FGHIGate на GaNJa NeTWoRK ST@Ti0N - Просмотр сообщения в эхоконференции RU.UNIX.BSD
Присутствуют сообщения из эхоконференции RU.UNIX.BSD с датами от 18 Jan 11 22:51:00 до 16 Sep 24 17:28:15, всего сообщений: 10763
= Сообщение: 3457 из 10763 ===================================== RU.UNIX.BSD = От : Sergey Anohin 2:5034/10.1 07 Sep 15 01:07:57 Кому : All 07 Sep 15 01:07:57 Тема : Racoon vs Strongswan FGHI : area://RU.UNIX.BSD?msgid=2:5034/10.1+5b3f4410 = Кодировка сообщения определена как: CP866 ================================== ============================================================================== Hello!
Как выяснилось, в 10.2-p2 не работает патч описанный в красочной статье: http://tech4u.pro/stati/item/nastrojka-l2tp-ipsec-vpn-servera-na-freebsd-10-1
Хотел потестить strongswan, однако найти хороший гайд оказалось проблемой. Нашел что-то на немецком: http://blog.obsigna.net/?p=520
повторил и получил в лог ошибки: 2015-09-06 21:43:07 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, FreeBSD 10.2-RELEASE-p2, i386) 2015-09-06 21:43:07 00[LIB] arbitrary naming of TUN devices is not supported 2015-09-06 21:43:07 00[LIB] failed to open : Device busy 2015-09-06 21:43:07 00[LIB] failed to open : Device busy 2015-09-06 21:43:07 00[LIB] created TUN device: tun2 2015-09-06 21:43:07 00[NET] unable to bind socket: Address already in use 2015-09-06 21:43:07 00[NET] could not open IPv4 socket, IPv4 disabled 2015-09-06 21:43:07 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' 2015-09-06 21:43:07 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' 2015-09-06 21:43:07 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' 2015-09-06 21:43:07 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' 2015-09-06 21:43:07 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' 2015-09-06 21:43:07 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' 2015-09-06 21:43:07 00[CFG] loaded IKE secret for %any 2015-09-06 21:43:07 00[LIB] loaded plugins: charon aes kernel-libipsec des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf xcbc cmac hmac attr kernel-pfkey kernel-pfroute resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock 2015-09-06 21:43:07 00[JOB] spawning 16 worker threads 2015-09-06 21:43:07 09[CFG] received stroke: add connection 'L2TP/IPsec-PSK' 2015-09-06 21:43:07 09[CFG] left nor right host is our side, assuming left=local 2015-09-06 21:43:07 09[CFG] added configuration 'L2TP/IPsec-PSK' 2015-09-06 21:43:28 09[NET] <1> received packet: from ::ffff:2.94.9.220[500] to ::ffff:85.113.221.175[500] (384 bytes) 2015-09-06 21:43:28 09[ENC] <1> parsed ID_PROT request 0 [ SA V V V V V V V ] 2015-09-06 21:43:28 09[IKE] <1> received MS NT5 ISAKMPOAKLEY vendor ID 2015-09-06 21:43:28 09[IKE] <1> received NAT-T (RFC 3947) vendor ID 2015-09-06 21:43:28 09[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID 2015-09-06 21:43:28 09[IKE] <1> received FRAGMENTATION vendor ID 2015-09-06 21:43:28 09[ENC] <1> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20 2015-09-06 21:43:28 09[ENC] <1> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19 2015-09-06 21:43:28 09[ENC] <1> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52 2015-09-06 21:43:28 09[IKE] <1> ::ffff:2.94.9.220 is initiating a Main Mode IKE_SA 2015-09-06 21:43:28 09[ENC] <1> generating ID_PROT response 0 [ SA V V V ] 2015-09-06 21:43:28 09[NET] <1> sending packet: from ::ffff:85.113.221.175[500] to ::ffff:2.94.9.220[500] (136 bytes) 2015-09-06 21:43:28 09[NET] <1> received packet: from ::ffff:2.94.9.220[500] to ::ffff:85.113.221.175[500] (228 bytes) 2015-09-06 21:43:28 09[ENC] <1> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] 2015-09-06 21:43:28 09[IKE] <1> local host is behind NAT, sending keep alives 2015-09-06 21:43:28 09[IKE] <1> remote host is behind NAT 2015-09-06 21:43:28 09[ENC] <1> generating ID_PROT response 0 [ KE No NAT-D NAT-D ] 2015-09-06 21:43:28 09[NET] <1> sending packet: from ::ffff:85.113.221.175[500] to ::ffff:2.94.9.220[500] (212 bytes) 2015-09-06 21:43:28 09[NET] <1> received packet: from ::ffff:2.94.9.220[4500] to ::ffff:85.113.221.175[4500] (76 bytes) 2015-09-06 21:43:28 09[ENC] <1> parsed ID_PROT request 0 [ ID HASH ] 2015-09-06 21:43:28 09[CFG] <1> looking for pre-shared key peer configs matching ::ffff:85.113.221.175...::ffff:2.94.9.220[192.168.42.198] 2015-09-06 21:43:28 09[CFG] <1> selected peer config "L2TP/IPsec-PSK" 2015-09-06 21:43:28 09[IKE] <L2TP/IPsec-PSK|1> IKE_SA L2TP/IPsec-PSK[1] established between ::ffff:85.113.221.175[::ffff:85.113.221.175]...::ffff:2.94.9.220[192.168.42.198] 2015-09-06 21:43:28 09[IKE] <L2TP/IPsec-PSK|1> scheduling reauthentication in 10152s 2015-09-06 21:43:28 09[IKE] <L2TP/IPsec-PSK|1> maximum IKE_SA lifetime 10692s 2015-09-06 21:43:28 09[ENC] <L2TP/IPsec-PSK|1> generating ID_PROT response 0 [ ID HASH ] 2015-09-06 21:43:28 09[NET] <L2TP/IPsec-PSK|1> sending packet: from ::ffff:85.113.221.175[4500] to ::ffff:2.94.9.220[4500] (92 bytes) 2015-09-06 21:43:28 11[NET] <L2TP/IPsec-PSK|1> received packet: from ::ffff:2.94.9.220[4500] to ::ffff:85.113.221.175[4500] (332 bytes) 2015-09-06 21:43:28 11[ENC] <L2TP/IPsec-PSK|1> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ] 2015-09-06 21:43:28 11[IKE] <L2TP/IPsec-PSK|1> received 250000000 lifebytes, configured 0 2015-09-06 21:43:28 11[ENC] <L2TP/IPsec-PSK|1> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ] 2015-09-06 21:43:28 11[NET] <L2TP/IPsec-PSK|1> sending packet: from ::ffff:85.113.221.175[4500] to ::ffff:2.94.9.220[4500] (252 bytes) 2015-09-06 21:43:28 11[NET] <L2TP/IPsec-PSK|1> received packet: from ::ffff:2.94.9.220[4500] to ::ffff:85.113.221.175[4500] (92 bytes) 2015-09-06 21:43:28 11[ENC] <L2TP/IPsec-PSK|1> parsed INFORMATIONAL_V1 request 3811068122 [ HASH D ] 2015-09-06 21:43:28 11[IKE] <L2TP/IPsec-PSK|1> received DELETE for IKE_SA L2TP/IPsec-PSK[1] 2015-09-06 21:43:28 11[IKE] <L2TP/IPsec-PSK|1> deleting IKE_SA L2TP/IPsec-PSK[1] between ::ffff:85.113.221.175[::ffff:85.113.221.175]...::ffff:2.94.9.220[192.168.42.198] 2015-09-06 22:09:52 00[DMN] signal of type SIGTERM received. Shutting down
У кого-то есть успешный опыт работы с freebsd+strongswan+nat+dynamic ip ?
С наилучшими пожеланиями, Sergey Anohin.
--- wfido * Origin: WFIDO (2:5034/10.1) |
К главной странице гейта
|