20:18:58 ipsec: 03[IKE] initiating Main Mode IKE_SA L2TP0[1] to {Server-IP} [I] Nov 18 20:18:58 ipsec: 12[IKE] received XAuth vendor ID [I] Nov 18 20:18:58 ipsec: 12[IKE] received DPD vendor ID [I] Nov 18 20:18:58 ipsec: 12[IKE] received FRAGMENTATION vendor ID [I] Nov 18 20:18:58 ipsec: 12[IKE] received NAT-T (RFC 3947) vendor ID [I] Nov 18 20:18:58 ipsec: 12[CFG] received proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 18 20:18:58 ipsec: 12[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 [I] Nov 18 20:18:58 ipsec: 12[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [I] Nov 18 20:18:58 ipsec: 09[IKE] found linked key for crypto map 'L2TP0' [I] Nov 18 20:18:58 ipsec: 10[IKE] IKE_SA L2TP0[1] established between {Client-Public-IP}[{Client-Public-IP}]...{Server-IP}[{Server-IP}] [I] Nov 18 20:18:58 ipsec: 10[IKE] scheduling reauthentication in 28772s [I] Nov 18 20:18:58 ipsec: 10[IKE] maximum IKE_SA lifetime 28792s [I] Nov 18 20:18:58 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0. [I] Nov 18 20:18:58 ipsec: 13[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ [I] Nov 18 20:18:58 ipsec: 13[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ [I] Nov 18 20:18:58 ipsec: 13[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ [I] Nov 18 20:18:59 ipsec: 13[IKE] CHILD_SA L2TP0{1} established with SPIs c6792bc8_i cc9e8c51_o and TS {Client-Public-IP}/32[udp/41279] === {Server-IP}/32[udp/l2tp] [W] Nov 18 20:18:59 ndm: IpSec::Configurator: crypto map "L2TP0" is up. [I] Nov 18 20:18:59 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1. [I] Nov 18 20:18:59 ndm: Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer. [I] Nov 18 20:18:59 ndm: Network::Interface::Ppp: "L2TP0": enabled connection via any interface. [I] Nov 18 20:18:59 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:18:59 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:01 l2tp[2152]: Plugin pppol2tp.so loaded. [I] Nov 18 20:19:01 l2tp[2152]: pppd 2.4.4-4 started by root, uid 0 [I] Nov 18 20:19:01 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). [I] Nov 18 20:19:01 pppd_L2TP0: l2tp_control v2.02 [I] Nov 18 20:19:01 pppd_L2TP0: remote host: {Server-IP}:1701 [I] Nov 18 20:19:01 pppd_L2TP0: local bind: {Client-Public-IP}:41279 [I] Nov 18 20:19:03 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 1 [I] Nov 18 20:19:05 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 2 [I] Nov 18 20:19:07 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 3 [I] Nov 18 20:19:09 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 4 [I] Nov 18 20:19:11 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 5 [I] Nov 18 20:19:11 pppd_L2TP0: l2tp: sccrq failed, fatal [I] Nov 18 20:19:11 pppd_L2TP0: l2tp: shutting down control connection [I] Nov 18 20:19:13 pppd_L2TP0: l2tp: shutdown completed [C] Nov 18 20:19:19 pppd_L2TP0: control init failed [E] Nov 18 20:19:19 pppd_L2TP0: Couldn't get channel number: Bad file descriptor [I] Nov 18 20:19:19 pppd_L2TP0: Exit. [E] Nov 18 20:19:19 ndm: Service: "L2TP0": unexpectedly stopped. [I] Nov 18 20:19:19 ndm: Network::Interface::Base: "L2TP0": interface is up. [I] Nov 18 20:19:19 ndm: Network::Interface::Ppp: "L2TP0": disabled connection. [I] Nov 18 20:19:19 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. [I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". [I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). [I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". [I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). [I] Nov 18 20:19:20 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. [I] Nov 18 20:19:20 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. [I] Nov 18 20:19:20 ndm: Network::Interface::L2tp: "L2TP0": using port 41254 as local. [I] Nov 18 20:19:20 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. [I] Nov 18 20:19:20 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. [I] Nov 18 20:19:22 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 18 20:19:22 ndm: IpSec::Manager: add config for crypto map "L2TP0". [I] Nov 18 20:19:22 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 18 20:19:22 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 18 20:19:22 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer. [I] Nov 18 20:19:22 ndm: Network::Interface::Ppp: "L2TP0": disabled connection. [I] Nov 18 20:19:22 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 18 20:19:22 ipsec: 09[CFG] rereading secrets [I] Nov 18 20:19:22 ipsec: 09[CFG] loading secrets [I] Nov 18 20:19:22 ipsec: 09[CFG] loaded IKE secret for cmap:L2TP0 [I] Nov 18 20:19:22 ipsec: 09[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 18 20:19:22 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 18 20:19:22 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:19:22 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 18 20:19:22 ipsec: 14[CFG] received stroke: delete connection 'L2TP0' [I] Nov 18 20:19:22 ipsec: 14[CFG] deleted connection 'L2TP0' [I] Nov 18 20:19:22 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 18 20:19:22 ipsec: 02[CFG] received stroke: add connection 'L2TP0' [I] Nov 18 20:19:22 ipsec: 02[CFG] added configuration 'L2TP0' [I] Nov 18 20:19:22 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 18 20:19:22 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 18 20:19:22 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:22 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". [I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). [I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". [I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). [I] Nov 18 20:19:22 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. [I] Nov 18 20:19:22 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. [I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": using port 41259 as local. [I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. [I] Nov 18 20:19:22 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. [I] Nov 18 20:19:22 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. [I] Nov 18 20:19:24 ipsec: 09[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 18 20:19:24 ipsec: 09[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 18 20:19:24 ipsec: 09[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 18 20:19:24 ipsec: 09[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 18 20:19:24 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown started. [I] Nov 18 20:19:24 ipsec: 07[CFG] received stroke: unroute 'L2TP0' [I] Nov 18 20:19:24 ipsec: 12[CFG] received stroke: terminate 'L2TP0{*}' [I] Nov 18 20:19:24 ipsec: 10[IKE] closing CHILD_SA L2TP0{1} with SPIs c6792bc8_i (0 bytes) cc9e8c51_o (395 bytes) and TS {Client-Public-IP}/32[udp/41279] === {Server-IP}/32[udp/l2tp] [I] Nov 18 20:19:24 ipsec: 11[CFG] received stroke: terminate 'L2TP0[*]' [I] Nov 18 20:19:24 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown complete. [I] Nov 18 20:19:24 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. [I] Nov 18 20:19:24 ndm: Core::Syslog: last message repeated 2 times. [I] Nov 18 20:19:24 ipsec: 10[IKE] sending DELETE for ESP CHILD_SA with SPI c6792bc8 [I] Nov 18 20:19:24 ipsec: 14[IKE] deleting IKE_SA L2TP0[1] between {Client-Public-IP}[{Client-Public-IP}]...{Server-IP}[{Server-IP}] [I] Nov 18 20:19:24 ipsec: 14[IKE] sending DELETE for IKE_SA L2TP0[1] [I] Nov 18 20:19:24 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. [I] Nov 18 20:19:24 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:19:24 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:24 ndm: IpSec::Manager: create IPsec reconfiguration transaction... [I] Nov 18 20:19:24 ndm: IpSec::Manager: add config for crypto map "L2TP0". [I] Nov 18 20:19:24 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. [I] Nov 18 20:19:25 ndm: IpSec::Configurator: start applying IPsec configuration. [I] Nov 18 20:19:25 ndm: IpSec::Configurator: IPsec configuration applying is done. [I] Nov 18 20:19:25 ndm: IpSec::Configurator: start reloading IKE keys task. [I] Nov 18 20:19:25 ipsec: 02[CFG] rereading secrets [I] Nov 18 20:19:25 ipsec: 02[CFG] loading secrets [I] Nov 18 20:19:25 ipsec: 02[CFG] loaded IKE secret for cmap:L2TP0 [I] Nov 18 20:19:25 ipsec: 02[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' [I] Nov 18 20:19:25 ndm: IpSec::Configurator: reloading IKE keys task done. [I] Nov 18 20:19:25 ndm: IpSec::Configurator: start reloading IPsec config task. [I] Nov 18 20:19:25 ipsec: 09[CFG] received stroke: delete connection 'L2TP0' [I] Nov 18 20:19:25 ipsec: 09[CFG] deleted connection 'L2TP0' [I] Nov 18 20:19:25 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration [I] Nov 18 20:19:25 ipsec: 08[CFG] received stroke: add connection 'L2TP0' [I] Nov 18 20:19:25 ipsec: 08[CFG] added configuration 'L2TP0' [I] Nov 18 20:19:25 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration [I] Nov 18 20:19:25 ipsec: 00[CFG] loaded 1 RADIUS server configuration [I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:25 ndm: Network::Interface::Base: "L2TP0": interface is down. [I] Nov 18 20:19:25 ndm: IpSec::Manager: service disabled. [I] Nov 18 20:19:25 ndm: Core::ConfigurationSaver: saving configuration... [I] Nov 18 20:19:25 ndm: IpSec::Configurator: reloading IPsec config task done. [I] Nov 18 20:19:25 ndm: Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. [I] Nov 18 20:19:25 ndm: Network::Interface::L2tp: "L2TP0": interface is down. [I] Nov 18 20:19:25 ndm: Network::Interface::L2tp: "L2TP0": interface is down. [I] Nov 18 20:19:25 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. [I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... [I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. [I] Nov 18 20:19:26 ipsec: 02[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' [I] Nov 18 20:19:26 ipsec: 02[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' [I] Nov 18 20:19:26 ipsec: 02[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' [I] Nov 18 20:19:26 ipsec: 02[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' [I] Nov 18 20:19:27 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown started. [I] Nov 18 20:19:27 ipsec: 11[CFG] received stroke: unroute 'L2TP0' [I] Nov 18 20:19:27 ipsec: 15[CFG] received stroke: terminate 'L2TP0{*}' [I] Nov 18 20:19:27 ipsec: 15[CFG] no CHILD_SA named 'L2TP0' found [I] Nov 18 20:19:27 ipsec: 09[CFG] received stroke: terminate 'L2TP0[*]' [I] Nov 18 20:19:27 ipsec: 09[CFG] no IKE_SA named 'L2TP0' found [I] Nov 18 20:19:27 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown complete. [I] Nov 18 20:19:27 ndm: IpSec::Configurator: crypto map "L2TP0" shutdown started. [I] Nov 18 20:19:27 ipsec: 08[CFG] received stroke: unroute 'L2TP0' [I] Nov 18 20:19:27 ipsec: 12[CFG] received stroke: terminate 'L2TP0{*}' [I] Nov 18 20:19:27 ipsec: 12[CFG] no CHILD_SA named 'L2TP0' found [I] Nov 18 20:19:27 ipsec: 13[CFG] received stroke: terminate 'L2TP0[*]' [I] Nov 18 20:19:27 ipsec: 13[CFG] no IKE_SA named 'L2TP0' found [I] Nov 18 20:19:27 ndm: IpSec::Configurator: crypto map "L2TP0" shutdown complete. [I] Nov 18 20:19:27 ipsec: 00[DMN] signal of type SIGINT received. Shutting down [I] Nov 18 20:19:29 ndm: Core::ConfigurationSaver: configuration saved. Со стороны сервера: Nov 18 20:18:59 hostname charon: 07[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (584 bytes) Nov 18 20:18:59 hostname charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V ] Nov 18 20:18:59 hostname charon: 07[IKE] received DPD vendor ID Nov 18 20:18:59 hostname charon: 07[IKE] received FRAGMENTATION vendor ID Nov 18 20:18:59 hostname charon: 07[IKE] received NAT-T (RFC 3947) vendor ID Nov 18 20:18:59 hostname charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Nov 18 20:18:59 hostname charon: 07[IKE] {Client-Public-IP} is initiating a Main Mode IKE_SA Nov 18 20:18:59 hostname charon: 07[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Nov 18 20:18:59 hostname charon: 07[ENC] generating ID_PROT response 0 [ SA V V V V ] Nov 18 20:18:59 hostname charon: 07[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (160 bytes) Nov 18 20:18:59 hostname charon: 08[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (244 bytes) Nov 18 20:18:59 hostname charon: 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Nov 18 20:18:59 hostname charon: 08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Nov 18 20:18:59 hostname charon: 08[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (244 bytes) Nov 18 20:18:59 hostname charon: 09[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (76 bytes) Nov 18 20:18:59 hostname charon: 09[ENC] parsed ID_PROT request 0 [ ID HASH ] Nov 18 20:18:59 hostname charon: 09[CFG] looking for pre-shared key peer configs matching {Server-IP}...{Client-Public-IP}[{Client-Public-IP}] Nov 18 20:18:59 hostname charon: 09[CFG] selected peer config "vpnserver" Nov 18 20:18:59 hostname charon: 09[IKE] IKE_SA vpnserver[5] established between {Server-IP}[{Server-IP}]...{Client-Public-IP}[{Client-Public-IP}] Nov 18 20:18:59 hostname charon: 09[ENC] generating ID_PROT response 0 [ ID HASH ] Nov 18 20:18:59 hostname charon: 09[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (76 bytes) Nov 18 20:18:59 hostname charon: 11[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (300 bytes) Nov 18 20:18:59 hostname charon: 11[ENC] parsed QUICK_MODE request 4167209898 [ HASH SA No ID ID ] Nov 18 20:18:59 hostname charon: 11[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ Nov 18 20:18:59 hostname charon: 11[IKE] received 28800s lifetime, configured 0s Nov 18 20:18:59 hostname charon: 11[ENC] generating QUICK_MODE response 4167209898 [ HASH SA No ID ID ] Nov 18 20:18:59 hostname charon: 11[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (172 bytes) Nov 18 20:19:00 hostname charon: 12[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (60 bytes) Nov 18 20:19:00 hostname charon: 12[ENC] parsed QUICK_MODE request 4167209898 [ HASH ] Nov 18 20:19:00 hostname charon: 12[IKE] CHILD_SA vpnserver{5} established with SPIs cc9e8c51_i c6792bc8_o and TS {Server-IP}/32[udp/l2f] === {Client-Public-IP}/32[udp/41279] Nov 18 20:19:25 hostname charon: 14[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (76 bytes) Nov 18 20:19:25 hostname charon: 14[ENC] parsed INFORMATIONAL_V1 request 2797595098 [ HASH D ] Nov 18 20:19:25 hostname charon: 14[IKE] received DELETE for ESP CHILD_SA with SPI c6792bc8 Nov 18 20:19:25 hostname charon: 14[IKE] closing CHILD_SA vpnserver{5} with SPIs cc9e8c51_i (0 bytes) c6792bc8_o (0 bytes) and TS {Server-IP}/32[udp/l2f] === {Client-Public-IP}/32[udp/41279] Nov 18 20:19:25 hostname charon: 15[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (92 bytes) Nov 18 20:19:25 hostname charon: 15[ENC] parsed INFORMATIONAL_V1 request 944364008 [ HASH D ] Nov 18 20:19:25 hostname charon: 15[IKE] received DELETE for IKE_SA vpnserver[5] Nov 18 20:19:25 hostname charon: 15[IKE] deleting IKE_SA vpnserver[5] between {Server-IP}[{Server-IP}]...{Client-Public-IP}[{Client-Public-IP}] Если несложно, то снимите дамп с попытками подключения когда не работает (как в логе выше), затем снимите селф-тест (не перезагружая устройство) и пришлите в официальную поддержку. Я посмотрю там. Quote Link to comment Share on other sites More sharing options...
datswd Posted January 31, 2022 Share Posted January 31, 2022 Есть немного новостей. Если подключаться с Keenetic, то tcpdump на стороне сервера выглядит вот так: 20:40:09.780378 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident 20:40:10.133323 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident 20:40:10.341446 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident[E] 20:40:10.439114 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 2/others I oakley-quick[E] 20:40:10.811799 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 2/others I oakley-quick[E] 20:40:12.868613 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x1), length 116 20:40:14.878308 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x2), length 116 20:40:16.872985 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x3), length 116 20:40:18.875854 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x4), length 116 20:40:20.877147 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x5), length 116 20:40:38.147380 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 2/others I inf[E] 20:40:38.199960 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 2/others I inf[E] Дальше всё продолжается по кругу. Если подключаться с ноутбука, который выходит в интернет через тот же Keenetic, то tcpdump выглядит так 20:42:09.877480 IP {Client IP}.1 > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident 20:42:10.090432 IP {Client IP}.1 > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident 20:42:10.146616 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: NONESP-encap: isakmp: phase 1 I ident[E] 20:42:10.196139 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others I oakley-quick[E] 20:42:10.345461 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others I oakley-quick[E] 20:42:10.345542 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x1), length 140 20:42:11.357295 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x2), length 140 20:42:11.403621 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x3), length 60 20:42:11.404008 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x4), length 52 20:42:11.404037 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x5), length 92 20:42:11.450065 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x6), length 92 20:42:11.458996 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x7), length 76 20:42:11.511794 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x8), length 60 20:42:11.558467 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x9), length 76 20:42:13.480464 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xa), length 76 20:42:13.527214 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xb), length 68 20:42:13.576180 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xc), length 68 20:42:13.576288 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xd), length 76 20:42:13.576566 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xe), length 76 И дальше всё хорошо, подключение установлено, идет обмен пакетами. Точка доступа подключается к провайдеру по PPPoE без IP адреса. Это может как-нибудь повлиять? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.