господа, связываю линух-ASP(FreeSwan 2.06) и Dlink DFL800
визуально на Dlink тунель устанавливается но по нему ничего не ходит...и валятся такие вот логи
Can not get QM policy for ipv4_subnet(any:0,[0..7]=88.175.147.138/32) <-> ipv4_subnet(any:0,[0..7]=10.10.221.0/24)на FREESWAN
логи такие...Sep 26 16:06:33 Gate pluto[1770]: "linux" #721: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x8c010ba5 (perhaps this is a duplicated packet)
Sep 26 16:06:34 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0xd52a4f86)
Sep 26 16:06:39 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0x5fac7fd1)
Sep 26 16:06:44 Gate pluto[1770]: "linux" #717: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sep 26 16:06:44 Gate pluto[1770]: "linux" #717: starting keying attempt 125 of an unlimited number
Sep 26 16:06:44 Gate pluto[1770]: "linux" #724: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #717 {using isakmp#721}
Sep 26 16:06:44 Gate pluto[1770]: "linux" #721: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Sep 26 16:06:46 Gate pluto[1770]: "linux" #718: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sep 26 16:06:46 Gate pluto[1770]: "linux" #718: starting keying attempt 147 of an unlimited number
Sep 26 16:06:46 Gate pluto[1770]: "linux" #725: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #718 {using isakmp#721}
Sep 26 16:06:46 Gate pluto[1770]: "linux" #721: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Sep 26 16:06:54 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0x09902513)
Sep 26 16:06:56 Gate pluto[1770]: "linux" #720: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sep 26 16:06:56 Gate pluto[1770]: "linux" #720: starting keying attempt 129 of an unlimited number
Sep 26 16:06:56 Gate pluto[1770]: "linux" #726: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #720 {using isakmp#721}
Sep 26 16:06:56 Gate pluto[1770]: "linux" #719: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sep 26 16:06:56 Gate pluto[1770]: "linux" #719: starting keying attempt 80 of an unlimited number
Sep 26 16:06:56 Gate pluto[1770]: "linux" #727: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #719 {using isakmp#721}
Sep 26 16:06:56 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0xe1b841e5)
Sep 26 16:06:56 Gate pluto[1770]: "linux" #721: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Sep 26 16:06:56 Gate pluto[1770]: "linux" #721: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Sep 26 16:06:59 Gate pluto[1770]: "linux" #721: Informational Exchange message is invalid because it has a previously used Message ID (0x5fac7fd1)
---------------------------НАСТРОЙКИ в ipsec.conf
conn linux
auth=ah
auto=start
left=217.69.220.222
leftnexthop=чfaultroute
leftsubnet=10.10.221.0/24
right=88.175.147.138
rightnexthop=чfaultroute
rightsubnet=10.10.226.0/24ПОМОЖИТЕ КТО СТАЛКИВАЛСЯ С ДАННОЙ ШТУКОЙ...
вреде все стало ок, с Dlink линукс пингуется....но с линукса Dlink нет...пакеты (судя по traceroute уходят не в тунель а в инет) ........как быть то???