URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 76432
[ Назад ]

Исходное сообщение
"кто работал с FreeSwan???"

Отправлено flatciz , 26-Сен-07 16:28 
господа, связываю линух-ASP(FreeSwan 2.06) и Dlink DFL800
визуально на Dlink тунель устанавливается но по нему ничего не ходит...и валятся такие вот логи
Can not get QM policy for ipv4_subnet(any:0,[0..7]=88.175.147.138/32) <-> ipv4_subnet(any:0,[0..7]=10.10.221.0/24)

на FREESWAN
логи такие...

Sep 26 16:06:33 Gate pluto[1770]: "linux" #721: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x8c010ba5 (perhaps this is a duplicated packet)
Sep 26 16:06:34 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0xd52a4f86)
Sep 26 16:06:39 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0x5fac7fd1)
Sep 26 16:06:44 Gate pluto[1770]: "linux" #717: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sep 26 16:06:44 Gate pluto[1770]: "linux" #717: starting keying attempt 125 of an unlimited number
Sep 26 16:06:44 Gate pluto[1770]: "linux" #724: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #717 {using isakmp#721}
Sep 26 16:06:44 Gate pluto[1770]: "linux" #721: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Sep 26 16:06:46 Gate pluto[1770]: "linux" #718: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sep 26 16:06:46 Gate pluto[1770]: "linux" #718: starting keying attempt 147 of an unlimited number
Sep 26 16:06:46 Gate pluto[1770]: "linux" #725: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #718 {using isakmp#721}
Sep 26 16:06:46 Gate pluto[1770]: "linux" #721: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Sep 26 16:06:54 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0x09902513)
Sep 26 16:06:56 Gate pluto[1770]: "linux" #720: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sep 26 16:06:56 Gate pluto[1770]: "linux" #720: starting keying attempt 129 of an unlimited number
Sep 26 16:06:56 Gate pluto[1770]: "linux" #726: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #720 {using isakmp#721}
Sep 26 16:06:56 Gate pluto[1770]: "linux" #719: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sep 26 16:06:56 Gate pluto[1770]: "linux" #719: starting keying attempt 80 of an unlimited number
Sep 26 16:06:56 Gate pluto[1770]: "linux" #727: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #719 {using isakmp#721}
Sep 26 16:06:56 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0xe1b841e5)
Sep 26 16:06:56 Gate pluto[1770]: "linux" #721: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Sep 26 16:06:56 Gate pluto[1770]: "linux" #721: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Sep 26 16:06:59 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0x5fac7fd1)
---------------------------

НАСТРОЙКИ в ipsec.conf
conn linux
    auth=ah
    auto=start
    left=217.69.220.222
    leftnexthop=чfaultroute
    leftsubnet=10.10.221.0/24
    right=88.175.147.138
    rightnexthop=чfaultroute
    rightsubnet=10.10.226.0/24

ПОМОЖИТЕ КТО СТАЛКИВАЛСЯ С ДАННОЙ ШТУКОЙ...    


Содержание

Сообщения в этом обсуждении
"кто работал с FreeSwan???"
Отправлено flatciz , 26-Сен-07 17:50 
вреде все стало ок, с Dlink линукс пингуется....но с линукса Dlink нет...пакеты (судя по traceroute уходят не в тунель а в инет) ........как быть то???