Vpn
在 DPD 之後,Openswan 不在新 IP 上發送數據包
我已經用 DDNS 配置了隧道。設備重新啟動後,另一端不會在新的 IP 地址上發送數據包(即使我設置了 dpdaction=restart)。我正在使用openswan 2.6.38。
這是我的配置:
config setup nat_traversal=yes oe=off protostack=netkey conn netgeniepassthrough left=10.1.1.1 right=0.0.0.0 leftsubnet=10.1.1.0/24 rightsubnet=10.1.1.0/24 authby=never type=passthrough auto=route conn netgenie right=CXYZ-HHYZ-AXYZ-A010.ddns.netgenie.net rightsubnet=192.168.1.0/24 left=115.240.29.236 leftsubnet=10.1.1.0/24 leftnexthop=220.224.141.129 leftupdown="ipsec _updown --route yes" auto=start leftid=@DEMO-VDSL-DEMO-0035.ddns.netgenie.net rightid=@CXYZ-HHYZ-AXYZ-A010.ddns.netgenie.net #x_rightdynamic=yes authby=secret compress=no failureshunt=drop dpddelay=15 dpdtimeout=60 dpdaction=restart pfs=yes ike=aes128-md5-modp1024,aes192-md5-modp1024,aes256-md5-modp1024,aes128-sha1-modp1024,aes192-sha1-modp1024,aes256-sha1-modp1024,3des-md5-modp1024,3des-sha1-modp1024,aes128-md5-modp1536,aes192-md5-modp1536,aes256-md5-modp1536,aes128-sha1-modp1536,aes192-sha1-modp1536,aes256-sha1-modp1536,3des-md5-modp1536,3des-sha1-modp1536,aes128-md5-modp2048,aes192-md5-modp2048,aes256-md5-modp2048,aes128-sha1-modp2048,aes192-sha1-modp2048,aes256-sha1-modp2048,3des-md5-modp2048,3des-sha1-modp2048 esp=aes128-md5,aes192-md5,aes256-md5,aes128-sha1,aes192-sha1,aes256-sha1,3des-md5,3des-sha1
這是日誌文件:
Jan 1 05:30:49 (none) daemon.err ipsec_setup: Starting Openswan IPsec U2.6.38/K... Jan 1 05:30:49 (none) daemon.err ipsec_setup: Using NETKEY(XFRM) stack Jan 1 05:30:50 (none) authpriv.err ipsec__plutorun: Starting Pluto subsystem... Jan 1 05:30:50 (none) daemon.err ipsec_setup: ...Openswan IPsec started Jan 1 05:30:50 (none) user.warn syslog: adjusting ipsec.d to /etc/ipsec.d Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: LEAK_DETECTIVE support [disabled] Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: OCF support for IKE [disabled] Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: SAref support [disabled]: Protocol not available Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: SAbind support [disabled]: Protocol not available Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: NSS support [disabled] Jan 1 05:30:50 (none) daemon.err ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: HAVE_STATSD notification support not compiled in Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: Setting NAT-Traversal port-4500 floating to on Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: port floating activation criteria nat_t=1/port_float=1 Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: NAT-Traversal support [enabled] Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: using /dev/urandom as source of random entropy Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: starting up 1 cryptographic helpers Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: started helper pid=2113 (fd:6) Jan 1 05:30:50 (none) authpriv.warn pluto[2113]: using /dev/urandom as source of random entropy Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: Using Linux 2.6 IPsec interface code on 2.6.30 (experimental code) Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0) Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17) Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17) Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17) Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17) Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists Jan 1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17) Jan 1 05:30:51 (none) authpriv.warn pluto[2108]: Could not change to directory '/etc/ipsec.d/cacerts': No such file or directory Jan 1 05:30:51 (none) authpriv.warn pluto[2108]: Could not change to directory '/etc/ipsec.d/aacerts': No such file or directory Jan 1 05:30:51 (none) authpriv.warn pluto[2108]: Could not change to directory '/etc/ipsec.d/ocspcerts': No such file or directory Jan 1 05:30:51 (none) authpriv.warn pluto[2108]: Could not change to directory '/etc/ipsec.d/crls': 2 No such file or directory Jan 1 05:30:51 (none) authpriv.warn pluto[2108]: added connection description "netgeniepassthrough" Jan 1 05:30:51 (none) daemon.err ipsec__plutorun: 002 added connection description "netgeniepassthrough" Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: added connection description "netgenie" Apr 4 18:12:37 (none) daemon.err ipsec__plutorun: 002 added connection description "netgenie" Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: listening for IKE messages Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface ppp0/ppp0 14.99.180.56:500 Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface ppp0/ppp0 14.99.180.56:4500 Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface br0/br0 192.168.1.1:500 Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface br0/br0 192.168.1.1:4500 Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface lo/lo 127.0.0.1:500 Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface lo/lo 127.0.0.1:4500 Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface lo/lo ::1:500 Apr 4 18:12:37 (none) authpriv.warn pluto[2108]: loading secrets from "/etc/ipsec.secrets" Apr 4 18:12:38 (none) authpriv.warn pluto[2108]: "netgenie": route-client output: Evaluating Route: ip route replace 10.1.1.0/24 via 192.168.1.1 dev br0 Apr 4 18:12:38 (none) authpriv.warn pluto[2108]: "netgenie" #1: initiating Main Mode Apr 4 18:12:38 (none) daemon.err ipsec__plutorun: 104 "netgenie" #1: STATE_MAIN_I1: initiate Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [Openswan (this version) 2.6.38 ] Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [Dead Peer Detection] Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [RFC 3947] method set to=115 Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115 Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115 Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115 Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: "netgenie" #2: responding to Main Mode Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: "netgenie" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Apr 4 18:16:01 (none) authpriv.warn pluto[2108]: "netgenie" #2: STATE_MAIN_R1: sent MR1, expecting MI2 Apr 4 18:16:03 (none) authpriv.warn pluto[2108]: "netgenie" #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected Apr 4 18:16:03 (none) authpriv.warn pluto[2108]: "netgenie" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Apr 4 18:16:03 (none) authpriv.warn pluto[2108]: "netgenie" #2: STATE_MAIN_R2: sent MR2, expecting MI3 Apr 4 18:16:04 (none) authpriv.warn pluto[2108]: "netgenie" #2: Main mode peer ID is ID_FQDN: '@DEMO-VDSL-DEMO-0035.ddns.netgenie.net' Apr 4 18:16:04 (none) authpriv.warn pluto[2108]: "netgenie" #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Apr 4 18:16:04 (none) authpriv.warn pluto[2108]: "netgenie" #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_md5 group=modp1024} Apr 4 18:16:04 (none) authpriv.warn pluto[2108]: "netgenie" #2: Dead Peer Detection (RFC 3706): enabled Apr 4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #2: the peer proposed: 192.168.1.0/24:0/0 -> 10.1.1.0/24:0/0 Apr 4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: responding to Quick Mode proposal {msgid:80e241b3} Apr 4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: us: 192.168.1.0/24===14.99.180.56<14.99.180.56>[@CXYZ-HHYZ-AXYZ-A010.ddns.netgenie.net]---172.23.130.4 Apr 4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: them: 115.242.13.228<DEMO-VDSL-DEMO-0035.ddns.netgenie.net>[@DEMO-VDSL-DEMO-0035.ddns.netgenie.net]===10.1.1.0/24 Apr 4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Apr 4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 Apr 4 18:16:07 (none) authpriv.warn pluto[2108]: "netgenie" #3: up-client output: client list: 115.242.13.228, Apr 4 18:16:07 (none) authpriv.warn pluto[2108]: "netgenie" #3: Dead Peer Detection (RFC 3706): enabled Apr 4 18:16:07 (none) authpriv.warn pluto[2108]: "netgenie" #3: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Apr 4 18:16:07 (none) authpriv.warn pluto[2108]: "netgenie" #3: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xec774557 <0xe6ce5933 xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=enabled} Apr 4 18:16:37 (none) authpriv.warn pluto[2108]: pending Quick Mode with 115.242.13.228 "netgenie" took too long -- replacing phase 1 Apr 4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie": terminating SAs using this connection Apr 4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie" #3: deleting state (STATE_QUICK_R2) Apr 4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie" #3: down-client output: client list: Apr 4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie" #2: deleting state (STATE_MAIN_R3) Apr 4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie" #1: deleting state (STATE_MAIN_I1) Apr 4 18:16:38 (none) authpriv.warn pluto[2108]: "netgenie" #4: initiating Main Mode Apr 4 18:16:38 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x9ffec71f Apr 4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: received Vendor ID payload [Openswan (this version) 2.6.38 ] Apr 4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: received Vendor ID payload [Dead Peer Detection] Apr 4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: received Vendor ID payload [RFC 3947] method set to=115 Apr 4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Apr 4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Apr 4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: STATE_MAIN_I2: sent MI2, expecting MR2 Apr 4 18:16:41 (none) authpriv.warn pluto[2108]: "netgenie" #4: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected Apr 4 18:16:41 (none) authpriv.warn pluto[2108]: "netgenie" #4: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Apr 4 18:16:41 (none) authpriv.warn pluto[2108]: "netgenie" #4: STATE_MAIN_I3: sent MI3, expecting MR3 Apr 4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: received Vendor ID payload [CAN-IKEv2] Apr 4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: Main mode peer ID is ID_FQDN: '@DEMO-VDSL-DEMO-0035.ddns.netgenie.net' Apr 4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Apr 4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_md5 group=modp1024} Apr 4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: Dead Peer Detection (RFC 3706): enabled Apr 4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #5: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#4 msgid:62e4e20d proposal=AES(12)_128-MD5(1)_128, AES(12)_192-MD5(1)_128, AES(12)_256-MD5(1)_128, AES(12)_128-SHA1(2)_160, AES(12)_192-SHA1(2)_160, AES(12)_256-SHA1(2)_160, 3DES(3)_192-MD5(1)_128, 3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024} Apr 4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #4: the peer proposed: 192.168.1.0/24:0/0 -> 10.1.1.0/24:0/0 Apr 4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: responding to Quick Mode proposal {msgid:02ec687a} Apr 4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: us: 192.168.1.0/24===14.99.180.56<14.99.180.56>[@CXYZ-HHYZ-AXYZ-A010.ddns.netgenie.net]---172.23.130.4 Apr 4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: them: 115.242.13.228<DEMO-VDSL-DEMO-0035.ddns.netgenie.net>[@DEMO-VDSL-DEMO-0035.ddns.netgenie.net]===10.1.1.0/24 Apr 4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Apr 4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 Apr 4 18:16:50 (none) authpriv.warn pluto[2108]: "netgenie" #6: up-client output: client list: 115.242.13.228, Apr 4 18:16:51 (none) authpriv.warn pluto[2108]: "netgenie" #6: Dead Peer Detection (RFC 3706): enabled Apr 4 18:16:51 (none) authpriv.warn pluto[2108]: "netgenie" #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Apr 4 18:16:51 (none) authpriv.warn pluto[2108]: "netgenie" #6: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xc3f90f83 <0x4d0cdcda xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=enabled} Apr 4 18:16:54 (none) authpriv.warn pluto[2108]: "netgenie" #5: Dead Peer Detection (RFC 3706): enabled Apr 4 18:16:54 (none) authpriv.warn pluto[2108]: "netgenie" #5: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Apr 4 18:16:54 (none) authpriv.warn pluto[2108]: "netgenie" #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xa308fce3 <0x01465495 xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=enabled} Apr 4 18:16:55 (none) authpriv.warn pluto[2108]: "netgenie" #4: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xec774557) not found (maybe expired) Apr 4 18:16:55 (none) authpriv.warn pluto[2108]: "netgenie" #4: received and ignored informational message Apr 4 18:24:48 (none) authpriv.warn pluto[2108]: "netgenie" #7: initiating Main Mode to replace #4 Apr 4 18:26:03 (none) authpriv.warn pluto[2108]: "netgenie" #4: DPD: No response from peer - declaring peer dead Apr 4 18:26:03 (none) authpriv.warn pluto[2108]: "netgenie" #4: DPD: Restarting Connection Apr 4 18:26:03 (none) authpriv.warn pluto[2108]: "netgenie" #6: rekeying state (STATE_QUICK_R2) Apr 4 18:26:03 (none) authpriv.warn pluto[2108]: "netgenie" #5: rekeying state (STATE_QUICK_I2) Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #5: down-client output: client list: Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #7: rekeying state (STATE_MAIN_I1) Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #6: rekeying state (STATE_QUICK_R2) Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #6: ERROR: netlink response for Del SA esp.c3f90f83@115.242.13.228 included errno 3: No such process Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #6: ERROR: netlink response for Del SA esp.4d0cdcda@14.99.180.56 included errno 3: No such process Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #5: rekeying state (STATE_QUICK_I2) Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #5: ERROR: netlink response for Del SA esp.a308fce3@115.242.13.228 included errno 3: No such process Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #5: ERROR: netlink response for Del SA esp.1465495@14.99.180.56 included errno 3: No such process Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #7: rekeying state (STATE_MAIN_I1) Apr 4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #8: initiating Main Mode to replace #4 pr 4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [Openswan (this version) 2.6.38 ] Apr 4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [Dead Peer Detection] Apr 4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [RFC 3947] method set to=115 Apr 4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115 Apr 4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115 Apr 4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115 Apr 4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Apr 4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: initial Main Mode message received on 14.99.180.56:500 but no connection has been authorized with policy=PSK Apr 4 11:30:28 (none) authpriv.warn pluto[2108]: time moved backwards 25167 seconds Apr 4 11:31:07 (none) authpriv.warn pluto[2108]: "netgenie" #6: ERROR: netlink response for Del SA esp.c3f90f83@115.242.13.228 included errno 3: No such process Apr 4 11:31:07 (none) authpriv.warn pluto[2108]: "netgenie" #6: ERROR: netlink response for Del SA esp.4d0cdcda@14.99.180.56 included errno 3: No such process Apr 4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [Openswan (this version) 2.6.38 ] Apr 4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [Dead Peer Detection] Apr 4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [RFC 3947] method set to=115 Apr 4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115 Apr 4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115 Apr 4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115 Apr 4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Apr 4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: initial Main Mode message received on 14.99.180.56:500 but no connection has been authorized with policy=PSK
如果您需要任何日誌,請告訴我。
其實我這邊有問題。我有兩個 ntp 客戶端在機器上執行。在每筆交易中,兩者都將時間設置為 +7 和 -7 小時(由於不適當的時區設置)。
現在的問題是,openswan 正在設置 long time 值,並將系統時間與這個 long 值進行比較,以重新生成對域名的 dns 查詢。如果它獲得新的 IP 地址,它將在新的 IP 地址上發送啟動數據包。
就我而言,系統時間已更改為 -7 Hrz(由其他 ntp 客戶端)。所以 openswan 會在 7 小時後做出反應(由於這種情況)。
終於通過深入研究程式碼得到了它。謝謝。