URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 33667
[ Назад ]

Исходное сообщение
"а кто-нибудь работал с IPSec?"

Отправлено Michael , 20-Авг-03 14:01 
нужно сделать ipsec-туннель между Линуксом и 2000 Виндами.
соответствующие интерфейсы обоих машин просто соединены между собой через отдельный хаб.
для Линукса (ядро 2.4.20) скачал freeswan-userland-2.00_2.4.20_18.9-0 и freeswan-module-2.00_2.4.20_18.9-0
пропатчил ядро, перекомпилил, ipsec заработал...
в Винде настроил политику ipsec, фильтры и т.п.
использую защиту с общим ключем, т.е. ввел его в соответсвующих местах.
вроде все путем - интерфейс ipsec0 появился, виндовая служба ipsec нормально запустилась, а результату - ноль :(
никто нигде никаких ошибок не пишет, пинги между туннелируемыми подсетями не идут...
документации переворошил кучу - вроде везде все правильно, ошибок не нахожу...

подскажите, плиз, кто такое дело настраивал, как это все делается?
или доку подкиньте какую-нибудь, может я такую еще не видел...

заранее спасибо огромное!


Содержание

Сообщения в этом обсуждении
"а кто-нибудь работал с IPSec?"
Отправлено Mikhail , 20-Авг-03 14:08 
Может быть что угодно, на любом этапе.
Debug побольше включи, напишет, в чем дело.

"а кто-нибудь работал с IPSec?"
Отправлено Nikolaev D. , 20-Авг-03 14:13 
>Может быть что угодно, на любом этапе.
>Debug побольше включи, напишет, в чем дело.


Под виндой дебаг включатся в реестре. на микрософте по этому поводу как-то видел доку.


"а кто-нибудь работал с IPSec?"
Отправлено Michael , 20-Авг-03 14:28 
>Может быть что угодно, на любом этапе.
>Debug побольше включи, напишет, в чем дело.

на Линуксе включал... а толку...
сыпет сотни строк совершенно непонятного содержания, причем регулярно, даже если не пытаться ничего делать с ipsec-соединением... собственно, я даже не знаю, есть ли оно или нет...

виндовый ipsecmon ничего не показывает - табличка пустая


"а кто-нибудь работал с IPSec?"
Отправлено Michael , 20-Авг-03 14:36 
при прослушивании того, что творится между компами получае примерно такое:
14:38:48.929142 192.168.102.254.isakmp > 192.168.102.5.isakmp: isakmp: phase 1 I ident: [|sa] (DF)
14:39:23.943330 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 2/others R inf: [|d]
14:39:28.939144 192.168.102.254.isakmp > 192.168.102.5.isakmp: isakmp: phase 1 I ident: [|sa] (DF)
14:39:28.943758 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 2/others R inf: [|n]

подсетка 192.168.102.0 - это два интрфейса этих машин, которые смотрят друг на друга.
192.168.102.254 - на Линуксе
192.168.102.5 - на Винде
т.е. Винда чего-то отвечает, но ничего больше не происходит...


"а кто-нибудь работал с IPSec?"
Отправлено Mikhail , 20-Авг-03 15:54 
Включено и klipsdebug, plutodebug? Похоже, нет.
Правила попадания траффика в канал правильно заданы?
Вообще, дал бы конфиги, что ли...

"а кто-нибудь работал с IPSec?"
Отправлено Michael , 20-Авг-03 16:03 
>Включено и klipsdebug, plutodebug? Похоже, нет.
хм, а как это похоже?
разве от этого пакеты между компами должны измениться?
включал я их на all, начинает кучу непонятных строк сыпать...

>Правила попадания траффика в канал правильно заданы?
да вроде бы... в том то и беда, что ошибок не вижу...

>Вообще, дал бы конфиги, что ли...
вот /etc/ipsec.conf:
version 2.0     # conforms to second version of ipsec.conf specification

config setup
    klipsdebug=none
    plutodebug=none
    uniqueids=yes
    interfaces=ipsec0=eth3

conn vpntest
        type=tunnel
        left=192.168.102.254
        leftnexthop=192.168.102.5
        leftsubnet=192.168.100.0/24
        right=192.168.102.5
        rightnexthop=192.168.102.254
        rightsubnet=192.168.103.0/24
        spibase=0x200
        auto=start

192.168.100.0 - подсетка на интерфейсе eth0
192.168.102.0 - подсетка между линунксом на eth3 и виндами
192.168.103.0 - подсетка на другом интерфейсе винды

как показать настройки из виндов не знаю, старался сделать их такими же, но симметрично

кстати, а назавание соединения vpntest должно как-то вводится в Виндах?
я не нашел, куда его писать


"а кто-нибудь работал с IPSec?"
Отправлено Mikhail , 20-Авг-03 16:20 
>хм, а как это похоже?
>разве от этого пакеты между компами должны измениться?
Нет, конечно :-) Просто в логах информации больше
>включал я их на all, начинает кучу непонятных строк сыпать...
Так вот там все и написано. Если ошибок нет - скорее всего, просто траффик не заворачивается. route -n?
>

>
>192.168.100.0 - подсетка на интерфейсе eth0
>192.168.102.0 - подсетка между линунксом на eth3 и виндами
>192.168.103.0 - подсетка на другом интерфейсе винды
>
Можно было задать для vpn совсем другой диапазон - например, 172.х
>как показать настройки из виндов не знаю, старался сделать их такими же,
>но симметрично
Кстати, пинг не ходит в обе стороны (т.е. и с одной, и с другой машины пинговал)?
>
>кстати, а назавание соединения vpntest должно как-то вводится в Виндах?
>я не нашел, куда его писать
Кажется, не нужно.
Включи дебаг на полную, почисти лог, запусти сессию (пинг), останови через 2-3 мин., результат (логи) в студию.



"а кто-нибудь работал с IPSec?"
Отправлено Michael , 20-Авг-03 16:59 
>просто траффик не заворачивается. route -n?
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
213.x.x.x    0.0.0.0         255.255.255.192 U     0      0        0 eth1
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.21.0    192.168.100.2   255.255.255.0   UG    0      0        0 eth0
192.168.102.0   0.0.0.0         255.255.255.0   U     0      0        0 eth3
192.168.102.0   0.0.0.0         255.255.255.0   U     0      0        0 ipsec0
192.168.20.0    192.168.100.2   255.255.255.0   UG    0      0        0 eth0
192.168.103.0   192.168.102.5   255.255.255.0   UG    0      0        0 ipsec0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.10.0    192.168.100.2   255.255.255.0   UG    0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         213.x.x.x    0.0.0.0         UG    0      0        0 eth1

>Можно было задать для vpn совсем другой диапазон - например, 172.х
а в чем разница?

>Кстати, пинг не ходит в обе стороны (т.е. и с одной, и
>с другой машины пинговал)?
да, не пингуется в обе стороны

>Включи дебаг на полную, почисти лог, запусти сессию (пинг), останови через 2-3
>мин., результат (логи) в студию.

включил дебаг, даю команду ipsec setup -restart
получаю вот это в логе (извиняюсь за дикий размер):

Авг 20 16:59:00 serverproxy ipsec_setup: Stopping FreeS/WAN IPsec...
Aug 20 16:59:01 serverproxy kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Aug 20 16:59:01 serverproxy kernel:
Aug 20 16:59:01 serverproxy ipsec_setup: ...FreeS/WAN IPsec stopped
Авг 20 16:59:01 serverproxy ipsec_setup: Starting FreeS/WAN IPsec 2.00...
Aug 20 16:59:01 serverproxy ipsec_setup: KLIPS debug `all'
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_x_debug_process: set
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message type 16(x-debug) with msg_parser 0pc0294310.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_x_msg_debug_parse: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pdf77aa00), SAref=24, table=0(0pe082e000), entry=24 from the refTable.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_release: sock=0pca863310 sk=0pd1e6fce0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_remove_socket: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_remove_socket: succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: sk(0pd1e6fce0)->(&0pd1e6fd28)receive_queue.{next=0pd1e6fd28,prev=0pd1e6fd28}.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: destroyed.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_remove_socket: removing sock=0pca863310
Aug 20 16:59:01 serverproxy last message repeated 12 times
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_release: succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_create: sock=0pca863310 type:3 state:1 flags:0 protocol:2
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_create: sock->fasync_list=0p00000000 sk->sleep=0pca86332c.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_insert_socket: sk=0pd1e6fce0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pca863310
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_create: Socket sock=0pca863310 sk=0pd1e6fce0 initialised.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: allocating 40 bytes for downward message.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=15, errno=0, satype=0(UNKNOWN), len=5, res=0, seq=1, pid=10461.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=25, cont=256, tail=255, listsize=256.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=25, table=0, entry=25 of 65536.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pdf77aa00 ref=25.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pdf77aa00.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=15(x-delflow(eroute)), errno=0, satype=0(UNKNOWN), len=5, res=0, seq=1, pid=10461.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=3 ext_type=1(security-association) ext_len=3 parsing ext 0pda4d75b0 with parser pfkey_sa_parse.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sa_parse: successfully found len=3 exttype=1(security-association) spi=006b0042 replay=0 state=0 auth=0 encrypt=0 flags=4 ref=-1.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=01e00c03, seen=00000003, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: processing ext 1 0pda4d75b0 with processor 0pc0295370.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sa_process: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message type 15(x-delflow(eroute)) with msg_parser 0pc0293ce0.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_x_delflow_parse: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_x_delflow_parse: CLEARFLOW flag set, calling cleareroutes.
Aug 20 16:59:01 serverproxy kernel: klips_debug:rj_walktree: for: rn=0pdfe6cd68 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Aug 20 16:59:01 serverproxy kernel: klips_debug:rj_walktree: processing leaves, rn=0pdfe6cd98 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
Aug 20 16:59:01 serverproxy kernel: klips_debug:rj_walktree: while: base=0p00000000 rn=0pdfe6cd68 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pdf77aa00), SAref=25, table=0(0pe082e000), entry=25 from the refTable.
Aug 20 16:59:01 serverproxy ipsec_setup: KLIPS ipsec0 on eth3 192.168.102.254/255.255.255.0 broadcast 192.168.102.255
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_release: sock=0pca863310 sk=0pd1e6fce0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_remove_socket: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_remove_socket: succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: sk(0pd1e6fce0)->(&0pd1e6fd28)receive_queue.{next=0pd1e6fd28,prev=0pd1e6fd28}.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: destroyed.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_remove_socket: removing sock=0pca863310
Aug 20 16:59:01 serverproxy last message repeated 12 times
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_release: succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_create: sock=0pca863310 type:3 state:1 flags:0 protocol:2
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_create: sock->fasync_list=0p00000000 sk->sleep=0pca86332c.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_insert_socket: sk=0pd1e6fce0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pca863310
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_create: Socket sock=0pca863310 sk=0pd1e6fce0 initialised.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=9, errno=0, satype=0(UNKNOWN), len=2, res=0, seq=1, pid=10462.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=26, cont=256, tail=255, listsize=256.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=26, table=0, entry=26 of 65536.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pdf77aa00 ref=26.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pdf77aa00.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=9(flush), errno=0, satype=0(UNKNOWN), len=2, res=0, seq=1, pid=10462.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message type 9(flush) with msg_parser 0pc0292920.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_flush_parse: flushing type 0 SAs
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sadb_cleanup: cleaning up proto=0.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sadb_cleanup: removing SAref entries and tables.<6>klips_debug:ipsec_sadb_cleanup: cleaning SAref table=0.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_delchain: passed SA: (error)
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_delchain: unlinking and delting SA: (error)<6>.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_del: deleting SA: (error), hashval=0.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_del: no entries in ipsec_sa table for hash=0 of SA: (error).
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_delchain: ipsec_sa_del returned error 2.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sadb_cleanup: cleaning SAref table=1.
Aug 20 16:59:01 serverproxy kernel:
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sadb_cleanup: cleaned 1 used refTables.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: allocating 16 bytes...
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: ...allocated at 0pd0708400.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_flush_parse: sending up flush reply message for satype=0(UNKNOWN) to socket=0pca863310 succeeded.
Aug 20 16:59:01 serverproxy ipsec_setup: ...FreeS/WAN IPsec started
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pdf77aa00), SAref=26, table=0(0pe082e000), entry=26 from the refTable.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_release: sock=0pca863310 sk=0pd1e6fce0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_remove_socket: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_remove_socket: succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: sk(0pd1e6fce0)->(&0pd1e6fd28)receive_queue.{next=0pd0708400,prev=0pd0708400}.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: skb=0pd0708400 freed.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_destroy_socket: destroyed.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_remove_socket: removing sock=0pca863310
Aug 20 16:59:01 serverproxy last message repeated 12 times
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_release: succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_tunnel_ioctl: tncfg service call #35312 for dev=ipsec0
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_tunnel_ioctl: calling ipsec_tunnel_attatch...
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_tunnel_attach: physical device eth3 being attached has HW address:  0:50:22:8a:24:1c
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_tunnel_open: dev = ipsec0, prv->dev = eth3
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_device_event: NETDEV_UP dev=ipsec0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_create: sock=0pdec20690 type:3 state:1 flags:0 protocol:2
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_create: sock->fasync_list=0p00000000 sk->sleep=0pdec206ac.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_insert_socket: sk=0pd1e6fce0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pdec20690
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_create: Socket sock=0pdec20690 sk=0pd1e6fce0 initialised.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=2(AH), len=2, res=0, seq=1, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=27, cont=256, tail=255, listsize=256.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=27, table=0, entry=27 of 65536.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pdf77aa00 ref=27.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pdf77aa00.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2, res=0, seq=1, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message type 7(register) with msg_parser 0pc0292210.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pdec20690
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: SATYPE=02(AH) successfully registered by KMd (pid=10490).
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[2]=0pc15f1840
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: checking supported=0pc15f1840
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: adding auth alg.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: checking supported=0pc15f1820
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: adding auth alg.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: allocating 16 bytes for auth algs.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: found satype=2(AH) exttype=14 id=3 ivlen=0 minbits=160 maxbits=160.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: found satype=2(AH) exttype=14 id=2 ivlen=0 minbits=128 maxbits=128.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build:
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pd1d8fd70 pfkey_ext=0pd1d8fda8 *pfkey_ext=0p00000000.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pd1d8fd70 pfkey_ext=0pd1d8fda8 *pfkey_ext=0pd73c4a60.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pdef374a0 allocated 40 bytes, &(extensions[0])=0pd1d8fda8
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[14]=0pd73c4d40 to=0pdef374b0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00004001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=5, res=0, seq=1, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=3 ext_type=14(supported-auth) ext_len=3 parsing ext 0pdef374b0 with parser pfkey_supported_parse.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=0000c001, seen=00004001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: allocating 40 bytes...
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: ...allocated at 0pd3fa1c80.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=2(AH) to socket=0pdec20690 succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pdf77aa00), SAref=27, table=0(0pe082e000), entry=27 from the refTable.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=28, cont=256, tail=255, listsize=256.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=28, table=0, entry=28 of 65536.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pdf77aa00 ref=28.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pdf77aa00.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message type 7(register) with msg_parser 0pc0292210.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pdec20690
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: SATYPE=03(ESP) successfully registered by KMd (pid=10490).
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[3]=0pc15f18a0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: checking supported=0pc15f18a0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: adding encrypt alg.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: checking supported=0pc15f1880
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: adding auth alg.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: checking supported=0pc15f1860
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: adding auth alg.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: allocating 16 bytes for auth algs.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: allocating 8 bytes for enc algs.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: found satype=3(ESP) exttype=15 id=3 ivlen=128 minbits=168 maxbits=168.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: found satype=3(ESP) exttype=14 id=3 ivlen=0 minbits=160 maxbits=160.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: found satype=3(ESP) exttype=14 id=2 ivlen=0 minbits=128 maxbits=128.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build:
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pd1d8fd70 pfkey_ext=0pd1d8fda8 *pfkey_ext=0p00000000.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pd1d8fd70 pfkey_ext=0pd1d8fda8 *pfkey_ext=0pd73c4460.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pdef375a0 allocated 56 bytes, &(extensions[0])=0pd1d8fda8
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[14]=0pd73c4220 to=0pdef375b0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=0pd73c44e0 to=0pdef375c8
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=0000c001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=7, res=0, seq=2, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=5 ext_type=14(supported-auth) ext_len=3 parsing ext 0pdef375b0 with parser pfkey_supported_parse.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=2 ext_type=15(supported-cipher) ext_len=2 parsing ext 0pdef375c8 with parser pfkey_supported_parse.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=0000c001, seen=0000c001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: allocating 56 bytes...
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: ...allocated at 0pd4057a80.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=3(ESP) to socket=0pdec20690 succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pdf77aa00), SAref=28, table=0(0pe082e000), entry=28 from the refTable.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=10(COMP), len=2, res=0, seq=3, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=29, cont=256, tail=255, listsize=256.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=29, table=0, entry=29 of 65536.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pdf77aa00 ref=29.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pdf77aa00.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=10(COMP), len=2, res=0, seq=3, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message type 7(register) with msg_parser 0pc0292210.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pdec20690
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: SATYPE=10(COMP) successfully registered by KMd (pid=10490).
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[10]=0pc15f18c0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: checking supported=0pc15f18c0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: adding encrypt alg.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: allocating 8 bytes for enc algs.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: found satype=10(COMP) exttype=15 id=2 ivlen=0 minbits=1 maxbits=1.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build:
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pd1d8fd70 pfkey_ext=0pd1d8fda8 *pfkey_ext=0p00000000.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pd1d8fd70 pfkey_ext=0pd1d8fda8 *pfkey_ext=0pd73c4460.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pd73c4a60 allocated 32 bytes, &(extensions[0])=0pd1d8fda8
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=0pd73c4720 to=0pd73c4a70
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00008001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=10(COMP), len=4, res=0, seq=3, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=2 ext_type=15(supported-cipher) ext_len=2 parsing ext 0pd73c4a70 with parser pfkey_supported_parse.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=0000c001, seen=00008001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: allocating 32 bytes...
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: ...allocated at 0pd40576c0.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=10(COMP) to socket=0pdec20690 succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pdf77aa00), SAref=29, table=0(0pe082e000), entry=29 from the refTable.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=9(IPIP), len=2, res=0, seq=4, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=30, cont=256, tail=255, listsize=256.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=30, table=0, entry=30 of 65536.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pdf77aa00 ref=30.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pdf77aa00.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2, res=0, seq=4, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message type 7(register) with msg_parser 0pc0292210.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: .
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pdec20690
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: SATYPE=09(IPIP) successfully registered by KMd (pid=10490).
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[9]=0pc15f18e0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: checking supported=0pc15f18e0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: adding encrypt alg.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: allocating 8 bytes for enc algs.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: found satype=9(IPIP) exttype=15 id=1 ivlen=0 minbits=32 maxbits=32.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build:
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pd1d8fd70 pfkey_ext=0pd1d8fda8 *pfkey_ext=0p00000000.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pd1d8fd70 pfkey_ext=0pd1d8fda8 *pfkey_ext=0pd73c4a60.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pd73c4b20 allocated 32 bytes, &(extensions[0])=0pd1d8fda8
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=0pd73c4220 to=0pd73c4b30
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00008001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=4, res=0, seq=4, pid=10490.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=2 ext_type=15(supported-cipher) ext_len=2 parsing ext 0pd73c4b30 with parser pfkey_supported_parse.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=0000c001, seen=00008001, required=00000001.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: allocating 32 bytes...
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_upmsg: ...allocated at 0pd0708400.
Aug 20 16:59:01 serverproxy kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=9(IPIP) to socket=0pdec20690 succeeded.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pdf77aa00), SAref=30, table=0(0pe082e000), entry=30 from the refTable.
Aug 20 16:59:01 serverproxy kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
Aug 20 16:59:01 serverproxy ipsec__plutorun: ipsec_auto: fatal error in "packetdefault": чfaultroute requested but not known
Aug 20 16:59:01 serverproxy ipsec__plutorun: ipsec_auto: fatal error in "block": чfaultroute requested but not known
Aug 20 16:59:01 serverproxy ipsec__plutorun: ipsec_auto: fatal error in "clear-or-private": чfaultroute requested but not known
Aug 20 16:59:02 serverproxy ipsec__plutorun: ipsec_auto: fatal error in "clear": чfaultroute requested but not known
Aug 20 16:59:02 serverproxy ipsec__plutorun: ipsec_auto: fatal error in "private-or-clear": чfaultroute requested but not known
Aug 20 16:59:02 serverproxy ipsec__plutorun: ipsec_auto: fatal error in "private": чfaultroute requested but not known
Aug 20 16:59:02 serverproxy ipsec__plutorun: 021 no connection named "packetdefault"
Aug 20 16:59:02 serverproxy ipsec__plutorun: ...could not route conn "packetdefault"
Aug 20 16:59:02 serverproxy ipsec__plutorun: 021 no connection named "block"
Aug 20 16:59:02 serverproxy ipsec__plutorun: ...could not route conn "block"
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_sendmsg: .
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_sendmsg: allocating 184 bytes for downward message.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=14, errno=0, satype=11(INT), len=23, res=0, seq=5, pid=10490.
Aug 20 16:59:02 serverproxy kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=31, cont=256, tail=255, listsize=256.
Aug 20 16:59:02 serverproxy kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=31, table=0, entry=31 of 65536.
Aug 20 16:59:02 serverproxy kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pdf77aa00 ref=31.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pdf77aa00.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: satype 11 lookups to proto=61.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=14(x-addflow(eroute)), errno=0, satype=11(INT), len=23, res=0, seq=5, pid=10490.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: satype 11(INT) conversion to proto gives 61 for msg_type 14(x-addflow(eroute)).
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=21 ext_type=1(security-association) ext_len=3 parsing ext 0pdf92fa90 with parser pfkey_sa_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_sa_parse: successfully found len=3 exttype=1(security-association) spi=00000104 replay=0 state=0 auth=0 encrypt=0 flags=0 ref=-1.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=18 ext_type=5(source-address) ext_len=3 parsing ext 0pdf92faa8 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=5(source-address) family=2(AF_INET) address=192.168.102.254 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=15 ext_type=6(destination-address) ext_len=3 parsing ext 0pdf92fac0 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=6(destination-address) family=2(AF_INET) address=0.0.0.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=12 ext_type=21(X-source-flow-address) ext_len=3 parsing ext 0pdf92fad8 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=21(X-source-flow-address) family=2(AF_INET) address=192.168.100.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=9 ext_type=22(X-dest-flow-address) ext_len=3 parsing ext 0pdf92faf0 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=22(X-dest-flow-address) family=2(AF_INET) address=192.168.103.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=6 ext_type=23(X-source-mask) ext_len=3 parsing ext 0pdf92fb08 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=3 ext_type=24(X-dest-mask) ext_len=3 parsing ext 0pdf92fb20 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=01e00c63, seen=01e00063, required=01e00043.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: processing ext 1 0pdf92fa90 with processor 0pc0295370.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_sa_process: .
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: processing ext 5 0pdf92faa8 with processor 0pc02956c0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process:
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 192.168.102.254.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found src address.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: processing ext 6 0pdf92fac0 with processor 0pc02956c0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process:
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 0.0.0.0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found dst address.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: ips_said.dst set to 0.0.0.0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: processing ext 21 0pdf92fad8 with processor 0pc02956c0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process:
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 192.168.100.0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found src flow address.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_alloc_eroute: allocating 152 bytes for an eroute.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_alloc_eroute: allocated eroute struct=0pd1d8fe60.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: extr->eroute set to 192.168.100.0/0->0.0.0.0/0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: processing ext 22 0pdf92faf0 with processor 0pc02956c0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process:
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 192.168.103.0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found dst flow address.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_alloc_eroute: eroute struct already allocated
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: extr->eroute set to 192.168.100.0/0->192.168.103.0/0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: processing ext 23 0pdf92fb08 with processor 0pc02956c0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process:
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 255.255.255.0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found src mask address.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_alloc_eroute: eroute struct already allocated
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: extr->eroute set to 192.168.100.0/24->192.168.103.0/0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: processing ext 24 0pdf92fb20 with processor 0pc02956c0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process:
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 255.255.255.0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: found dst mask address.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_alloc_eroute: eroute struct already allocated
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: extr->eroute set to 192.168.100.0/24->192.168.103.0/24
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_process: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_interp: parsing message type 14(x-addflow(eroute)) with msg_parser 0pc02932b0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_x_addflow_parse: .
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_x_addflow_parse: calling breakeroute and/or makeroute for 192.168.100.0/24->192.168.103.0/24
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_x_addflow_parse: calling makeroute.
Aug 20 16:59:02 serverproxy kernel: klips_debug:ipsec_makeroute: attempting to allocate 152 bytes to insert eroute for 192.168.100.0/24->192.168.103.0/24, SA: %%trap, PID:10490, skb=0p00000000, ident:NULL->NULL
Aug 20 16:59:02 serverproxy kernel: klips_debug:ipsec_makeroute: succeeded, I think...
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_x_addflow_parse: makeroute call successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_hdr_build:
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pd1d8fc30 pfkey_ext=0pd1d8fd28 *pfkey_ext=0p00000000.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pd1d8fc30 pfkey_ext=0pd1d8fd28 *pfkey_ext=0pd73c4b20.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_sa_build: spi=00000104 replay=0 sa_state=0 auth=0 encrypt=0 flags=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: exttype=5 proto=0 prefixlen=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address=192.168.102.254:0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: exttype=6 proto=0 prefixlen=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address=0.0.0.0:0.
Aug 20 16:59:02 serverproxy ipsec__plutorun: 021 no connection named "clear-or-private"
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: successful.
Aug 20 16:59:02 serverproxy ipsec__plutorun: ...could not route conn "clear-or-private"
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: exttype=21 proto=0 prefixlen=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address=192.168.100.0:0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: exttype=22 proto=0 prefixlen=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address=192.168.103.0:0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: exttype=23 proto=0 prefixlen=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address=255.255.255.0:0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: successful.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: exttype=24 proto=0 prefixlen=0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: found address=255.255.255.0:0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_build: successful.
Aug 20 16:59:02 serverproxy ipsec__plutorun: 021 no connection named "clear"
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build: error=0
Aug 20 16:59:02 serverproxy ipsec__plutorun: ...could not route conn "clear"
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_safe_build:success.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pd39639c0 allocated 184 bytes, &(extensions[0])=0pd1d8fd28
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[1]=0pd73c4460 to=0pd39639d0
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[5]=0pdd3243e0 to=0pd39639e8
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[6]=0pd1506400 to=0pd3963a00
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[21]=0pd1506f60 to=0pd3963a18
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[22]=0pd15065c0 to=0pd3963a30
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[23]=0pd1506300 to=0pd3963a48
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[24]=0pd1506240 to=0pd3963a60
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_build: extensions permitted=01e00063, seen=01e00063, required=01e00043.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=14(x-addflow(eroute)), errno=0, satype=11(INT), len=23, res=0, seq=5, pid=10490.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: satype 11(INT) conversion to proto gives 61 for msg_type 14(x-addflow(eroute)).
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=21 ext_type=1(security-association) ext_len=3 parsing ext 0pd39639d0 with parser pfkey_sa_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_sa_parse: successfully found len=3 exttype=1(security-association) spi=00000104 replay=0 state=0 auth=0 encrypt=0 flags=0 ref=31.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=18 ext_type=5(source-address) ext_len=3 parsing ext 0pd39639e8 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=5(source-address) family=2(AF_INET) address=192.168.102.254 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=15 ext_type=6(destination-address) ext_len=3 parsing ext 0pd3963a00 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=6(destination-address) family=2(AF_INET) address=0.0.0.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=12 ext_type=21(X-source-flow-address) ext_len=3 parsing ext 0pd3963a18 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=21(X-source-flow-address) family=2(AF_INET) address=192.168.100.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=9 ext_type=22(X-dest-flow-address) ext_len=3 parsing ext 0pd3963a30 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=22(X-dest-flow-address) family=2(AF_INET) address=192.168.103.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy ipsec__plutorun: 021 no connection named "private-or-clear"
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=6 ext_type=23(X-source-mask) ext_len=3 parsing ext 0pd3963a48 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy ipsec__plutorun: ...could not route conn "private-or-clear"
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: remain=3 ext_type=24(X-dest-mask) ext_len=3 parsing ext 0pd3963a60 with parser pfkey_address_parse.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_address_parse: found exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.0 proto=0 port=0.
Aug 20 16:59:02 serverproxy ipsec__plutorun: 021 no connection named "private"
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_msg_parse: extensions permitted=01e00063, seen=01e00063, required=01e00043.
Aug 20 16:59:02 serverproxy ipsec__plutorun: ...could not route conn "private"
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_upmsg: allocating 184 bytes...
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_upmsg: ...allocated at 0pc15f3940.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_x_addflow_parse: sending up x_addflow reply message for satype=11(INT) (proto=61) to socket=0pdec20690 succeeded.
Aug 20 16:59:02 serverproxy kernel: klips_debug:pfkey_x_addflow_parse: extr->ips cleaned up and freed.
Aug 20 16:59:02 serverproxy kernel: klips_debug:ipsec_sa_wipe: removing SA=%%trap(0pdf77aa00), SAref=31, table=0(0pe082e000), entry=31 from the refTable.
Aug 20 16:59:02 serverproxy kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:%%trap, ref:-1 reference count decremented.
Aug 20 16:59:02 serverproxy ipsec__plutorun: 104 "vpntest" #1: STATE_MAIN_I1: initiate
Aug 20 16:59:02 serverproxy ipsec__plutorun: ...could not start conn "vpntest"


"а кто-нибудь работал с IPSec?"
Отправлено Michael , 20-Авг-03 17:03 
при попытке с линукса сделать ping -I ipsec0 -c 1 192.168.103.5
в лог идет вот это:

Aug 20 17:06:43 serverproxy kernel: klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0.
Aug 20 17:06:43 serverproxy kernel: klips_debug:ipsec_tunnel_hard_header: Revectored 0p00000000->0pdef1c384 len=84 type=2048 dev=ipsec0->eth3 dev_addr=00:50:22:8a:24:1c ip=c0a866fe->c0a86705
Aug 20 17:06:43 serverproxy kernel: klips_debug:ipsec_tunnel_start_xmit: >>> skb->len=98 hard_header_len:14 00:50:22:8a:24:1c:00:50:22:8a:24:1c:08:00
Aug 20 17:06:43 serverproxy kernel: klips_debug:   IP: ihl:20 ver:4 tos:0 tlen:84 id:0 DF frag_off:0 ttl:64 proto:1 (ICMP) chk:60244 saddr:192.168.102.254 daddr:192.168.103.5 type:code=8:0
Aug 20 17:06:43 serverproxy kernel: klips_debug:ipsec_findroute: 192.168.102.254->192.168.103.5
Aug 20 17:06:43 serverproxy kernel: klips_debug:rj_match: * See if we match exactly as a host destination
Aug 20 17:06:43 serverproxy kernel: klips_debug:rj_match: ** try to match a leaf, t=0pd39637c0
Aug 20 17:06:43 serverproxy kernel: klips_debug:rj_match: *** start searching up the tree, t=0pd39637c0
Aug 20 17:06:43 serverproxy kernel: klips_debug:rj_match: **** t=0pd39637d8
Aug 20 17:06:43 serverproxy kernel: klips_debug:rj_match: **** t=0pdfe6cd80
Aug 20 17:06:43 serverproxy kernel: klips_debug:rj_match: ***** cp2=0pc15a07f8 cp3=0pdef37850
Aug 20 17:06:43 serverproxy kernel: klips_debug:rj_match: ***** not found.
Aug 20 17:06:43 serverproxy kernel: klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE packet saddr=c0a866fe, er=0p00000000, daddr=c0a86705, er_dst=0, proto=1 sport=0 dport=0
Aug 20 17:06:43 serverproxy kernel: klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 2,28
Aug 20 17:06:43 serverproxy kernel: klips_debug:ipsec_tunnel_start_xmit: shunt SA of DROP or no eroute: dropping.

в конце неутешительный dropping :(


"а кто-нибудь работал с IPSec?"
Отправлено iiws , 20-Авг-03 17:23 
firewall случайно не мешает ? порт 500 и протокол 50 пропускаешь ?

"а кто-нибудь работал с IPSec?"
Отправлено Michael , 21-Авг-03 16:56 
>firewall случайно не мешает ? порт 500 и протокол 50 пропускаешь ?

чтобы файрволл не мешал для надежности сделал так:
iptables -I OUTPUT 1 -o eth2 -j ACCEPT
iptables -I OUTPUT 2 -o eth3 -j ACCEPT
iptables -I INPUT 1 -i eth2 -j ACCEPT
iptables -I INPUT 2 -i eth3 -j ACCEPT

интерфейс eth2, собственно, тут не учавствует, он просто воткнут в тот же хаб для контроля того, что именно пересылают друг другу компы

ничего не изменилось...

кстати, а кто нибудь пробовал утилитку ipsec.exe для виндов?
у меня она говорит Could not identify my own interface и я ничего не могу с этим поделать...


"а кто-нибудь работал с IPSec?"
Отправлено Michael , 28-Авг-03 10:56 
добавил в свое соединение параметр authby=secret, теперь разговор линукса с виндами стал немного более разнообразным, вот кусок:
10:51:49.445296 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 2/others ? inf: [|d]
10:52:11.456087 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 2/others ? inf: [|d]
10:52:18.470228 192.168.102.254.isakmp > 192.168.102.5.isakmp: isakmp: phase 1 I ident: [|sa] (DF)
10:52:18.635886 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 1 R ident: [|sa]
10:52:19.636949 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 1 R ident: [|sa]
10:52:21.639674 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 1 R ident: [|sa]
10:52:23.466129 arp who-has 192.168.102.5 tell 192.168.102.254
10:52:23.466216 arp reply 192.168.102.5 is-at 0:50:22:b1:6b:f9
10:52:25.655187 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 1 R ident: [|sa]
10:52:33.656322 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 1 R ident: [|sa]
10:52:49.668387 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 1 R ident: [|sa]
10:52:58.729707 192.168.102.254.isakmp > 192.168.102.5.isakmp: isakmp: phase 1 I ident: [|sa] (DF)
10:53:21.683012 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 2/others R inf: [|d]
10:53:38.699743 192.168.102.254.isakmp > 192.168.102.5.isakmp: isakmp: phase 1 I ident: [|sa] (DF)
10:53:38.864248 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 1 R ident: [|sa]
10:53:39.857734 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 1 R ident: [|sa]
10:53:41.860479 192.168.102.5.isakmp > 192.168.102.254.isakmp: isakmp: phase 1 R ident: [|sa]

хоть кто-нибудь смог срастить FreeSwan и Windows 2000?


"а кто-нибудь работал с IPSec?"
Отправлено Michael , 28-Авг-03 13:39 
нашел инструкцию в картинках по настройке IPSec для Виндов jixen.tripod.com
сделал по ней...
Винды даже не пытаются "negotiating" делать :(
вообще ни одного пакета на эту тему в сеть не посылают!

"а кто-нибудь работал с IPSec?"
Отправлено Mikhail , 28-Авг-03 13:46 
А там настроен ipsec? Правила IP Security Policy заданы и настроены? Сервис IPSEC Policy Agent запущен?

"а кто-нибудь работал с IPSec?"
Отправлено Michael , 28-Авг-03 14:19 
>А там настроен ipsec? Правила IP Security Policy заданы и настроены? Сервис
>IPSEC Policy Agent запущен?
настроено!
вот об этом я толкую - что все настроено и запущено, но ни малейших попыток работать не видно!

"Есть в жизни счастье!!! :)"
Отправлено Michael , 03-Сен-03 18:22 
совсем отчаялся сделать что-то с виндами и послал их куда подальше!
нашел на этом же сайте (спасибо ему и его создателям огромное!!!) ссылку на openVPN, установил, пусть не сразу, но запустил и оно работает! сделал все за полдня! а с этими виндами месяц непотребством занимался!

так что всем, кто не хочет связываться с поделками мелкомягких, рекомендую:
http://openvpn.sourceforge.net/
кстати, на сайте и в комплекте доки более чем достаточно! чего совершенно недостаточно у FreeSwan-а! и есть клиенты сразу под все *nix-ы и под винды одновременно, т.е. нет нужды склеивать два разнородных продукта! :)

OpenVPN forever!!!

PS. прошу прощения за эмоциональный пост, но уж больно сильно наболело!
PPS. а если и с openvpn будут какие-нибудь траблы, то я про это тоже напишу ;)


"а кто-нибудь работал с IPSec?"
Отправлено Kalyan , 05-Дек-04 16:51 
tak kak eroute ne naiden ento zna4it u tebya netu connectiona!!!
zapusti: ipsec auto --status
i tam uvidish sostoyanie connectinov