OSX 10.6 Cisco IPSEC 奇怪的行為

July 4, 2012

我正在嘗試通過 DSL Internet 連接到我公司的 Cisco IPSEC VPN。由於許可問題，我設法使用 Cisco VPN Client 成功連接，現在我正嘗試切換到 OSX 10.6 本機客戶端。

問題是連接失敗並出現一個包含以下消息的對話框：

The negotiation with the VPN server failed. Verify the server address and try reconnecting.

我檢查了日誌：

Jun 29 13:10:39 racoon[4551]: Connecting.
Jun 29 13:10:39 racoon[4551]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
Jun 29 13:10:39 racoon[4551]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
Jun 29 13:10:39 racoon[4551]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
Jun 29 13:10:39 racoon[4551]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode).
Jun 29 13:10:39 racoon[4551]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
Jun 29 13:10:42 racoon[4551]: IKE Packet: transmit success. (Mode-Config message).
Jun 29 13:10:42 racoon[4551]: IKEv1 XAUTH: success. (XAUTH Status is OK).
Jun 29 13:10:42 racoon[4551]: IKE Packet: transmit success. (Mode-Config message).
Jun 29 13:10:42 racoon[4551]: IKEv1 Config: retransmited. (Mode-Config retransmit).
Jun 29 13:10:42 racoon[4551]: IKE Packet: receive success. (MODE-Config).
Jun 29 13:10:42 configd[19]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.1.107), current interface setting (name: u92.168.54.147, subnet: 255.255.255.0, destination: 192.168.54.147).
Jun 29 13:10:42 configd[19]: network configuration changed.
Jun 29 13:10:42 vmnet-bridge[111]: Dynamic store changed
Jun 29 13:10:42 named[62]: not listening on any interfaces
Jun 29 13:10:58: --- last message repeated 1 time ---
Jun 29 13:10:58 configd[19]: SCNCController: Disconnecting. (Connection tried to negotiate for, 16 seconds).
Jun 29 13:10:58 racoon[4551]: IKE Packet: transmit success. (Information message).
Jun 29 13:10:58 racoon[4551]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
Jun 29 13:10:58 racoon[4551]: Disconnecting. (Connection tried to negotiate for, 19.113382 seconds).
Jun 29 13:10:58 named[62]: not listening on any interfaces
Jun 29 13:10:58 vmnet-bridge[111]: Dynamic store changed
Jun 29 13:10:58 named[62]: not listening on any interfaces
Jun 29 13:10:58 configd[19]: network configuration changed.

然後我打開終端，開始ping VPN 後面的伺服器，並嘗試再次連接。**現在連接正常！**這次記錄：

Jun 29 13:46:53 racoon[8136]: Connecting.
Jun 29 13:46:53 racoon[8136]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
Jun 29 13:46:53 racoon[8136]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
Jun 29 13:46:53 racoon[8136]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
Jun 29 13:46:53 racoon[8136]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode).
Jun 29 13:46:53 racoon[8136]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
Jun 29 13:46:56 racoon[8136]: IKE Packet: transmit success. (Mode-Config message).
Jun 29 13:46:56 racoon[8136]: IKEv1 XAUTH: success. (XAUTH Status is OK).
Jun 29 13:46:56 racoon[8136]: IKE Packet: transmit success. (Mode-Config message).
Jun 29 13:46:56 racoon[8136]: IKEv1 Config: retransmited. (Mode-Config retransmit).
Jun 29 13:46:56 racoon[8136]: IKE Packet: receive success. (MODE-Config).
Jun 29 13:46:56 configd[19]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.1.107), current interface settinaddress: 192.168.54.149, subnet: 255.255.255.0, destination: 192.168.54.149).
Jun 29 13:46:56 vmnet-bridge[111]: Dynamic store changed
Jun 29 13:46:56 named[62]: not listening on any interfaces
Jun 29 13:46:56 configd[19]: network configuration changed.
Jun 29 13:46:56 named[62]: not listening on any interfaces
Jun 29 13:46:56 racoon[8136]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
Jun 29 13:46:56 racoon[8136]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
Jun 29 13:46:56 racoon[8136]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
Jun 29 13:46:56 racoon[8136]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).
Jun 29 13:46:56 racoon[8136]: Connected.
Jun 29 13:46:56 configd[19]: SCNCController: Connected.

我對其進行了多次測試，它的行為始終相同。什麼是魔法？

在 OSX 10.7 中沒有觀察到這個問題，所以任何人都堅持這一點 - 只需更新到 Lion :)

引用自：https://serverfault.com/questions/285207

OSX 10.6 Cisco IPSEC 奇怪的行為

相關問答

VPN 和 NetBIOS

Cisco ASA - ESP-NULL（空加密）的優勢是什麼

Cisco 1841 不會啟動 site2site VPN

我的 CISCO 路由器似乎缺少“隧道模式 ipsec ipv4”

思科 CSR1000v 和 AWS 上的 Strongswan IPSec 端點之間沒有流量路由

Cisco 2901 - IPSec VPN 最大化 CPU