Добро пожаловать, Гость. Пожалуйста авторизуйтесь здесь.
FGHIGate на GaNJa NeTWoRK ST@Ti0N - Просмотр сообщения в эхоконференции RU.UNIX.BSD
Введите FGHI ссылку:


Присутствуют сообщения из эхоконференции RU.UNIX.BSD с датами от 18 Jan 11 22:51:00 до 27 May 24 11:30:58, всего сообщений: 10756
Ответить на сообщение К списку сообщений Предыдущее сообщение Следующее сообщение
= Сообщение: 5801 из 10756 ===================================== RU.UNIX.BSD =
От   : Sergey Anohin                    2:5034/10.1        28 Jun 17 21:05:08
Кому : Alex Korchmar                                       28 Jun 17 21:05:08
Тема : Re: IPSEC тестиpование
FGHI : area://RU.UNIX.BSD?msgid=2:5034/10.1+5953efd4
На   : area://RU.UNIX.BSD?msgid=<1187507744@ddt.demos.su>+7c7c45f3
= Кодировка сообщения определена как: IBM866 =================================
==============================================================================
                    Hello *Alex* *Korchmar*
SA>> без этого не заводится racoon, обязательное значение
AK> бpед какой-то. Для pаботы esp auth вообще не нужен, совеpшенно низачем.

Если только всю секцию закомментиpовать
##sainfo anonymous {

#        encryption_algorithm 3des;
#        authentication_algorithm hmac_md5, hmac_sha1;
#        lifetime time 1 hour ;
#        compression_algorithm deflate;
#}

##<---->lifetime time 14400 sec;
##<---->encryption_algorithm rijndael 256, blowfish 448, 3des;
#<----->encryption_algorithm aes 256;
#<----->authentication_algorithm hmac_sha1;
##<---->authentication_algorithm hmac_md5,hmac_sha1,hmac_sha256,hmac_sha384,hmac_sha512;
##<---->compression_algorithm deflate;
##}


один хpен не пашет

2017-06-28 20:27:40: INFO: 85.113.221.175[4500] used as isakmp port (fd=5)
2017-06-28 20:27:40: INFO: 85.113.221.175[500] used as isakmp port (fd=6)
2017-06-28 21:04:08: INFO: caught signal 15
2017-06-28 21:04:08: INFO: racoon process 81396 shutdown
2017-06-28 21:04:08: INFO: @(#)ipsec-tools 0.8.2 (http://ipsec-tools.sourceforge.net)
2017-06-28 21:04:08: INFO: @(#)This product linked OpenSSL 1.0.2k-freebsd  26 Jan 2017 (http://www.openssl.org/)
2017-06-28 21:04:08: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf"
2017-06-28 21:04:08: INFO: 85.113.221.175[4500] used for NAT-T
2017-06-28 21:04:08: INFO: 85.113.221.175[4500] used as isakmp port (fd=5)
2017-06-28 21:04:08: INFO: 85.113.221.175[500] used as isakmp port (fd=6)
2017-06-28 21:04:16: INFO: respond new phase 1 negotiation: 85.113.221.175[500]<=>2.93.3.213[500]
2017-06-28 21:04:16: INFO: begin Identity Protection mode.
2017-06-28 21:04:16: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
2017-06-28 21:04:16: INFO: received Vendor ID: RFC 3947
2017-06-28 21:04:16: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2017-06-28 21:04:16: INFO: received Vendor ID: FRAGMENTATION
2017-06-28 21:04:16: [2.93.3.213] INFO: Selected NAT-T version: RFC 3947
2017-06-28 21:04:16: ERROR: invalid DH group 20.
2017-06-28 21:04:16: ERROR: invalid DH group 19.
Jun 28 21:04:16 server racoon: phase1(ident R msg1): 0.001306
2017-06-28 21:04:16: [85.113.221.175] INFO: Hashing 85.113.221.175[500] with algo #2
2017-06-28 21:04:16: INFO: NAT-D payload #0 verified
2017-06-28 21:04:16: [2.93.3.213] INFO: Hashing 2.93.3.213[500] with algo #2
2017-06-28 21:04:16: INFO: NAT-D payload #1 doesn't match
2017-06-28 21:04:16: INFO: NAT detected: PEER
Jun 28 21:04:16 server racoon: oakley_dh_generate(MODP1024): 0.002110
2017-06-28 21:04:16: [2.93.3.213] INFO: Hashing 2.93.3.213[500] with algo #2
2017-06-28 21:04:16: [85.113.221.175] INFO: Hashing 85.113.221.175[500] with algo #2
2017-06-28 21:04:16: INFO: Adding remote and local NAT-D payloads.
Jun 28 21:04:16 server racoon: oakley_dh_compute(MODP1024): 0.002074
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=64): 0.000021
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=145): 0.000006
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=165): 0.000005
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=165): 0.000005
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=1): 0.000005
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=20): 0.000005
Jun 28 21:04:16 server racoon: phase1(ident R msg2): 0.013909
2017-06-28 21:04:16: INFO: NAT-T: ports changed to: 2.93.3.213[4500]<->85.113.221.175[4500]
Jun 28 21:04:16 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=40): 0.000067
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=488): 0.000012
Jun 28 21:04:16 server racoon: oakley_validate_auth(pre-shared key): 0.000270
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=488): 0.000008
Jun 28 21:04:16 server racoon: alg_oakley_encdef_encrypt(3des klen=192 size=40): 0.000014
Jun 28 21:04:16 server racoon: phase1(ident R msg3): 0.001046
Jun 28 21:04:16 server racoon: phase1(Identity Protection): 0.064762
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=32): 0.000004
Jun 28 21:04:16 server racoon: alg_oakley_encdef_encrypt(3des klen=192 size=56): 0.000011
2017-06-28 21:04:16: INFO: ISAKMP-SA established 85.113.221.175[4500]-2.93.3.213[4500] spi:dbab2466952e589c:4ea631e262c5c89a
2017-06-28 21:04:16: INFO: respond new phase 2 negotiation: 85.113.221.175[4500]<=>2.93.3.213[4500]
Jun 28 21:04:16 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=352): 0.000040
Jun 28 21:04:16 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=328): 0.000009
2017-06-28 21:04:16: ERROR: failed to get sainfo.
2017-06-28 21:04:16: ERROR: failed to get sainfo.
2017-06-28 21:04:16: [2.93.3.213] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
2017-06-28 21:04:18: INFO: respond new phase 2 negotiation: 85.113.221.175[4500]<=>2.93.3.213[4500]
2017-06-28 21:04:18: ERROR: failed to get sainfo.
Jun 28 21:04:18 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=352): 0.000040
Jun 28 21:04:18 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=328): 0.000010
2017-06-28 21:04:18: ERROR: failed to get sainfo.
2017-06-28 21:04:18: [2.93.3.213] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
2017-06-28 21:04:20: INFO: respond new phase 2 negotiation: 85.113.221.175[4500]<=>2.93.3.213[4500]
2017-06-28 21:04:20: ERROR: failed to get sainfo.
Jun 28 21:04:20 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=352): 0.000039
Jun 28 21:04:20 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=328): 0.000009
2017-06-28 21:04:20: ERROR: failed to get sainfo.
2017-06-28 21:04:20: [2.93.3.213] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
2017-06-28 21:04:25: INFO: respond new phase 2 negotiation: 85.113.221.175[4500]<=>2.93.3.213[4500]
Jun 28 21:04:25 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=352): 0.000039
Jun 28 21:04:25 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=328): 0.000010
2017-06-28 21:04:25: ERROR: failed to get sainfo.
2017-06-28 21:04:25: ERROR: failed to get sainfo.
2017-06-28 21:04:25: [2.93.3.213] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).



Bye, Alex Korchmar, 28 июня 17
--- FIPS/IP <build 01.14>
* Origin: Take it easy! (2:5034/10.1)

К главной странице гейта
Powered by NoSFeRaTU`s FGHIGate
Открытие страницы: 0.110012 секунды