Strongswan5.3.3与win7 l2tpoverIPsecVPN对接的配置与打印
来源:互联网 发布:网络基础知识教程视频 编辑:程序博客网 时间:2024/06/05 15:54
ipsec.conf:
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn net-net
type=transport
left=192.168.152.150
leftsubnet=0.0.0.0/0
#leftid=@sun
leftid=192.168.152.150
leftfirewall=yes
right=192.168.152.1
rightsubnet=0.0.0.0/0
#rightid=@moon
rightid=192.168.152.1
auto=add
ipsec.secrets:
# /etc/ipsec.secrets - strongSwan IPsec secrets file
# PSK hello
192.168.152.150 192.168.152.1 : PSK 0saGVsbG8=
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 05[MGR] checkout IKE_SA by message
Dec 16 14:54:47 05[MGR] created IKE_SA (unnamed)[1]
Dec 16 14:54:47 05[NET] <1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (408 bytes)
Dec 16 14:54:47 05[ENC] <1> parsed ID_PROT request 0 [ SA V V V V V V V V ]
Dec 16 14:54:47 05[CFG] <1> looking for an ike config for 192.168.152.150...192.168.152.1
Dec 16 14:54:47 05[CFG] <1> candidate: 192.168.152.150...192.168.152.1, prio 3100
Dec 16 14:54:47 05[CFG] <1> found matching ike config: 192.168.152.150...192.168.152.1 with prio 3100
Dec 16 14:54:47 05[ENC] <1> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
Dec 16 14:54:47 05[IKE] <1> received MS NT5 ISAKMPOAKLEY vendor ID
Dec 16 14:54:47 05[IKE] <1> received NAT-T (RFC 3947) vendor ID
Dec 16 14:54:47 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Dec 16 14:54:47 05[IKE] <1> received FRAGMENTATION vendor ID
Dec 16 14:54:47 05[ENC] <1> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Dec 16 14:54:47 05[ENC] <1> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Dec 16 14:54:47 05[ENC] <1> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Dec 16 14:54:47 05[IKE] <1> 192.168.152.1 is initiating a Main Mode IKE_SA
Dec 16 14:54:47 05[IKE] <1> IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable DIFFIE_HELLMAN_GROUP found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable DIFFIE_HELLMAN_GROUP found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable DIFFIE_HELLMAN_GROUP found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> proposal matches
Dec 16 14:54:47 05[CFG] <1> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 16 14:54:47 05[CFG] <1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Dec 16 14:54:47 05[CFG] <1> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
Dec 16 14:54:47 05[IKE] <1> sending XAuth vendor ID
Dec 16 14:54:47 05[IKE] <1> sending DPD vendor ID
Dec 16 14:54:47 05[IKE] <1> sending NAT-T (RFC 3947) vendor ID
Dec 16 14:54:47 05[ENC] <1> generating ID_PROT response 0 [ SA V V V ]
Dec 16 14:54:47 05[NET] <1> sending packet: from 192.168.152.150[500] to 192.168.152.1[500] (136 bytes)
Dec 16 14:54:47 05[MGR] <1> checkin IKE_SA (unnamed)[1]
Dec 16 14:54:47 05[MGR] <1> check-in of IKE_SA successful.
Dec 16 14:54:47 01[JOB] next event in 29s 993ms, waiting
Dec 16 14:54:47 04[NET] sending packet: from 192.168.152.150[500] to 192.168.152.1[500]
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 06[MGR] checkout IKE_SA by message
Dec 16 14:54:47 06[MGR] IKE_SA (unnamed)[1] successfully checked out
Dec 16 14:54:47 06[NET] <1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (228 bytes)
Dec 16 14:54:47 06[ENC] <1> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Dec 16 14:54:47 06[ENC] <1> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Dec 16 14:54:47 06[NET] <1> sending packet: from 192.168.152.150[500] to 192.168.152.1[500] (212 bytes)
Dec 16 14:54:47 06[MGR] <1> checkin IKE_SA (unnamed)[1]
Dec 16 14:54:47 06[MGR] <1> check-in of IKE_SA successful.
Dec 16 14:54:47 04[NET] sending packet: from 192.168.152.150[500] to 192.168.152.1[500]
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 05[MGR] checkout IKE_SA by message
Dec 16 14:54:47 05[MGR] IKE_SA (unnamed)[1] successfully checked out
Dec 16 14:54:47 05[NET] <1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (76 bytes)
Dec 16 14:54:47 05[ENC] <1> parsed ID_PROT request 0 [ ID HASH ]
Dec 16 14:54:47 05[CFG] <1> looking for pre-shared key peer configs matching 192.168.152.150...192.168.152.1[192.168.152.1]
Dec 16 14:54:47 05[CFG] <1> candidate "net-net", match: 1/20/3100 (me/other/ike)
Dec 16 14:54:47 05[CFG] <1> selected peer config "net-net"
Dec 16 14:54:47 05[IKE] <net-net|1> IKE_SA net-net[1] established between 192.168.152.150[192.168.152.150]...192.168.152.1[192.168.152.1]
Dec 16 14:54:47 05[IKE] <net-net|1> IKE_SA net-net[1] state change: CONNECTING => ESTABLISHED
Dec 16 14:54:47 05[IKE] <net-net|1> scheduling reauthentication in 3257s
Dec 16 14:54:47 05[IKE] <net-net|1> maximum IKE_SA lifetime 3437s
Dec 16 14:54:47 05[ENC] <net-net|1> generating ID_PROT response 0 [ ID HASH ]
Dec 16 14:54:47 05[NET] <net-net|1> sending packet: from 192.168.152.150[500] to 192.168.152.1[500] (76 bytes)
Dec 16 14:54:47 05[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:47 05[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 14:54:47 05[MGR] checkout IKE_SA
Dec 16 14:54:47 05[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 14:54:47 05[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:47 05[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 14:54:47 01[JOB] next event in 29s 935ms, waiting
Dec 16 14:54:47 04[NET] sending packet: from 192.168.152.150[500] to 192.168.152.1[500]
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 05[MGR] checkout IKE_SA by message
Dec 16 14:54:47 05[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 14:54:47 05[NET] <net-net|1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (476 bytes)
Dec 16 14:54:47 05[ENC] <net-net|1> parsed QUICK_MODE request 1 [ HASH SA No ID ID ]
Dec 16 14:54:47 05[CFG] <net-net|1> looking for a child config for 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp]
Dec 16 14:54:47 05[CFG] <net-net|1> proposing traffic selectors for us:
Dec 16 14:54:47 05[CFG] <net-net|1> 0.0.0.0/0
Dec 16 14:54:47 05[CFG] <net-net|1> proposing traffic selectors for other:
Dec 16 14:54:47 05[CFG] <net-net|1> 0.0.0.0/0
Dec 16 14:54:47 05[CFG] <net-net|1> candidate "net-net" with prio 1+1
Dec 16 14:54:47 05[CFG] <net-net|1> found matching child config "net-net" with prio 2
Dec 16 14:54:47 05[CFG] <net-net|1> selecting traffic selectors for other:
Dec 16 14:54:47 05[CFG] <net-net|1> config: 0.0.0.0/0, received: 192.168.152.1/32[udp/l2tp] => match: 192.168.152.1/32[udp/l2tp]
Dec 16 14:54:47 05[CFG] <net-net|1> selecting traffic selectors for us:
Dec 16 14:54:47 05[CFG] <net-net|1> config: 0.0.0.0/0, received: 192.168.152.150/32[udp/l2tp] => match: 192.168.152.150/32[udp/l2tp]
Dec 16 14:54:47 05[CFG] <net-net|1> selecting proposal:
Dec 16 14:54:47 05[CFG] <net-net|1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <net-net|1> selecting proposal:
Dec 16 14:54:47 05[CFG] <net-net|1> proposal matches
Dec 16 14:54:47 05[CFG] <net-net|1> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ, AH:HMAC_SHA1_96/NO_EXT_SEQ
Dec 16 14:54:47 05[CFG] <net-net|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Dec 16 14:54:47 05[CFG] <net-net|1> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Dec 16 14:54:47 05[IKE] <net-net|1> received 3600s lifetime, configured 1200s
Dec 16 14:54:47 05[IKE] <net-net|1> received 250000000 lifebytes, configured 0
Dec 16 14:54:47 05[KNL] <net-net|1> got SPI c04d78f4
Dec 16 14:54:47 05[ENC] <net-net|1> generating QUICK_MODE response 1 [ HASH SA No ID ID ]
Dec 16 14:54:47 05[NET] <net-net|1> sending packet: from 192.168.152.150[500] to 192.168.152.1[500] (188 bytes)
Dec 16 14:54:47 05[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:47 05[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 14:54:47 04[NET] sending packet: from 192.168.152.150[500] to 192.168.152.1[500]
Dec 16 14:54:47 01[JOB] next event in 3s 996ms, waiting
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 06[MGR] checkout IKE_SA by message
Dec 16 14:54:47 06[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 14:54:47 06[NET] <net-net|1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (60 bytes)
Dec 16 14:54:47 06[ENC] <net-net|1> parsed QUICK_MODE request 1 [ HASH ]
Dec 16 14:54:47 06[CHD] <net-net|1> using AES_CBC for encryption
Dec 16 14:54:47 06[CHD] <net-net|1> using HMAC_SHA1_96 for integrity
Dec 16 14:54:47 06[CHD] <net-net|1> adding inbound ESP SA
Dec 16 14:54:47 06[CHD] <net-net|1> SPI 0xc04d78f4, src 192.168.152.1 dst 192.168.152.150
Dec 16 14:54:47 06[KNL] <net-net|1> adding SAD entry with SPI c04d78f4 and reqid {1} (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> using encryption algorithm AES_CBC with key size 128
Dec 16 14:54:47 06[KNL] <net-net|1> using integrity algorithm HMAC_SHA1_96 with key size 160
Dec 16 14:54:47 06[KNL] <net-net|1> using replay window of 32 packets
Dec 16 14:54:47 06[CHD] <net-net|1> adding outbound ESP SA
Dec 16 14:54:47 06[CHD] <net-net|1> SPI 0xea06b716, src 192.168.152.150 dst 192.168.152.1
Dec 16 14:54:47 06[KNL] <net-net|1> adding SAD entry with SPI ea06b716 and reqid {1} (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> using encryption algorithm AES_CBC with key size 128
Dec 16 14:54:47 06[KNL] <net-net|1> using integrity algorithm HMAC_SHA1_96 with key size 160
Dec 16 14:54:47 06[KNL] <net-net|1> using replay window of 32 packets
Dec 16 14:54:47 06[KNL] <net-net|1> adding policy 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp] out (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> adding policy 192.168.152.1/32[udp/l2tp] === 192.168.152.150/32[udp/l2tp] in (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> policy 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp] out (mark 0/0x00000000) already exists, increasing refcount
Dec 16 14:54:47 06[KNL] <net-net|1> updating policy 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp] out (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> policy 192.168.152.1/32[udp/l2tp] === 192.168.152.150/32[udp/l2tp] in (mark 0/0x00000000) already exists, increasing refcount
Dec 16 14:54:47 06[KNL] <net-net|1> updating policy 192.168.152.1/32[udp/l2tp] === 192.168.152.150/32[udp/l2tp] in (mark 0/0x00000000)
Dec 16 14:54:47 06[IKE] <net-net|1> CHILD_SA net-net{1} established with SPIs c04d78f4_i ea06b716_o and TS 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp]
Dec 16 14:54:47 06[KNL] <net-net|1> 192.168.152.150 is on interface eno33554960
Dec 16 14:54:47 06[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:47 06[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 14:54:51 01[JOB] got event, queuing job for execution
Dec 16 14:54:51 01[JOB] next event in 25s 912ms, waiting
Dec 16 14:54:51 05[MGR] checkout IKE_SA
Dec 16 14:54:51 05[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 14:54:51 05[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:51 05[MGR] <net-net|1> check-in of IKE_SA successful.
[root@- etc]# ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.3, Linux 3.4.44, x86_64):
uptime: 23 seconds, since Dec 16 14:54:39 2015
malloc: sbrk 2076672, mmap 0, used 1244352, free 832320
worker threads: 1 of 6 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
loaded plugins: charon pkcs11 aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-radius xauth-generic unity
Listening IP addresses:
192.168.152.150
Connections:
net-net: 192.168.152.150...192.168.152.1 IKEv1
net-net: local: [192.168.152.150] uses pre-shared key authentication
net-net: remote: [192.168.152.1] uses pre-shared key authentication
net-net: child: 0.0.0.0/0 === 0.0.0.0/0 TRANSPORT
Security Associations (1 up, 0 connecting):
net-net[1]: ESTABLISHED 15 seconds ago, 192.168.152.150[192.168.152.150]...192.168.152.1[192.168.152.1]
net-net[1]: IKEv1 SPIs: 7f88597c9354b058_i d7be765386551a8f_r*, pre-shared key reauthentication in 54 minutes
net-net[1]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
net-net{1}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c04d78f4_i ea06b716_o
net-net{1}: AES_CBC_128/HMAC_SHA1_96, 428 bytes_i (4 pkts, 0s ago), 0 bytes_o, rekeying in 14 minutes
net-net{1}: 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp]
No leaks detected, 1 suppressed by whitelist
ipsec.conf:
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn net-net
type=transport
left=192.168.152.150
leftsubnet=0.0.0.0/0
#leftid=@sun
leftid=192.168.152.150
leftfirewall=yes
right=192.168.152.1
rightsubnet=0.0.0.0/0
#rightid=@moon
rightid=192.168.152.1
auto=add
ipsec.secrets:
# /etc/ipsec.secrets - strongSwan IPsec secrets file
# PSK hello
192.168.152.150 192.168.152.1 : PSK 0saGVsbG8=
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 05[MGR] checkout IKE_SA by message
Dec 16 14:54:47 05[MGR] created IKE_SA (unnamed)[1]
Dec 16 14:54:47 05[NET] <1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (408 bytes)
Dec 16 14:54:47 05[ENC] <1> parsed ID_PROT request 0 [ SA V V V V V V V V ]
Dec 16 14:54:47 05[CFG] <1> looking for an ike config for 192.168.152.150...192.168.152.1
Dec 16 14:54:47 05[CFG] <1> candidate: 192.168.152.150...192.168.152.1, prio 3100
Dec 16 14:54:47 05[CFG] <1> found matching ike config: 192.168.152.150...192.168.152.1 with prio 3100
Dec 16 14:54:47 05[ENC] <1> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
Dec 16 14:54:47 05[IKE] <1> received MS NT5 ISAKMPOAKLEY vendor ID
Dec 16 14:54:47 05[IKE] <1> received NAT-T (RFC 3947) vendor ID
Dec 16 14:54:47 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Dec 16 14:54:47 05[IKE] <1> received FRAGMENTATION vendor ID
Dec 16 14:54:47 05[ENC] <1> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Dec 16 14:54:47 05[ENC] <1> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Dec 16 14:54:47 05[ENC] <1> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Dec 16 14:54:47 05[IKE] <1> 192.168.152.1 is initiating a Main Mode IKE_SA
Dec 16 14:54:47 05[IKE] <1> IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable DIFFIE_HELLMAN_GROUP found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable DIFFIE_HELLMAN_GROUP found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> no acceptable DIFFIE_HELLMAN_GROUP found
Dec 16 14:54:47 05[CFG] <1> selecting proposal:
Dec 16 14:54:47 05[CFG] <1> proposal matches
Dec 16 14:54:47 05[CFG] <1> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 16 14:54:47 05[CFG] <1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Dec 16 14:54:47 05[CFG] <1> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
Dec 16 14:54:47 05[IKE] <1> sending XAuth vendor ID
Dec 16 14:54:47 05[IKE] <1> sending DPD vendor ID
Dec 16 14:54:47 05[IKE] <1> sending NAT-T (RFC 3947) vendor ID
Dec 16 14:54:47 05[ENC] <1> generating ID_PROT response 0 [ SA V V V ]
Dec 16 14:54:47 05[NET] <1> sending packet: from 192.168.152.150[500] to 192.168.152.1[500] (136 bytes)
Dec 16 14:54:47 05[MGR] <1> checkin IKE_SA (unnamed)[1]
Dec 16 14:54:47 05[MGR] <1> check-in of IKE_SA successful.
Dec 16 14:54:47 01[JOB] next event in 29s 993ms, waiting
Dec 16 14:54:47 04[NET] sending packet: from 192.168.152.150[500] to 192.168.152.1[500]
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 06[MGR] checkout IKE_SA by message
Dec 16 14:54:47 06[MGR] IKE_SA (unnamed)[1] successfully checked out
Dec 16 14:54:47 06[NET] <1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (228 bytes)
Dec 16 14:54:47 06[ENC] <1> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Dec 16 14:54:47 06[ENC] <1> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Dec 16 14:54:47 06[NET] <1> sending packet: from 192.168.152.150[500] to 192.168.152.1[500] (212 bytes)
Dec 16 14:54:47 06[MGR] <1> checkin IKE_SA (unnamed)[1]
Dec 16 14:54:47 06[MGR] <1> check-in of IKE_SA successful.
Dec 16 14:54:47 04[NET] sending packet: from 192.168.152.150[500] to 192.168.152.1[500]
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 05[MGR] checkout IKE_SA by message
Dec 16 14:54:47 05[MGR] IKE_SA (unnamed)[1] successfully checked out
Dec 16 14:54:47 05[NET] <1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (76 bytes)
Dec 16 14:54:47 05[ENC] <1> parsed ID_PROT request 0 [ ID HASH ]
Dec 16 14:54:47 05[CFG] <1> looking for pre-shared key peer configs matching 192.168.152.150...192.168.152.1[192.168.152.1]
Dec 16 14:54:47 05[CFG] <1> candidate "net-net", match: 1/20/3100 (me/other/ike)
Dec 16 14:54:47 05[CFG] <1> selected peer config "net-net"
Dec 16 14:54:47 05[IKE] <net-net|1> IKE_SA net-net[1] established between 192.168.152.150[192.168.152.150]...192.168.152.1[192.168.152.1]
Dec 16 14:54:47 05[IKE] <net-net|1> IKE_SA net-net[1] state change: CONNECTING => ESTABLISHED
Dec 16 14:54:47 05[IKE] <net-net|1> scheduling reauthentication in 3257s
Dec 16 14:54:47 05[IKE] <net-net|1> maximum IKE_SA lifetime 3437s
Dec 16 14:54:47 05[ENC] <net-net|1> generating ID_PROT response 0 [ ID HASH ]
Dec 16 14:54:47 05[NET] <net-net|1> sending packet: from 192.168.152.150[500] to 192.168.152.1[500] (76 bytes)
Dec 16 14:54:47 05[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:47 05[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 14:54:47 05[MGR] checkout IKE_SA
Dec 16 14:54:47 05[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 14:54:47 05[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:47 05[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 14:54:47 01[JOB] next event in 29s 935ms, waiting
Dec 16 14:54:47 04[NET] sending packet: from 192.168.152.150[500] to 192.168.152.1[500]
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 05[MGR] checkout IKE_SA by message
Dec 16 14:54:47 05[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 14:54:47 05[NET] <net-net|1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (476 bytes)
Dec 16 14:54:47 05[ENC] <net-net|1> parsed QUICK_MODE request 1 [ HASH SA No ID ID ]
Dec 16 14:54:47 05[CFG] <net-net|1> looking for a child config for 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp]
Dec 16 14:54:47 05[CFG] <net-net|1> proposing traffic selectors for us:
Dec 16 14:54:47 05[CFG] <net-net|1> 0.0.0.0/0
Dec 16 14:54:47 05[CFG] <net-net|1> proposing traffic selectors for other:
Dec 16 14:54:47 05[CFG] <net-net|1> 0.0.0.0/0
Dec 16 14:54:47 05[CFG] <net-net|1> candidate "net-net" with prio 1+1
Dec 16 14:54:47 05[CFG] <net-net|1> found matching child config "net-net" with prio 2
Dec 16 14:54:47 05[CFG] <net-net|1> selecting traffic selectors for other:
Dec 16 14:54:47 05[CFG] <net-net|1> config: 0.0.0.0/0, received: 192.168.152.1/32[udp/l2tp] => match: 192.168.152.1/32[udp/l2tp]
Dec 16 14:54:47 05[CFG] <net-net|1> selecting traffic selectors for us:
Dec 16 14:54:47 05[CFG] <net-net|1> config: 0.0.0.0/0, received: 192.168.152.150/32[udp/l2tp] => match: 192.168.152.150/32[udp/l2tp]
Dec 16 14:54:47 05[CFG] <net-net|1> selecting proposal:
Dec 16 14:54:47 05[CFG] <net-net|1> no acceptable ENCRYPTION_ALGORITHM found
Dec 16 14:54:47 05[CFG] <net-net|1> selecting proposal:
Dec 16 14:54:47 05[CFG] <net-net|1> proposal matches
Dec 16 14:54:47 05[CFG] <net-net|1> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ, AH:HMAC_SHA1_96/NO_EXT_SEQ
Dec 16 14:54:47 05[CFG] <net-net|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Dec 16 14:54:47 05[CFG] <net-net|1> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Dec 16 14:54:47 05[IKE] <net-net|1> received 3600s lifetime, configured 1200s
Dec 16 14:54:47 05[IKE] <net-net|1> received 250000000 lifebytes, configured 0
Dec 16 14:54:47 05[KNL] <net-net|1> got SPI c04d78f4
Dec 16 14:54:47 05[ENC] <net-net|1> generating QUICK_MODE response 1 [ HASH SA No ID ID ]
Dec 16 14:54:47 05[NET] <net-net|1> sending packet: from 192.168.152.150[500] to 192.168.152.1[500] (188 bytes)
Dec 16 14:54:47 05[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:47 05[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 14:54:47 04[NET] sending packet: from 192.168.152.150[500] to 192.168.152.1[500]
Dec 16 14:54:47 01[JOB] next event in 3s 996ms, waiting
Dec 16 14:54:47 03[NET] received packet: from 192.168.152.1[500] to 192.168.152.150[500]
Dec 16 14:54:47 03[NET] waiting for data on sockets
Dec 16 14:54:47 06[MGR] checkout IKE_SA by message
Dec 16 14:54:47 06[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 14:54:47 06[NET] <net-net|1> received packet: from 192.168.152.1[500] to 192.168.152.150[500] (60 bytes)
Dec 16 14:54:47 06[ENC] <net-net|1> parsed QUICK_MODE request 1 [ HASH ]
Dec 16 14:54:47 06[CHD] <net-net|1> using AES_CBC for encryption
Dec 16 14:54:47 06[CHD] <net-net|1> using HMAC_SHA1_96 for integrity
Dec 16 14:54:47 06[CHD] <net-net|1> adding inbound ESP SA
Dec 16 14:54:47 06[CHD] <net-net|1> SPI 0xc04d78f4, src 192.168.152.1 dst 192.168.152.150
Dec 16 14:54:47 06[KNL] <net-net|1> adding SAD entry with SPI c04d78f4 and reqid {1} (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> using encryption algorithm AES_CBC with key size 128
Dec 16 14:54:47 06[KNL] <net-net|1> using integrity algorithm HMAC_SHA1_96 with key size 160
Dec 16 14:54:47 06[KNL] <net-net|1> using replay window of 32 packets
Dec 16 14:54:47 06[CHD] <net-net|1> adding outbound ESP SA
Dec 16 14:54:47 06[CHD] <net-net|1> SPI 0xea06b716, src 192.168.152.150 dst 192.168.152.1
Dec 16 14:54:47 06[KNL] <net-net|1> adding SAD entry with SPI ea06b716 and reqid {1} (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> using encryption algorithm AES_CBC with key size 128
Dec 16 14:54:47 06[KNL] <net-net|1> using integrity algorithm HMAC_SHA1_96 with key size 160
Dec 16 14:54:47 06[KNL] <net-net|1> using replay window of 32 packets
Dec 16 14:54:47 06[KNL] <net-net|1> adding policy 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp] out (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> adding policy 192.168.152.1/32[udp/l2tp] === 192.168.152.150/32[udp/l2tp] in (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> policy 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp] out (mark 0/0x00000000) already exists, increasing refcount
Dec 16 14:54:47 06[KNL] <net-net|1> updating policy 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp] out (mark 0/0x00000000)
Dec 16 14:54:47 06[KNL] <net-net|1> policy 192.168.152.1/32[udp/l2tp] === 192.168.152.150/32[udp/l2tp] in (mark 0/0x00000000) already exists, increasing refcount
Dec 16 14:54:47 06[KNL] <net-net|1> updating policy 192.168.152.1/32[udp/l2tp] === 192.168.152.150/32[udp/l2tp] in (mark 0/0x00000000)
Dec 16 14:54:47 06[IKE] <net-net|1> CHILD_SA net-net{1} established with SPIs c04d78f4_i ea06b716_o and TS 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp]
Dec 16 14:54:47 06[KNL] <net-net|1> 192.168.152.150 is on interface eno33554960
Dec 16 14:54:47 06[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:47 06[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 14:54:51 01[JOB] got event, queuing job for execution
Dec 16 14:54:51 01[JOB] next event in 25s 912ms, waiting
Dec 16 14:54:51 05[MGR] checkout IKE_SA
Dec 16 14:54:51 05[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 14:54:51 05[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 14:54:51 05[MGR] <net-net|1> check-in of IKE_SA successful.
[root@- etc]# ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.3, Linux 3.4.44, x86_64):
uptime: 23 seconds, since Dec 16 14:54:39 2015
malloc: sbrk 2076672, mmap 0, used 1244352, free 832320
worker threads: 1 of 6 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
loaded plugins: charon pkcs11 aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-radius xauth-generic unity
Listening IP addresses:
192.168.152.150
Connections:
net-net: 192.168.152.150...192.168.152.1 IKEv1
net-net: local: [192.168.152.150] uses pre-shared key authentication
net-net: remote: [192.168.152.1] uses pre-shared key authentication
net-net: child: 0.0.0.0/0 === 0.0.0.0/0 TRANSPORT
Security Associations (1 up, 0 connecting):
net-net[1]: ESTABLISHED 15 seconds ago, 192.168.152.150[192.168.152.150]...192.168.152.1[192.168.152.1]
net-net[1]: IKEv1 SPIs: 7f88597c9354b058_i d7be765386551a8f_r*, pre-shared key reauthentication in 54 minutes
net-net[1]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
net-net{1}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c04d78f4_i ea06b716_o
net-net{1}: AES_CBC_128/HMAC_SHA1_96, 428 bytes_i (4 pkts, 0s ago), 0 bytes_o, rekeying in 14 minutes
net-net{1}: 192.168.152.150/32[udp/l2tp] === 192.168.152.1/32[udp/l2tp]
No leaks detected, 1 suppressed by whitelist
0 0
- Strongswan5.3.3与win7 l2tpoverIPsecVPN对接的配置与打印
- Strongswan5.3.3与Android5.0.2(小米) 主模式的对接L2TPoverIPsec
- Strongswan5.3.5与Android5.0.2(小米)野蛮模式的L2TPoverIPsec的对接
- BO与BOSS对接配置
- JSTL与SELECT的对接
- action与表单的对接
- Sequoiadb与Spark的对接步骤
- 与后台对接需要注意的事项
- amoeba与J2EE工程的对接
- 与授权服务器的对接方案
- Win7下telnet的配置与应用
- Windows7/win7 iis的安装与配置
- Win7下Ant的安装与配置
- WIN7下,postgreSQL的安装与配置
- Win7 iis的安装与配置
- win7下nexus的安装与配置
- Win7下Nginx的安装与配置
- win7系统的IIS6与Frameworks2配置
- 【用行动说话】第一篇博客
- K60_enet(1)——PHY与MAC
- iOS 3D Touch开发 很良心的版本原创!
- Sqlite3开发
- Android 短信验证码自动填写
- Strongswan5.3.3与win7 l2tpoverIPsecVPN对接的配置与打印
- cmd 相关命令
- Nil is incompatible with return type ...
- TextSwitcher实现文本自动垂直滚动
- JS判断输入字符串长度(汉字算两个字符,字母数字算一个)
- 杭电ACM2033
- 解决android studio 无法更新插件的问题(某些)
- php入门基础
- OpenCV截取图像的任意形状区域,规则的图形(圆、椭圆、矩形),不规则鼠标自己选择
