iKuai爱快流控路由
标题: 爱快的IPSEC问题,来看下。 [打印本页]
作者: eastborn 时间: 2018-4-11 16:16
标题: 爱快的IPSEC问题,来看下。
IPSEC设置的lifetime是1小时,然后会好长时间的中断时间,谁帮忙看下什么情况。
Apr 11 16:06:55
01[ENC] parsed CREATE_CHILD_SA request 30 [ No KE N(REKEY_SA) SA TSi TSr ]
Apr 11 16:06:55
01[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ
Apr 11 16:06:55
01[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Apr 11 16:06:55
01[IKE] no acceptable proposal found
Apr 11 16:06:55
01[IKE] failed to establish CHILD_SA, keeping IKE_SA
Apr 11 16:06:55
01[ENC] generating CREATE_CHILD_SA response 30 [ N(NO_PROP) ]
Apr 11 16:06:55
01[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (76 bytes)
Apr 11 16:06:59
15[IKE] establishing CHILD_SA ipsectoNZ{2}
Apr 11 16:06:59
15[ENC] generating CREATE_CHILD_SA request 7 [ N(REKEY_SA) N(IPCOMP_SUP) SA No TSi TSr ]
Apr 11 16:06:59
15[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (348 bytes)
Apr 11 16:06:59
11[NET] received packet: from 61.132.92.51[500] to 222.188.226.186[500] (236 bytes)
Apr 11 16:06:59
11[ENC] parsed CREATE_CHILD_SA response 7 [ N(NO_PROP) ]
Apr 11 16:06:59
11[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Apr 11 16:06:59
11[IKE] failed to establish CHILD_SA, keeping IKE_SA
Apr 11 16:06:59
11[IKE] CHILD_SA rekeying failed, trying again in 14 seconds
Apr 11 16:07:00
14[NET] received packet: from 61.132.92.51[500] to 222.188.226.186[500] (604 bytes)
Apr 11 16:07:00
14[ENC] parsed CREATE_CHILD_SA request 31 [ No KE N(REKEY_SA) SA TSi TSr ]
Apr 11 16:07:01
14[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ
Apr 11 16:07:01
14[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Apr 11 16:07:01
14[IKE] no acceptable proposal found
Apr 11 16:07:01
14[IKE] failed to establish CHILD_SA, keeping IKE_SA
Apr 11 16:07:01
14[ENC] generating CREATE_CHILD_SA response 31 [ N(NO_PROP) ]
Apr 11 16:07:01
14[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (76 bytes)
Apr 11 16:07:01
16[NET] received packet: from 61.132.92.51[500] to 222.188.226.186[500] (636 bytes)
Apr 11 16:07:01
16[ENC] parsed CREATE_CHILD_SA request 32 [ No KE N(REKEY_SA) SA TSi TSr ]
Apr 11 16:07:01
16[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ
Apr 11 16:07:01
16[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Apr 11 16:07:01
16[IKE] no acceptable proposal found
Apr 11 16:07:01
16[IKE] failed to establish CHILD_SA, keeping IKE_SA
Apr 11 16:07:01
16[ENC] generating CREATE_CHILD_SA response 32 [ N(NO_PROP) ]
Apr 11 16:07:01
16[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (76 bytes)
Apr 11 16:07:04
03[IKE] establishing CHILD_SA ipsectoNZ{2}
Apr 11 16:07:04
03[ENC] generating CREATE_CHILD_SA request 8 [ N(REKEY_SA) N(IPCOMP_SUP) SA No TSi TSr ]
Apr 11 16:07:04
03[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (348 bytes)
Apr 11 16:07:04
05[NET] received packet: from 61.132.92.51[500] to 222.188.226.186[500] (268 bytes)
Apr 11 16:07:04
05[ENC] parsed CREATE_CHILD_SA response 8 [ N(NO_PROP) ]
Apr 11 16:07:04
05[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Apr 11 16:07:04
05[IKE] failed to establish CHILD_SA, keeping IKE_SA
Apr 11 16:07:04
05[IKE] CHILD_SA rekeying failed, trying again in 15 seconds
Apr 11 16:07:13
02[IKE] establishing CHILD_SA ipsectoNZ{2}
Apr 11 16:07:13
02[ENC] generating CREATE_CHILD_SA request 9 [ N(REKEY_SA) N(IPCOMP_SUP) SA No TSi TSr ]
Apr 11 16:07:13
02[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (348 bytes)
Apr 11 16:07:13
13[NET] received packet: from 61.132.92.51[500] to 222.188.226.186[500] (284 bytes)
Apr 11 16:07:13
13[ENC] parsed CREATE_CHILD_SA response 9 [ N(NO_PROP) ]
Apr 11 16:07:13
13[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Apr 11 16:07:13
13[IKE] failed to establish CHILD_SA, keeping IKE_SA
Apr 11 16:07:13
13[IKE] CHILD_SA rekeying failed, trying again in 30 seconds
Apr 11 16:07:19
01[IKE] reauthenticating IKE_SA ipsectoNZ[2]
Apr 11 16:07:19
01[IKE] deleting IKE_SA ipsectoNZ[2] between 222.188.226.186[222.188.226.186]...61.132.92.51[61.132.92.51]
Apr 11 16:07:19
01[IKE] sending DELETE for IKE_SA ipsectoNZ[2]
Apr 11 16:07:19
01[ENC] generating INFORMATIONAL request 10 [ D ]
Apr 11 16:07:19
01[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (76 bytes)
Apr 11 16:07:19
15[NET] received packet: from 61.132.92.51[500] to 222.188.226.186[500] (108 bytes)
Apr 11 16:07:19
15[ENC] parsed INFORMATIONAL response 10 [ ]
Apr 11 16:07:19
15[IKE] IKE_SA deleted
Apr 11 16:07:19
15[IKE] restarting CHILD_SA ipsectoNZ
Apr 11 16:07:19
15[IKE] initiating IKE_SA ipsectoNZ[3] to 61.132.92.51
Apr 11 16:07:19
15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Apr 11 16:07:19
15[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (708 bytes)
Apr 11 16:07:19
14[JOB] CHILD_SA ESP/0xccadf24b/222.188.226.186 not found for rekey
Apr 11 16:07:19
16[NET] received packet: from 61.132.92.51[500] to 222.188.226.186[500] (368 bytes)
Apr 11 16:07:19
16[ENC] parsed IKE_SA_INIT response 0 [ SA KE No ]
Apr 11 16:07:19
16[CFG] no IDi configured, fall back on IP address
Apr 11 16:07:19
16[IKE] authentication of '222.188.226.186' (myself) with pre-shared key
Apr 11 16:07:19
16[IKE] establishing CHILD_SA ipsectoNZ{2}
Apr 11 16:07:19
16[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(IPCOMP_SUP) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(EAP_ONLY) ]
Apr 11 16:07:19
16[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (428 bytes)
Apr 11 16:07:19
04[NET] received packet: from 61.132.92.51[500] to 222.188.226.186[500] (380 bytes)
Apr 11 16:07:19
04[ENC] parsed IKE_AUTH response 1 [ IDr AUTH TSi TSr SA ]
Apr 11 16:07:19
04[IKE] authentication of '61.132.92.51' with pre-shared key successful
Apr 11 16:07:19
04[IKE] IKE_SA ipsectoNZ[3] established between 222.188.226.186[222.188.226.186]...61.132.92.51[61.132.92.51]
Apr 11 16:07:19
04[IKE] scheduling reauthentication in 2575s
Apr 11 16:07:19
04[IKE] maximum IKE_SA lifetime 3115s
Apr 11 16:07:19
04[IKE] peer didn't accept our proposed IPComp transforms, IPComp is disabled
Apr 11 16:07:19
04[IKE] CHILD_SA ipsectoNZ{26} established with SPIs cffaebbd_i 014c738d_o and TS 10.1.16.0/20 === 192.168.64.0/18
Apr 11 16:07:43
13[JOB] CHILD_SA ESP/0xccadf24b/222.188.226.186 not found for rekey
Apr 11 16:09:19
12[NET] received packet: from 61.132.92.51[500] to 222.188.226.186[500] (124 bytes)
Apr 11 16:09:19
12[ENC] parsed INFORMATIONAL request 0 [ ]
Apr 11 16:09:19
12[ENC] generating INFORMATIONAL response 0 [ ]
Apr 11 16:09:19
12[NET] sending packet: from 222.188.226.186[500] to 61.132.92.51[500] (76 bytes)
作者: 爱快技术支持08 时间: 2018-4-13 17:41
楼主您好,从日志来看,您两端的IKE不一致导致协商方面出现了问题
是否还有其他问题暂时还判断不出来
您私信给我您的QQ,这边联系您看下
欢迎光临 iKuai爱快流控路由 (https://bbs.ikuai8.com/) |
Powered by Discuz! X3.3 |