« previous next »
Pages: [1]

Author Topic: ipsec  (Read 14418 times)

loodvin

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
ipsec
« on: May 28, 2012, 07:49:12 am »
в последнее время начал падать ipces  подскажите куда рыть что смотреть.
Logged

mravil

  • Zen Samurai
  • ****
  • Posts: 410
  • Karma: +27/-4
  • В чужую сеть со своим протоколом не лезь!
    • View Profile
Re: ipsec
« Reply #1 on: May 28, 2012, 08:39:24 am »
Рой в сторону /var/log/zentyal - ИМХО другого ответа нет
Logged

loodvin

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: ipsec
« Reply #2 on: May 29, 2012, 07:20:09 am »
кусок лога

May 29 08:08:55 router pluto[17726]: packet from 91.219.xxx.xxx:201: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 29 08:08:55 router pluto[17726]: packet from 91.219.xxx.xxx:201: ignoring Vendor ID payload [FRAGMENTATION]
May 29 08:08:55 router pluto[17726]: packet from 91.219.xxx.xxx:201: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
May 29 08:08:55 router pluto[17726]: packet from 91.219.xxx.xxx:201: ignoring Vendor ID payload [Vid-Initial-Contact]
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: responding to Main Mode
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: STATE_MAIN_R1: sent MR1, expecting MI2
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1127: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1127: received and ignored informational message
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: STATE_MAIN_R2: sent MR2, expecting MI3
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: Main mode peer ID is ID_FQDN: '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: no suitable connection for peer '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: sending encrypted notification INVALID_ID_INFORMATION to 91.219.xxx.xxx:201
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: Main mode peer ID is ID_FQDN: '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: no suitable connection for peer '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:08:55 router pluto[17726]: "vpn_zelik" #1131: sending encrypted notification INVALID_ID_INFORMATION to 91.219.xxx.xxx:201
May 29 08:08:57 router pluto[17726]: "vpn_zelik" #1131: Main mode peer ID is ID_FQDN: '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:08:57 router pluto[17726]: "vpn_zelik" #1131: no suitable connection for peer '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:08:57 router pluto[17726]: "vpn_zelik" #1131: sending encrypted notification INVALID_ID_INFORMATION to 91.219.xxx.xxx:201
May 29 08:09:01 router pluto[17726]: "vpn_zelik" #1131: Main mode peer ID is ID_FQDN: '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:09:01 router pluto[17726]: "vpn_zelik" #1131: no suitable connection for peer '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:09:01 router pluto[17726]: "vpn_zelik" #1131: sending encrypted notification INVALID_ID_INFORMATION to 91.219.xxx.xxx:201
May 29 08:09:09 router pluto[17726]: "vpn_zelik" #1131: Main mode peer ID is ID_FQDN: '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:09:09 router pluto[17726]: "vpn_zelik" #1131: no suitable connection for peer '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:09:09 router pluto[17726]: "vpn_zelik" #1131: sending encrypted notification INVALID_ID_INFORMATION to 91.219.xxx.xxx:201
May 29 08:09:25 router pluto[17726]: "vpn_zelik" #1131: Main mode peer ID is ID_FQDN: '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:09:25 router pluto[17726]: "vpn_zelik" #1131: no suitable connection for peer '@keeper1-zlg.xxxxxxxx.xxxxxx.ru'
May 29 08:09:25 router pluto[17726]: "vpn_zelik" #1131: sending encrypted notification INVALID_ID_INFORMATION to 91.219.xxx.xxx:201

после перезапуска службы соединение не восстанавливается
после перезагрузки соединение восстанавливается

когда впн есть в логах все равно
May 29 09:14:47 router pluto[5703]: "vpn_zelik" #14: the peer proposed: 192.168.0.0/24:0/0 -> 91.219.xxx.xxx/32:0/0
May 29 09:14:47 router pluto[5703]: "vpn_zelik" #14: cannot respond to IPsec SA request because no connection is known for 192.168.0.0/24===62.205.xxx.xxx<62.205.xxx.xxx>[+S=C]...91.219.xxx.xxx<91.219.xxx.xxx>[+S=C]
May 29 09:14:47 router pluto[5703]: "vpn_zelik" #14: sending encrypted notification INVALID_ID_INFORMATION to 91.219.xxx.xxx:500
« Last Edit: May 29, 2012, 07:24:15 am by loodvin »
Logged
Pages: [1]
« previous next »