Добро пожаловать, Гость. Пожалуйста авторизуйтесь здесь.
FGHIGate на GaNJa NeTWoRK ST@Ti0N - Просмотр сообщения в эхоконференции RU.UNIX.BSD
Введите FGHI ссылку:


Присутствуют сообщения из эхоконференции RU.UNIX.BSD с датами от 18 Jan 11 22:51:00 до 16 Sep 24 17:28:15, всего сообщений: 10763
Ответить на сообщение К списку сообщений Предыдущее сообщение Следующее сообщение
= Сообщение: 3457 из 10763 ===================================== RU.UNIX.BSD =
От   : Sergey Anohin                    2:5034/10.1        07 Sep 15 01:07:57
Кому : All                                                 07 Sep 15 01:07:57
Тема : Racoon vs Strongswan
FGHI : area://RU.UNIX.BSD?msgid=2:5034/10.1+5b3f4410
= Кодировка сообщения определена как: CP866 ==================================
==============================================================================
Hello!

Как выяснилось, в 10.2-p2 не работает патч описанный в красочной статье:
http://tech4u.pro/stati/item/nastrojka-l2tp-ipsec-vpn-servera-na-freebsd-10-1

Хотел потестить strongswan, однако найти хороший гайд оказалось проблемой.
Нашел что-то на немецком:
http://blog.obsigna.net/?p=520

повторил и получил в лог ошибки:
2015-09-06 21:43:07 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, FreeBSD 10.2-RELEASE-p2, i386)
2015-09-06 21:43:07 00[LIB] arbitrary naming of TUN devices is not supported
2015-09-06 21:43:07 00[LIB] failed to open : Device busy
2015-09-06 21:43:07 00[LIB] failed to open : Device busy
2015-09-06 21:43:07 00[LIB] created TUN device: tun2
2015-09-06 21:43:07 00[NET] unable to bind socket: Address already in use
2015-09-06 21:43:07 00[NET] could not open IPv4 socket, IPv4 disabled
2015-09-06 21:43:07 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
2015-09-06 21:43:07 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
2015-09-06 21:43:07 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
2015-09-06 21:43:07 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
2015-09-06 21:43:07 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
2015-09-06 21:43:07 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
2015-09-06 21:43:07 00[CFG]   loaded IKE secret for %any
2015-09-06 21:43:07 00[LIB] loaded plugins: charon aes kernel-libipsec des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf xcbc cmac hmac attr kernel-pfkey kernel-pfroute resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock
2015-09-06 21:43:07 00[JOB] spawning 16 worker threads
2015-09-06 21:43:07 09[CFG] received stroke: add connection 'L2TP/IPsec-PSK'
2015-09-06 21:43:07 09[CFG] left nor right host is our side, assuming left=local
2015-09-06 21:43:07 09[CFG] added configuration 'L2TP/IPsec-PSK'
2015-09-06 21:43:28 09[NET] <1> received packet: from ::ffff:2.94.9.220[500] to ::ffff:85.113.221.175[500] (384 bytes)
2015-09-06 21:43:28 09[ENC] <1> parsed ID_PROT request 0 [ SA V V V V V V V ]
2015-09-06 21:43:28 09[IKE] <1> received MS NT5 ISAKMPOAKLEY vendor ID
2015-09-06 21:43:28 09[IKE] <1> received NAT-T (RFC 3947) vendor ID
2015-09-06 21:43:28 09[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2015-09-06 21:43:28 09[IKE] <1> received FRAGMENTATION vendor ID
2015-09-06 21:43:28 09[ENC] <1> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
2015-09-06 21:43:28 09[ENC] <1> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
2015-09-06 21:43:28 09[ENC] <1> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
2015-09-06 21:43:28 09[IKE] <1> ::ffff:2.94.9.220 is initiating a Main Mode IKE_SA
2015-09-06 21:43:28 09[ENC] <1> generating ID_PROT response 0 [ SA V V V ]
2015-09-06 21:43:28 09[NET] <1> sending packet: from ::ffff:85.113.221.175[500] to ::ffff:2.94.9.220[500] (136 bytes)
2015-09-06 21:43:28 09[NET] <1> received packet: from ::ffff:2.94.9.220[500] to ::ffff:85.113.221.175[500] (228 bytes)
2015-09-06 21:43:28 09[ENC] <1> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
2015-09-06 21:43:28 09[IKE] <1> local host is behind NAT, sending keep alives
2015-09-06 21:43:28 09[IKE] <1> remote host is behind NAT
2015-09-06 21:43:28 09[ENC] <1> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
2015-09-06 21:43:28 09[NET] <1> sending packet: from ::ffff:85.113.221.175[500] to ::ffff:2.94.9.220[500] (212 bytes)
2015-09-06 21:43:28 09[NET] <1> received packet: from ::ffff:2.94.9.220[4500] to ::ffff:85.113.221.175[4500] (76 bytes)
2015-09-06 21:43:28 09[ENC] <1> parsed ID_PROT request 0 [ ID HASH ]
2015-09-06 21:43:28 09[CFG] <1> looking for pre-shared key peer configs matching ::ffff:85.113.221.175...::ffff:2.94.9.220[192.168.42.198]
2015-09-06 21:43:28 09[CFG] <1> selected peer config "L2TP/IPsec-PSK"
2015-09-06 21:43:28 09[IKE] <L2TP/IPsec-PSK|1> IKE_SA L2TP/IPsec-PSK[1] established between ::ffff:85.113.221.175[::ffff:85.113.221.175]...::ffff:2.94.9.220[192.168.42.198]
2015-09-06 21:43:28 09[IKE] <L2TP/IPsec-PSK|1> scheduling reauthentication in 10152s
2015-09-06 21:43:28 09[IKE] <L2TP/IPsec-PSK|1> maximum IKE_SA lifetime 10692s
2015-09-06 21:43:28 09[ENC] <L2TP/IPsec-PSK|1> generating ID_PROT response 0 [ ID HASH ]
2015-09-06 21:43:28 09[NET] <L2TP/IPsec-PSK|1> sending packet: from ::ffff:85.113.221.175[4500] to ::ffff:2.94.9.220[4500] (92 bytes)
2015-09-06 21:43:28 11[NET] <L2TP/IPsec-PSK|1> received packet: from ::ffff:2.94.9.220[4500] to ::ffff:85.113.221.175[4500] (332 bytes)
2015-09-06 21:43:28 11[ENC] <L2TP/IPsec-PSK|1> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
2015-09-06 21:43:28 11[IKE] <L2TP/IPsec-PSK|1> received 250000000 lifebytes, configured 0
2015-09-06 21:43:28 11[ENC] <L2TP/IPsec-PSK|1> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
2015-09-06 21:43:28 11[NET] <L2TP/IPsec-PSK|1> sending packet: from ::ffff:85.113.221.175[4500] to ::ffff:2.94.9.220[4500] (252 bytes)
2015-09-06 21:43:28 11[NET] <L2TP/IPsec-PSK|1> received packet: from ::ffff:2.94.9.220[4500] to ::ffff:85.113.221.175[4500] (92 bytes)
2015-09-06 21:43:28 11[ENC] <L2TP/IPsec-PSK|1> parsed INFORMATIONAL_V1 request 3811068122 [ HASH D ]
2015-09-06 21:43:28 11[IKE] <L2TP/IPsec-PSK|1> received DELETE for IKE_SA L2TP/IPsec-PSK[1]
2015-09-06 21:43:28 11[IKE] <L2TP/IPsec-PSK|1> deleting IKE_SA L2TP/IPsec-PSK[1] between ::ffff:85.113.221.175[::ffff:85.113.221.175]...::ffff:2.94.9.220[192.168.42.198]
2015-09-06 22:09:52 00[DMN] signal of type SIGTERM received. Shutting down

У кого-то есть успешный опыт работы с freebsd+strongswan+nat+dynamic ip ?

С наилучшими пожеланиями, Sergey Anohin.

--- wfido
* Origin: WFIDO (2:5034/10.1)

К главной странице гейта
Powered by NoSFeRaTU`s FGHIGate
Открытие страницы: 0.108474 секунды