forum.opennet.ru - "не устанавливается VPN" (2)

форумы

помощь

поиск

регистрация

майллист

вход/выход

слежка

"не устанавливается VPN"

Форумы OpenNET: Виртуальная конференция (Public)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[ Отслеживать ]

"не устанавливается VPN"		+/–
Сообщение от mmm (??) on 18-Май-09, 16:10
Добрый день! пытаюсь настроить ВПН по статье: http://www.tuxnotes.ru/articles.php?a_id=17 но что-то не так идет..., вот лог от racoon-а: 2009-05-18 15:24:45: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net) 2009-05-18 15:24:45: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/) 2009-05-18 15:24:45: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf" 2009-05-18 15:24:45: INFO: Resize address pool from 0 to 255 2009-05-18 15:24:45: INFO: 11.11.11.11[500] used as isakmp port (fd=5) 2009-05-18 15:25:06: INFO: IPsec-SA request for 22.22.22.22 queued due to no phase1 found. 2009-05-18 15:25:06: ERROR: unknown AF: 0 2009-05-18 15:25:06: INFO: initiate new phase 1 negotiation: 11.11.11.11[500]<=>22.22.22.22[500] 2009-05-18 15:25:06: INFO: begin Aggressive mode. 2009-05-18 15:25:34: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:25:34: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:25:35: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:25:46: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:25:46: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:25:47: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:25:56: ERROR: phase1 negotiation failed due to time up. d23ceb1de8b9b9b4:0000000000000000 2009-05-18 15:25:56: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:25:56: INFO: IPsec-SA request for 22.22.22.22 queued due to no phase1 found. 2009-05-18 15:25:56: ERROR: unknown AF: 0 2009-05-18 15:25:56: INFO: initiate new phase 1 negotiation: 11.11.11.11[500]<=>22.22.22.22[500] 2009-05-18 15:25:56: INFO: begin Aggressive mode. 2009-05-18 15:25:57: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:26:08: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:26:08: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:26:09: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:26:18: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:26:18: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:26:19: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:26:30: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:26:30: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:26:31: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:26:40: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:26:40: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:26:41: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:26:46: ERROR: phase1 negotiation failed due to time up. 2df92e3e1598852d:0000000000000000 2009-05-18 15:26:52: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:26:52: INFO: IPsec-SA request for 22.22.22.22 queued due to no phase1 found. 2009-05-18 15:26:52: ERROR: unknown AF: 0 2009-05-18 15:26:52: INFO: initiate new phase 1 negotiation: 11.11.11.11[500]<=>22.22.22.22[500] 2009-05-18 15:26:52: INFO: begin Aggressive mode. 2009-05-18 15:26:53: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:27:02: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:27:02: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:27:03: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:27:14: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:27:14: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:27:15: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:27:23: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:27:23: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:27:24: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:27:35: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:27:35: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:27:36: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:27:42: ERROR: phase1 negotiation failed due to time up. 301ee358108c707c:0000000000000000 2009-05-18 15:27:44: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:27:44: INFO: IPsec-SA request for 22.22.22.22 queued due to no phase1 found. 2009-05-18 15:27:44: ERROR: unknown AF: 0 2009-05-18 15:27:44: INFO: initiate new phase 1 negotiation: 11.11.11.11[500]<=>22.22.22.22[500] 2009-05-18 15:27:44: INFO: begin Aggressive mode. 2009-05-18 15:27:45: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:27:56: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:27:56: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:27:57: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:28:05: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:28:05: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:28:06: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:28:17: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:28:17: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:28:18: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:28:26: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:28:26: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:28:27: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:28:34: ERROR: phase1 negotiation failed due to time up. 33a5d0d01572eae3:0000000000000000 2009-05-18 15:28:38: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:28:38: INFO: IPsec-SA request for 22.22.22.22 queued due to no phase1 found. 2009-05-18 15:28:38: ERROR: unknown AF: 0 2009-05-18 15:28:38: INFO: initiate new phase 1 negotiation: 11.11.11.11[500]<=>22.22.22.22[500] 2009-05-18 15:28:38: INFO: begin Aggressive mode. 2009-05-18 15:28:39: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:28:47: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:28:47: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:28:48: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:28:59: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:28:59: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:29:00: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:29:09: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:29:09: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:29:10: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:29:21: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:29:21: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:29:22: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:29:28: ERROR: phase1 negotiation failed due to time up. 547c368d323937e9:0000000000000000 2009-05-18 15:29:31: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:29:31: INFO: IPsec-SA request for 22.22.22.22 queued due to no phase1 found. 2009-05-18 15:29:31: ERROR: unknown AF: 0 2009-05-18 15:29:31: INFO: initiate new phase 1 negotiation: 11.11.11.11[500]<=>22.22.22.22[500] 2009-05-18 15:29:31: INFO: begin Aggressive mode. 2009-05-18 15:29:32: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:29:43: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:29:43: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:29:44: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:29:53: INFO: phase2 sa expired 11.11.11.11-22.22.22.22 2009-05-18 15:29:53: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-18 15:29:54: INFO: phase2 sa deleted 11.11.11.11-22.22.22.22 2009-05-18 15:30:21: ERROR: phase1 negotiation failed due to time up. 2df3c3b2e767594e:0000000000000000 2009-05-18 15:30:24: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 22.22.22.22[0]->11.11.11.11[0] 2009-05-18 15:30:24: INFO: delete phase 2 handler. 2009-05-18 15:35:42: INFO: IPsec-SA request for 22.22.22.22 queued due to no phase1 found. 2009-05-18 15:35:42: ERROR: unknown AF: 0 2009-05-18 15:35:42: INFO: initiate new phase 1 negotiation: 11.11.11.11[500]<=>22.22.22.22[500] 2009-05-18 15:35:42: INFO: begin Aggressive mode. 2009-05-18 15:36:13: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 22.22.22.22[0]->11.11.11.11[0] 2009-05-18 15:36:13: INFO: delete phase 2 handler. 2009-05-18 15:36:32: ERROR: phase1 negotiation failed due to time up. aeda6ff0a9dc0e27:0000000000000000 2009-05-18 15:46:30: INFO: IPsec-SA request for 22.22.22.22 queued due to no phase1 found. 2009-05-18 15:46:30: ERROR: unknown AF: 0 2009-05-18 15:46:30: INFO: initiate new phase 1 negotiation: 11.11.11.11[500]<=>22.22.22.22[500] 2009-05-18 15:46:30: INFO: begin Aggressive mode. 2009-05-18 15:47:01: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 22.22.22.22[0]->11.11.11.11[0] 2009-05-18 15:47:01: INFO: delete phase 2 handler. 2009-05-18 15:47:20: ERROR: phase1 negotiation failed due to time up. 456ccfe3d5514c2d:0000000000000000 что я не так делаю?
Высказать мнение \| Ответить \| Правка \| Cообщить модератору

Оглавление

не устанавливается VPN, mmm, 10:57 , 21-Май-09, (1)

не устанавливается VPN, mmm, 11:58 , 21-Май-09, (2)

Сообщения по теме [Сортировка по времени | RSS]

1. "не устанавливается VPN" +/–

Сообщение от mmm (??) on 21-Май-09, 10:57

Помогите, пожалуйста. вот конфиг racoon:
#file with key
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
#incoming connector
listen
{
isakmp 11.11.11.11; для другого пк 22.22.22.22
}
#any host is anonymous. will insert ip remote server
remote anonymous
{
exchange_mode aggressive;
my_identifier address;
lifetime time 24 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 12 hour;
encryption_algorithm 3des, blowfish, des, rijndael;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
есть лог с другого сервера:
2009-05-20 11:07:17: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net)
2009-05-20 11:07:17: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
2009-05-20 11:07:17: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf"
2009-05-20 11:07:17: INFO: Resize address pool from 0 to 255
2009-05-20 11:07:17: INFO: 22.22.22.22[500] used as isakmp port (fd=5)
2009-05-20 11:08:09: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found.
2009-05-20 11:08:09: ERROR: unknown AF: 0
2009-05-20 11:08:09: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-20 11:08:09: INFO: begin Aggressive mode.
2009-05-20 11:08:40: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0]
2009-05-20 11:08:40: INFO: delete phase 2 handler.
2009-05-20 11:08:59: ERROR: phase1 negotiation failed due to time up. 1cc0d92b1d1d23a5:0000000000000000
2009-05-20 11:09:04: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-20 11:09:04: INFO: begin Aggressive mode.
2009-05-20 11:09:04: INFO: received Vendor ID: DPD
2009-05-20 11:09:04: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:04: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
2009-05-20 11:09:04: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:04: ERROR: couldn't find the pskey for 11.11.11.11.
2009-05-20 11:09:04: ERROR: failed to process packet.
2009-05-20 11:09:04: ERROR: phase1 negotiation failed.
2009-05-20 11:09:14: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-20 11:09:14: INFO: begin Aggressive mode.
2009-05-20 11:09:14: INFO: received Vendor ID: DPD
2009-05-20 11:09:14: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:14: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
2009-05-20 11:09:14: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:14: ERROR: couldn't find the pskey for 11.11.11.11.
2009-05-20 11:09:14: ERROR: failed to process packet.
2009-05-20 11:09:14: ERROR: phase1 negotiation failed.
2009-05-20 11:09:24: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-20 11:09:24: INFO: begin Aggressive mode.
2009-05-20 11:09:24: INFO: received Vendor ID: DPD
2009-05-20 11:09:24: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:24: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
2009-05-20 11:09:24: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:24: ERROR: couldn't find the pskey for 11.11.11.11.
2009-05-20 11:09:24: ERROR: failed to process packet.
2009-05-20 11:09:24: ERROR: phase1 negotiation failed.
2009-05-20 11:09:34: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-20 11:09:34: INFO: begin Aggressive mode.
2009-05-20 11:09:34: INFO: received Vendor ID: DPD
2009-05-20 11:09:34: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:34: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
2009-05-20 11:09:34: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:34: ERROR: couldn't find the pskey for 11.11.11.11.
2009-05-20 11:09:34: ERROR: failed to process packet.
2009-05-20 11:09:34: ERROR: phase1 negotiation failed.
2009-05-20 11:09:40: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found.
2009-05-20 11:09:40: ERROR: unknown AF: 0
2009-05-20 11:09:40: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-20 11:09:40: INFO: begin Aggressive mode.
2009-05-20 11:09:44: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-20 11:09:44: INFO: begin Aggressive mode.
2009-05-20 11:09:44: INFO: received Vendor ID: DPD
2009-05-20 11:09:44: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:44: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
2009-05-20 11:09:44: ERROR: failed to open pre_share_key file psk.txt
2009-05-20 11:09:44: ERROR: couldn't find the pskey for 11.11.11.11.
2009-05-20 11:09:44: ERROR: failed to process packet.
2009-05-20 11:09:44: ERROR: phase1 negotiation failed.
2009-05-20 11:09:52: INFO: phase2 sa expired 22.22.22.22-11.11.11.11
2009-05-20 11:09:52: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
2009-05-20 11:09:53: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11
2009-05-20 11:10:02: INFO: phase2 sa expired 22.22.22.22-11.11.11.11
2009-05-20 11:10:02: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
2009-05-20 11:10:03: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11
2009-05-20 11:10:14: INFO: phase2 sa expired 22.22.22.22-11.11.11.11
2009-05-20 11:10:14: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
2009-05-20 11:10:15: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11
2009-05-20 11:10:24: INFO: phase2 sa expired 22.22.22.22-11.11.11.11
2009-05-20 11:10:24: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
2009-05-20 11:10:25: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11
2009-05-20 11:10:30: ERROR: phase1 negotiation failed due to time up. b40a7c6b618ace50:0000000000000000
2009-05-20 11:10:36: INFO: phase2 sa expired 22.22.22.22-11.11.11.11
2009-05-20 11:10:36: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found.
2009-05-20 11:10:36: ERROR: unknown AF: 0
2009-05-20 11:10:36: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-20 11:10:36: INFO: begin Aggressive mode.
2009-05-20 11:10:37: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11
2009-05-20 11:11:07: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0]
2009-05-20 11:11:07: INFO: delete phase 2 handler.
2009-05-20 11:11:26: ERROR: phase1 negotiation failed due to time up. 6f35d209066086c1:0000000000000000
2009-05-20 11:11:43: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found.
2009-05-20 11:11:43: ERROR: unknown AF: 0
2009-05-20 11:11:43: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-20 11:11:43: INFO: begin Aggressive mode.
2009-05-20 11:12:15: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0]
2009-05-20 11:12:15: INFO: delete phase 2 handler.
2009-05-20 11:12:33: ERROR: phase1 negotiation failed due to time up. fe65148b3522e3ac:0000000000000000

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "не устанавливается VPN" +/–

Сообщение от mmm (??) on 21-Май-09, 11:58

с файлом ключей на другой стороне - все уже нормально:
2009-05-21 11:37:16: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net)
2009-05-21 11:37:16: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
2009-05-21 11:37:16: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf"
2009-05-21 11:37:16: INFO: Resize address pool from 0 to 255
2009-05-21 11:37:16: INFO: 22.22.22.22[500] used as isakmp port (fd=5)
2009-05-21 11:37:44: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found.
2009-05-21 11:37:44: ERROR: unknown AF: 0
2009-05-21 11:37:44: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-21 11:37:44: INFO: begin Aggressive mode.
2009-05-21 11:37:56: INFO: phase2 sa expired 22.22.22.22-11.11.11.11
2009-05-21 11:37:56: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
2009-05-21 11:37:57: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11
2009-05-21 11:38:07: INFO: phase2 sa expired 22.22.22.22-11.11.11.11
2009-05-21 11:38:07: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
2009-05-21 11:38:08: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11
2009-05-21 11:38:34: ERROR: phase1 negotiation failed due to time up. 0bd05d5df3e67a0d:0000000000000000
2009-05-21 11:38:38: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0]
2009-05-21 11:38:38: INFO: delete phase 2 handler.
2009-05-21 11:44:56: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found.
2009-05-21 11:44:56: ERROR: unknown AF: 0
2009-05-21 11:44:56: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-21 11:44:56: INFO: begin Aggressive mode.
2009-05-21 11:45:27: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0]
2009-05-21 11:45:27: INFO: delete phase 2 handler.
2009-05-21 11:45:46: ERROR: phase1 negotiation failed due to time up. 5d8e4da5e589b7bf:0000000000000000
2009-05-21 11:45:56: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found.
2009-05-21 11:45:56: ERROR: unknown AF: 0
2009-05-21 11:45:56: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500]
2009-05-21 11:45:56: INFO: begin Aggressive mode.
2009-05-21 11:46:27: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0]
2009-05-21 11:46:27: INFO: delete phase 2 handler.
вот что такое ERROR: unknown AFЖ 0 ? Видимо в нем дело...

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема

Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "не устанавливается VPN"		+/–
Сообщение от mmm (??) on 21-Май-09, 10:57
Помогите, пожалуйста. вот конфиг racoon: #file with key path pre_shared_key "/usr/local/etc/racoon/psk.txt"; #incoming connector listen { isakmp 11.11.11.11; для другого пк 22.22.22.22 } #any host is anonymous. will insert ip remote server remote anonymous { exchange_mode aggressive; my_identifier address; lifetime time 24 hour; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 12 hour; encryption_algorithm 3des, blowfish, des, rijndael; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; } есть лог с другого сервера: 2009-05-20 11:07:17: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net) 2009-05-20 11:07:17: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/) 2009-05-20 11:07:17: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf" 2009-05-20 11:07:17: INFO: Resize address pool from 0 to 255 2009-05-20 11:07:17: INFO: 22.22.22.22[500] used as isakmp port (fd=5) 2009-05-20 11:08:09: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found. 2009-05-20 11:08:09: ERROR: unknown AF: 0 2009-05-20 11:08:09: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-20 11:08:09: INFO: begin Aggressive mode. 2009-05-20 11:08:40: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0] 2009-05-20 11:08:40: INFO: delete phase 2 handler. 2009-05-20 11:08:59: ERROR: phase1 negotiation failed due to time up. 1cc0d92b1d1d23a5:0000000000000000 2009-05-20 11:09:04: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-20 11:09:04: INFO: begin Aggressive mode. 2009-05-20 11:09:04: INFO: received Vendor ID: DPD 2009-05-20 11:09:04: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:04: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. 2009-05-20 11:09:04: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:04: ERROR: couldn't find the pskey for 11.11.11.11. 2009-05-20 11:09:04: ERROR: failed to process packet. 2009-05-20 11:09:04: ERROR: phase1 negotiation failed. 2009-05-20 11:09:14: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-20 11:09:14: INFO: begin Aggressive mode. 2009-05-20 11:09:14: INFO: received Vendor ID: DPD 2009-05-20 11:09:14: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:14: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. 2009-05-20 11:09:14: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:14: ERROR: couldn't find the pskey for 11.11.11.11. 2009-05-20 11:09:14: ERROR: failed to process packet. 2009-05-20 11:09:14: ERROR: phase1 negotiation failed. 2009-05-20 11:09:24: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-20 11:09:24: INFO: begin Aggressive mode. 2009-05-20 11:09:24: INFO: received Vendor ID: DPD 2009-05-20 11:09:24: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:24: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. 2009-05-20 11:09:24: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:24: ERROR: couldn't find the pskey for 11.11.11.11. 2009-05-20 11:09:24: ERROR: failed to process packet. 2009-05-20 11:09:24: ERROR: phase1 negotiation failed. 2009-05-20 11:09:34: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-20 11:09:34: INFO: begin Aggressive mode. 2009-05-20 11:09:34: INFO: received Vendor ID: DPD 2009-05-20 11:09:34: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:34: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. 2009-05-20 11:09:34: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:34: ERROR: couldn't find the pskey for 11.11.11.11. 2009-05-20 11:09:34: ERROR: failed to process packet. 2009-05-20 11:09:34: ERROR: phase1 negotiation failed. 2009-05-20 11:09:40: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found. 2009-05-20 11:09:40: ERROR: unknown AF: 0 2009-05-20 11:09:40: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-20 11:09:40: INFO: begin Aggressive mode. 2009-05-20 11:09:44: INFO: respond new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-20 11:09:44: INFO: begin Aggressive mode. 2009-05-20 11:09:44: INFO: received Vendor ID: DPD 2009-05-20 11:09:44: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:44: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. 2009-05-20 11:09:44: ERROR: failed to open pre_share_key file psk.txt 2009-05-20 11:09:44: ERROR: couldn't find the pskey for 11.11.11.11. 2009-05-20 11:09:44: ERROR: failed to process packet. 2009-05-20 11:09:44: ERROR: phase1 negotiation failed. 2009-05-20 11:09:52: INFO: phase2 sa expired 22.22.22.22-11.11.11.11 2009-05-20 11:09:52: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-20 11:09:53: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11 2009-05-20 11:10:02: INFO: phase2 sa expired 22.22.22.22-11.11.11.11 2009-05-20 11:10:02: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-20 11:10:03: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11 2009-05-20 11:10:14: INFO: phase2 sa expired 22.22.22.22-11.11.11.11 2009-05-20 11:10:14: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-20 11:10:15: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11 2009-05-20 11:10:24: INFO: phase2 sa expired 22.22.22.22-11.11.11.11 2009-05-20 11:10:24: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-20 11:10:25: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11 2009-05-20 11:10:30: ERROR: phase1 negotiation failed due to time up. b40a7c6b618ace50:0000000000000000 2009-05-20 11:10:36: INFO: phase2 sa expired 22.22.22.22-11.11.11.11 2009-05-20 11:10:36: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found. 2009-05-20 11:10:36: ERROR: unknown AF: 0 2009-05-20 11:10:36: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-20 11:10:36: INFO: begin Aggressive mode. 2009-05-20 11:10:37: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11 2009-05-20 11:11:07: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0] 2009-05-20 11:11:07: INFO: delete phase 2 handler. 2009-05-20 11:11:26: ERROR: phase1 negotiation failed due to time up. 6f35d209066086c1:0000000000000000 2009-05-20 11:11:43: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found. 2009-05-20 11:11:43: ERROR: unknown AF: 0 2009-05-20 11:11:43: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-20 11:11:43: INFO: begin Aggressive mode. 2009-05-20 11:12:15: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0] 2009-05-20 11:12:15: INFO: delete phase 2 handler. 2009-05-20 11:12:33: ERROR: phase1 negotiation failed due to time up. fe65148b3522e3ac:0000000000000000
Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору


	2. "не устанавливается VPN"		+/–
	Сообщение от mmm (??) on 21-Май-09, 11:58
	с файлом ключей на другой стороне - все уже нормально: 2009-05-21 11:37:16: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net) 2009-05-21 11:37:16: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/) 2009-05-21 11:37:16: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf" 2009-05-21 11:37:16: INFO: Resize address pool from 0 to 255 2009-05-21 11:37:16: INFO: 22.22.22.22[500] used as isakmp port (fd=5) 2009-05-21 11:37:44: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found. 2009-05-21 11:37:44: ERROR: unknown AF: 0 2009-05-21 11:37:44: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-21 11:37:44: INFO: begin Aggressive mode. 2009-05-21 11:37:56: INFO: phase2 sa expired 22.22.22.22-11.11.11.11 2009-05-21 11:37:56: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-21 11:37:57: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11 2009-05-21 11:38:07: INFO: phase2 sa expired 22.22.22.22-11.11.11.11 2009-05-21 11:38:07: INFO: request for establishing IPsec-SA was queued due to no phase1 found. 2009-05-21 11:38:08: INFO: phase2 sa deleted 22.22.22.22-11.11.11.11 2009-05-21 11:38:34: ERROR: phase1 negotiation failed due to time up. 0bd05d5df3e67a0d:0000000000000000 2009-05-21 11:38:38: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0] 2009-05-21 11:38:38: INFO: delete phase 2 handler. 2009-05-21 11:44:56: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found. 2009-05-21 11:44:56: ERROR: unknown AF: 0 2009-05-21 11:44:56: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-21 11:44:56: INFO: begin Aggressive mode. 2009-05-21 11:45:27: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0] 2009-05-21 11:45:27: INFO: delete phase 2 handler. 2009-05-21 11:45:46: ERROR: phase1 negotiation failed due to time up. 5d8e4da5e589b7bf:0000000000000000 2009-05-21 11:45:56: INFO: IPsec-SA request for 11.11.11.11 queued due to no phase1 found. 2009-05-21 11:45:56: ERROR: unknown AF: 0 2009-05-21 11:45:56: INFO: initiate new phase 1 negotiation: 22.22.22.22[500]<=>11.11.11.11[500] 2009-05-21 11:45:56: INFO: begin Aggressive mode. 2009-05-21 11:46:27: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 11.11.11.11[0]->22.22.22.22[0] 2009-05-21 11:46:27: INFO: delete phase 2 handler. вот что такое ERROR: unknown AFЖ 0 ? Видимо в нем дело...
	Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору

Архив \| Удалить	Индекс форумов \| Темы \| Пред. тема \| След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 \| 2 \| 3 \| 4 \| 5 ] [Рекомендовать для помещения в FAQ]