Jump to content
Как правильно добавить self-test и прочую отладку в тему
Официальное хранилище ПО в виде файлов

Не работает IKev2 на macOS

Языков Алексей
 Share

Recommended Posts

Языков Алексей Member

Языков Алексей

Posted
Posted

Добрый день. На роутера настроен IKEv2 сервер, работает с айфонами, телевизорами на андроид, ноутбуками на винде, но тут у меня появился мак. Настроил соединение, активирую, 2 секунды вижу "подключаю" после чего "отключено". Притом старые маки прекрасно работали. Может кто по логам поймёт что не так. 

 

Скрытый текст

Авг 4 19:18:14 ipsec

06[IKE] 93.100.**.*** is initiating an IKE_SA

 

Авг 4 19:18:14 ipsec

06[CFG] received proposals: IKE:AES_GCM_16=256/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16=256/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

 

Авг 4 19:18:14 ipsec

06[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256

 

Авг 4 19:18:14 ipsec

06[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

 

Авг 4 19:18:14 ipsec

06[IKE] remote host is behind NAT

 

Авг 4 19:18:14 ipsec

06[IKE] DH group ECP_256 unacceptable, requesting MODP_2048

 

Авг 4 19:18:14 ipsec

10[IKE] 93.100.**.*** is initiating an IKE_SA

 

Авг 4 19:18:14 ipsec

10[CFG] received proposals: IKE:AES_GCM_16=256/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16=256/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

 

Авг 4 19:18:14 ipsec

10[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256

 

Авг 4 19:18:14 ipsec

10[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

 

Авг 4 19:18:14 ipsec

10[IKE] remote host is behind NAT

 

Авг 4 19:18:15 ipsec

13[CFG] looking for peer configs matching 93.100.***.***[***.keenetic.link]...93.100.**.***[192.168.3.2]

 

Авг 4 19:18:15 ipsec

13[CFG] selected peer config 'VirtualIPServerIKE2'

 

Авг 4 19:18:15 ipsec

13[IKE] initiating EAP_IDENTITY method (id 0x00)

 

Авг 4 19:18:15 ipsec

13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding

 

Авг 4 19:18:15 ipsec

13[IKE] peer supports MOBIKE, but disabled in config

 

Авг 4 19:18:15 ipsec

13[IKE] authentication of ‘***.keenetic.link' (myself) with RSA signature successful

 

Авг 4 19:18:15 ipsec

13[IKE] sending end entity cert "CN=***.keenetic.link"

 

Авг 4 19:18:15 ipsec

13[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=R11"

 

Авг 4 19:18:32 ipsec

07[JOB] deleting half open IKE_SA with 93.100.**.*** after timeout

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...