Frozen Fido : RU.UNIX.BSD : win xp <-> freebsd туннель l2tp с ipsec

ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : igor.potapenko                       2:5020/400     14 Sep 2007  10:16:51
 To : All
 Subject : win xp <-> freebsd туннель l2tp с ipsec
 --------------------------------------------------------------------------------

 что работает:
 1) без ipsec (с правкой ключика в реестре винды ) работает
 2) ipsec через racoon работает, например для пингов или самбы.
 что происходит с l2tp
 
 в dmesg:
 =============
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 188303145
 IPv4 ESP input: no key association found for spi 218383464
 IPv4 ESP input: no key association found for spi 40559496
 ============
 
 в логах racoon
 Sep 14 09:42:13 steel racoon: DEBUG: sendto Information delete.
 Sep 14 09:42:13 steel racoon: DEBUG: an undead schedule has been
 deleted.
 Sep 14 09:42:33 steel racoon: DEBUG: msg 1 not interesting
 Sep 14 09:42:12 steel racoon: DEBUG: get pfkey X_SPDUPDATE message
 Sep 14 09:42:12 steel racoon: DEBUG: sub:0xbfbfe2d0:
 172.16.22.13/32[1701] 172.16.34.30/32[1701] proto=udp dir=in
 Sep 14 09:42:12 steel racoon: DEBUG: db :0x80d8a08: 172.16.22.13/32[0]
 172.16.34.30/32[0] proto=any dir=in
 Sep 14 09:42:12 steel racoon: DEBUG: sub:0xbfbfe2d0:
 172.16.22.13/32[1701] 172.16.34.30/32[1701] proto=udp dir=in
 Sep 14 09:42:12 steel racoon: DEBUG: db :0x80d8e08: 172.16.34.30/32[0]
 172.16.22.13/32[0] proto=any dir=out
 Sep 14 09:42:12 steel racoon: ERROR: such policy does not already
 exist: "172.16.22.13/32[1701] 172.16.34.30/32[1701] proto=udp dir=in"
 Sep 14 09:42:12 steel racoon: DEBUG: get pfkey X_SPDUPDATE message
 Sep 14 09:42:12 steel racoon: DEBUG: sub:0xbfbfe2d0:
 172.16.34.30/32[1701] 172.16.22.13/32[1701] proto=udp dir=out
 Sep 14 09:42:12 steel racoon: DEBUG: db :0x80d8a08: 172.16.22.13/32[0]
 172.16.34.30/32[0] proto=any dir=in
 Sep 14 09:42:12 steel racoon: DEBUG: sub:0xbfbfe2d0:
 172.16.34.30/32[1701] 172.16.22.13/32[1701] proto=udp dir=out
 Sep 14 09:42:12 steel racoon: DEBUG: db :0x80d8e08: 172.16.34.30/32[0]
 172.16.22.13/32[0] proto=any dir=out
 Sep 14 09:42:12 steel racoon: DEBUG: sub:0xbfbfe2d0:
 172.16.34.30/32[1701] 172.16.22.13/32[1701] proto=udp dir=out
 Sep 14 09:42:12 steel racoon: DEBUG: db :0x80d8008:
 172.16.22.13/32[1701] 172.16.34.30/32[1701] proto=udp dir=in
 Sep 14 09:42:12 steel racoon: ERROR: such policy does not already
 exist: "172.16.34.30/32[1701] 172.16.22.13/32[1701] proto=udp dir=out"
 Sep 14 09:42:13 steel racoon: DEBUG: get pfkey DELETE message
 Sep 14 09:42:13 steel racoon: ERROR: pfkey DELETE received: ESP
 172.16.34.30[0]->172.16.22.13[0] spi=1755681273(0x68a591f9)
 Sep 14 09:42:13 steel racoon: DEBUG: compute IV for phase2
 Sep 14 09:42:13 steel racoon: DEBUG: phase1 last IV:
 Sep 14 09:42:13 steel racoon: DEBUG:  4d454fd5 9a4ed730 e800eb88
 Sep 14 09:42:13 steel racoon: DEBUG: hash(sha1)
 Sep 14 09:42:13 steel racoon: DEBUG: encryption(3des)
 Sep 14 09:42:13 steel racoon: DEBUG: phase2 IV computed:
 Sep 14 09:42:13 steel racoon: DEBUG:  c38f53af 6f405b47
 Sep 14 09:42:13 steel racoon: DEBUG: HASH with:
 Sep 14 09:42:13 steel racoon: DEBUG:  e800eb88 00000010 00000001
 03040001 0d044468
 Sep 14 09:42:13 steel racoon: DEBUG: hmac(hmac_sha1)
 ... ещё есть забавные строчки:
 Sep 14 09:56:06 steel racoon: INFO: Unknown IPsec-SA spi=237315211,
 hmmmm?
 Sep 14 09:56:06 steel racoon: INFO: purged IPsec-SA spi=237315211.
 Sep 14 09:56:06 steel racoon: INFO: Unknown IPsec-SA spi=64633385,
 hmmmm?
 Sep 14 09:56:06 steel racoon: INFO: purged IPsec-SA spi=64633385.
 Sep 14 09:56:06 steel racoon: INFO: Unknown IPsec-SA spi=45020886,
 hmmmm?
 Sep 14 09:56:06 steel racoon: INFO: purged IPsec-SA spi=45020886.
 
 ========
 
 при этом в виндовском mmc в ipsec monitor имеются 2 дополнительных
 строчки для l2tp
 in   me  server.ip   0   0
 out me  server.ip   0   0
 in   me  server.ip   1701  0
 out me  server.ip   1701  0
 in   me  server.ip   1701   1701
 out me  server.ip   1701   1701
 
 куда копать дальше? почему политика не создаётся?
 
 --- ifmail v.2.15dev5.4
  * Origin: http://groups.google.com (2:5020/400)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
win xp <-> freebsd туннель l2tp с ipsec	igor.potapenko	14 Sep 2007 10:16:51
Re: win xp <-> freebsd туннель l2tp с ipsec	igor.potapenko	14 Sep 2007 11:29:10
win xp <-> freebsd туннель l2tp с ipsec	Andrey Ostanovsky	14 Sep 2007 12:35:22
Re: win xp <-> freebsd туннель l2tp с ipsec	igor.potapenko	14 Sep 2007 15:24:52

Архивное /ru.unix.bsd/74058cbc8caac.html, оценка 3 из 5, голосов 22