Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

#1  2012-05-21 12:05:53

  hello_world - Członek DUG

hello_world
Członek DUG
Skąd: Rymanów Zdrój
Zarejestrowany: 2010-06-03
Serwis

VPN Linux-Juniper

Cześć,
Przejąłem po koledze jeden punkt gdzie są dwie lokalizacje spiete ipsecem JUNIPER-LINUX(racoon)
Linux padł konfigi skopiowałem i podmieniłem na nowym linuksie (Ubuntu 12.04 LTS)
I powinno zadziałać z marszu ale nie działa.

W syslogu pokazuje mi się:

Kod:

[78.8.254.58] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
May 21 11:41:44 linux racoon: INFO: caught signal 15
May 21 11:41:44  linux racoon: INFO: racoon process 14436 shutdown
May 21 11:41:44  linux racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
May 21 11:41:44  linux racoon: INFO: @(#)This product linked OpenSSL 1.0.1 14 Mar 2012 (http://www.openssl.org/)
May 21 11:41:44  linux racoon: INFO: Reading configuration from "/etc/racoon/racoon.conf"
May 21 11:41:44  linux racoon: INFO: LINUX[4500] used for NAT-T
May 21 11:41:44  linux racoon: INFO: LINUX[4500] used as isakmp port (fd=8)
May 21 11:41:44  linux racoon: INFO: LINUX[500] used for NAT-T
May 21 11:41:44  linux racoon: INFO: LINUX[500] used as isakmp port (fd=9)
May 21 11:41:55  linux racoon: INFO: respond new phase 1 negotiation: LINUX[500]<=>JUNIPER[500]
May 21 11:41:55  linux racoon: INFO: begin Identity Protection mode.
May 21 11:41:55  linux racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02#012
May 21 11:41:55  linux racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
May 21 11:41:55  linux racoon: INFO: received Vendor ID: DPD
May 21 11:41:55  linux racoon: [JUNIPER] INFO: Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02#012
May 21 11:41:55  linux racoon: [LINUX] INFO: Hashing LINUX[500] with algo #2 
May 21 11:41:55  linux racoon: INFO: NAT-D payload #0 verified
May 21 11:41:55  linux racoon: [JUNIPER] INFO: Hashing JUNIPER[500] with algo #2 
May 21 11:41:55  linux racoon: INFO: NAT-D payload #1 verified
May 21 11:41:55  linux racoon: INFO: NAT not detected 
May 21 11:41:55  linux racoon: [JUNIPER] INFO: Hashing JUNIPER[500] with algo #2 
May 21 11:41:55  linux racoon: [LINUX] INFO: Hashing LINUX[500] with algo #2 
May 21 11:41:55  linux racoon: INFO: Adding remote and local NAT-D payloads.
May 21 11:41:55  linux racoon: INFO: ISAKMP-SA established LINUX[500]-JUNIPER[500] spi:f567122247e1063a:301b02769b64e4ed
May 21 11:41:56  linux racoon: INFO: respond new phase 2 negotiation: LINUX[500]<=>JUNIPER[500]
May 21 11:41:56  linux racoon: ERROR: no policy found: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=in
May 21 11:41:56  linux racoon: ERROR: failed to get proposal for responder.
May 21 11:41:56  linux racoon: [JUNIPER] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
May 21 11:41:59  linux racoon: INFO: respond new phase 2 negotiation: LINUX[500]<=>JUNIPER[500]
May 21 11:41:59  linux racoon: ERROR: no policy found: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=in
May 21 11:41:59  linux racoon: ERROR: failed to get proposal for responder.
May 21 11:41:59  linux racoon: [JUNIPER] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).

Moj racoon.conf wygląda tak:

Kod:

path pre_shared_key "/etc/racoon/psk.txt";

listen
{
        isakmp LINUX[500];

        isakmp_natt LINUX[4500];
}

remote JUNIPER
{
        exchange_mode main;
        my_identifier address;
        nat_traversal on;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;
        }
}

sainfo address 192.168.30.0/24 any address 192.168.10.0/24 any
{
        pfs_group modp1024;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1, hmac_md5;
        compression_algorithm deflate;
}

Moj ipsec-tools.conf wygląda:

Kod:

flush;
spdflush;

# outbound
spdadd 192.168.30.0/24 192.168.10.0/24 any
        -P out ipsec esp/tunnel/LINUX-JUNIPER/require;

# inbound
spdadd 192.168.10.0/24 192.168.30.0/24 any
        -P in ipsec esp/tunnel/JJUNIPER-LINUX/require;

Małe sprostowanie zamiast IP-ków pisałem nazwy

EDIT:
Ustawiłem logowanie na debug i daję trochę więcej loga:

Kod:

* Stopping IKE (ISAKMP/Oakley) server: racoon                                                                                                                                           [ OK ] 
 * Starting IKE (ISAKMP/Oakley) server: racoon                                                                                                                                           [ OK ] 
promesa@linux:~$ tail -f /var/log/syslog
May 21 13:51:02 linux racoon: DEBUG: pk_recv: retry[0] recv() 
May 21 13:51:02 linux racoon: DEBUG: got pfkey X_SPDDUMP message
May 21 13:51:02 linux racoon: DEBUG: sub:0xbf8a4858: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=in
May 21 13:51:02 linux racoon: DEBUG: db :0x22107d20: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=fwd
May 21 13:51:02 linux racoon: DEBUG: pk_recv: retry[0] recv() 
May 21 13:51:02 linux racoon: DEBUG: got pfkey X_SPDDUMP message
May 21 13:51:02 linux racoon: DEBUG: sub:0xbf8a4858: 192.168.30.0/24[0] 192.168.10.0/24[0] proto=any dir=out
May 21 13:51:02 linux racoon: DEBUG: db :0x22107d20: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=fwd
May 21 13:51:02 linux racoon: DEBUG: sub:0xbf8a4858: 192.168.30.0/24[0] 192.168.10.0/24[0] proto=any dir=out
May 21 13:51:02 linux racoon: DEBUG: db :0x22107f70: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=in
May 21 13:51:07 linux racoon: DEBUG: pk_recv: retry[0] recv() 
May 21 13:51:07 linux racoon: DEBUG: got pfkey ACQUIRE message
May 21 13:51:07 linux racoon: DEBUG: suitable outbound SP found: 192.168.30.0/24[0] 192.168.10.0/24[0] proto=any dir=out.
May 21 13:51:07 linux racoon: DEBUG: sub:0xbf8a4858: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=in
May 21 13:51:07 linux racoon: DEBUG: db :0x22107d20: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=fwd
May 21 13:51:07 linux racoon: DEBUG: sub:0xbf8a4858: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=in
May 21 13:51:07 linux racoon: DEBUG: db :0x22107f70: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=in
May 21 13:51:07 linux racoon: DEBUG: suitable inbound SP found: 192.168.10.0/24[0] 192.168.30.0/24[0] proto=any dir=in.
May 21 13:51:07 linux racoon: DEBUG: new acquire 192.168.30.0/24[0] 192.168.10.0/24[0] proto=any dir=out
May 21 13:51:07 linux racoon: [JUNIPER] DEBUG: configuration "JUNIPER[500]" selected.
May 21 13:51:07 linux racoon: DEBUG: getsainfo params: loc='192.168.30.0/24' rmt='192.168.10.0/24' peer='NULL' client='NULL' id=0
May 21 13:51:07 linux racoon: DEBUG: evaluating sainfo: loc='192.168.30.0/24', rmt='192.168.10.0/24', peer='ANY', id=0
May 21 13:51:07 linux racoon: DEBUG: check and compare ids : values matched (IPv4_subnet)
May 21 13:51:07 linux racoon: DEBUG: cmpid target: '192.168.30.0/24'
May 21 13:51:07 linux racoon: DEBUG: cmpid source: '192.168.30.0/24'
May 21 13:51:07 linux racoon: DEBUG: check and compare ids : values matched (IPv4_subnet)
May 21 13:51:07 linux racoon: DEBUG: cmpid target: '192.168.10.0/24'
May 21 13:51:07 linux racoon: DEBUG: cmpid source: '192.168.10.0/24'
May 21 13:51:07 linux racoon: DEBUG: selected sainfo: loc='192.168.30.0/24', rmt='192.168.10.0/24', peer='ANY', id=0
May 21 13:51:07 linux racoon: DEBUG:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
May 21 13:51:07 linux racoon: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-sha)
May 21 13:51:07 linux racoon: DEBUG: in post_acquire
May 21 13:51:07 linux racoon: [JUNIPER] DEBUG: configuration "JUNIPER[500]" selected.
May 21 13:51:07 linux racoon: INFO: IPsec-SA request for JUNIPER queued due to no phase1 found.
May 21 13:51:07 linux racoon: DEBUG: ===
May 21 13:51:07 linux racoon: INFO: initiate new phase 1 negotiation: LINUX(racoon)[500]<=>JUNIPER[500]
May 21 13:51:07 linux racoon: INFO: begin Identity Protection mode.
May 21 13:51:07 linux racoon: DEBUG: new cookie:#012230ac66b98ec8b15 
May 21 13:51:07 linux racoon: DEBUG: add payload of len 48, next type 13
May 21 13:51:07 linux racoon: DEBUG: add payload of len 16, next type 13
May 21 13:51:07  racoon: last message repeated 3 times
May 21 13:51:07 linux racoon: DEBUG: add payload of len 16, next type 0
May 21 13:51:07 linux racoon: DEBUG: 180 bytes from LINUX(racoon)[500] to JUNIPER[500]
May 21 13:51:07 linux racoon: DEBUG: sockname LINUX(racoon)[500]
May 21 13:51:07 linux racoon: DEBUG: send packet from LINUX(racoon)[500]
May 21 13:51:07 linux racoon: DEBUG: send packet to JUNIPER[500]
May 21 13:51:07 linux racoon: DEBUG: src4 LINUX(racoon)[500]
May 21 13:51:07 linux racoon: DEBUG: dst4 JUNIPER[500]
May 21 13:51:07 linux racoon: DEBUG: 1 times of 180 bytes message will be sent to JUNIPER[500]
May 21 13:51:07 linux racoon: DEBUG: #012230ac66b 98ec8b15 00000000 00000000 01100200 00000000 000000b4 0d000034#01200000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080#01280010005 80030001 80020002 80040002 0d000014 4a131c81 07035845 5c5728f2#0120e95452f 0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091#0123ebb696e 086381b5 ec427b1f 0d000014 4485152d 18b6bbcd 0be8a846 9579ddcc#01200000014 afcad713 68a1f1c9 6b8696fc 77570100
May 21 13:51:07 linux racoon: DEBUG: resend phase1 packet 230ac66b98ec8b15:0000000000000000
May 21 13:51:07 linux racoon: DEBUG: ===
May 21 13:51:07 linux racoon: DEBUG: 176 bytes message received from JUNIPER[500] to LINUX(racoon)[500]
May 21 13:51:07 linux racoon: DEBUG: #012230ac66b 98ec8b15 96ca5530 d6a75830 01100200 00000000 000000b0 0d000034#01200000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002#01280040002 80030001 800b0001 800c7080 0d000020 651ececd 748d24be 685a79d5#012f4637228 20f672df 00000013 00000614 0d000014 90cb8091 3ebb696e 086381b5#012ec427b1f 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 00000018 48656172#01274426561 745f4e6f 74696679 386b0100
May 21 13:51:07 linux racoon: DEBUG: begin.
May 21 13:51:07 linux racoon: DEBUG: seen nptype=1(sa)
May 21 13:51:07 linux racoon: DEBUG: seen nptype=13(vid)
May 21 13:51:07  racoon: last message repeated 3 times
May 21 13:51:07 linux racoon: DEBUG: succeed.
May 21 13:51:07 linux racoon: DEBUG: received unknown Vendor ID
May 21 13:51:07 linux racoon: DEBUG: #012651ececd 748d24be 685a79d5 f4637228 20f672df 00000013 00000614
May 21 13:51:07 linux racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02#012
May 21 13:51:07 linux racoon: INFO: received Vendor ID: DPD
May 21 13:51:07 linux racoon: DEBUG: remote supports DPD
May 21 13:51:07 linux racoon: DEBUG: received unknown Vendor ID
May 21 13:51:07 linux racoon: DEBUG: #01248656172 74426561 745f4e6f 74696679 386b0100
May 21 13:51:07 linux racoon: [JUNIPER] INFO: Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02#012
May 21 13:51:07 linux racoon: DEBUG: total SA len=48
May 21 13:51:07 linux racoon: DEBUG: #01200000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002#01280040002 80030001 800b0001 800c7080
May 21 13:51:07 linux racoon: DEBUG: begin.
May 21 13:51:07 linux racoon: DEBUG: seen nptype=2(prop)
May 21 13:51:07 linux racoon: DEBUG: succeed.
May 21 13:51:07 linux racoon: DEBUG: proposal #1 len=40
May 21 13:51:07 linux racoon: DEBUG: begin.
May 21 13:51:07 linux racoon: DEBUG: seen nptype=3(trns)
May 21 13:51:07 linux racoon: DEBUG: succeed.
May 21 13:51:07 linux racoon: DEBUG: transform #1 len=32
May 21 13:51:07 linux racoon: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
May 21 13:51:07 linux racoon: DEBUG: encryption(3des)
May 21 13:51:07 linux racoon: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
May 21 13:51:07 linux racoon: DEBUG: hash(sha1)
May 21 13:51:07 linux racoon: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
May 21 13:51:07 linux racoon: DEBUG: hmac(modp1024)
May 21 13:51:07 linux racoon: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May 21 13:51:07 linux racoon: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
May 21 13:51:07 linux racoon: DEBUG: type=Life Duration, flag=0x8000, lorv=28800
May 21 13:51:07 linux racoon: DEBUG: pair 1:
May 21 13:51:07 linux racoon: DEBUG:  0x22106f80: next=(nil) tnext=(nil)
May 21 13:51:07 linux racoon: DEBUG: proposal #1: 1 transform
May 21 13:51:07 linux racoon: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
May 21 13:51:07 linux racoon: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
May 21 13:51:07 linux racoon: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
May 21 13:51:07 linux racoon: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May 21 13:51:07 linux racoon: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
May 21 13:51:07 linux racoon: DEBUG: type=Life Duration, flag=0x8000, lorv=28800
May 21 13:51:07 linux racoon: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
May 21 13:51:07 linux racoon: DEBUG: trns#=1, trns-id=IKE
May 21 13:51:07 linux racoon: DEBUG:   lifetime = 28800
May 21 13:51:07 linux racoon: DEBUG:   lifebyte = 0
May 21 13:51:07 linux racoon: DEBUG:   enctype = 3DES-CBC
May 21 13:51:07 linux racoon: DEBUG:   encklen = 0
May 21 13:51:07 linux racoon: DEBUG:   hashtype = SHA
May 21 13:51:07 linux racoon: DEBUG:   authmethod = pre-shared key
May 21 13:51:07 linux racoon: DEBUG:   dh_group = 1024-bit MODP group
May 21 13:51:07 linux racoon: DEBUG: an acceptable proposal found.
May 21 13:51:07 linux racoon: DEBUG: hmac(modp1024)
May 21 13:51:07 linux racoon: DEBUG: agreed on pre-shared key auth.
May 21 13:51:07 linux racoon: DEBUG: ===
May 21 13:51:07 linux racoon: DEBUG: compute DH's private.
May 21 13:51:07 linux racoon: DEBUG: #0126bbe0585 1c56b93d 63e8b442 416ef102 a46f12c5 85b402d6 ee279cb9 bb423cc2#0126070dc52 9c69cc43 008ec0c2 0c307492 9646f0fc 35d7f048 731ea461 10b03d12#01229f53bc3 a20dd186 bcf38165 2bdd7d72 6c817ddf a65c7dd6 0743b124 e3debf7c#012b690fdc6 ea89e695 94ba0c9e cecefa57 0495e0df c237888b e3fb59f6 bb65b751
May 21 13:51:07 linux racoon: DEBUG: compute DH's public.
May 21 13:51:07 linux racoon: DEBUG: #0121cbcbd38 bc90354d 9e9d5fb5 dfbc4be2 f01c6aa7 00bf7bdb c5d0d4f5 6a70d916#012001271a7 d75767ea 43e7d9c6 08f3027b 1ea79444 1e2e502d 748b4451 691a62b5#012dc7b88e4 963f0c23 c4365657 e87e0be2 f7beb4ba a6256346 a4f5c8ea 1d53a618#012e8c789cb 91ecc217 caea0b05 e3da77af 638b3fd9 96cd15a7 c9799a74 1f8d8d1d
May 21 13:51:07 linux racoon: [JUNIPER] INFO: Hashing JUNIPER[500] with algo #2 
May 21 13:51:07 linux racoon: DEBUG: hash(sha1)
May 21 13:51:07 linux racoon: [LINUX(racoon)] INFO: Hashing LINUX(racoon)[500] with algo #2 
May 21 13:51:07 linux racoon: DEBUG: hash(sha1)
May 21 13:51:07 linux racoon: INFO: Adding remote and local NAT-D payloads.
May 21 13:51:07 linux racoon: DEBUG: add payload of len 128, next type 10
May 21 13:51:07 linux racoon: DEBUG: add payload of len 16, next type 130
May 21 13:51:07 linux racoon: DEBUG: add payload of len 20, next type 130
May 21 13:51:07 linux racoon: DEBUG: add payload of len 20, next type 0
May 21 13:51:07 linux racoon: DEBUG: 228 bytes from LINUX(racoon)[500] to JUNIPER[500]
May 21 13:51:07 linux racoon: DEBUG: sockname LINUX(racoon)[500]
May 21 13:51:07 linux racoon: DEBUG: send packet from LINUX(racoon)[500]
May 21 13:51:07 linux racoon: DEBUG: send packet to JUNIPER[500]
May 21 13:51:07 linux racoon: DEBUG: src4 LINUX(racoon)[500]
May 21 13:51:07 linux racoon: DEBUG: dst4 JUNIPER[500]
May 21 13:51:07 linux racoon: DEBUG: 1 times of 228 bytes message will be sent to JUNIPER[500]
May 21 13:51:07 linux racoon: DEBUG: #012230ac66b 98ec8b15 96ca5530 d6a75830 04100200 00000000 000000e4 0a000084#0121cbcbd38 bc90354d 9e9d5fb5 dfbc4be2 f01c6aa7 00bf7bdb c5d0d4f5 6a70d916#012001271a7 d75767ea 43e7d9c6 08f3027b 1ea79444 1e2e502d 748b4451 691a62b5#012dc7b88e4 963f0c23 c4365657 e87e0be2 f7beb4ba a6256346 a4f5c8ea 1d53a618#012e8c789cb 91ecc217 caea0b05 e3da77af 638b3fd9 96cd15a7 c9799a74 1f8d8d1d#01282000014 c498793b 9cabd683 3c0fd2ba 17717554 82000018 42ec7b7b 481a52b2#012216c9cdc 99fec53e 93c5c27c 00000018 06537e32 f213731a d4858ec4 a4495276#01208f606ba
May 21 13:51:07 linux racoon: DEBUG: resend phase1 packet 230ac66b98ec8b15:96ca5530d6a75830
May 21 13:51:08 linux racoon: DEBUG: ===
May 21 13:51:08 linux racoon: DEBUG: 244 bytes message received from JUNIPER[500] to LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: #012230ac66b 98ec8b15 96ca5530 d6a75830 04100200 00000000 000000f4 0a000084#0124cdd1e28 ec2e0fed 8115cdd0 907c8064 64109cca 43dbae41 3241e7b0 8d6f9ceb#012d6524722 cfddf596 bd0ee2f1 69e68952 8c9e0e7d 84af5742 fc9c79f0 fbdbdd4d#012e0f83463 4cd87cdd 6eb9a017 aabffbca 3ff3a74b aeb36ad6 8e90bf6d eec91ad6#012e00c5e4b af23e9f0 de406d3f 3dcb21d4 7b98fe24 4af503f3 ff37a5e0 a003e278#01282000024 aae2f505 05e0ff6a b23e8f97 aaa52a9c 388666bb ac0a3d1c 5866de8f#01232c398fa 82000018 06537e32 f213731a d4858ec4 a4495276 08f606ba 00000018#01242ec7b7b 481a52b2 216c9cdc 99fec53e 93c5c27c
May 21 13:51:08 linux racoon: DEBUG: begin.
May 21 13:51:08 linux racoon: DEBUG: seen nptype=4(ke)
May 21 13:51:08 linux racoon: DEBUG: seen nptype=10(nonce)
May 21 13:51:08 linux racoon: DEBUG: seen nptype=130(nat-d)
May 21 13:51:08 linux racoon: DEBUG: seen nptype=130(nat-d)
May 21 13:51:08 linux racoon: DEBUG: succeed.
May 21 13:51:08 linux racoon: [LINUX(racoon)] INFO: Hashing LINUX(racoon)[500] with algo #2 
May 21 13:51:08 linux racoon: DEBUG: hash(sha1)
May 21 13:51:08 linux racoon: INFO: NAT-D payload #0 verified
May 21 13:51:08 linux racoon: [JUNIPER] INFO: Hashing JUNIPER[500] with algo #2 
May 21 13:51:08 linux racoon: DEBUG: hash(sha1)
May 21 13:51:08 linux racoon: INFO: NAT-D payload #1 verified
May 21 13:51:08 linux racoon: INFO: NAT not detected 
May 21 13:51:08 linux racoon: DEBUG: ===
May 21 13:51:08 linux racoon: DEBUG: compute DH's shared.
May 21 13:51:08 linux racoon: DEBUG: #012325a23a8 c101e503 aa72b117 89a7da5b 59082b54 06afb64f 89f1e944 f078ee70#012b0ea2a66 19a929f0 ef08d838 333c445b 948cd4d4 40167e55 50466c0c b1bfb789#01282751bd1 745627b1 7a84f879 09098a0a 47ab6912 1ce87740 5bcb3767 99690aed#01224d1f3f0 679b56c6 9ca665f3 b539ffc8 f20f0bbf 6a42fe1f debe58c1 2dbeb097
May 21 13:51:08 linux racoon: DEBUG: the psk found.
May 21 13:51:08 linux racoon: DEBUG: nonce 1: 
May 21 13:51:08 linux racoon: DEBUG: #012c498793b 9cabd683 3c0fd2ba 17717554
May 21 13:51:08 linux racoon: DEBUG: nonce 2: 
May 21 13:51:08 linux racoon: DEBUG: #012aae2f505 05e0ff6a b23e8f97 aaa52a9c 388666bb ac0a3d1c 5866de8f 32c398fa
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: SKEYID computed:
May 21 13:51:08 linux racoon: DEBUG: #0124d87cb1f 24c9eb25 f62fec96 a5a65f0f 460cb845
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: SKEYID_d computed:
May 21 13:51:08 linux racoon: DEBUG: #0121cde33d6 03d7e8e3 c9637718 a80b515e 91db41df
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: SKEYID_a computed:
May 21 13:51:08 linux racoon: DEBUG: #012356bc420 3a735d55 29f89125 ffc4c101 441c82e0
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: SKEYID_e computed:
May 21 13:51:08 linux racoon: DEBUG: #0121e29ed90 a29dfbd5 4bf5fce2 71ee90fe 85297762
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: hash(sha1)
May 21 13:51:08 linux racoon: DEBUG: len(SKEYID_e) < len(Ka) (20 < 24), generating long key (Ka = K1 | K2 | ...)
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: compute intermediate encryption key K1
May 21 13:51:08 linux racoon: DEBUG: #01200
May 21 13:51:08 linux racoon: DEBUG: #012f1ffdace 4ff57c55 9585a7f8 3b9ac24c 064cced5
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: compute intermediate encryption key K2
May 21 13:51:08 linux racoon: DEBUG: #012f1ffdace 4ff57c55 9585a7f8 3b9ac24c 064cced5
May 21 13:51:08 linux racoon: DEBUG: #012befd9111 26eb5215 c65e3f3b 7f2852d7 5c1db675
May 21 13:51:08 linux racoon: DEBUG: final encryption key computed:
May 21 13:51:08 linux racoon: DEBUG: #012f1ffdace 4ff57c55 9585a7f8 3b9ac24c 064cced5 befd9111
May 21 13:51:08 linux racoon: DEBUG: hash(sha1)
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: IV computed:
May 21 13:51:08 linux racoon: DEBUG: #012488b1160 c48b09e9
May 21 13:51:08 linux racoon: DEBUG: use ID type of IPv4_address
May 21 13:51:08 linux racoon: DEBUG: HASH with:
May 21 13:51:08 linux racoon: DEBUG: #0121cbcbd38 bc90354d 9e9d5fb5 dfbc4be2 f01c6aa7 00bf7bdb c5d0d4f5 6a70d916#012001271a7 d75767ea 43e7d9c6 08f3027b 1ea79444 1e2e502d 748b4451 691a62b5#012dc7b88e4 963f0c23 c4365657 e87e0be2 f7beb4ba a6256346 a4f5c8ea 1d53a618#012e8c789cb 91ecc217 caea0b05 e3da77af 638b3fd9 96cd15a7 c9799a74 1f8d8d1d#0124cdd1e28 ec2e0fed 8115cdd0 907c8064 64109cca 43dbae41 3241e7b0 8d6f9ceb#012d6524722 cfddf596 bd0ee2f1 69e68952 8c9e0e7d 84af5742 fc9c79f0 fbdbdd4d#012e0f83463 4cd87cdd 6eb9a017 aabffbca 3ff3a74b aeb36ad6 8e90bf6d eec91ad6#012e00c5e4b af23e9f0 de406d3f 3dcb21d4 7b98fe24 4af503f3 ff37a5e0 a003e278#012230ac66b 98ec8b15 96ca5530 d6a75830 00000001 00000001 00000028 01010001#01200000020 01010000 800b0001 800c7080 80010005 80030001 80020002 80040002#012011101f4 5312cf56
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: HASH (init) computed:
May 21 13:51:08 linux racoon: DEBUG: #012ee1575b0 0d041d97 eafdd339 f010619a 8cb47305
May 21 13:51:08 linux racoon: DEBUG: add payload of len 8, next type 8
May 21 13:51:08 linux racoon: DEBUG: add payload of len 20, next type 0
May 21 13:51:08 linux racoon: DEBUG: begin encryption.
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: pad length = 4
May 21 13:51:08 linux racoon: DEBUG: #0120800000c 011101f4 5312cf56 00000018 ee1575b0 0d041d97 eafdd339 f010619a#0128cb47305 a1c7a703
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: with key:
May 21 13:51:08 linux racoon: DEBUG: #012f1ffdace 4ff57c55 9585a7f8 3b9ac24c 064cced5 befd9111
May 21 13:51:08 linux racoon: DEBUG: encrypted payload by IV:
May 21 13:51:08 linux racoon: DEBUG: #012488b1160 c48b09e9
May 21 13:51:08 linux racoon: DEBUG: save IV for next:
May 21 13:51:08 linux racoon: DEBUG: #012c4ac3383 4b46247b
May 21 13:51:08 linux racoon: DEBUG: encrypted.
May 21 13:51:08 linux racoon: DEBUG: 68 bytes from LINUX(racoon)[500] to JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: sockname LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: send packet from LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: send packet to JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: src4 LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: dst4 JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: 1 times of 68 bytes message will be sent to JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: #012230ac66b 98ec8b15 96ca5530 d6a75830 05100201 00000000 00000044 6d817ae3#012432e41c9 332778ef fafdbd42 afec7f5e 7e480803 100f56cd e26c6936 c4ac3383#0124b46247b
May 21 13:51:08 linux racoon: DEBUG: resend phase1 packet 230ac66b98ec8b15:96ca5530d6a75830
May 21 13:51:08 linux racoon: DEBUG: ===
May 21 13:51:08 linux racoon: DEBUG: 68 bytes message received from JUNIPER[500] to LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: #012230ac66b 98ec8b15 96ca5530 d6a75830 05100201 00000000 00000044 6b6bbcf8#0123760d45f 53d058bc 470618e4 beb23693 d87b7219 129587fa d4f806d3 7ff9c58f#0128d65941f
May 21 13:51:08 linux racoon: DEBUG: begin decryption.
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: IV was saved for next processing:
May 21 13:51:08 linux racoon: DEBUG: #0127ff9c58f 8d65941f
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: with key:
May 21 13:51:08 linux racoon: DEBUG: #012f1ffdace 4ff57c55 9585a7f8 3b9ac24c 064cced5 befd9111
May 21 13:51:08 linux racoon: DEBUG: decrypted payload by IV:
May 21 13:51:08 linux racoon: DEBUG: #012c4ac3383 4b46247b
May 21 13:51:08 linux racoon: DEBUG: decrypted payload, but not trimed.
May 21 13:51:08 linux racoon: DEBUG: #0120800000c 011101f4 4e08fe3a 00000018 058d8bc7 4d2fc68a e5647a3c f69b2e6b#012a8fec018 00000000
May 21 13:51:08 linux racoon: DEBUG: padding len=1
May 21 13:51:08 linux racoon: DEBUG: skip to trim padding.
May 21 13:51:08 linux racoon: DEBUG: decrypted.
May 21 13:51:08 linux racoon: DEBUG: #012230ac66b 98ec8b15 96ca5530 d6a75830 05100201 00000000 00000044 0800000c#012011101f4 4e08fe3a 00000018 058d8bc7 4d2fc68a e5647a3c f69b2e6b a8fec018#01200000000
May 21 13:51:08 linux racoon: DEBUG: begin.
May 21 13:51:08 linux racoon: DEBUG: seen nptype=5(id)
May 21 13:51:08 linux racoon: DEBUG: seen nptype=8(hash)
May 21 13:51:08 linux racoon: DEBUG: succeed.
May 21 13:51:08 linux racoon: DEBUG: HASH received:
May 21 13:51:08 linux racoon: DEBUG: #012058d8bc7 4d2fc68a e5647a3c f69b2e6b a8fec018
May 21 13:51:08 linux racoon: DEBUG: HASH with:
May 21 13:51:08 linux racoon: DEBUG: #0124cdd1e28 ec2e0fed 8115cdd0 907c8064 64109cca 43dbae41 3241e7b0 8d6f9ceb#012d6524722 cfddf596 bd0ee2f1 69e68952 8c9e0e7d 84af5742 fc9c79f0 fbdbdd4d#012e0f83463 4cd87cdd 6eb9a017 aabffbca 3ff3a74b aeb36ad6 8e90bf6d eec91ad6#012e00c5e4b af23e9f0 de406d3f 3dcb21d4 7b98fe24 4af503f3 ff37a5e0 a003e278#0121cbcbd38 bc90354d 9e9d5fb5 dfbc4be2 f01c6aa7 00bf7bdb c5d0d4f5 6a70d916#012001271a7 d75767ea 43e7d9c6 08f3027b 1ea79444 1e2e502d 748b4451 691a62b5#012dc7b88e4 963f0c23 c4365657 e87e0be2 f7beb4ba a6256346 a4f5c8ea 1d53a618#012e8c789cb 91ecc217 caea0b05 e3da77af 638b3fd9 96cd15a7 c9799a74 1f8d8d1d#01296ca5530 d6a75830 230ac66b 98ec8b15 00000001 00000001 00000028 01010001#01200000020 01010000 800b0001 800c7080 80010005 80030001 80020002 80040002#012011101f4 4e08fe3a
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: HASH (init) computed:
May 21 13:51:08 linux racoon: DEBUG: #012058d8bc7 4d2fc68a e5647a3c f69b2e6b a8fec018
May 21 13:51:08 linux racoon: DEBUG: HASH for PSK validated.
May 21 13:51:08 linux racoon: [JUNIPER] DEBUG: peer's ID:
May 21 13:51:08 linux racoon: DEBUG: #012011101f4 4e08fe3a
May 21 13:51:08 linux racoon: DEBUG: ===
May 21 13:51:08 linux racoon: DEBUG: compute IV for phase2
May 21 13:51:08 linux racoon: DEBUG: phase1 last IV:
May 21 13:51:08 linux racoon: DEBUG: #0127ff9c58f 8d65941f adf15022
May 21 13:51:08 linux racoon: DEBUG: hash(sha1)
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: phase2 IV computed:
May 21 13:51:08 linux racoon: DEBUG: #0129090bc49 a0ce38cf
May 21 13:51:08 linux racoon: DEBUG: HASH with:
May 21 13:51:08 linux racoon: DEBUG: #012adf15022 0000001c 00000001 01106002 230ac66b 98ec8b15 96ca5530 d6a75830
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: HASH computed:
May 21 13:51:08 linux racoon: DEBUG: #012b8413ca8 e8e26c9c 92c76be6 cd7ad00b f62ae91d
May 21 13:51:08 linux racoon: DEBUG: begin encryption.
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: pad length = 4
May 21 13:51:08 linux racoon: DEBUG: #0120b000018 b8413ca8 e8e26c9c 92c76be6 cd7ad00b f62ae91d 0000001c 00000001#01201106002 230ac66b 98ec8b15 96ca5530 d6a75830 c78dce03
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: with key:
May 21 13:51:08 linux racoon: DEBUG: #012f1ffdace 4ff57c55 9585a7f8 3b9ac24c 064cced5 befd9111
May 21 13:51:08 linux racoon: DEBUG: encrypted payload by IV:
May 21 13:51:08 linux racoon: DEBUG: #0129090bc49 a0ce38cf
May 21 13:51:08 linux racoon: DEBUG: save IV for next:
May 21 13:51:08 linux racoon: DEBUG: #0128d625edc 05d01bcf
May 21 13:51:08 linux racoon: DEBUG: encrypted.
May 21 13:51:08 linux racoon: DEBUG: 84 bytes from LINUX(racoon)[500] to JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: sockname LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: send packet from LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: send packet to JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: src4 LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: dst4 JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: 1 times of 84 bytes message will be sent to JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: #012230ac66b 98ec8b15 96ca5530 d6a75830 08100501 adf15022 00000054 0d90a8a7#01234233124 92b33ea4 6b011113 e90a659c 3a054114 6d78ae95 b5f35e09 807655ed#0123d39e92a 2962b5d7 09a38da0 8d625edc 05d01bcf
May 21 13:51:08 linux racoon: DEBUG: sendto Information notify.
May 21 13:51:08 linux racoon: DEBUG: IV freed
May 21 13:51:08 linux racoon: INFO: ISAKMP-SA established LINUX(racoon)[500]-JUNIPER[500] spi:230ac66b98ec8b15:96ca5530d6a75830
May 21 13:51:08 linux racoon: DEBUG: ===
May 21 13:51:08 linux racoon: DEBUG: ===
May 21 13:51:08 linux racoon: DEBUG: begin QUICK mode.
May 21 13:51:08 linux racoon: INFO: initiate new phase 2 negotiation: LINUX(racoon)[500]<=>JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: compute IV for phase2
May 21 13:51:08 linux racoon: DEBUG: phase1 last IV:
May 21 13:51:08 linux racoon: DEBUG: #0127ff9c58f 8d65941f 8f81db4b
May 21 13:51:08 linux racoon: DEBUG: hash(sha1)
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: phase2 IV computed:
May 21 13:51:08 linux racoon: DEBUG: #01211aba618 f80049b2
May 21 13:51:08 linux racoon: DEBUG: call pfkey_send_getspi
May 21 13:51:08 linux racoon: DEBUG: pfkey GETSPI sent: ESP/Tunnel JUNIPER[500]->LINUX(racoon)[500] 
May 21 13:51:08 linux racoon: DEBUG: pfkey getspi sent.
May 21 13:51:08 linux racoon: DEBUG: pk_recv: retry[0] recv() 
May 21 13:51:08 linux racoon: DEBUG: got pfkey GETSPI message
May 21 13:51:08 linux racoon: DEBUG: pfkey GETSPI succeeded: ESP/Tunnel JUNIPER[500]->LINUX(racoon)[500] spi=41116109(0x27361cd)
May 21 13:51:08 linux racoon: DEBUG: use local ID type IPv4_subnet
May 21 13:51:08 linux racoon: DEBUG: use remote ID type IPv4_subnet
May 21 13:51:08 linux racoon: DEBUG: IDci:
May 21 13:51:08 linux racoon: DEBUG: #01204000000 c0a81e00 ffffff00
May 21 13:51:08 linux racoon: DEBUG: IDcr:
May 21 13:51:08 linux racoon: DEBUG: #01204000000 c0a80a00 ffffff00
May 21 13:51:08 linux racoon: DEBUG: add payload of len 44, next type 10
May 21 13:51:08 linux racoon: DEBUG: add payload of len 16, next type 5
May 21 13:51:08 linux racoon: DEBUG: add payload of len 12, next type 5
May 21 13:51:08 linux racoon: DEBUG: add payload of len 12, next type 0
May 21 13:51:08 linux racoon: DEBUG: HASH with:
May 21 13:51:08 linux racoon: DEBUG: #0128f81db4b 0a000030 00000001 00000001 00000024 01030401 027361cd 00000018#01201030000 80010001 80027080 80040001 80050002 05000014 f57c9fdc 9aa74a42#012340ac2ac 60a6db82 05000010 04000000 c0a81e00 ffffff00 00000010 04000000#012c0a80a00 ffffff00
May 21 13:51:08 linux racoon: DEBUG: hmac(hmac_sha1)
May 21 13:51:08 linux racoon: DEBUG: HASH computed:
May 21 13:51:08 linux racoon: DEBUG: #0129daa863c ad9ed24b 3e5de875 8cb1b77d a2b5f8a2
May 21 13:51:08 linux racoon: DEBUG: add payload of len 20, next type 1
May 21 13:51:08 linux racoon: DEBUG: begin encryption.
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: pad length = 4
May 21 13:51:08 linux racoon: DEBUG: #01201000018 9daa863c ad9ed24b 3e5de875 8cb1b77d a2b5f8a2 0a000030 00000001#01200000001 00000024 01030401 027361cd 00000018 01030000 80010001 80027080#01280040001 80050002 05000014 f57c9fdc 9aa74a42 340ac2ac 60a6db82 05000010#01204000000 c0a81e00 ffffff00 00000010 04000000 c0a80a00 ffffff00 b4f8f203
May 21 13:51:08 linux racoon: DEBUG: encryption(3des)
May 21 13:51:08 linux racoon: DEBUG: with key:
May 21 13:51:08 linux racoon: DEBUG: #012f1ffdace 4ff57c55 9585a7f8 3b9ac24c 064cced5 befd9111
May 21 13:51:08 linux racoon: DEBUG: encrypted payload by IV:
May 21 13:51:08 linux racoon: DEBUG: #01211aba618 f80049b2
May 21 13:51:08 linux racoon: DEBUG: save IV for next:
May 21 13:51:08 linux racoon: DEBUG: #0127153ceb3 96e67f1f
May 21 13:51:08 linux racoon: DEBUG: encrypted.
May 21 13:51:08 linux racoon: DEBUG: 156 bytes from LINUX(racoon)[500] to JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: sockname LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: send packet from LINUX(racoon)[500]
May 21 13:51:08 linux racoon: DEBUG: send packet to JUNIPER[500]
May 21 13:51:08 linux racoon: DEBUG: src4 LINUX(racoon)[500]
May 21 13:51:08 linux rsyslogd-2177: imuxsock begins to drop messages from pid 16020 due to rate-limiting

Na Juniperze w statusie połączenia mam down

Ostatnio edytowany przez hello_world (2012-05-21 13:57:52)

Offline

 

#2  2012-05-22 23:25:26

  hello_world - Członek DUG

hello_world
Członek DUG
Skąd: Rymanów Zdrój
Zarejestrowany: 2010-06-03
Serwis

Re: VPN Linux-Juniper

Podejrzewam problem z routingiem i regułkami iptables.
Reguły dla łańcucha INPUT

Kod:

-P INUT DROP
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -s 192.168.30.0/24 -p tcp -m state --state NEW -m tcp --dport 137 -j ACCEPT
-A INPUT -s 192.168.30.0/24 -p tcp -m state --state NEW -m tcp --dport 138 -j ACCEPT
-A INPUT -s 192.168.30.0/24 -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.30.0/24 -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -s ADRES_JUNIPERA/32 -j ACCEPT

DLA łańcucha forward

Kod:

-P FORWARD DROP
-A FORWARD -d 192.168.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -i eth1 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT

Interfejs eth0 to WAN a eth1 LAN

Wpisy tablicy nat

Kod:

-P PREROUTING ACCEPT                                                                                                                                                                            
-P INPUT ACCEPT                                                                                                                                                                                 
-P OUTPUT ACCEPT                                                                                                                                                                                
-P POSTROUTING ACCEPT                                                                                                                                                                           
-A POSTROUTING -d 192.168.10.0/24 -o eth0 -j SNAT --to-source 192.168.30.1
-A POSTROUTING -o eth0 -j MASQUERADE

Łańcuch OUTPUT jest ustawiony na ACCEPT
Routing mam zwyczajny jak stosuje się do routerów.
Brama ISP dla interfejsu WAN a dla interfejsu LAN nie ustawiam żadnej bramy

Ostatnio edytowany przez hello_world (2012-05-22 23:29:58)

Offline

 

#3  2012-05-23 22:13:07

  qluk - Pan inż. Cyc

qluk
Pan inż. Cyc
Skąd: Katowice
Zarejestrowany: 2006-05-22

Re: VPN Linux-Juniper

A Junipera potem prawidłowo przeładowałeś?

Offline

 

#4  2012-05-23 22:31:53

  hello_world - Członek DUG

hello_world
Członek DUG
Skąd: Rymanów Zdrój
Zarejestrowany: 2010-06-03
Serwis

Re: VPN Linux-Juniper

Junipera nie przeładowywałem(za dużo ludzi na tym pracuje), bo po stronie junipera nic nie zmieniałem. Przeładowywałem tylko tunel. Po przeładowaniu tunelu interfejs jest ready jak po drugiej stronie wyślę pinga to interfejs otrzymuje status down. W logach junipera jest routed is valid , sukces i nie wiem o co chodzi.

Offline

 

#5  2012-05-24 22:03:48

  divinity - Użytkownik

divinity
Użytkownik
Skąd: Warszawa
Zarejestrowany: 2007-04-14

Re: VPN Linux-Juniper

Możesz wkleić więcej logów z racoona bo wydaje się, że rsyslog ci je uciął?

Z tego co jest wynika, że I faza tunelu się zestawiła.
Wychodzi na to, że masz niezaładowane reguły z /etc/ipsec-tools.conf.

Offline

 

#6  2012-05-25 21:36:18

  qluk - Pan inż. Cyc

qluk
Pan inż. Cyc
Skąd: Katowice
Zarejestrowany: 2006-05-22

Re: VPN Linux-Juniper

Zestawianie tunelu w Juniperach to dosc krucha sprawa. Po drugie przecież w pierwszym logu masz error'y. Przydałby sie log z Junipera

Ostatnio edytowany przez qluk (2012-05-25 21:36:37)

Offline

 

#7  2012-05-25 21:54:59

  hello_world - Członek DUG

hello_world
Członek DUG
Skąd: Rymanów Zdrój
Zarejestrowany: 2010-06-03
Serwis

Re: VPN Linux-Juniper

Tak w pierwszym pokazanym logu miałem errory ale je wyeliminowałem przez zakomentowanie opcji
pfs_group modp1024;

Potem jeszcze zmienialem na pfs_group 2;
Dodawałem time i nic
Najlepsze że ten tunel w takiej konfiguracji był spiety. Jak przenioslem całą konfigurację na ubuntu 12.04 server to za Chiny ludowe nie mogę sparować

Offline

 

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
To nie jest tylko forum, to nasza mała ojczyzna ;-)

[ Generated in 0.010 seconds, 11 queries executed ]

Informacje debugowania

Time (s) Query
0.00009 SET CHARSET latin2
0.00008 SET NAMES latin2
0.00092 SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='18.188.132.71' WHERE u.id=1
0.00061 REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '18.188.132.71', 1732251656)
0.00052 SELECT * FROM punbb_online WHERE logged<1732251356
0.00052 SELECT topic_id FROM punbb_posts WHERE id=202479
0.00128 SELECT id FROM punbb_posts WHERE topic_id=21288 ORDER BY posted
0.00065 SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=21288 AND t.moved_to IS NULL
0.00005 SELECT search_for, replace_with FROM punbb_censoring
0.00188 SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=21288 ORDER BY p.id LIMIT 0,25
0.00088 UPDATE punbb_topics SET num_views=num_views+1 WHERE id=21288
Total query time: 0.00748 s