开启辅助访问 切换到宽版

iKuai爱快流控路由

 找回密码
 立即注册

QQ登录

只需一步,快速开始

iKuai爱快流控路由»iKuai爱快论坛 iKuai 爱快流控路由技术讨论 VPN爱快和阿里云IPsec实施时遇到的问题
返回列表 发新帖
查看: 1975|回复: 4
打印 上一主题 下一主题

[问题反馈] VPN爱快和阿里云IPsec实施时遇到的问题

[复制链接]
rocmxp
跳转到指定楼层
楼主
发表于 2019-3-25 15:11:54 | 只看该作者 |只看大图 回帖奖励 |倒序浏览 |阅读模式

配置调整为同样的还是无法接通。请帮忙看一下,谢谢。


本地配置如下


阿里云配置如下:


本地日志:
Mar 25 15:05:56
06[NET] received packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (404 bytes)

Mar 25 15:05:56
06[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V ]

Mar 25 15:05:56
06[IKE] received XAuth vendor ID

Mar 25 15:05:56
06[IKE] received DPD vendor ID

Mar 25 15:05:56
06[IKE] received FRAGMENTATION vendor ID

Mar 25 15:05:56
06[IKE] received NAT-T (RFC 3947) vendor ID

Mar 25 15:05:56
06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID

Mar 25 15:05:56
06[IKE] XX.XXX.XXX.XX is initiating a Aggressive Mode IKE_SA

Mar 25 15:05:56
06[CFG] looking for pre-shared key peer configs matching XX.XXX.XXX.XX...XX.XXX.XXX.XX[XX.XXX.XXX.XX]

Mar 25 15:05:56
06[CFG] selected peer config "vpn-1"

Mar 25 15:05:56
06[ENC] generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V ]

Mar 25 15:05:56
06[NET] sending packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (380 bytes)

Mar 25 15:05:56
09[NET] received packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (92 bytes)

Mar 25 15:05:56
09[ENC] invalid HASH_V1 payload length, decryption failed?

Mar 25 15:05:56
09[ENC] could not decrypt payloads

Mar 25 15:05:56
09[IKE] message parsing failed

Mar 25 15:05:56
09[IKE] ignore malformed INFORMATIONAL request

Mar 25 15:05:56
09[IKE] INFORMATIONAL_V1 request with message ID 3525808910 processing failed

Mar 25 15:06:00
03[IKE] sending retransmit 1 of response message ID 0, seq 1

Mar 25 15:06:00
03[NET] sending packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (380 bytes)

Mar 25 15:06:01
04[CFG] rereading secrets

Mar 25 15:06:01
04[CFG] loading secrets from '/etc/ipsec.secrets'

Mar 25 15:06:01
04[CFG] loading secrets from '/etc/ipsec.secrets.d/l2tpd-psk'

Mar 25 15:06:01
04[CFG] loaded IKE secret for %any %any

Mar 25 15:06:01
04[CFG] loading secrets from '/etc/ipsec.secrets.d/vpn-1'

Mar 25 15:06:01
04[CFG] loaded IKE secret for @XX.XXX.XXX.XX @XX.XXX.XXX.XX

Mar 25 15:06:01
04[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts'

Mar 25 15:06:01
04[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'

Mar 25 15:06:01
04[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

Mar 25 15:06:01
04[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'

Mar 25 15:06:01
04[CFG] rereading crls from '/etc/ipsec.d/crls'

Mar 25 15:06:01
02[CFG] received stroke: terminate 'vpn-1'

Mar 25 15:06:01
10[IKE] destroying IKE_SA in state CONNECTING without notification

Mar 25 15:06:01
01[CFG] received stroke: initiate 'vpn-1'

Mar 25 15:06:01
01[IKE] initiating Aggressive Mode IKE_SA vpn-1[124] to XX.XXX.XXX.XX

Mar 25 15:06:01
01[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V ]

Mar 25 15:06:01
01[NET] sending packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (380 bytes)

Mar 25 15:06:01
06[NET] received packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (380 bytes)

Mar 25 15:06:01
06[ENC] parsed AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ]

Mar 25 15:06:01
06[IKE] received XAuth vendor ID

Mar 25 15:06:01
06[IKE] received DPD vendor ID

Mar 25 15:06:01
06[IKE] received NAT-T (RFC 3947) vendor ID

Mar 25 15:06:01
06[IKE] calculated HASH does not match HASH payload

Mar 25 15:06:01
06[ENC] generating INFORMATIONAL_V1 request 2079015987 [ HASH N(AUTH_FAILED) ]

Mar 25 15:06:01
06[NET] sending packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (92 bytes)






阿里云日志:
2019-03-25 15:00:00 14[CFG] <1420> selected peer config "vco-2ze7uhjr8a86xfnygg37o"
2019-03-25 15:00:00 14[ENC] <vco-2ze7uhjr8a86xfnygg37o|1420> generating AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ]
2019-03-25 15:00:00 14[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:00:00 06[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> received packet: from XX.XXX.XXX.XX[500] to 192.168.8.108[500] (92 bytes)
2019-03-25 15:00:00 06[IKE] <vco-2ze7uhjr8a86xfnygg37o|1420> queueing INFORMATIONAL_V1 request as tasks still active
2019-03-25 15:00:04 15[IKE] <vco-2ze7uhjr8a86xfnygg37o|1420> sending retransmit 1 of response message ID 0, seq 1
2019-03-25 15:00:04 15[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:00:11 11[IKE] <vco-2ze7uhjr8a86xfnygg37o|1420> sending retransmit 2 of response message ID 0, seq 1
2019-03-25 15:00:11 11[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:00:24 09[IKE] <vco-2ze7uhjr8a86xfnygg37o|1420> sending retransmit 3 of response message ID 0, seq 1
2019-03-25 15:00:24 09[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:00:30 10[JOB] <vco-2ze7uhjr8a86xfnygg37o|1420> deleting half open IKE_SA after timeout
2019-03-25 15:05:57 12[CFG] received stroke: initiate 'vco-2ze7uhjr8a86xfnygg37o'
2019-03-25 15:05:57 12[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> initiating Aggressive Mode IKE_SA vco-2ze7uhjr8a86xfnygg37o[1421] to XX.XXX.XXX.XX
2019-03-25 15:05:57 12[ENC] <vco-2ze7uhjr8a86xfnygg37o|1421> generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
2019-03-25 15:05:57 12[NET] <vco-2ze7uhjr8a86xfnygg37o|1421> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (404 bytes)
2019-03-25 15:05:57 14[NET] <vco-2ze7uhjr8a86xfnygg37o|1421> received packet: from XX.XXX.XXX.XX[500] to 192.168.8.108[500] (380 bytes)
2019-03-25 15:05:57 14[ENC] <vco-2ze7uhjr8a86xfnygg37o|1421> parsed AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V ]
2019-03-25 15:05:57 14[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> received XAuth vendor ID
2019-03-25 15:05:57 14[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> received DPD vendor ID
2019-03-25 15:05:57 14[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> received NAT-T (RFC 3947) vendor ID
2019-03-25 15:05:57 14[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> calculated HASH does not match HASH payload
2019-03-25 15:05:57 14[ENC] <vco-2ze7uhjr8a86xfnygg37o|1421> generating INFORMATIONAL_V1 request 3525808910 [ HASH N(AUTH_FAILED) ]
2019-03-25 15:05:57 14[NET] <vco-2ze7uhjr8a86xfnygg37o|1421> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (92 bytes)
2019-03-25 15:06:01 07[CFG] <1422> selected peer config "vco-2ze7uhjr8a86xfnygg37o"
2019-03-25 15:06:01 07[ENC] <vco-2ze7uhjr8a86xfnygg37o|1422> generating AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ]
2019-03-25 15:06:01 07[NET] <vco-2ze7uhjr8a86xfnygg37o|1422> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:06:01 10[NET] <vco-2ze7uhjr8a86xfnygg37o|1422> received packet: from XX.XXX.XXX.XX[500] to 192.168.8.108[500] (92 bytes)
2019-03-25 15:06:01 10[IKE] <vco-2ze7uhjr8a86xfnygg37o|1422> queueing INFORMATIONAL_V1 request as tasks still active




分享到:  QQ好友和群QQ好友和群 QQ空间QQ空间 腾讯微博腾讯微博 腾讯朋友腾讯朋友
收藏收藏 支持支持 反对反对
回复

举报

rocmxp
沙发
 楼主| 发表于 2019-3-25 15:38:22 | 只看该作者

这是阿里云工程师的回复,帮忙看一下,谢谢
回复 支持 反对

举报

板凳
发表于 2019-3-25 16:47:03 | 只看该作者
楼主,您好
1、路由器两端是否都为公网IP地址,阿里云的服务器地址有填写吗
2、因为爱快路由不支持DPD,所以对端可以先关闭看一下。
回复 支持 反对

举报

rocmxp
地板
 楼主| 发表于 2019-3-25 16:57:53 | 只看该作者
本帖最后由 rocmxp 于 2019-3-25 16:59 编辑

地址都是公网地址,并且都已经填写了。
阿里云反馈:阿里云VPN网关默认没有开启DPD检测
回复 支持 反对

举报

xinyuzu
5#
发表于 2019-3-26 01:01:49 来自手机访问 | 只看该作者
我在阿里云开了个pptp
回复 支持 反对

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

关闭

站长推荐上一条 /1 下一条

QQ|小黑屋|手机版|Archiver|论坛规章制度|iKuai Inc. ( 京ICP备13042604号 )

GMT+8, 2024-9-22 19:31

Powered by Discuz! X3.3

© 2001-2024 Comsenz Inc.

快速回复 返回顶部 返回列表