ipsec туннель не поднимается

Проблемы установки, настройки и работы Правильной Операционной Системы

Модератор: terminus

Правила форума
Убедительная просьба юзать теги [cоde] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
hopeful
проходил мимо
Сообщения: 4
Зарегистрирован: 2007-08-31 12:47:08

ipsec туннель не поднимается

Непрочитанное сообщение hopeful » 2007-08-31 13:07:11

Пробема с ipsec.
Туннель автоматически не поднимается после перезагрузки одного из компьютеров, организующих туннель.

Две шлюзовые машинки с FreeBSD, соеденены туннелем (ipsec в туннельном режиме).
Настройки по образцу на сайте.


1. Пробуем остановить racoon на 1 машинке, в то время, как 2 пингует 1 по туннелю. В консоли 1 сообщение:
«IPv4 ESP input: no key association found for spi …….»

2. Стартуем raccoon на 1 машинке. Но туннель автоматически не поднимается, пакеты со 2 машинки на 1 не ходят.
И продолжается постоянная ругань в консоли:
«IPv4 ESP input: no key association found for spi …….»
Чтобы туннель установился необходимо наоборот пингануть по туннелю с 1 машики вторую.

Как с этим бороться? :?

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2460 рублей (8 CPU, 8Gb RAM, 2x500Gb HDD, RAID 3ware 9750):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35090
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: ipsec туннель не поднимается

Непрочитанное сообщение Alex Keda » 2007-08-31 13:15:55

странно... у меня нормально всегда всё было...
========
как вариант - по два три пингга в крон каждые пару минут на обе машины....
но это - подпорка...
лог отладочный?
Убей их всех! Бог потом рассортирует...

hopeful
проходил мимо
Сообщения: 4
Зарегистрирован: 2007-08-31 12:47:08

Re: ipsec туннель не поднимается

Непрочитанное сообщение hopeful » 2007-08-31 13:54:11

Отлючает туннель на 1 машинке:
--------------------------------------------------------------------------------------------

Код: Выделить всё

2007-08-31 15:39:20: DEBUG: phase1 last IV:
2007-08-31 15:39:20: DEBUG: 
d08b1bbb 39fbea1a a8a586c6
2007-08-31 15:39:20: DEBUG: hash(sha1)
2007-08-31 15:39:20: DEBUG: encryption(3des)
2007-08-31 15:39:20: DEBUG: phase2 IV computed:
2007-08-31 15:39:20: DEBUG: 
ffe9fc2f 2f89bf11
2007-08-31 15:39:20: DEBUG: HASH with:
2007-08-31 15:39:20: DEBUG: 
a8a586c6 0000001c 00000001 01100001 189b6692 bfbd91c1 f5c941b8 09ac9ff1
2007-08-31 15:39:20: DEBUG: hmac(hmac_sha1)
2007-08-31 15:39:20: DEBUG: HASH computed:
2007-08-31 15:39:20: DEBUG: 
4591a831 5ab69fee 097fd650 5dc9f467 c5bb199c
2007-08-31 15:39:20: DEBUG: begin encryption.
2007-08-31 15:39:20: DEBUG: encryption(3des)
2007-08-31 15:39:20: DEBUG: pad length = 4
2007-08-31 15:39:20: DEBUG: 
0c000018 4591a831 5ab69fee 097fd650 5dc9f467 c5bb199c 0000001c 00000001
01100001 189b6692 bfbd91c1 f5c941b8 09ac9ff1 00000004
2007-08-31 15:39:20: DEBUG: encryption(3des)
2007-08-31 15:39:20: DEBUG: with key:
2007-08-31 15:39:20: DEBUG: 
ed47580b f9e269a1 c0d21250 ab4bc0d9 d15f5aba 6f0471d5
2007-08-31 15:39:20: DEBUG: encrypted payload by IV:
2007-08-31 15:39:20: DEBUG: 
ffe9fc2f 2f89bf11
2007-08-31 15:39:20: DEBUG: save IV for next:
2007-08-31 15:39:20: DEBUG: 
bf2fdffa 7b12565f
2007-08-31 15:39:20: DEBUG: encrypted.
2007-08-31 15:39:20: DEBUG: 84 bytes from 192.168.1.100[500] to 192.168.1.101[500]
2007-08-31 15:39:20: DEBUG: sockname 192.168.1.100[500]
2007-08-31 15:39:20: DEBUG: send packet from 192.168.1.100[500]
2007-08-31 15:39:20: DEBUG: send packet to 192.168.1.101[500]
2007-08-31 15:39:20: DEBUG: 1 times of 84 bytes message will be sent to 192.168.1.101[500]
2007-08-31 15:39:20: DEBUG: 
189b6692 bfbd91c1 f5c941b8 09ac9ff1 08100501 a8a586c6 00000054 3254d2d6
8e5d4047 6bf87a30 1edde00b 742e7c88 1dbfeeeb ee822016 baed1efc 517b9142
47d5a335 422a664d 2765f053 bf2fdffa 7b12565f
2007-08-31 15:39:20: DEBUG: sendto Information delete.
2007-08-31 15:39:20: DEBUG: an undead schedule has been deleted.
2007-08-31 15:39:20: INFO: racoon shutdown
Включаем туннель на 1 машинке:
--------------------------------------------------------------------------------------------

Код: Выделить всё

2007-08-31 15:36:20: INFO: @(#)ipsec-tools 0.6.7 (http://ipsec-tools.sourceforge.net)
2007-08-31 15:36:20: INFO: @(#)This product linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
2007-08-31 15:36:20: DEBUG: hmac(modp1024)
2007-08-31 15:36:20: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2007-08-31 15:36:20: INFO: 192.168.1.100[500] used as isakmp port (fd=5)
2007-08-31 15:36:20: DEBUG: get pfkey X_SPDDUMP message
2007-08-31 15:36:20: DEBUG: get pfkey X_SPDDUMP message
2007-08-31 15:36:20: DEBUG: sub:0xbfbfe600: 192.168.1.101/32[0] 192.168.1.100/32[0] proto=4 dir=in
2007-08-31 15:36:20: DEBUG: db :0x80b2a08: 10.3.0.0/24[0] 10.3.3.0/24[0] proto=4 dir=in
2007-08-31 15:36:20: DEBUG: get pfkey X_SPDDUMP message
2007-08-31 15:36:20: DEBUG: sub:0xbfbfe600: 10.3.3.0/24[0] 10.3.0.0/24[0] proto=4 dir=out
2007-08-31 15:36:20: DEBUG: db :0x80b2a08: 10.3.0.0/24[0] 10.3.3.0/24[0] proto=4 dir=in
2007-08-31 15:36:20: DEBUG: sub:0xbfbfe600: 10.3.3.0/24[0] 10.3.0.0/24[0] proto=4 dir=out
2007-08-31 15:36:20: DEBUG: db :0x80b2e08: 192.168.1.101/32[0] 192.168.1.100/32[0] proto=4 dir=in
2007-08-31 15:36:20: DEBUG: get pfkey X_SPDDUMP message
2007-08-31 15:36:20: DEBUG: sub:0xbfbfe600: 192.168.1.100/32[0] 192.168.1.101/32[0] proto=4 dir=out
2007-08-31 15:36:20: DEBUG: db :0x80b2a08: 10.3.0.0/24[0] 10.3.3.0/24[0] proto=4 dir=in
2007-08-31 15:36:20: DEBUG: sub:0xbfbfe600: 192.168.1.100/32[0] 192.168.1.101/32[0] proto=4 dir=out
2007-08-31 15:36:20: DEBUG: db :0x80b2e08: 192.168.1.101/32[0] 192.168.1.100/32[0] proto=4 dir=in
2007-08-31 15:36:20: DEBUG: sub:0xbfbfe600: 192.168.1.100/32[0] 192.168.1.101/32[0] proto=4 dir=out
2007-08-31 15:36:20: DEBUG: db :0x80bb208: 10.3.3.0/24[0] 10.3.0.0/24[0] proto=4 dir=out
После первого пинга:
--------------------------------------------------------------------------------------------

Код: Выделить всё

2007-08-31 15:41:50: DEBUG: db :0x80bb208: 10.3.3.0/24[0] 10.3.0.0/24[0] proto=4 dir=out
2007-08-31 15:42:29: DEBUG: get pfkey ACQUIRE message
2007-08-31 15:42:29: DEBUG: suitable outbound SP found: 192.168.1.100/32[0] 192.168.1.101/32[0] proto=4 dir=out.
2007-08-31 15:42:29: DEBUG: sub:0xbfbfe5c0: 192.168.1.101/32[0] 192.168.1.100/32[0] proto=4 dir=in
2007-08-31 15:42:29: DEBUG: db :0x80b2a08: 10.3.0.0/24[0] 10.3.3.0/24[0] proto=4 dir=in
2007-08-31 15:42:29: DEBUG: sub:0xbfbfe5c0: 192.168.1.101/32[0] 192.168.1.100/32[0] proto=4 dir=in
2007-08-31 15:42:29: DEBUG: db :0x80b2e08: 192.168.1.101/32[0] 192.168.1.100/32[0] proto=4 dir=in
2007-08-31 15:42:29: DEBUG: suitable inbound SP found: 192.168.1.101/32[0] 192.168.1.100/32[0] proto=4 dir=in.
2007-08-31 15:42:29: DEBUG: new acquire 192.168.1.100/32[0] 192.168.1.101/32[0] proto=4 dir=out
2007-08-31 15:42:29: DEBUG: anonymous sainfo selected.
2007-08-31 15:42:29: DEBUG:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-08-31 15:42:29: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-sha)
2007-08-31 15:42:29: DEBUG: configuration found for 192.168.1.101.
2007-08-31 15:42:29: INFO: IPsec-SA request for 192.168.1.101 queued due to no phase1 found.
2007-08-31 15:42:29: DEBUG: ===
2007-08-31 15:42:29: INFO: initiate new phase 1 negotiation: 192.168.1.100[500]<=>192.168.1.101[500]
2007-08-31 15:42:29: INFO: begin Aggressive mode.
2007-08-31 15:42:29: DEBUG: new cookie:
14e1516ab25aeb3d 
2007-08-31 15:42:29: DEBUG: use ID type of User_FQDN
2007-08-31 15:42:29: DEBUG: compute DH's private.
2007-08-31 15:42:29: DEBUG: 
7e77c58a 0437a445 09f91d99 be5ce5c9 6465038a ddba1fb8 a176b711 5114c6d7
05f4804b 1c562f96 9c4c382c 102eef49 680f660b 6c7c153a b5a8876f a8226832
8a0731d9 b81911b7 e07d4796 1b67876c 9815a2c9 f3b42999 3da99a6f 891e3b82
8590f501 4a8a8717 fc7a3bfb 7aef5d0d 689d6914 6b69435b 4762eed9 07b9ca24
2007-08-31 15:42:29: DEBUG: compute DH's public.
2007-08-31 15:42:29: DEBUG: 
09064485 fc16a710 631b5a64 fa88f2a5 3689848f 4a7e2b6a c103bfa5 f7703eae
b634873c 27a86e9f b9dd8554 d0db822e d5743173 52920006 0e112b41 6778279a
754f26c0 ccdf50e0 43f4d787 0ede3cba 02820cb4 086aa1c1 61fb6a4f a500bd59
65ad837b d8d10e8f c9ddec2b 1d1aa011 549002b9 ed38a280 8de279af ad521742
2007-08-31 15:42:29: DEBUG: authmethod is pre-shared key
2007-08-31 15:42:29: DEBUG: add payload of len 48, next type 4
2007-08-31 15:42:29: DEBUG: add payload of len 128, next type 10
2007-08-31 15:42:29: DEBUG: add payload of len 16, next type 5
2007-08-31 15:42:29: DEBUG: add payload of len 17, next type 13
2007-08-31 15:42:29: DEBUG: add payload of len 16, next type 0
2007-08-31 15:42:29: DEBUG: 273 bytes from 192.168.1.100[500] to 192.168.1.101[500]
2007-08-31 15:42:29: DEBUG: sockname 192.168.1.100[500]
2007-08-31 15:42:29: DEBUG: send packet from 192.168.1.100[500]
2007-08-31 15:42:29: DEBUG: send packet to 192.168.1.101[500]
2007-08-31 15:42:29: DEBUG: 1 times of 273 bytes message will be sent to 192.168.1.101[500]
2007-08-31 15:42:29: DEBUG: 
14e1516a b25aeb3d 00000000 00000000 01100400 00000000 00000111 04000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c5460
80010005 80030001 80020002 80040002 0a000084 09064485 fc16a710 631b5a64
fa88f2a5 3689848f 4a7e2b6a c103bfa5 f7703eae b634873c 27a86e9f b9dd8554
d0db822e d5743173 52920006 0e112b41 6778279a 754f26c0 ccdf50e0 43f4d787
0ede3cba 02820cb4 086aa1c1 61fb6a4f a500bd59 65ad837b d8d10e8f c9ddec2b
1d1aa011 549002b9 ed38a280 8de279af ad521742 05000014 d0d32e46 d62e9931
af2b6c56 71b5c883 0d000015 03000000 74737475 73657240 6c6f6361 6c000000
14afcad7 1368a1f1 c96b8696 fc775701 00
2007-08-31 15:42:29: DEBUG: resend phase1 packet 14e1516ab25aeb3d:0000000000000000
2007-08-31 15:42:29: DEBUG: ===
2007-08-31 15:42:29: DEBUG: 298 bytes message received from 192.168.1.101[500] to 192.168.1.100[500]
2007-08-31 15:42:29: DEBUG: 
14e1516a b25aeb3d 6d9e0676 ef0c93dc 01100400 00000000 0000012a 04000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c5460
80010005 80030001 80020002 80040002 0a000084 0c71fa49 f667957f ace154f3
2fd452d4 245b147f 9829657c 0f22ea48 0f2ba3d3 a07154a6 9b19dfcf cded220b
70fddc8e 2634962c 9ae70631 56302aa5 41581d9c 6affadc8 1bef4cef 86fd2476
7ce2b4ab 998eb001 180d3d2a 3340658d 5fc46a67 4eea10d9 82168ea5 5264907d
b53693ce d60a4de2 2cb33fc1 e0082228 3f851fb1 05000014 a22d5e7c 1bbf7509
35f5c5ed 41182c8e 08000016 03000000 70667365 6e736531 406c6f63 616c0d00
00181c48 daef4ece 6f853c11 1c6a6707 1ba55422 2b8d0000 0014afca d71368a1
f1c96b86 96fc7757 0100
2007-08-31 15:42:29: DEBUG: begin.
2007-08-31 15:42:29: DEBUG: seen nptype=1(sa)
2007-08-31 15:42:29: DEBUG: seen nptype=4(ke)
2007-08-31 15:42:29: DEBUG: seen nptype=10(nonce)
2007-08-31 15:42:29: DEBUG: seen nptype=5(id)
2007-08-31 15:42:29: DEBUG: seen nptype=8(hash)
2007-08-31 15:42:29: DEBUG: seen nptype=13(vid)
2007-08-31 15:42:29: DEBUG: succeed.
2007-08-31 15:42:29: INFO: received Vendor ID: DPD
2007-08-31 15:42:29: DEBUG: remote supports DPD
2007-08-31 15:42:29: WARNING: No ID match.
2007-08-31 15:42:29: DEBUG: total SA len=48
2007-08-31 15:42:29: DEBUG: 
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c5460
80010005 80030001 80020002 80040002
2007-08-31 15:42:29: DEBUG: begin.
2007-08-31 15:42:29: DEBUG: seen nptype=2(prop)
2007-08-31 15:42:29: DEBUG: succeed.
2007-08-31 15:42:29: DEBUG: proposal #1 len=40
2007-08-31 15:42:29: DEBUG: begin.
2007-08-31 15:42:29: DEBUG: seen nptype=3(trns)
2007-08-31 15:42:29: DEBUG: succeed.
2007-08-31 15:42:29: DEBUG: transform #1 len=32
2007-08-31 15:42:29: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-31 15:42:29: DEBUG: type=Life Duration, flag=0x8000, lorv=21600
2007-08-31 15:42:29: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2007-08-31 15:42:29: DEBUG: encryption(3des)
2007-08-31 15:42:29: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-08-31 15:42:29: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-08-31 15:42:29: DEBUG: hash(sha1)
2007-08-31 15:42:29: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-08-31 15:42:29: DEBUG: hmac(modp1024)
2007-08-31 15:42:29: DEBUG: pair 1:
2007-08-31 15:42:29: DEBUG:  0x80bc100: next=0x0 tnext=0x0
2007-08-31 15:42:29: DEBUG: proposal #1: 1 transform
2007-08-31 15:42:29: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
2007-08-31 15:42:29: DEBUG: trns#=1, trns-id=IKE
2007-08-31 15:42:29: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-31 15:42:29: DEBUG: type=Life Duration, flag=0x8000, lorv=21600
2007-08-31 15:42:29: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2007-08-31 15:42:29: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-08-31 15:42:29: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-08-31 15:42:29: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-08-31 15:42:29: DEBUG: Compared: DB:Peer
2007-08-31 15:42:29: DEBUG: (lifetime = 21600:21600)
2007-08-31 15:42:29: DEBUG: (lifebyte = 0:0)
2007-08-31 15:42:29: DEBUG: enctype = 3DES-CBC:3DES-CBC
2007-08-31 15:42:29: DEBUG: (encklen = 0:0)
2007-08-31 15:42:29: DEBUG: hashtype = SHA:SHA
2007-08-31 15:42:29: DEBUG: authmethod = pre-shared key:pre-shared key
2007-08-31 15:42:29: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2007-08-31 15:42:29: DEBUG: an acceptable proposal found.
2007-08-31 15:42:29: DEBUG: hmac(modp1024)
2007-08-31 15:42:29: DEBUG: compute DH's shared.
2007-08-31 15:42:29: DEBUG: 
21322755 7fa25928 e075d467 7d49ec97 c24c0593 cf4df3d0 52ef4c0c 073e2bb4
ff8b9639 2f570c9b 5fcb9e16 26284790 c1f3cd9c f9c5d0e0 1bf927ba a62d6b3b
0c7bdae0 11d5778a 4aad0ebe de52edf7 d02c748a b0ba6a2c cf6fa205 9b47d3fb
34845041 0a5e9f29 4e874f62 90883ec2 e78e8409 a8ceb4a1 68b3d2e4 b1f84ce4
2007-08-31 15:42:29: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
2007-08-31 15:42:29: DEBUG: the psk found.
2007-08-31 15:42:29: DEBUG: nonce 1: 2007-08-31 15:42:29: DEBUG: 
d0d32e46 d62e9931 af2b6c56 71b5c883
2007-08-31 15:42:29: DEBUG: nonce 2: 2007-08-31 15:42:29: DEBUG: 
a22d5e7c 1bbf7509 35f5c5ed 41182c8e
2007-08-31 15:42:29: DEBUG: hmac(hmac_sha1)
2007-08-31 15:42:29: DEBUG: SKEYID computed:
2007-08-31 15:42:29: DEBUG: 
44263caa e4203c06 18e0c383 861eb741 01a64823
2007-08-31 15:42:29: DEBUG: hmac(hmac_sha1)
2007-08-31 15:42:29: DEBUG: SKEYID_d computed:
2007-08-31 15:42:29: DEBUG: 
79710803 dd0f1dab b0cddf47 6affd403 ce5e3964
2007-08-31 15:42:29: DEBUG: hmac(hmac_sha1)
2007-08-31 15:42:29: DEBUG: SKEYID_a computed:
2007-08-31 15:42:29: DEBUG: 
88908a25 abac6fb3 d6c15643 efa72495 2aaf0922
2007-08-31 15:42:29: DEBUG: hmac(hmac_sha1)
2007-08-31 15:42:29: DEBUG: SKEYID_e computed:
2007-08-31 15:42:29: DEBUG: 
d26c301c a58749d1 fd1c871f 655c0c7b 75e91820
2007-08-31 15:42:29: DEBUG: encryption(3des)
2007-08-31 15:42:29: DEBUG: hash(sha1)
2007-08-31 15:42:29: DEBUG: len(SKEYID_e) < len(Ka) (20 < 24), generating long key (Ka = K1 | K2 | ...)
2007-08-31 15:42:29: DEBUG: hmac(hmac_sha1)
2007-08-31 15:42:29: DEBUG: compute intermediate encryption key K1
2007-08-31 15:42:29: DEBUG: 
00
2007-08-31 15:42:29: DEBUG: 
b26b9fb9 a2f0e37d 559b15d2 47eca322 87820faa
2007-08-31 15:42:29: DEBUG: hmac(hmac_sha1)
2007-08-31 15:42:29: DEBUG: compute intermediate encryption key K2
2007-08-31 15:42:29: DEBUG: 
b26b9fb9 a2f0e37d 559b15d2 47eca322 87820faa
2007-08-31 15:42:29: DEBUG: 
dd419ef0 33095ea9 3c458dec 461bb7d9 603f0c92
2007-08-31 15:42:29: DEBUG: final encryption key computed:
2007-08-31 15:42:29: DEBUG: 
b26b9fb9 a2f0e37d 559b15d2 47eca322 87820faa dd419ef0
2007-08-31 15:42:29: DEBUG: hash(sha1)
2007-08-31 15:42:29: DEBUG: encryption(3des)
2007-08-31 15:42:29: DEBUG: IV computed:
2007-08-31 15:42:29: DEBUG: 
ee848636 702e62d5
2007-08-31 15:42:29: DEBUG: HASH received:2007-08-31 15:42:29: DEBUG: 
1c48daef 4ece6f85 3c111c6a 67071ba5 54222b8d
2007-08-31 15:42:29: DEBUG: HASH with:
2007-08-31 15:42:29: DEBUG: 
0c71fa49 f667957f ace154f3 2fd452d4 245b147f 9829657c 0f22ea48 0f2ba3d3
a07154a6 9b19dfcf cded220b 70fddc8e 2634962c 9ae70631 56302aa5 41581d9c
6affadc8 1bef4cef 86fd2476 7ce2b4ab 998eb001 180d3d2a 3340658d 5fc46a67
4eea10d9 82168ea5 5264907d b53693ce d60a4de2 2cb33fc1 e0082228 3f851fb1
09064485 fc16a710 631b5a64 fa88f2a5 3689848f 4a7e2b6a c103bfa5 f7703eae
b634873c 27a86e9f b9dd8554 d0db822e d5743173 52920006 0e112b41 6778279a
754f26c0 ccdf50e0 43f4d787 0ede3cba 02820cb4 086aa1c1 61fb6a4f a500bd59
65ad837b d8d10e8f c9ddec2b 1d1aa011 549002b9 ed38a280 8de279af ad521742
6d9e0676 ef0c93dc 14e1516a b25aeb3d 00000001 00000001 00000028 01010001
00000020 01010000 800b0001 800c5460 80010005 80030001 80020002 80040002
03000000 70667365 6e736531 406c6f63 616c
2007-08-31 15:42:29: DEBUG: hmac(hmac_sha1)
2007-08-31 15:42:29: DEBUG: HASH computed:
2007-08-31 15:42:29: DEBUG: 
1c48daef 4ece6f85 3c111c6a 67071ba5 54222b8d
2007-08-31 15:42:29: DEBUG: HASH for PSK validated.
2007-08-31 15:42:29: DEBUG: ===
2007-08-31 15:42:29: DEBUG: generate HASH_I
2007-08-31 15:42:29: DEBUG: HASH with:
2007-08-31 15:42:29: DEBUG: 
09064485 fc16a710 631b5a64 fa88f2a5 3689848f 4a7e2b6a c103bfa5 f7703eae
b634873c 27a86e9f b9dd8554 d0db822e d5743173 52920006 0e112b41 6778279a
754f26c0 ccdf50e0 43f4d787 0ede3cba 02820cb4 086aa1c1 61fb6a4f a500bd59
65ad837b d8d10e8f c9ddec2b 1d1aa011 549002b9 ed38a280 8de279af ad521742
0c71fa49 f667957f ace154f3 2fd452d4 245b147f 9829657c 0f22ea48 0f2ba3d3
a07154a6 9b19dfcf cded220b 70fddc8e 2634962c 9ae70631 56302aa5 41581d9c
6affadc8 1bef4cef 86fd2476 7ce2b4ab 998eb001 180d3d2a 3340658d 5fc46a67
4eea10d9 82168ea5 5264907d b53693ce d60a4de2 2cb33fc1 e0082228 3f851fb1
14e1516a b25aeb3d 6d9e0676 ef0c93dc 00000001 00000001 00000028 01010001
00000020 01010000 800b0001 800c5460 80010005 80030001 80020002 80040002
03000000 74737475 73657240 6c6f6361 6c
2007-08-31 15:42:29: DEBUG: hmac(hmac_sha1)
2007-08-31 15:42:29: DEBUG: HASH computed:
2007-08-31 15:42:29: DEBUG: 
17a48a97 10591cb3 08d5b84c fb44aec0 fc2a1715
2007-08-31 15:42:29: DEBUG: add payload of len 20, next type 0
2007-08-31 15:42:29: DEBUG: 52 bytes from 192.168.1.100[500] to 192.168.1.101[500]
2007-08-31 15:42:29: DEBUG: sockname 192.168.1.100[500]
2007-08-31 15:42:29: DEBUG: send packet from 192.168.1.100[500]
2007-08-31 15:42:29: DEBUG: send packet to 192.168.1.101[500]
2007-08-31 15:42:29: DEBUG: 1 times of 52 bytes message will be sent to 192.168.1.101[500]
2007-08-31 15:42:29: DEBUG: 
14e1516a b25aeb3d 6d9e0676 ef0c93dc 08100400 00000000 00000034 00000018
17a48a97 10591cb3 08d5b84c fb44aec0 fc2a1715
2007-08-31 15:42:29: DEBUG: compute IV for phase2
2007-08-31 15:42:29: DEBUG: phase1 last IV:
2007-08-31 15:42:29: DEBUG: 
ee848636 702e62d5 efc76951
2007-08-31 15:42:29: DEBUG: hash(sha1)
2007-08-31 15:42:29: DEBUG: encryption(3des)
2007-08-31 15:42:29: DEBUG: phase2 IV computed:
2007-08-31 15:42:29: DEBUG: 
fa5ea68d d34119e1
2007-08-31 15:42:29: DEBUG: HASH with:
2007-08-31 15:42:29: DEBUG: 
efc76951 0000001c 00000001 01106002 14e1516a b25aeb3d 6d9e0676 ef0c93dc
2007-08-31 15:42:29: DEBUG: hmac(hmac_sha1)
2007-08-31 15:42:29: DEBUG: HASH computed:
2007-08-31 15:42:29: DEBUG: 
d535ba4a cb0b114f eede37c7 e362dd77 ac0a283f
2007-08-31 15:42:29: DEBUG: begin encryption.
2007-08-31 15:42:29: DEBUG: encryption(3des)
2007-08-31 15:42:29: DEBUG: pad length = 4
2007-08-31 15:42:29: DEBUG: 
0b000018 d535ba4a cb0b114f eede37c7 e362dd77 ac0a283f 0000001c 00000001
01106002 14e1516a b25aeb3d 6d9e0676 ef0c93dc 00000004
2007-08-31 15:42:29: DEBUG: encryption(3des)
2007-08-31 15:42:29: DEBUG: with key:
2007-08-31 15:42:29: DEBUG: 
b26b9fb9 a2f0e37d 559b15d2 47eca322 87820faa dd419ef0
2007-08-31 15:42:29: DEBUG: encrypted payload by IV:
2007-08-31 15:42:29: DEBUG: 
fa5ea68d d34119e1
2007-08-31 15:42:29: DEBUG: save IV for next:
2007-08-31 15:42:29: DEBUG: 
68b6109a bfeca518
2007-08-31 15:42:29: DEBUG: encrypted.
2007-08-31 15:42:29: DEBUG: 84 bytes from 192.168.1.100[500] to 192.168.1.101[500]
2007-08-31 15:42:29: DEBUG: sockname 192.168.1.100[500]
2007-08-31 15:42:29: DEBUG: send packet from 192.168.1.100[500]
2007-08-31 15:42:29: DEBUG: send packet to 192.168.1.101[500]
2007-08-31 15:42:29: DEBUG: 1 times of 84 bytes message will be sent to 192.168.1.101[500]
2007-08-31 15:42:29: DEBUG: 
14e1516a b25aeb3d 6d9e0676 ef0c93dc 08100501 efc76951 00000054 4e56a910
d77d363e a8ab6165 41a2efe3 c5063947 08935c57 0f01cb2a 37284d70 9a3c9ce5
37d1efd9 11cec998 d0a1f2dd 68b6109a bfeca518
2007-08-31 15:42:29: DEBUG: sendto Information notify.
2007-08-31 15:42:29: INFO: ISAKMP-SA established 192.168.1.100[500]-192.168.1.101[500] spi:14e1516ab25aeb3d:6d9e0676ef0c93dc
2007-08-31 15:42:29: DEBUG: ===
2007-08-31 15:42:30: DEBUG: ===

hopeful
проходил мимо
Сообщения: 4
Зарегистрирован: 2007-08-31 12:47:08

Re: ipsec туннель не поднимается

Непрочитанное сообщение hopeful » 2007-08-31 13:56:13

Как заставить ее при старте переинициализировать все туннели?

hopeful
проходил мимо
Сообщения: 4
Зарегистрирован: 2007-08-31 12:47:08

Re: ipsec туннель не поднимается

Непрочитанное сообщение hopeful » 2007-09-03 7:46:05

так никто и не подскажет?
:(