Jump to content

Роутер не может установить L2TP/IPsec к HideMy


Recommended Posts

Giga II v2.09(AAFS.3)A0

Роутер не может установить соединение по L2TP/IPsec к сервису HideMy. Обратился в тех поддержку сервиса но те после непродолжительной переписки предположили,что дело в роутере.

 

 
Markus Saa

Markus Saar (inCloak Network)

Jan 13, 01:32 MSK

У вас все настройки верны, вероятно проблема в роутере.
Попробуйте обновить прошивку.

 

77tarkus

T@rkus

Jan 12, 17:58 MSK

Повторный ввод общего ключа IPSec: incloaknetwork результата не дал. По прежнему не подключается. По PPTP соединение устанавливается без проблем. Но нужно L2TP/IPsec. Прилагаю скрин системного журнала роутера.

Attachment(s)
2017-01-12_175341.png

 

Oliver Ton

Oliver Tonisson (inCloak Network)

Jan 12, 17:45 MSK

Здравствуйте.
Проверьте правильность ввода общего ключа IPSec: incloaknetwork
Попробуйте изменить тип подключения на РРТР

 

Link to comment
Share on other sites

2 минуты назад, Александр Рыжов сказал:

Не «утверждают», а говорят «вероятно».

Ок поправил :)

Только что, Le ecureuil сказал:

А у них есть пробный период бесплатный? Я бы попробовал выяснить, в чем там дело.

Да сутки. http://hidemy.name/ru/vpn/

Link to comment
Share on other sites

@Le ecureuil

Новый комментарий службы поддержки.

 

Markus Saar (inCloak Network)

Jan 13, 13:26 MSK

Ваш провайдер предоставляет интернет тоже через L2TP, поэтому конфликт.
Не получится настроить одновременно работу двух VPN соединений на одном роутере.

Edited by T@rkus
Link to comment
Share on other sites

7 минут назад, NikIv сказал:

Вот причина вообщето:

В России начались блокировки VPN

http://safe.cnews.ru/news/top/2017-01-12_v_rossii_nachalis_blokirovki_vpn

По PPTP соединение устанавливается без проблем

2017-01-13_140113.png

Edited by T@rkus
Link to comment
Share on other sites

Только что, T@rkus сказал:

По PPTP соединение устанавливается без проблем

Думаю это не надолго, как только все ответственные получат распоряжение.

Link to comment
Share on other sites

У меня тоже есть похожая проблема c L2TP/IPsec только с сервисом Frootvpn. Так же Giga II v2.09(AAFS.0)A1

 

Jan 15 16:11:29ndmNetwork::Interface::Base: "L2TP1": interface is up.
Jan 15 16:11:32pppd[6830]Plugin pppol2tp.so loaded.
Jan 15 16:11:32pppd[6830]pppd 2.4.4-4 started by root, uid 0
Jan 15 16:11:32ndmNetwork::Interface::L2TP: "L2TP1": added host route to 37.235.55.58 via 176.195.0.1.
Jan 15 16:11:32pppd[6832]l2tp_control v2.02 
Jan 15 16:11:32pppd[6832]l2tp: remote host: 37.235.55.58 
Jan 15 16:11:32pppd[6832]l2tp: bind: 176.195.28.183 
Jan 15 16:11:34pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 1 
Jan 15 16:11:36pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 2 
Jan 15 16:11:38pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 3 
Jan 15 16:11:40pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 4 
Jan 15 16:11:42pppd[6832]l2tp: timeout of sccrp, retry sccrq, try: 5 
Jan 15 16:11:42pppd[6832]l2tp: sccrq failed, fatal 
Jan 15 16:11:50pppd[6830]l2tp: control init failed
Jan 15 16:11:50pppd[6830]Exit

При этом соединения по L2TP и PPTP устанавливаются без проблем

Edited by anticr
Link to comment
Share on other sites

Проблема с Hidemy исправлена, в следующих сборках все будет ок.

У кого не работает frootvpn - скиньте мне в личку данные для подключения к сервису, проверю (буквально на пару часов). Платить из своих не очень хочется. :) 

  • Thanks 2
Link to comment
Share on other sites

10 часов назад, Le ecureuil сказал:

Проблема с Hidemy исправлена, в следующих сборках все будет ок. 

Giga II v2.09(AAFS.1)A1

Не подключается если поднят IPsec VPN Tunnel. Видео и self-test прилагаю.

 

Link to comment
Share on other sites

после обновления до  v2.09(AAFS.1)A1 пока так же, не идет

Скрытый текст

Jan 18 15:26:27ndmNetwork::Interface::Base: "L2TP1": interface is up.
Jan 18 15:26:30pppd[752]Plugin pppol2tp.so loaded.
Jan 18 15:26:30pppd[752]pppd 2.4.4-4 started by root, uid 0
Jan 18 15:26:30ndmNetwork::Interface::L2TP: "L2TP1": added host route to 178.73.195.101 via 109.63.128.1.
Jan 18 15:26:30pppd[754]l2tp_control v2.02 
Jan 18 15:26:30pppd[754]l2tp: remote host: 178.73.195.101 
Jan 18 15:26:30pppd[754]l2tp: bind: 109.63.209.158 
Jan 18 15:26:32pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 1 
Jan 18 15:26:34pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 2 
Jan 18 15:26:36pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 3 
Jan 18 15:26:38pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 4 
Jan 18 15:26:40pppd[754]l2tp: timeout of sccrp, retry sccrq, try: 5 
Jan 18 15:26:40pppd[754]l2tp: sccrq failed, fatal

 

 

Link to comment
Share on other sites

16 часов назад, T@rkus сказал:

Giga II v2.09(AAFS.1)A1

Не подключается если поднят IPsec VPN Tunnel. Видео и self-test прилагаю.

 

Там оказалась еще целая россыпь мелких, но противных багов. По идее должно работать в следующей сборке.

Link to comment
Share on other sites

4 часа назад, anticr сказал:

после обновления до  v2.09(AAFS.1)A1 пока так же, не идет

  Показать содержимое

 

frootvpn пока еще не проверял

Link to comment
Share on other sites

  • 4 weeks later...

Giga II v2.09(AAFS.3)A3

При подключении к HideMy по L2TP/IPsec в логе сыплет зелень. 

kernel: EIP93: PE ring[102] error: AUTH_ERR
Feb 14 02:34:59ndm
kernel: EIP93: PE ring[111] error: AUTH_ERR
Feb 14 02:34:59ndm
kernel: EIP93: PE ring[112] error: AUTH_ERR
Feb 14 02:35:01ndm
kernel: EIP93: PE ring[113] error: AUTH_ERR
Feb 14 02:35:05ndm
kernel: EIP93: PE ring[126] error: AUTH_ERR
Feb 14 02:35:08ndm
kernel: EIP93: PE ring[109] error: AUTH_ERR
Feb 14 02:35:09ndm
kernel: EIP93: PE ring[23] error: AUTH_ERR
Feb 14 02:35:10ndm
kernel: EIP93: PE ring[87] error: AUTH_ERR
Feb 14 02:35:12ndm
kernel: EIP93: PE ring[110] error: AUTH_ERR
Feb 14 02:35:16ndm
kernel: EIP93: PE ring[60] error: AUTH_ERR
Feb 14 02:35:19ndm
kernel: EIP93: PE ring[36] error: AUTH_ERR
Feb 14 02:35:20ndm
kernel: EIP93: PE ring[37] error: AUTH_ERR
Feb 14 02:35:21ndm
kernel: EIP93: PE ring[38] error: AUTH_ERR
Feb 14 02:35:23ndm
kernel: EIP93: PE ring[47] error: AUTH_ERR
Feb 14 02:35:28ndm
kernel: EIP93: PE ring[57] error: AUTH_ERR
Feb 14 02:35:39ndm
kernel: EIP93: PE ring[96] error: AUTH_ERR
Feb 14 02:36:07ndm
kernel: EIP93: PE ring[101] error: AUTH_ERR
Feb 14 02:37:28ndm
kernel: EIP93: PE ring[44] error: AUTH_ERR
Feb 14 02:38:20ndm
kernel: EIP93: PE ring[103] error: AUTH_ERR
Feb 14 02:38:20ndm
kernel: EIP93: PE ring[116] error: AUTH_ERR
Feb 14 02:38:20ndm
kernel: EIP93: PE ring[122] error: AUTH_ERR
Feb 14 02:38:20ndm
kernel: EIP93: PE ring[7] error: AUTH_ERR
Feb 14 02:38:21ndm
kernel: EIP93: PE ring[14] error: AUTH_ERR
Feb 14 02:38:23ndm
kernel: EIP93: PE ring[17] error: AUTH_ERR
Feb 14 02:38:27ndm
kernel: EIP93: PE ring[32] error: AUTH_ERR
Feb 14 02:38:35ndm
kernel: EIP93: PE ring[52] error: AUTH_ERR
Feb 14 02:38:50ndm
kernel: EIP93: PE ring[80] error: AUTH_ERR
Feb 14 02:38:51ndm
kernel: EIP93: PE ring[87] error: AUTH_ERR

Link to comment
Share on other sites

1 час назад, Le ecureuil сказал:

Где-то между вами и HideMy наблюдаются искажения пакетов.

Подобная ситуация периодически наблюдается при подключении по L2TP/IPsec и к другим подобным сервисам . Выкл/вкл роутера на время решает проблему.

Edited by T@rkus
Link to comment
Share on other sites

  • 4 years later...

Та же проблема, только не с HideMy, а с собственным L2TP/IPSec (StrongSwan + xl2tp).

И да, перезагрузка роутера помогает на какое-то время.

Вряд ли дело в искажении пакетов. Три устройства (Android 7.1.1, Android 10, Windows 10), которые выходят в сеть через роутер, подключаются без каких-либо сложностей.

Edited by datswd
Link to comment
Share on other sites

В 15.11.2021 в 22:02, datswd сказал:

Та же проблема, только не с HideMy, а с собственным L2TP/IPSec (StrongSwan + xl2tp).

И да, перезагрузка роутера помогает на какое-то время.

Вряд ли дело в искажении пакетов. Три устройства (Android 7.1.1, Android 10, Windows 10), которые выходят в сеть через роутер, подключаются без каких-либо сложностей.

Лог когда не работает?

Link to comment
Share on other sites

Со стороны Keenetic:

[I] Nov 18 20:18:36 ndm: Core::Syslog: the system log has been cleared. 
[I] Nov 18 20:18:51 ndm: Network::Interface::Base: "L2TP0": interface is up. 
[I] Nov 18 20:18:51 ndm: IpSec::Manager: service enabled. 
[I] Nov 18 20:18:51 ndm: Core::ConfigurationSaver: saving configuration... 
[I] Nov 18 20:18:51 ndm: Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. 
[I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". 
[I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). 
[I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". 
[I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). 
[I] Nov 18 20:18:52 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. 
[I] Nov 18 20:18:52 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. 
[I] Nov 18 20:18:52 ndm: Network::Interface::L2tp: "L2TP0": using port 41279 as local. 
[I] Nov 18 20:18:52 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. 
[I] Nov 18 20:18:52 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. 
[I] Nov 18 20:18:54 ndm: IpSec::Manager: create IPsec reconfiguration transaction... 
[I] Nov 18 20:18:54 ndm: IpSec::Manager: add config for crypto map "L2TP0". 
[I] Nov 18 20:18:54 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. 
[I] Nov 18 20:18:54 ndm: IpSec::Configurator: start applying IPsec configuration. 
[I] Nov 18 20:18:54 ndm: IpSec::Configurator: IPsec configuration applying is done. 
[I] Nov 18 20:18:54 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:18:54 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:18:55 ndm: Core::ConfigurationSaver: configuration saved. 
[I] Nov 18 20:18:56 ipsec: Starting strongSwan 5.8.0 IPsec [starter]... 
[I] Nov 18 20:18:56 ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.0, Linux 4.9-ndm-4, mips) 
[I] Nov 18 20:18:58 ipsec: 00[CFG] loading secrets 
[I] Nov 18 20:18:58 ipsec: 00[CFG]   loaded IKE secret for cmap:L2TP0 
[I] Nov 18 20:18:58 ipsec: 00[CFG] loaded 1 RADIUS server configuration 
[I] Nov 18 20:18:58 ipsec: 00[CFG] starting system time check, interval: 10s 
[I] Nov 18 20:18:58 ipsec: 00[LIB] loaded plugins: charon ndm-pem random save-keys nonce x509 pubkey openssl xcbc cmac hmac ctr attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-peap xauth-generic xauth-eap error-notify systime-fix unity 
[I] Nov 18 20:18:58 ipsec: 00[LIB] dropped capabilities, running as uid 65534, gid 65534 
[I] Nov 18 20:18:58 ipsec: 08[CFG] received stroke: add connection 'L2TP0' 
[I] Nov 18 20:18:58 ipsec: 08[CFG] added configuration 'L2TP0' 
[I] Nov 18 20:18:58 ipsec: 03[CFG] received stroke: initiate 'L2TP0' 
[I] Nov 18 20:18:58 ipsec: 03[IKE] sending DPD vendor ID 
[I] Nov 18 20:18:58 ipsec: 03[IKE] sending FRAGMENTATION vendor ID 
[I] Nov 18 20:18:58 ipsec: 03[IKE] sending NAT-T (RFC 3947) vendor ID 
[I] Nov 18 20:18:58 ipsec: 03[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID 
[I] Nov 18 20:18:58 ipsec: 03[IKE] initiating Main Mode IKE_SA L2TP0[1] to {Server-IP} 
[I] Nov 18 20:18:58 ipsec: 12[IKE] received XAuth vendor ID 
[I] Nov 18 20:18:58 ipsec: 12[IKE] received DPD vendor ID 
[I] Nov 18 20:18:58 ipsec: 12[IKE] received FRAGMENTATION vendor ID 
[I] Nov 18 20:18:58 ipsec: 12[IKE] received NAT-T (RFC 3947) vendor ID 
[I] Nov 18 20:18:58 ipsec: 12[CFG] received proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 
[I] Nov 18 20:18:58 ipsec: 12[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 
[I] Nov 18 20:18:58 ipsec: 12[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 
[I] Nov 18 20:18:58 ipsec: 09[IKE] found linked key for crypto map 'L2TP0' 
[I] Nov 18 20:18:58 ipsec: 10[IKE] IKE_SA L2TP0[1] established between {Client-Public-IP}[{Client-Public-IP}]...{Server-IP}[{Server-IP}] 
[I] Nov 18 20:18:58 ipsec: 10[IKE] scheduling reauthentication in 28772s 
[I] Nov 18 20:18:58 ipsec: 10[IKE] maximum IKE_SA lifetime 28792s 
[I] Nov 18 20:18:58 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0. 
[I] Nov 18 20:18:58 ipsec: 13[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] Nov 18 20:18:58 ipsec: 13[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ 
[I] Nov 18 20:18:58 ipsec: 13[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] Nov 18 20:18:59 ipsec: 13[IKE] CHILD_SA L2TP0{1} established with SPIs c6792bc8_i cc9e8c51_o and TS {Client-Public-IP}/32[udp/41279] === {Server-IP}/32[udp/l2tp] 
[W] Nov 18 20:18:59 ndm: IpSec::Configurator: crypto map "L2TP0" is up. 
[I] Nov 18 20:18:59 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1. 
[I] Nov 18 20:18:59 ndm: Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer. 
[I] Nov 18 20:18:59 ndm: Network::Interface::Ppp: "L2TP0": enabled connection via any interface. 
[I] Nov 18 20:18:59 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:18:59 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:01 l2tp[2152]: Plugin pppol2tp.so loaded. 
[I] Nov 18 20:19:01 l2tp[2152]: pppd 2.4.4-4 started by root, uid 0 
[I] Nov 18 20:19:01 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:01 pppd_L2TP0: l2tp_control v2.02 
[I] Nov 18 20:19:01 pppd_L2TP0: remote host: {Server-IP}:1701 
[I] Nov 18 20:19:01 pppd_L2TP0: local bind: {Client-Public-IP}:41279 
[I] Nov 18 20:19:03 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 1 
[I] Nov 18 20:19:05 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 2 
[I] Nov 18 20:19:07 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 3 
[I] Nov 18 20:19:09 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 4 
[I] Nov 18 20:19:11 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 5 
[I] Nov 18 20:19:11 pppd_L2TP0: l2tp: sccrq failed, fatal 
[I] Nov 18 20:19:11 pppd_L2TP0: l2tp: shutting down control connection 
[I] Nov 18 20:19:13 pppd_L2TP0: l2tp: shutdown completed 
[C] Nov 18 20:19:19 pppd_L2TP0: control init failed 
[E] Nov 18 20:19:19 pppd_L2TP0: Couldn't get channel number: Bad file descriptor 
[I] Nov 18 20:19:19 pppd_L2TP0: Exit. 
[E] Nov 18 20:19:19 ndm: Service: "L2TP0": unexpectedly stopped. 
[I] Nov 18 20:19:19 ndm: Network::Interface::Base: "L2TP0": interface is up. 
[I] Nov 18 20:19:19 ndm: Network::Interface::Ppp: "L2TP0": disabled connection. 
[I] Nov 18 20:19:19 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. 
[I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". 
[I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". 
[I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:20 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. 
[I] Nov 18 20:19:20 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. 
[I] Nov 18 20:19:20 ndm: Network::Interface::L2tp: "L2TP0": using port 41254 as local. 
[I] Nov 18 20:19:20 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. 
[I] Nov 18 20:19:20 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: create IPsec reconfiguration transaction... 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: add config for crypto map "L2TP0". 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: start applying IPsec configuration. 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: IPsec configuration applying is done. 
[I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer. 
[I] Nov 18 20:19:22 ndm: Network::Interface::Ppp: "L2TP0": disabled connection. 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: start reloading IKE keys task. 
[I] Nov 18 20:19:22 ipsec: 09[CFG] rereading secrets 
[I] Nov 18 20:19:22 ipsec: 09[CFG] loading secrets 
[I] Nov 18 20:19:22 ipsec: 09[CFG]   loaded IKE secret for cmap:L2TP0 
[I] Nov 18 20:19:22 ipsec: 09[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: reloading IKE keys task done. 
[I] Nov 18 20:19:22 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: start reloading IPsec config task. 
[I] Nov 18 20:19:22 ipsec: 14[CFG] received stroke: delete connection 'L2TP0' 
[I] Nov 18 20:19:22 ipsec: 14[CFG] deleted connection 'L2TP0' 
[I] Nov 18 20:19:22 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration 
[I] Nov 18 20:19:22 ipsec: 02[CFG] received stroke: add connection 'L2TP0' 
[I] Nov 18 20:19:22 ipsec: 02[CFG] added configuration 'L2TP0' 
[I] Nov 18 20:19:22 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration 
[I] Nov 18 20:19:22 ipsec: 00[CFG] loaded 1 RADIUS server configuration 
[I] Nov 18 20:19:22 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: reloading IPsec config task done. 
[I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". 
[I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". 
[I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:22 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. 
[I] Nov 18 20:19:22 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. 
[I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": using port 41259 as local. 
[I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. 
[I] Nov 18 20:19:24 ipsec: 09[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' 
[I] Nov 18 20:19:24 ipsec: 09[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' 
[I] Nov 18 20:19:24 ipsec: 09[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' 
[I] Nov 18 20:19:24 ipsec: 09[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' 
[I] Nov 18 20:19:24 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown started. 
[I] Nov 18 20:19:24 ipsec: 07[CFG] received stroke: unroute 'L2TP0' 
[I] Nov 18 20:19:24 ipsec: 12[CFG] received stroke: terminate 'L2TP0{*}' 
[I] Nov 18 20:19:24 ipsec: 10[IKE] closing CHILD_SA L2TP0{1} with SPIs c6792bc8_i (0 bytes) cc9e8c51_o (395 bytes) and TS {Client-Public-IP}/32[udp/41279] === {Server-IP}/32[udp/l2tp] 
[I] Nov 18 20:19:24 ipsec: 11[CFG] received stroke: terminate 'L2TP0[*]' 
[I] Nov 18 20:19:24 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown complete. 
[I] Nov 18 20:19:24 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. 
[I] Nov 18 20:19:24 ndm: Core::Syslog: last message repeated 2 times.
[I] Nov 18 20:19:24 ipsec: 10[IKE] sending DELETE for ESP CHILD_SA with SPI c6792bc8 
[I] Nov 18 20:19:24 ipsec: 14[IKE] deleting IKE_SA L2TP0[1] between {Client-Public-IP}[{Client-Public-IP}]...{Server-IP}[{Server-IP}] 
[I] Nov 18 20:19:24 ipsec: 14[IKE] sending DELETE for IKE_SA L2TP0[1] 
[I] Nov 18 20:19:24 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. 
[I] Nov 18 20:19:24 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:19:24 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:24 ndm: IpSec::Manager: create IPsec reconfiguration transaction... 
[I] Nov 18 20:19:24 ndm: IpSec::Manager: add config for crypto map "L2TP0". 
[I] Nov 18 20:19:24 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: start applying IPsec configuration. 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: IPsec configuration applying is done. 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: start reloading IKE keys task. 
[I] Nov 18 20:19:25 ipsec: 02[CFG] rereading secrets 
[I] Nov 18 20:19:25 ipsec: 02[CFG] loading secrets 
[I] Nov 18 20:19:25 ipsec: 02[CFG]   loaded IKE secret for cmap:L2TP0 
[I] Nov 18 20:19:25 ipsec: 02[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: reloading IKE keys task done. 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: start reloading IPsec config task. 
[I] Nov 18 20:19:25 ipsec: 09[CFG] received stroke: delete connection 'L2TP0' 
[I] Nov 18 20:19:25 ipsec: 09[CFG] deleted connection 'L2TP0' 
[I] Nov 18 20:19:25 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration 
[I] Nov 18 20:19:25 ipsec: 08[CFG] received stroke: add connection 'L2TP0' 
[I] Nov 18 20:19:25 ipsec: 08[CFG] added configuration 'L2TP0' 
[I] Nov 18 20:19:25 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration 
[I] Nov 18 20:19:25 ipsec: 00[CFG] loaded 1 RADIUS server configuration 
[I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:25 ndm: Network::Interface::Base: "L2TP0": interface is down. 
[I] Nov 18 20:19:25 ndm: IpSec::Manager: service disabled. 
[I] Nov 18 20:19:25 ndm: Core::ConfigurationSaver: saving configuration... 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: reloading IPsec config task done. 
[I] Nov 18 20:19:25 ndm: Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. 
[I] Nov 18 20:19:25 ndm: Network::Interface::L2tp: "L2TP0": interface is down. 
[I] Nov 18 20:19:25 ndm: Network::Interface::L2tp: "L2TP0": interface is down. 
[I] Nov 18 20:19:25 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. 
[I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:26 ipsec: 02[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' 
[I] Nov 18 20:19:26 ipsec: 02[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' 
[I] Nov 18 20:19:26 ipsec: 02[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' 
[I] Nov 18 20:19:26 ipsec: 02[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' 
[I] Nov 18 20:19:27 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown started. 
[I] Nov 18 20:19:27 ipsec: 11[CFG] received stroke: unroute 'L2TP0' 
[I] Nov 18 20:19:27 ipsec: 15[CFG] received stroke: terminate 'L2TP0{*}' 
[I] Nov 18 20:19:27 ipsec: 15[CFG] no CHILD_SA named 'L2TP0' found 
[I] Nov 18 20:19:27 ipsec: 09[CFG] received stroke: terminate 'L2TP0[*]' 
[I] Nov 18 20:19:27 ipsec: 09[CFG] no IKE_SA named 'L2TP0' found 
[I] Nov 18 20:19:27 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown complete. 
[I] Nov 18 20:19:27 ndm: IpSec::Configurator: crypto map "L2TP0" shutdown started. 
[I] Nov 18 20:19:27 ipsec: 08[CFG] received stroke: unroute 'L2TP0' 
[I] Nov 18 20:19:27 ipsec: 12[CFG] received stroke: terminate 'L2TP0{*}' 
[I] Nov 18 20:19:27 ipsec: 12[CFG] no CHILD_SA named 'L2TP0' found 
[I] Nov 18 20:19:27 ipsec: 13[CFG] received stroke: terminate 'L2TP0[*]' 
[I] Nov 18 20:19:27 ipsec: 13[CFG] no IKE_SA named 'L2TP0' found 
[I] Nov 18 20:19:27 ndm: IpSec::Configurator: crypto map "L2TP0" shutdown complete. 
[I] Nov 18 20:19:27 ipsec: 00[DMN] signal of type SIGINT received. Shutting down 
[I] Nov 18 20:19:29 ndm: Core::ConfigurationSaver: configuration saved.

 

Со стороны сервера:

Nov 18 20:18:59 hostname charon: 07[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (584 bytes)
Nov 18 20:18:59 hostname charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V ]
Nov 18 20:18:59 hostname charon: 07[IKE] received DPD vendor ID
Nov 18 20:18:59 hostname charon: 07[IKE] received FRAGMENTATION vendor ID
Nov 18 20:18:59 hostname charon: 07[IKE] received NAT-T (RFC 3947) vendor ID
Nov 18 20:18:59 hostname charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Nov 18 20:18:59 hostname charon: 07[IKE] {Client-Public-IP} is initiating a Main Mode IKE_SA
Nov 18 20:18:59 hostname charon: 07[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 18 20:18:59 hostname charon: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Nov 18 20:18:59 hostname charon: 07[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (160 bytes)
Nov 18 20:18:59 hostname charon: 08[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (244 bytes)
Nov 18 20:18:59 hostname charon: 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Nov 18 20:18:59 hostname charon: 08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Nov 18 20:18:59 hostname charon: 08[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (244 bytes)
Nov 18 20:18:59 hostname charon: 09[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (76 bytes)
Nov 18 20:18:59 hostname charon: 09[ENC] parsed ID_PROT request 0 [ ID HASH ]
Nov 18 20:18:59 hostname charon: 09[CFG] looking for pre-shared key peer configs matching {Server-IP}...{Client-Public-IP}[{Client-Public-IP}]
Nov 18 20:18:59 hostname charon: 09[CFG] selected peer config "vpnserver"
Nov 18 20:18:59 hostname charon: 09[IKE] IKE_SA vpnserver[5] established between {Server-IP}[{Server-IP}]...{Client-Public-IP}[{Client-Public-IP}]
Nov 18 20:18:59 hostname charon: 09[ENC] generating ID_PROT response 0 [ ID HASH ]
Nov 18 20:18:59 hostname charon: 09[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (76 bytes)
Nov 18 20:18:59 hostname charon: 11[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (300 bytes)
Nov 18 20:18:59 hostname charon: 11[ENC] parsed QUICK_MODE request 4167209898 [ HASH SA No ID ID ]
Nov 18 20:18:59 hostname charon: 11[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Nov 18 20:18:59 hostname charon: 11[IKE] received 28800s lifetime, configured 0s
Nov 18 20:18:59 hostname charon: 11[ENC] generating QUICK_MODE response 4167209898 [ HASH SA No ID ID ]
Nov 18 20:18:59 hostname charon: 11[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (172 bytes)
Nov 18 20:19:00 hostname charon: 12[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (60 bytes)
Nov 18 20:19:00 hostname charon: 12[ENC] parsed QUICK_MODE request 4167209898 [ HASH ]
Nov 18 20:19:00 hostname charon: 12[IKE] CHILD_SA vpnserver{5} established with SPIs cc9e8c51_i c6792bc8_o and TS {Server-IP}/32[udp/l2f] === {Client-Public-IP}/32[udp/41279]
Nov 18 20:19:25 hostname charon: 14[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (76 bytes)
Nov 18 20:19:25 hostname charon: 14[ENC] parsed INFORMATIONAL_V1 request 2797595098 [ HASH D ]
Nov 18 20:19:25 hostname charon: 14[IKE] received DELETE for ESP CHILD_SA with SPI c6792bc8
Nov 18 20:19:25 hostname charon: 14[IKE] closing CHILD_SA vpnserver{5} with SPIs cc9e8c51_i (0 bytes) c6792bc8_o (0 bytes) and TS {Server-IP}/32[udp/l2f] === {Client-Public-IP}/32[udp/41279]
Nov 18 20:19:25 hostname charon: 15[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (92 bytes)
Nov 18 20:19:25 hostname charon: 15[ENC] parsed INFORMATIONAL_V1 request 944364008 [ HASH D ]
Nov 18 20:19:25 hostname charon: 15[IKE] received DELETE for IKE_SA vpnserver[5]
Nov 18 20:19:25 hostname charon: 15[IKE] deleting IKE_SA vpnserver[5] between {Server-IP}[{Server-IP}]...{Client-Public-IP}[{Client-Public-IP}]

 

Edited by datswd
Link to comment
Share on other sites

В 18.11.2021 в 20:22, datswd сказал:

Со стороны Keenetic:

[I] Nov 18 20:18:36 ndm: Core::Syslog: the system log has been cleared. 
[I] Nov 18 20:18:51 ndm: Network::Interface::Base: "L2TP0": interface is up. 
[I] Nov 18 20:18:51 ndm: IpSec::Manager: service enabled. 
[I] Nov 18 20:18:51 ndm: Core::ConfigurationSaver: saving configuration... 
[I] Nov 18 20:18:51 ndm: Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. 
[I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". 
[I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). 
[I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". 
[I] Nov 18 20:18:52 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). 
[I] Nov 18 20:18:52 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. 
[I] Nov 18 20:18:52 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. 
[I] Nov 18 20:18:52 ndm: Network::Interface::L2tp: "L2TP0": using port 41279 as local. 
[I] Nov 18 20:18:52 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. 
[I] Nov 18 20:18:52 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. 
[I] Nov 18 20:18:54 ndm: IpSec::Manager: create IPsec reconfiguration transaction... 
[I] Nov 18 20:18:54 ndm: IpSec::Manager: add config for crypto map "L2TP0". 
[I] Nov 18 20:18:54 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. 
[I] Nov 18 20:18:54 ndm: IpSec::Configurator: start applying IPsec configuration. 
[I] Nov 18 20:18:54 ndm: IpSec::Configurator: IPsec configuration applying is done. 
[I] Nov 18 20:18:54 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:18:54 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:18:55 ndm: Core::ConfigurationSaver: configuration saved. 
[I] Nov 18 20:18:56 ipsec: Starting strongSwan 5.8.0 IPsec [starter]... 
[I] Nov 18 20:18:56 ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.0, Linux 4.9-ndm-4, mips) 
[I] Nov 18 20:18:58 ipsec: 00[CFG] loading secrets 
[I] Nov 18 20:18:58 ipsec: 00[CFG]   loaded IKE secret for cmap:L2TP0 
[I] Nov 18 20:18:58 ipsec: 00[CFG] loaded 1 RADIUS server configuration 
[I] Nov 18 20:18:58 ipsec: 00[CFG] starting system time check, interval: 10s 
[I] Nov 18 20:18:58 ipsec: 00[LIB] loaded plugins: charon ndm-pem random save-keys nonce x509 pubkey openssl xcbc cmac hmac ctr attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-peap xauth-generic xauth-eap error-notify systime-fix unity 
[I] Nov 18 20:18:58 ipsec: 00[LIB] dropped capabilities, running as uid 65534, gid 65534 
[I] Nov 18 20:18:58 ipsec: 08[CFG] received stroke: add connection 'L2TP0' 
[I] Nov 18 20:18:58 ipsec: 08[CFG] added configuration 'L2TP0' 
[I] Nov 18 20:18:58 ipsec: 03[CFG] received stroke: initiate 'L2TP0' 
[I] Nov 18 20:18:58 ipsec: 03[IKE] sending DPD vendor ID 
[I] Nov 18 20:18:58 ipsec: 03[IKE] sending FRAGMENTATION vendor ID 
[I] Nov 18 20:18:58 ipsec: 03[IKE] sending NAT-T (RFC 3947) vendor ID 
[I] Nov 18 20:18:58 ipsec: 03[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID 
[I] Nov 18 20:18:58 ipsec: 03[IKE] initiating Main Mode IKE_SA L2TP0[1] to {Server-IP} 
[I] Nov 18 20:18:58 ipsec: 12[IKE] received XAuth vendor ID 
[I] Nov 18 20:18:58 ipsec: 12[IKE] received DPD vendor ID 
[I] Nov 18 20:18:58 ipsec: 12[IKE] received FRAGMENTATION vendor ID 
[I] Nov 18 20:18:58 ipsec: 12[IKE] received NAT-T (RFC 3947) vendor ID 
[I] Nov 18 20:18:58 ipsec: 12[CFG] received proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 
[I] Nov 18 20:18:58 ipsec: 12[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 
[I] Nov 18 20:18:58 ipsec: 12[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 
[I] Nov 18 20:18:58 ipsec: 09[IKE] found linked key for crypto map 'L2TP0' 
[I] Nov 18 20:18:58 ipsec: 10[IKE] IKE_SA L2TP0[1] established between {Client-Public-IP}[{Client-Public-IP}]...{Server-IP}[{Server-IP}] 
[I] Nov 18 20:18:58 ipsec: 10[IKE] scheduling reauthentication in 28772s 
[I] Nov 18 20:18:58 ipsec: 10[IKE] maximum IKE_SA lifetime 28792s 
[I] Nov 18 20:18:58 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0. 
[I] Nov 18 20:18:58 ipsec: 13[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] Nov 18 20:18:58 ipsec: 13[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ 
[I] Nov 18 20:18:58 ipsec: 13[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] Nov 18 20:18:59 ipsec: 13[IKE] CHILD_SA L2TP0{1} established with SPIs c6792bc8_i cc9e8c51_o and TS {Client-Public-IP}/32[udp/41279] === {Server-IP}/32[udp/l2tp] 
[W] Nov 18 20:18:59 ndm: IpSec::Configurator: crypto map "L2TP0" is up. 
[I] Nov 18 20:18:59 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1. 
[I] Nov 18 20:18:59 ndm: Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer. 
[I] Nov 18 20:18:59 ndm: Network::Interface::Ppp: "L2TP0": enabled connection via any interface. 
[I] Nov 18 20:18:59 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:18:59 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:01 l2tp[2152]: Plugin pppol2tp.so loaded. 
[I] Nov 18 20:19:01 l2tp[2152]: pppd 2.4.4-4 started by root, uid 0 
[I] Nov 18 20:19:01 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:01 pppd_L2TP0: l2tp_control v2.02 
[I] Nov 18 20:19:01 pppd_L2TP0: remote host: {Server-IP}:1701 
[I] Nov 18 20:19:01 pppd_L2TP0: local bind: {Client-Public-IP}:41279 
[I] Nov 18 20:19:03 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 1 
[I] Nov 18 20:19:05 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 2 
[I] Nov 18 20:19:07 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 3 
[I] Nov 18 20:19:09 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 4 
[I] Nov 18 20:19:11 pppd_L2TP0: l2tp: timeout of sccrp, retry sccrq, try: 5 
[I] Nov 18 20:19:11 pppd_L2TP0: l2tp: sccrq failed, fatal 
[I] Nov 18 20:19:11 pppd_L2TP0: l2tp: shutting down control connection 
[I] Nov 18 20:19:13 pppd_L2TP0: l2tp: shutdown completed 
[C] Nov 18 20:19:19 pppd_L2TP0: control init failed 
[E] Nov 18 20:19:19 pppd_L2TP0: Couldn't get channel number: Bad file descriptor 
[I] Nov 18 20:19:19 pppd_L2TP0: Exit. 
[E] Nov 18 20:19:19 ndm: Service: "L2TP0": unexpectedly stopped. 
[I] Nov 18 20:19:19 ndm: Network::Interface::Base: "L2TP0": interface is up. 
[I] Nov 18 20:19:19 ndm: Network::Interface::Ppp: "L2TP0": disabled connection. 
[I] Nov 18 20:19:19 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. 
[I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". 
[I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". 
[I] Nov 18 20:19:20 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:20 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. 
[I] Nov 18 20:19:20 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. 
[I] Nov 18 20:19:20 ndm: Network::Interface::L2tp: "L2TP0": using port 41254 as local. 
[I] Nov 18 20:19:20 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. 
[I] Nov 18 20:19:20 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: create IPsec reconfiguration transaction... 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: add config for crypto map "L2TP0". 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: start applying IPsec configuration. 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: IPsec configuration applying is done. 
[I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer. 
[I] Nov 18 20:19:22 ndm: Network::Interface::Ppp: "L2TP0": disabled connection. 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: start reloading IKE keys task. 
[I] Nov 18 20:19:22 ipsec: 09[CFG] rereading secrets 
[I] Nov 18 20:19:22 ipsec: 09[CFG] loading secrets 
[I] Nov 18 20:19:22 ipsec: 09[CFG]   loaded IKE secret for cmap:L2TP0 
[I] Nov 18 20:19:22 ipsec: 09[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: reloading IKE keys task done. 
[I] Nov 18 20:19:22 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: start reloading IPsec config task. 
[I] Nov 18 20:19:22 ipsec: 14[CFG] received stroke: delete connection 'L2TP0' 
[I] Nov 18 20:19:22 ipsec: 14[CFG] deleted connection 'L2TP0' 
[I] Nov 18 20:19:22 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration 
[I] Nov 18 20:19:22 ipsec: 02[CFG] received stroke: add connection 'L2TP0' 
[I] Nov 18 20:19:22 ipsec: 02[CFG] added configuration 'L2TP0' 
[I] Nov 18 20:19:22 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration 
[I] Nov 18 20:19:22 ipsec: 00[CFG] loaded 1 RADIUS server configuration 
[I] Nov 18 20:19:22 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:22 ndm: IpSec::Configurator: reloading IPsec config task done. 
[I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "{Server-IP}". 
[I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": connecting via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "{Client-Public-IP}". 
[I] Nov 18 20:19:22 ndm: Network::Interface::PppTunnel: "L2TP0": added host route to {Server-IP} via PPPoE0 (PPPoE0). 
[I] Nov 18 20:19:22 ndm: Network::Interface::Base: "L2TP0": static MTU reset to default. 
[I] Nov 18 20:19:22 ndm: Network::Interface::Base: "L2TP0": network MTU is 1392. 
[I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": using port 41259 as local. 
[I] Nov 18 20:19:22 ndm: Network::Interface::L2tp: "L2TP0": updating IP secure configuration. 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. 
[I] Nov 18 20:19:22 ndm: IpSec::Manager: "L2TP0": IP secure connection was added. 
[I] Nov 18 20:19:24 ipsec: 09[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' 
[I] Nov 18 20:19:24 ipsec: 09[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' 
[I] Nov 18 20:19:24 ipsec: 09[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' 
[I] Nov 18 20:19:24 ipsec: 09[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' 
[I] Nov 18 20:19:24 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown started. 
[I] Nov 18 20:19:24 ipsec: 07[CFG] received stroke: unroute 'L2TP0' 
[I] Nov 18 20:19:24 ipsec: 12[CFG] received stroke: terminate 'L2TP0{*}' 
[I] Nov 18 20:19:24 ipsec: 10[IKE] closing CHILD_SA L2TP0{1} with SPIs c6792bc8_i (0 bytes) cc9e8c51_o (395 bytes) and TS {Client-Public-IP}/32[udp/41279] === {Server-IP}/32[udp/l2tp] 
[I] Nov 18 20:19:24 ipsec: 11[CFG] received stroke: terminate 'L2TP0[*]' 
[I] Nov 18 20:19:24 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown complete. 
[I] Nov 18 20:19:24 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. 
[I] Nov 18 20:19:24 ndm: Core::Syslog: last message repeated 2 times.
[I] Nov 18 20:19:24 ipsec: 10[IKE] sending DELETE for ESP CHILD_SA with SPI c6792bc8 
[I] Nov 18 20:19:24 ipsec: 14[IKE] deleting IKE_SA L2TP0[1] between {Client-Public-IP}[{Client-Public-IP}]...{Server-IP}[{Server-IP}] 
[I] Nov 18 20:19:24 ipsec: 14[IKE] sending DELETE for IKE_SA L2TP0[1] 
[I] Nov 18 20:19:24 ndm: IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. 
[I] Nov 18 20:19:24 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:19:24 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:24 ndm: IpSec::Manager: create IPsec reconfiguration transaction... 
[I] Nov 18 20:19:24 ndm: IpSec::Manager: add config for crypto map "L2TP0". 
[I] Nov 18 20:19:24 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: start applying IPsec configuration. 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: IPsec configuration applying is done. 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: start reloading IKE keys task. 
[I] Nov 18 20:19:25 ipsec: 02[CFG] rereading secrets 
[I] Nov 18 20:19:25 ipsec: 02[CFG] loading secrets 
[I] Nov 18 20:19:25 ipsec: 02[CFG]   loaded IKE secret for cmap:L2TP0 
[I] Nov 18 20:19:25 ipsec: 02[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: reloading IKE keys task done. 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: start reloading IPsec config task. 
[I] Nov 18 20:19:25 ipsec: 09[CFG] received stroke: delete connection 'L2TP0' 
[I] Nov 18 20:19:25 ipsec: 09[CFG] deleted connection 'L2TP0' 
[I] Nov 18 20:19:25 ipsec: 00[DMN] signal of type SIGHUP received. Reloading configuration 
[I] Nov 18 20:19:25 ipsec: 08[CFG] received stroke: add connection 'L2TP0' 
[I] Nov 18 20:19:25 ipsec: 08[CFG] added configuration 'L2TP0' 
[I] Nov 18 20:19:25 ipsec: 00[CFG] loaded 0 entries for attr plugin configuration 
[I] Nov 18 20:19:25 ipsec: 00[CFG] loaded 1 RADIUS server configuration 
[I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:25 ndm: Network::Interface::Base: "L2TP0": interface is down. 
[I] Nov 18 20:19:25 ndm: IpSec::Manager: service disabled. 
[I] Nov 18 20:19:25 ndm: Core::ConfigurationSaver: saving configuration... 
[I] Nov 18 20:19:25 ndm: IpSec::Configurator: reloading IPsec config task done. 
[I] Nov 18 20:19:25 ndm: Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. 
[I] Nov 18 20:19:25 ndm: Network::Interface::L2tp: "L2TP0": interface is down. 
[I] Nov 18 20:19:25 ndm: Network::Interface::L2tp: "L2TP0": interface is down. 
[I] Nov 18 20:19:25 ndm: IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. 
[I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Nov 18 20:19:25 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Nov 18 20:19:26 ipsec: 02[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' 
[I] Nov 18 20:19:26 ipsec: 02[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' 
[I] Nov 18 20:19:26 ipsec: 02[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' 
[I] Nov 18 20:19:26 ipsec: 02[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' 
[I] Nov 18 20:19:27 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown started. 
[I] Nov 18 20:19:27 ipsec: 11[CFG] received stroke: unroute 'L2TP0' 
[I] Nov 18 20:19:27 ipsec: 15[CFG] received stroke: terminate 'L2TP0{*}' 
[I] Nov 18 20:19:27 ipsec: 15[CFG] no CHILD_SA named 'L2TP0' found 
[I] Nov 18 20:19:27 ipsec: 09[CFG] received stroke: terminate 'L2TP0[*]' 
[I] Nov 18 20:19:27 ipsec: 09[CFG] no IKE_SA named 'L2TP0' found 
[I] Nov 18 20:19:27 ndm: IpSec::Configurator: "L2TP0": crypto map shutdown complete. 
[I] Nov 18 20:19:27 ndm: IpSec::Configurator: crypto map "L2TP0" shutdown started. 
[I] Nov 18 20:19:27 ipsec: 08[CFG] received stroke: unroute 'L2TP0' 
[I] Nov 18 20:19:27 ipsec: 12[CFG] received stroke: terminate 'L2TP0{*}' 
[I] Nov 18 20:19:27 ipsec: 12[CFG] no CHILD_SA named 'L2TP0' found 
[I] Nov 18 20:19:27 ipsec: 13[CFG] received stroke: terminate 'L2TP0[*]' 
[I] Nov 18 20:19:27 ipsec: 13[CFG] no IKE_SA named 'L2TP0' found 
[I] Nov 18 20:19:27 ndm: IpSec::Configurator: crypto map "L2TP0" shutdown complete. 
[I] Nov 18 20:19:27 ipsec: 00[DMN] signal of type SIGINT received. Shutting down 
[I] Nov 18 20:19:29 ndm: Core::ConfigurationSaver: configuration saved.

 

Со стороны сервера:

Nov 18 20:18:59 hostname charon: 07[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (584 bytes)
Nov 18 20:18:59 hostname charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V ]
Nov 18 20:18:59 hostname charon: 07[IKE] received DPD vendor ID
Nov 18 20:18:59 hostname charon: 07[IKE] received FRAGMENTATION vendor ID
Nov 18 20:18:59 hostname charon: 07[IKE] received NAT-T (RFC 3947) vendor ID
Nov 18 20:18:59 hostname charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Nov 18 20:18:59 hostname charon: 07[IKE] {Client-Public-IP} is initiating a Main Mode IKE_SA
Nov 18 20:18:59 hostname charon: 07[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 18 20:18:59 hostname charon: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Nov 18 20:18:59 hostname charon: 07[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (160 bytes)
Nov 18 20:18:59 hostname charon: 08[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (244 bytes)
Nov 18 20:18:59 hostname charon: 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Nov 18 20:18:59 hostname charon: 08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Nov 18 20:18:59 hostname charon: 08[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (244 bytes)
Nov 18 20:18:59 hostname charon: 09[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (76 bytes)
Nov 18 20:18:59 hostname charon: 09[ENC] parsed ID_PROT request 0 [ ID HASH ]
Nov 18 20:18:59 hostname charon: 09[CFG] looking for pre-shared key peer configs matching {Server-IP}...{Client-Public-IP}[{Client-Public-IP}]
Nov 18 20:18:59 hostname charon: 09[CFG] selected peer config "vpnserver"
Nov 18 20:18:59 hostname charon: 09[IKE] IKE_SA vpnserver[5] established between {Server-IP}[{Server-IP}]...{Client-Public-IP}[{Client-Public-IP}]
Nov 18 20:18:59 hostname charon: 09[ENC] generating ID_PROT response 0 [ ID HASH ]
Nov 18 20:18:59 hostname charon: 09[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (76 bytes)
Nov 18 20:18:59 hostname charon: 11[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (300 bytes)
Nov 18 20:18:59 hostname charon: 11[ENC] parsed QUICK_MODE request 4167209898 [ HASH SA No ID ID ]
Nov 18 20:18:59 hostname charon: 11[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Nov 18 20:18:59 hostname charon: 11[IKE] received 28800s lifetime, configured 0s
Nov 18 20:18:59 hostname charon: 11[ENC] generating QUICK_MODE response 4167209898 [ HASH SA No ID ID ]
Nov 18 20:18:59 hostname charon: 11[NET] sending packet: from {Server-IP}[500] to {Client-Public-IP}[500] (172 bytes)
Nov 18 20:19:00 hostname charon: 12[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (60 bytes)
Nov 18 20:19:00 hostname charon: 12[ENC] parsed QUICK_MODE request 4167209898 [ HASH ]
Nov 18 20:19:00 hostname charon: 12[IKE] CHILD_SA vpnserver{5} established with SPIs cc9e8c51_i c6792bc8_o and TS {Server-IP}/32[udp/l2f] === {Client-Public-IP}/32[udp/41279]
Nov 18 20:19:25 hostname charon: 14[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (76 bytes)
Nov 18 20:19:25 hostname charon: 14[ENC] parsed INFORMATIONAL_V1 request 2797595098 [ HASH D ]
Nov 18 20:19:25 hostname charon: 14[IKE] received DELETE for ESP CHILD_SA with SPI c6792bc8
Nov 18 20:19:25 hostname charon: 14[IKE] closing CHILD_SA vpnserver{5} with SPIs cc9e8c51_i (0 bytes) c6792bc8_o (0 bytes) and TS {Server-IP}/32[udp/l2f] === {Client-Public-IP}/32[udp/41279]
Nov 18 20:19:25 hostname charon: 15[NET] received packet: from {Client-Public-IP}[500] to {Server-IP}[500] (92 bytes)
Nov 18 20:19:25 hostname charon: 15[ENC] parsed INFORMATIONAL_V1 request 944364008 [ HASH D ]
Nov 18 20:19:25 hostname charon: 15[IKE] received DELETE for IKE_SA vpnserver[5]
Nov 18 20:19:25 hostname charon: 15[IKE] deleting IKE_SA vpnserver[5] between {Server-IP}[{Server-IP}]...{Client-Public-IP}[{Client-Public-IP}]

 

Если несложно, то снимите дамп с попытками подключения когда не работает (как в логе выше), затем снимите селф-тест (не перезагружая устройство) и пришлите в официальную поддержку. Я посмотрю там.

Link to comment
Share on other sites

  • 2 months later...

Есть немного новостей.

Если подключаться с Keenetic, то tcpdump на стороне сервера выглядит вот так:

20:40:09.780378 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident
20:40:10.133323 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident
20:40:10.341446 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident[E]
20:40:10.439114 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 2/others I oakley-quick[E]
20:40:10.811799 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 2/others I oakley-quick[E]
20:40:12.868613 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x1), length 116
20:40:14.878308 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x2), length 116
20:40:16.872985 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x3), length 116
20:40:18.875854 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x4), length 116
20:40:20.877147 IP {Client IP} > {VPN Server hostname}: ESP(spi=0xc76ef7db,seq=0x5), length 116
20:40:38.147380 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 2/others I inf[E]
20:40:38.199960 IP {Client IP}.isakmp > {VPN Server hostname}.isakmp: isakmp: phase 2/others I inf[E]

Дальше всё продолжается по кругу.

 

Если подключаться с ноутбука, который выходит в интернет через тот же Keenetic, то tcpdump выглядит так

20:42:09.877480 IP {Client IP}.1 > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident
20:42:10.090432 IP {Client IP}.1 > {VPN Server hostname}.isakmp: isakmp: phase 1 I ident
20:42:10.146616 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: NONESP-encap: isakmp: phase 1 I ident[E]
20:42:10.196139 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
20:42:10.345461 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
20:42:10.345542 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x1), length 140
20:42:11.357295 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x2), length 140
20:42:11.403621 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x3), length 60
20:42:11.404008 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x4), length 52
20:42:11.404037 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x5), length 92
20:42:11.450065 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x6), length 92
20:42:11.458996 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x7), length 76
20:42:11.511794 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x8), length 60
20:42:11.558467 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0x9), length 76
20:42:13.480464 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xa), length 76
20:42:13.527214 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xb), length 68
20:42:13.576180 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xc), length 68
20:42:13.576288 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xd), length 76
20:42:13.576566 IP {Client IP}.ipsec-nat-t > {VPN Server hostname}.ipsec-nat-t: UDP-encap: ESP(spi=0xc1ae96ff,seq=0xe), length 76

И дальше всё хорошо, подключение установлено, идет обмен пакетами.

 

Точка доступа подключается к провайдеру по PPPoE без IP адреса. Это может как-нибудь повлиять?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...