forum.opennet.ru - "OpenSWAN vs WinXP клиент" (2)

форумы

помощь

поиск

регистрация

майллист

вход/выход

слежка

"OpenSWAN vs WinXP клиент"

Форум Информационная безопасность (VPN, IPSec / Linux)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[ Отслеживать ]

"OpenSWAN vs WinXP клиент"	+/–
Сообщение от ambient_sky (ok) on 10-Апр-07, 14:53
Здравствуйте гуру! Заранее всех благодарю за помощь! Крик души: ХЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЕЛП!!!!! Ситуция: Клиент (ХР, roadwarrior с дин. ИП) ------- ФВ/НАТ ---------- ВПН (Trustix 3.0.5/Linux lion-gw 2.6.19.7-1tr-TuxFire /OpenSWAN 2.4.5-2tr) Авторизация решится с помощью сертификатов (OpenSSL http://www.natecarlson.com/linux/ipsec-x509.php#clientopenswan). На клиенте установлен сертификат СА и pkcs12 сертификат клиента. При попытке подключения в логах такие вот ошибки, клиент не подключится. Apr 10 11:41:05 lion-gw ipsec__plutorun: Starting Pluto subsystem... Apr 10 11:41:05 lion-gw pluto[17898]: Starting Pluto (Openswan Version 2.4.5 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEnMCu\177xOp@c) Apr 10 11:41:05 lion-gw pluto[17898]: Setting NAT-Traversal port-4500 floating to on Apr 10 11:41:05 lion-gw pluto[17898]: port floating activation criteria nat_t=1/port_fload=1 Apr 10 11:41:05 lion-gw pluto[17898]: including NAT-Traversal patch (Version 0.6c) Apr 10 11:41:05 lion-gw pluto[17898]: 1 bad entries in virtual_private - none loaded Apr 10 11:41:05 lion-gw pluto[17898]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Apr 10 11:41:05 lion-gw pluto[17898]: starting up 1 cryptographic helpers Apr 10 11:41:05 lion-gw pluto[17898]: started helper pid=17899 (fd:6) Apr 10 11:41:05 lion-gw pluto[17898]: Using Linux 2.6 IPsec interface code on 2.6.19.7-1tr-TuxFire Apr 10 11:41:05 lion-gw pluto[17898]: Changing to directory '/etc/ipsec.d/cacerts' Apr 10 11:41:05 lion-gw pluto[17898]: loaded CA cert file 'cacert.pem' (1464 bytes) Apr 10 11:41:05 lion-gw pluto[17898]: Changing to directory '/etc/ipsec.d/aacerts' Apr 10 11:41:05 lion-gw pluto[17898]: Changing to directory '/etc/ipsec.d/ocspcerts' Apr 10 11:41:05 lion-gw pluto[17898]: Changing to directory '/etc/ipsec.d/crls' Apr 10 11:41:05 lion-gw pluto[17898]: loaded crl file 'crl.pem' (568 bytes) Apr 10 11:41:05 lion-gw pluto[17898]: listening for IKE messages Apr 10 11:41:05 lion-gw pluto[17898]: adding interface eth1/eth1 217.172.151.26:500 Apr 10 11:41:05 lion-gw pluto[17898]: adding interface eth1/eth1 217.172.151.26:4500 Apr 10 11:41:05 lion-gw pluto[17898]: adding interface eth0:1/eth0:1 217.172.149.158:500 Apr 10 11:41:06 lion-gw pluto[17898]: adding interface eth0:1/eth0:1 217.172.149.158:4500 Apr 10 11:41:06 lion-gw pluto[17898]: adding interface eth0/eth0 10.0.0.55:500 Apr 10 11:41:06 lion-gw pluto[17898]: adding interface eth0/eth0 10.0.0.55:4500 Apr 10 11:41:06 lion-gw pluto[17898]: adding interface lo/lo 127.0.0.1:500 Apr 10 11:41:06 lion-gw pluto[17898]: adding interface lo/lo 127.0.0.1:4500 Apr 10 11:41:06 lion-gw pluto[17898]: loading secrets from "/etc/ipsec.secrets" Apr 10 11:41:06 lion-gw pluto[17898]: loaded private key file '/etc/ipsec.d/private/gw.lion.key' (1743 bytes) Apr 10 11:41:13 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Apr 10 11:41:13 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [FRAGMENTATION] Apr 10 11:41:13 lion-gw pluto[17898]: packet from 213.160.183.147:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Apr 10 11:41:13 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [Vid-Initial-Contact] Apr 10 11:41:13 lion-gw pluto[17898]: packet from 213.160.183.147:500: initial Main Mode message received on 217.172.151.26:500 but no connection has been authorized Apr 10 11:41:14 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Apr 10 11:41:14 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [FRAGMENTATION] Apr 10 11:41:14 lion-gw pluto[17898]: packet from 213.160.183.147:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Apr 10 11:41:14 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [Vid-Initial-Contact] Apr 10 11:41:14 lion-gw pluto[17898]: packet from 213.160.183.147:500: initial Main Mode message received on 217.172.151.26:500 but no connection has been authorized Apr 10 11:41:16 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Apr 10 11:41:16 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [FRAGMENTATION] Apr 10 11:41:16 lion-gw pluto[17898]: packet from 213.160.183.147:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Apr 10 11:41:16 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [Vid-Initial-Contact] Apr 10 11:41:16 lion-gw pluto[17898]: packet from 213.160.183.147:500: initial Main Mode message received on 217.172.151.26:500 but no connection has been authorized Apr 10 11:41:17 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Delete SA payload: not encrypted Apr 10 11:41:17 lion-gw pluto[17898]: packet from 213.160.183.147:500: received and ignored informational message Apr 10 11:47:53 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Apr 10 11:47:53 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [FRAGMENTATION] Apr 10 11:47:53 lion-gw pluto[17898]: packet from 213.160.183.147:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Apr 10 11:47:53 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [Vid-Initial-Contact] Apr 10 11:47:53 lion-gw pluto[17898]: packet from 213.160.183.147:500: initial Main Mode message received on 217.172.151.26:500 but no connection has been authorized Apr 10 11:47:54 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Apr 10 11:47:54 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [FRAGMENTATION] Apr 10 11:47:54 lion-gw pluto[17898]: packet from 213.160.183.147:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Apr 10 11:47:54 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [Vid-Initial-Contact] Apr 10 11:47:54 lion-gw pluto[17898]: packet from 213.160.183.147:500: initial Main Mode message received on 217.172.151.26:500 but no connection has been authorized Apr 10 11:47:56 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Apr 10 11:47:56 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [FRAGMENTATION] Apr 10 11:47:56 lion-gw pluto[17898]: packet from 213.160.183.147:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Apr 10 11:47:56 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Vendor ID payload [Vid-Initial-Contact] Apr 10 11:47:56 lion-gw pluto[17898]: packet from 213.160.183.147:500: initial Main Mode message received on 217.172.151.26:500 but no connection has been authorized Apr 10 11:47:58 lion-gw pluto[17898]: packet from 213.160.183.147:500: ignoring Delete SA payload: not encrypted Apr 10 11:47:58 lion-gw pluto[17898]: packet from 213.160.183.147:500: received and ignored informational message ===================================== # /etc/ipsec.conf - Openswan IPsec configuration file # RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $ # This file: /usr/share/doc/openswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup interfaces="ipsec0=eth1" overridemtu=1410 # plutodebug / klipsdebug = "all", "none" or a combation from below: # "raw crypt parsing emitting control klips pfkey natt x509 private" # eg: # plutodebug="control parsing" # # Only enable klipsdebug=all if you are a developer # # NAT-TRAVERSAL support, see README.NAT-Traversal nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12 # Add connections here conn rw-test type=tunnel #leftrsasigkey=нrt #rightrsasigkey=нrt left=чfaultgw right=%any auto=none conn чfault keyingtries=1 compress=yes disablearrivalcheck=no authby=rsasig leftrsasigkey=нrt rightrsasigkey=нrt conn roadwarrior-l2tp pfs=no leftprotoport=17/0 rightprotoport=17/1701 also=roadwarrior conn roadwarrior-l2tp-updatedwin pfs=no leftprotoport=17/1701 rightprotoport=17/1701 also=roadwarrior conn roadwarrior-all leftsubnet=0.0.0.0/0 also=roadwarrior conn roadwarrior type=tunnel auth=esp left=x.x.151.26 leftsubnet=10.0.0.0/24 leftcert=gw.lion.pem right=%any rightsubnet=vhost:%no,%priv rightcert=%any pfs=yes auto=start # sample VPN connection #conn sample # # Left security gateway, subnet behind it, nexthop toward right. # left=10.0.0.1 # leftsubnet=172.16.0.0/24 # leftnexthop=10.22.33.44 # # Right security gateway, subnet behind it, nexthop toward left. # right=10.12.12.1 # rightsubnet=192.168.0.0/24 # rightnexthop=10.101.102.103 # # To authorize this connection, but not actually start it, # # at startup, uncomment this. # #auto=start #Disable Opportunistic Encryption include /etc/ipsec.d/examples/no_oe.conf ===================================== ifconfig: eth0 Link encap:Ethernet HWaddr 00:E0:4C:03:A7:90 inet addr:10.0.0.55 Bcast:10.0.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9167220 errors:0 dropped:0 overruns:0 frame:0 TX packets:9578455 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2438773899 (2325.7 Mb) TX bytes:1680683297 (1602.8 Mb) Interrupt:18 Base address:0x4c00 eth1 Link encap:Ethernet HWaddr 00:17:31:91:FD:2D inet addr:x.x.151.26 Bcast:217.172.151.27 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10553616 errors:0 dropped:0 overruns:0 frame:0 TX packets:9999378 errors:0 dropped:0 overruns:0 carrier:0 collisions:27409 txqueuelen:1000 RX bytes:1365485331 (1302.2 Mb) TX bytes:2467187465 (2352.8 Mb) Interrupt:19 Base address:0x6800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:178083 errors:0 dropped:0 overruns:0 frame:0 TX packets:178083 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:20858181 (19.8 Mb) TX bytes:20858181 (19.8 Mb) ==================================== route: 212.65.244.134 10.0.0.57 255.255.255.255 UGH 0 0 0 eth0 194.149.124.60 10.0.0.57 255.255.255.255 UGH 0 0 0 eth0 195.70.150.41 10.0.0.57 255.255.255.255 UGH 0 0 0 eth0 217.172.151.24 0.0.0.0 255.255.255.252 U 0 0 0 eth1 217.172.149.152 0.0.0.0 255.255.255.248 U 0 0 0 eth0 217.172.149.152 0.0.0.0 255.255.255.248 U 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 217.172.151.25 0.0.0.0 UG 0 0 0 eth1 ===================================== iptables 50 13928 ACCEPT udp -- eth1 * 0.0.0.0/0 217.172.151.26 udp dpt:500 0 0 ACCEPT esp -- eth1 * 0.0.0.0/0 217.172.151.26 0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 217.172.151.26 udp dpt:4500
Высказать мнение \| Ответить \| Правка \| Cообщить модератору

Оглавление

OpenSWAN vs WinXP клиент, ambient_sky, 18:17 , 10-Апр-07, (1)

OpenSWAN vs WinXP клиент, Xaionaro, 17:29 , 16-Июл-10, (2)

Сообщения по теме [Сортировка по времени | RSS]

1. "OpenSWAN vs WinXP клиент" +/–

Сообщение от ambient_sky (ok) on 10-Апр-07, 18:17

Частично решил (трабл был в конфигурации, conn %default должен быть перед всеми остпльными conn), но возникла новая проблема:
Apr 10 16:07:28 lion-gw pluto[28066]: packet from 213.160.183.147:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 10 16:07:28 lion-gw pluto[28066]: packet from 213.160.183.147:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 10 16:07:28 lion-gw pluto[28066]: packet from 213.160.183.147:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Apr 10 16:07:28 lion-gw pluto[28066]: packet from 213.160.183.147:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 10 16:07:28 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: responding to Main Mode from unknown peer 213.160.183.147
Apr 10 16:07:28 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 10 16:07:28 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 10 16:07:29 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Apr 10 16:07:29 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 10 16:07:29 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 10 16:07:30 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: discarding duplicate packet; already STATE_MAIN_R2
Apr 10 16:07:33 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: next payload type of ISAKMP Hash Payload has an unknown value: 48
Apr 10 16:07:33 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: malformed payload in packet
Apr 10 16:07:33 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: sending notification PAYLOAD_MALFORMED to 213.160.183.147:500
Apr 10 16:08:17 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #13: max number of retransmissions (2) reached STATE_MAIN_R2
Apr 10 16:08:26 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: next payload type of ISAKMP Hash Payload has an unknown value: 116
Apr 10 16:08:26 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: malformed payload in packet
Apr 10 16:08:26 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: sending notification PAYLOAD_MALFORMED to 213.160.183.147:500
Apr 10 16:08:31 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: max number of retransmissions (2) reached STATE_MAIN_R2
Apr 10 16:08:31 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #15: max number of retransmissions (2) reached STATE_MAIN_R1
Apr 10 16:08:39 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: max number of retransmissions (2) reached STATE_MAIN_R2
Apr 10 16:08:39 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147: deleting connection "roadwarrior" instance with peer 213.160.183.147 {isakmp=#0/ipsec=#0}
Клиент XP SP2

Высказать мнение | Ответить | Правка | ^ | Наверх | Cообщить модератору

2. "OpenSWAN vs WinXP клиент" +/–

Сообщение от Xaionaro (ok) on 16-Июл-10, 17:29

>[оверквотинг удален]
>Apr 10 16:08:31 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: max number of retransmissions
>(2) reached STATE_MAIN_R2
>Apr 10 16:08:31 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #15: max number of retransmissions
>(2) reached STATE_MAIN_R1
>Apr 10 16:08:39 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: max number of retransmissions
>(2) reached STATE_MAIN_R2
>Apr 10 16:08:39 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147: deleting connection "roadwarrior" instance with
>peer 213.160.183.147 {isakmp=#0/ipsec=#0}
>
>Клиент XP SP2
У меня подобная проблема решилась после двух пунктов:
1.) Я перегенерил ключи на 512-битные вместо 1024-битных;
2.) Я на этот раз импортировал сертификаты в windows с помощью программы certimport.

Высказать мнение | Ответить | Правка | ^ | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "OpenSWAN vs WinXP клиент"	+/–
Сообщение от ambient_sky (ok) on 10-Апр-07, 18:17
Частично решил (трабл был в конфигурации, conn %default должен быть перед всеми остпльными conn), но возникла новая проблема: Apr 10 16:07:28 lion-gw pluto[28066]: packet from 213.160.183.147:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Apr 10 16:07:28 lion-gw pluto[28066]: packet from 213.160.183.147:500: ignoring Vendor ID payload [FRAGMENTATION] Apr 10 16:07:28 lion-gw pluto[28066]: packet from 213.160.183.147:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Apr 10 16:07:28 lion-gw pluto[28066]: packet from 213.160.183.147:500: ignoring Vendor ID payload [Vid-Initial-Contact] Apr 10 16:07:28 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: responding to Main Mode from unknown peer 213.160.183.147 Apr 10 16:07:28 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Apr 10 16:07:28 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: STATE_MAIN_R1: sent MR1, expecting MI2 Apr 10 16:07:29 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed Apr 10 16:07:29 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Apr 10 16:07:29 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: STATE_MAIN_R2: sent MR2, expecting MI3 Apr 10 16:07:30 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: discarding duplicate packet; already STATE_MAIN_R2 Apr 10 16:07:33 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: next payload type of ISAKMP Hash Payload has an unknown value: 48 Apr 10 16:07:33 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: malformed payload in packet Apr 10 16:07:33 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: sending notification PAYLOAD_MALFORMED to 213.160.183.147:500 Apr 10 16:08:17 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #13: max number of retransmissions (2) reached STATE_MAIN_R2 Apr 10 16:08:26 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: next payload type of ISAKMP Hash Payload has an unknown value: 116 Apr 10 16:08:26 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: malformed payload in packet Apr 10 16:08:26 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: sending notification PAYLOAD_MALFORMED to 213.160.183.147:500 Apr 10 16:08:31 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: max number of retransmissions (2) reached STATE_MAIN_R2 Apr 10 16:08:31 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #15: max number of retransmissions (2) reached STATE_MAIN_R1 Apr 10 16:08:39 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: max number of retransmissions (2) reached STATE_MAIN_R2 Apr 10 16:08:39 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147: deleting connection "roadwarrior" instance with peer 213.160.183.147 {isakmp=#0/ipsec=#0} Клиент XP SP2
Высказать мнение \| Ответить \| Правка \| ^ \| Наверх \| Cообщить модератору


	2. "OpenSWAN vs WinXP клиент"	+/–
	Сообщение от Xaionaro (ok) on 16-Июл-10, 17:29
	>[оверквотинг удален] >Apr 10 16:08:31 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #14: max number of retransmissions >(2) reached STATE_MAIN_R2 >Apr 10 16:08:31 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #15: max number of retransmissions >(2) reached STATE_MAIN_R1 >Apr 10 16:08:39 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147 #16: max number of retransmissions >(2) reached STATE_MAIN_R2 >Apr 10 16:08:39 lion-gw pluto[28066]: "roadwarrior"[13] 213.160.183.147: deleting connection "roadwarrior" instance with >peer 213.160.183.147 {isakmp=#0/ipsec=#0} > >Клиент XP SP2 У меня подобная проблема решилась после двух пунктов: 1.) Я перегенерил ключи на 512-битные вместо 1024-битных; 2.) Я на этот раз импортировал сертификаты в windows с помощью программы certimport.
	Высказать мнение \| Ответить \| Правка \| ^ \| Наверх \| Cообщить модератору