Jump to content

K-II клиент VPN-L2TP/IPsec релиз 216D2


vasek00
 Share

Recommended Posts

Скрытый текст

Май 14 14:07:51 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 663/1356, tunnel Ns/Nr: 1356/319, tunnel reception window size: 16 bytes)
Май 14 14:09:07 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 664/1358, tunnel Ns/Nr: 1358/319, tunnel reception window size: 16 bytes)
Май 14 14:10:22 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 665/1360, tunnel Ns/Nr: 1360/319, tunnel reception window size: 16 bytes)
Май 14 14:11:38 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 666/1362, tunnel Ns/Nr: 1362/319, tunnel reception window size: 16 bytes)
Май 14 14:12:53 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 667/1364, tunnel Ns/Nr: 1364/319, tunnel reception window size: 16 bytes)
Май 14 14:14:09 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 668/1366, tunnel Ns/Nr: 1366/319, tunnel reception window size: 16 bytes)
Май 14 14:15:25 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 669/1368, tunnel Ns/Nr: 1368/319, tunnel reception window size: 16 bytes)
Май 14 14:16:40 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 670/1371, tunnel Ns/Nr: 1371/319, tunnel reception window size: 16 bytes)

 

Viva(34B2)----Интернет----MikroTik_SXT_Lite5(bridge)-[WAN]K-II(216D2)

На Viva сервер, на K-II клиент VPN-L2TP/IPsec, как бы не ошибка но все же. Hа K-II за указанный период лог чистый.

 

 

Link to comment
Share on other sites

Эта тема старая,

Причём дропы стабильно с интервалом минута 15 секунд. 

Link to comment
Share on other sites

44 минуты назад, vasek00 сказал:

После перезагрузки сервера (Viva) и соединения пока тишина.

А вива у вас на какой кеен ос? 

Link to comment
Share on other sites

17 часов назад, krass сказал:

А вива у вас на какой кеен ос? 

На 34B2, возможно с падением основного линка на GigabitEthernet1 но сразу подъем был GigabitEthernet1

Скрытый текст

Viva
Не стого не сего


[I] May 15 00:13:43 ipsec: 05[KNL] creating rekey job for CHILD_SA ESP/0xceef72af/VIVA-66 
[I] May 15 00:13:43 ipsec: 07[KNL] creating rekey job for CHILD_SA ESP/0xc63fa425/K-II-31 
[I] May 15 00:13:43 ipsec: 11[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] May 15 00:13:43 ipsec: 11[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_MD5_96/NO_EXT_SEQ 
[I] May 15 00:13:43 ipsec: 11[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] May 15 00:13:43 ipsec: 11[IKE] CHILD_SA VPNL2TPServer{6} established with SPIs c4826d7a_i c9bee081_o and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[W] May 15 00:13:43 ndm: IpSec::Configurator: "VPNL2TPServer": IPsec connection to L2TP/IPsec server from "K-II-31" is established.
[I] May 15 00:13:43 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] May 15 00:13:43 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.
[I] May 15 00:13:55 ipsec: 14[IKE] initiator did not reauthenticate as requested 
[I] May 15 00:13:55 ipsec: 14[IKE] reauthenticating IKE_SA VPNL2TPServer[13] disabled on passive side 
...
[I] May 15 00:13:59 ipsec: 03[IKE] scheduling reauthentication in 28773s 
[I] May 15 00:13:59 ipsec: 03[IKE] maximum IKE_SA lifetime 28793s 
[I] May 15 00:14:09 ipsec: 10[IKE] deleting IKE_SA VPNL2TPServer[13] between VIVA-66[VIVA-66]...K-II-31[K-II-31] 
[I] May 15 00:14:09 ipsec: 10[IKE] sending DELETE for IKE_SA VPNL2TPServer[13] 
[I] May 15 00:14:22 ipsec: 10[IKE] received DELETE for ESP CHILD_SA with SPI c63fa425 
[I] May 15 00:14:22 ipsec: 10[IKE] closing CHILD_SA VPNL2TPServer{5} with SPIs ceef72af_i (3871888938 bytes) c63fa425_o (93609575 bytes) and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[I] May 15 03:18:54 ipsec: 09[IKE] 216.218.206.122 is initiating a Main Mode IKE_SA 
[I] May 15 03:18:54 ipsec: 09[CFG] received proposals: IKE:CAST_CBC 
[I] May 15 03:18:54 ipsec: [truncated] 09[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_384, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_256, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_384, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_256, IKE:DES_CBC/HMAC_MD5_96/PRF_HMA
[I] May 15 03:18:54 ipsec: 09[IKE] no proposal found 
...
[I] May 15 06:54:39 ndm: Network::Interface::GigabitEthernet: "GigabitEthernet1": link up.
[I] May 15 06:54:39 ndm: Network::Interface::GigabitEthernet: "GigabitEthernet1": link down.
[I] May 15 06:54:41 ndm: Network::Interface::GigabitEthernet: "GigabitEthernet1": link up.
[I] May 15 06:54:44 ndm: Core::Server: started Session /var/run/ndm.core.socket.
[I] May 15 06:54:44 upnp: HTTP listening on port 49365
[I] May 15 06:54:44 upnp: Listening for NAT-PMP/PCP traffic on port 5351
[I] May 15 06:54:46 ndm: Network::InternetChecker: Internet access detected.
...
[W] May 15 07:14:28 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 717/1431, tunnel Ns/Nr: 1431/701, tunnel reception window size: 16 bytes)
[W] May 15 07:15:44 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 718/1433, tunnel Ns/Nr: 1433/701, tunnel reception window size: 16 bytes)

.... и по сыпало до 

[W] May 15 08:12:24 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 763/1528, tunnel Ns/Nr: 1528/701, tunnel reception window size: 16 bytes)
[I] May 15 08:13:06 ipsec: 03[KNL] creating rekey job for CHILD_SA ESP/0xc9bee081/K-II-31
[I] May 15 08:13:06 ipsec: 08[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] May 15 08:13:06 ipsec: 08[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_MD5_96/NO_EXT_SEQ 
[I] May 15 08:13:06 ipsec: 08[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] May 15 08:13:06 ipsec: 08[IKE] CHILD_SA VPNL2TPServer{7} established with SPIs cecc1c09_i c1eca550_o and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[W] May 15 08:13:06 ndm: IpSec::Configurator: "VPNL2TPServer": IPsec connection to L2TP/IPsec server from "K-II-31" is established.
[I] May 15 08:13:06 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] May 15 08:13:06 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.

....

[I] May 15 08:13:35 ipsec: 03[IKE] IKE_SA VPNL2TPServer[16] established between VIVA-66[VIVA-66]...K-II-31[K-II-31] 
[I] May 15 08:13:35 ipsec: 03[IKE] scheduling reauthentication in 28762s 
[I] May 15 08:13:35 ipsec: 03[IKE] maximum IKE_SA lifetime 28782s 
[W] May 15 08:13:39 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 764/1530, tunnel Ns/Nr: 1530/701, tunnel reception window size: 16 bytes)
[I] May 15 08:13:43 ipsec: 10[KNL] creating delete job for CHILD_SA ESP/0xc4826d7a/VIVA-66 
[I] May 15 08:13:43 ipsec: 12[KNL] creating delete job for CHILD_SA ESP/0xc9bee081/K-II-31 
[I] May 15 08:13:43 ipsec: 10[IKE] closing expired CHILD_SA VPNL2TPServer{6} with SPIs c4826d7a_i c9bee081_o and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[I] May 15 08:13:43 ipsec: 10[IKE] sending DELETE for ESP CHILD_SA with SPI c4826d7a 
[I] May 15 08:13:43 ipsec: 05[JOB] CHILD_SA ESP/0xc9bee081/K-II-31 not found for delete 
[I] May 15 08:13:43 ipsec: 11[IKE] received DELETE for ESP CHILD_SA with SPI c9bee081 
[I] May 15 08:13:43 ipsec: 11[IKE] CHILD_SA not found, ignored 
[I] May 15 08:13:45 ipsec: 07[IKE] deleting IKE_SA VPNL2TPServer[14] between VIVA-66[VIVA-66]...K-II-31[K-II-31] 
[I] May 15 08:13:45 ipsec: 07[IKE] sending DELETE for IKE_SA VPNL2TPServer[14] 
[W] May 15 08:14:55 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 765/1532, tunnel Ns/Nr: 1532/701, tunnel reception window size: 16 bytes)

... опять сыпало до 

[W] May 15 09:41:50 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): no acknowledgement from peer after 5 retransmissions, deleting tunnel
[W] May 15 09:41:50 ppp-l2tp: l2tp0:UsrXXXXK: failed to get interface statistics
[W] May 15 09:41:50 ndm: IpSec::Configurator: "VPNL2TPServer": L2TP/IPsec client "UsrXXXXK" with address "172.17.22.22" (from "K-II-31") disconnected.
[I] May 15 09:41:53 ipsec: 15[CFG] received stroke: terminate 'VPNL2TPServer{7}' 
[I] May 15 09:41:53 ipsec: 07[IKE] closing CHILD_SA VPNL2TPServer{7} with SPIs cecc1c09_i (707738722 bytes) c1eca550_o (17744836 bytes) and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[I] May 15 09:41:53 ipsec: 07[IKE] sending DELETE for ESP CHILD_SA with SPI cecc1c09 
[I] May 15 09:41:53 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] May 15 09:41:53 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.
[I] May 15 09:41:55 ipsec: 08[CFG] received stroke: terminate 'VPNL2TPServer[16]' 
[I] May 15 09:41:55 ipsec: 06[IKE] deleting IKE_SA VPNL2TPServer[16] between VIVA-66[VIVA-66]...K-II-31[K-II-31] 
[I] May 15 09:41:55 ipsec: 06[IKE] sending DELETE for IKE_SA VPNL2TPServer[16] 
[I] May 15 09:42:09 ipsec: 13[IKE] received DPD vendor ID 
[I] May 15 09:42:09 ipsec: 13[IKE] received FRAGMENTATION vendor ID 

...

[W] May 15 09:42:18 ndm: IpSec::Configurator: "VPNL2TPServer": IPsec connection to L2TP/IPsec server from "K-II-31" is established.
[I] May 15 09:42:19 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] May 15 09:42:19 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.
[I] May 15 09:42:20 ppp-l2tp: l2tp: new tunnel 21875-63396 created following reception of SCCRQ from K-II-31:41200
[I] May 15 09:42:21 ppp-l2tp: l2tp tunnel 21875-63396 (K-II-31:41200): established at VIVA-66:1701
[I] May 15 09:42:21 ppp-l2tp: l2tp tunnel 21875-63396 (K-II-31:41200): new session 8341-28042 created following reception of ICRQ
[I] May 15 09:42:21 ppp-l2tp: ppp0:: connect: ppp0 <--> l2tp(K-II-31:41200 session 21875-63396, 8341-28042)
[I] May 15 09:42:25 ppp-l2tp: ppp0:UsrXXXXK: UsrXXXXK: authentication succeeded
[I] May 15 09:42:25 kernel: l2tp0: renamed from ppp0
....

 

 

Edited by vasek00
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...