开启辅助访问 切换到宽版

iKuai爱快流控路由

 找回密码
 立即注册

QQ登录

只需一步,快速开始

iKuai爱快流控路由»iKuai爱快论坛 iKuai 爱快流控路由技术讨论 ipsec无法连接
返回列表 发新帖
查看: 608|回复: 2
打印 上一主题 下一主题

[问题反馈] ipsec无法连接

[复制链接]
cryamethy
跳转到指定楼层
楼主
发表于 2022-8-9 09:02:24 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
今日发现多台设备的ipsec突然无法连接上,日志显示如下:
Aug 9 08:00:17
00[DMN] Starting IKE charon daemon (strongSwan 5.8.4, Linux 5.10.118, x86_64)

Aug 9 08:00:17
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'

Aug 9 08:00:17
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'

Aug 9 08:00:17
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

Aug 9 08:00:17
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'

Aug 9 08:00:17
00[CFG] loading crls from '/etc/ipsec.d/crls'

Aug 9 08:00:17
00[CFG] loading secrets from '/etc/ipsec.secrets'

Aug 9 08:00:17
00[CFG] expanding file expression '/etc/ipsec.secrets.d/*' failed

Aug 9 08:00:17
00[LIB] loaded plugins: charon aes des blowfish rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default connmark stroke updown xauth-generic

Aug 9 08:00:17
00[LIB] dropped capabilities, running as uid 0, gid 0

Aug 9 08:00:17
00[JOB] spawning 16 worker threads

Aug 9 08:00:32
12[CFG] received stroke: add connection 'vpn-1'

Aug 9 08:00:32
17[LIB] resolving 'homezyc.3322.org' failed: Name or service not known

Aug 9 08:00:32
12[CFG] added configuration 'vpn-1'

Aug 9 08:00:32
14[CFG] rereading secrets

Aug 9 08:00:32
14[CFG] loading secrets from '/etc/ipsec.secrets'

Aug 9 08:00:32
14[CFG] loading secrets from '/etc/ipsec.secrets.d/vpn-1'

Aug 9 08:00:32
14[CFG] loaded IKE secret for 175.4.119.201 homezyc.3322.org

Aug 9 08:00:32
14[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts'

Aug 9 08:00:32
14[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'

Aug 9 08:00:32
14[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

Aug 9 08:00:32
14[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'

Aug 9 08:00:32
14[CFG] rereading crls from '/etc/ipsec.d/crls'

Aug 9 08:00:32
16[CFG] received stroke: terminate 'vpn-1'

Aug 9 08:00:32
16[CFG] no IKE_SA named 'vpn-1' found

Aug 9 08:00:32
05[CFG] received stroke: initiate 'vpn-1'

Aug 9 08:00:32
17[LIB] resolving 'homezyc.3322.org' failed: Name or service not known

Aug 9 08:00:32
05[IKE] unable to resolve homezyc.3322.org, initiate aborted

Aug 9 08:00:32
05[MGR] tried to checkin and delete nonexistent IKE_SA

Aug 9 09:00:41
14[CFG] received stroke: delete connection 'vpn-1'

Aug 9 09:00:41
14[CFG] deleted connection 'vpn-1'

Aug 9 09:00:41
12[CFG] rereading secrets

Aug 9 09:00:41
12[CFG] loading secrets from '/etc/ipsec.secrets'

Aug 9 09:00:41
12[CFG] expanding file expression '/etc/ipsec.secrets.d/*' failed

Aug 9 09:00:41
12[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts'

Aug 9 09:00:41
12[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'

Aug 9 09:00:41
12[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

Aug 9 09:00:41
12[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'

Aug 9 09:00:41
12[CFG] rereading crls from '/etc/ipsec.d/crls'

Aug 9 09:00:41
06[CFG] received stroke: terminate 'vpn-1'

Aug 9 09:00:41
06[CFG] no IKE_SA named 'vpn-1' found

Aug 9 09:00:44
05[CFG] received stroke: add connection 'vpn-1'

Aug 9 09:00:44
07[CFG] rereading secrets

Aug 9 09:00:44
07[CFG] loading secrets from '/etc/ipsec.secrets'

Aug 9 09:00:44
07[CFG] loading secrets from '/etc/ipsec.secrets.d/vpn-1'

Aug 9 09:00:44
07[CFG] loaded IKE secret for 175.4.119.201 homezyc.3322.org

Aug 9 09:00:44
07[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts'

Aug 9 09:00:44
07[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'

Aug 9 09:00:44
07[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

Aug 9 09:00:44
07[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'

Aug 9 09:00:44
07[CFG] rereading crls from '/etc/ipsec.d/crls'

Aug 9 09:00:44
09[CFG] received stroke: terminate 'vpn-1'

Aug 9 09:00:44
09[CFG] no IKE_SA named 'vpn-1' found

Aug 9 09:00:44
15[CFG] received stroke: initiate 'vpn-1'

Aug 9 09:00:44
15[CFG] no config named 'vpn-1'

Aug 9 09:00:44
05[CFG] added configuration 'vpn-1'
分享到:  QQ好友和群QQ好友和群 QQ空间QQ空间 腾讯微博腾讯微博 腾讯朋友腾讯朋友
收藏收藏 支持支持 反对反对
回复

举报

沙发
发表于 2022-8-9 09:25:00 | 只看该作者
楼主您好,两端ipsec均为爱快设备吗?可以先检查下两端ipsec名称是否存在中文,建议修改为英文和数字符,需要具体排查的话请联系咱们技术提供两端远程看下
==========================================================================
如回复您这边还有需要协助可联系爱快技术工程师爱快已开通快速服务码通道,使用服务码可通过多渠道(爱快路由官网、微信小程序爱快微云、手机APP爱快e云,微信公众号爱快智能网络)进行技术咨询可以快速解决您的问题,具体操作步骤请看以下帮助链接
新内核版本测试固件帖:https://bbs.ikuai8.com/thread-129069-1-1.html
文本教程:http://ikuai9.com:555/s/fu36pp
视频教程:http://ikuai9.com:555/s/t0katu
回复 支持 反对

举报

cryamethy
板凳
 楼主| 发表于 2022-8-9 09:51:54 | 只看该作者
爱快技术支持01 发表于 2022-8-9 09:25
楼主您好,两端ipsec均为爱快设备吗?可以先检查下两端ipsec名称是否存在中文,建议修改为英文和数字符,需 ...

没有中文名,都是数字字母以及下划线,两端均为爱快设备
回复 支持 反对

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

关闭

站长推荐上一条 /1 下一条

QQ|小黑屋|手机版|Archiver|论坛规章制度|iKuai Inc. ( 京ICP备13042604号 )

GMT+8, 2024-11-12 14:43

Powered by Discuz! X3.3

© 2001-2024 Comsenz Inc.

快速回复 返回顶部 返回列表