配置调整为同样的还是无法接通。请帮忙看一下,谢谢。
本地配置如下
阿里云配置如下:
本地日志:
Mar 25 15:05:56
06[NET] received packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (404 bytes)
Mar 25 15:05:56
06[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
Mar 25 15:05:56
06[IKE] received XAuth vendor ID
Mar 25 15:05:56
06[IKE] received DPD vendor ID
Mar 25 15:05:56
06[IKE] received FRAGMENTATION vendor ID
Mar 25 15:05:56
06[IKE] received NAT-T (RFC 3947) vendor ID
Mar 25 15:05:56
06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 25 15:05:56
06[IKE] XX.XXX.XXX.XX is initiating a Aggressive Mode IKE_SA
Mar 25 15:05:56
06[CFG] looking for pre-shared key peer configs matching XX.XXX.XXX.XX...XX.XXX.XXX.XX[XX.XXX.XXX.XX]
Mar 25 15:05:56
06[CFG] selected peer config "vpn-1"
Mar 25 15:05:56
06[ENC] generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V ]
Mar 25 15:05:56
06[NET] sending packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (380 bytes)
Mar 25 15:05:56
09[NET] received packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (92 bytes)
Mar 25 15:05:56
09[ENC] invalid HASH_V1 payload length, decryption failed?
Mar 25 15:05:56
09[ENC] could not decrypt payloads
Mar 25 15:05:56
09[IKE] message parsing failed
Mar 25 15:05:56
09[IKE] ignore malformed INFORMATIONAL request
Mar 25 15:05:56
09[IKE] INFORMATIONAL_V1 request with message ID 3525808910 processing failed
Mar 25 15:06:00
03[IKE] sending retransmit 1 of response message ID 0, seq 1
Mar 25 15:06:00
03[NET] sending packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (380 bytes)
Mar 25 15:06:01
04[CFG] rereading secrets
Mar 25 15:06:01
04[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 25 15:06:01
04[CFG] loading secrets from '/etc/ipsec.secrets.d/l2tpd-psk'
Mar 25 15:06:01
04[CFG] loaded IKE secret for %any %any
Mar 25 15:06:01
04[CFG] loading secrets from '/etc/ipsec.secrets.d/vpn-1'
Mar 25 15:06:01
04[CFG] loaded IKE secret for @XX.XXX.XXX.XX @XX.XXX.XXX.XX
Mar 25 15:06:01
04[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts'
Mar 25 15:06:01
04[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'
Mar 25 15:06:01
04[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Mar 25 15:06:01
04[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'
Mar 25 15:06:01
04[CFG] rereading crls from '/etc/ipsec.d/crls'
Mar 25 15:06:01
02[CFG] received stroke: terminate 'vpn-1'
Mar 25 15:06:01
10[IKE] destroying IKE_SA in state CONNECTING without notification
Mar 25 15:06:01
01[CFG] received stroke: initiate 'vpn-1'
Mar 25 15:06:01
01[IKE] initiating Aggressive Mode IKE_SA vpn-1[124] to XX.XXX.XXX.XX
Mar 25 15:06:01
01[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V ]
Mar 25 15:06:01
01[NET] sending packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (380 bytes)
Mar 25 15:06:01
06[NET] received packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (380 bytes)
Mar 25 15:06:01
06[ENC] parsed AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ]
Mar 25 15:06:01
06[IKE] received XAuth vendor ID
Mar 25 15:06:01
06[IKE] received DPD vendor ID
Mar 25 15:06:01
06[IKE] received NAT-T (RFC 3947) vendor ID
Mar 25 15:06:01
06[IKE] calculated HASH does not match HASH payload
Mar 25 15:06:01
06[ENC] generating INFORMATIONAL_V1 request 2079015987 [ HASH N(AUTH_FAILED) ]
Mar 25 15:06:01
06[NET] sending packet: from XX.XXX.XXX.XX[500] to XX.XXX.XXX.XX[500] (92 bytes)
阿里云日志:
2019-03-25 15:00:00 14[CFG] <1420> selected peer config "vco-2ze7uhjr8a86xfnygg37o"
2019-03-25 15:00:00 14[ENC] <vco-2ze7uhjr8a86xfnygg37o|1420> generating AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ]
2019-03-25 15:00:00 14[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:00:00 06[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> received packet: from XX.XXX.XXX.XX[500] to 192.168.8.108[500] (92 bytes)
2019-03-25 15:00:00 06[IKE] <vco-2ze7uhjr8a86xfnygg37o|1420> queueing INFORMATIONAL_V1 request as tasks still active
2019-03-25 15:00:04 15[IKE] <vco-2ze7uhjr8a86xfnygg37o|1420> sending retransmit 1 of response message ID 0, seq 1
2019-03-25 15:00:04 15[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:00:11 11[IKE] <vco-2ze7uhjr8a86xfnygg37o|1420> sending retransmit 2 of response message ID 0, seq 1
2019-03-25 15:00:11 11[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:00:24 09[IKE] <vco-2ze7uhjr8a86xfnygg37o|1420> sending retransmit 3 of response message ID 0, seq 1
2019-03-25 15:00:24 09[NET] <vco-2ze7uhjr8a86xfnygg37o|1420> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:00:30 10[JOB] <vco-2ze7uhjr8a86xfnygg37o|1420> deleting half open IKE_SA after timeout
2019-03-25 15:05:57 12[CFG] received stroke: initiate 'vco-2ze7uhjr8a86xfnygg37o'
2019-03-25 15:05:57 12[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> initiating Aggressive Mode IKE_SA vco-2ze7uhjr8a86xfnygg37o[1421] to XX.XXX.XXX.XX
2019-03-25 15:05:57 12[ENC] <vco-2ze7uhjr8a86xfnygg37o|1421> generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
2019-03-25 15:05:57 12[NET] <vco-2ze7uhjr8a86xfnygg37o|1421> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (404 bytes)
2019-03-25 15:05:57 14[NET] <vco-2ze7uhjr8a86xfnygg37o|1421> received packet: from XX.XXX.XXX.XX[500] to 192.168.8.108[500] (380 bytes)
2019-03-25 15:05:57 14[ENC] <vco-2ze7uhjr8a86xfnygg37o|1421> parsed AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V ]
2019-03-25 15:05:57 14[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> received XAuth vendor ID
2019-03-25 15:05:57 14[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> received DPD vendor ID
2019-03-25 15:05:57 14[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> received NAT-T (RFC 3947) vendor ID
2019-03-25 15:05:57 14[IKE] <vco-2ze7uhjr8a86xfnygg37o|1421> calculated HASH does not match HASH payload
2019-03-25 15:05:57 14[ENC] <vco-2ze7uhjr8a86xfnygg37o|1421> generating INFORMATIONAL_V1 request 3525808910 [ HASH N(AUTH_FAILED) ]
2019-03-25 15:05:57 14[NET] <vco-2ze7uhjr8a86xfnygg37o|1421> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (92 bytes)
2019-03-25 15:06:01 07[CFG] <1422> selected peer config "vco-2ze7uhjr8a86xfnygg37o"
2019-03-25 15:06:01 07[ENC] <vco-2ze7uhjr8a86xfnygg37o|1422> generating AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ]
2019-03-25 15:06:01 07[NET] <vco-2ze7uhjr8a86xfnygg37o|1422> sending packet: from 192.168.8.108[500] to XX.XXX.XXX.XX[500] (380 bytes)
2019-03-25 15:06:01 10[NET] <vco-2ze7uhjr8a86xfnygg37o|1422> received packet: from XX.XXX.XXX.XX[500] to 192.168.8.108[500] (92 bytes)
2019-03-25 15:06:01 10[IKE] <vco-2ze7uhjr8a86xfnygg37o|1422> queueing INFORMATIONAL_V1 request as tasks still active
|