Здравствуйте,
Девайс - Keenetic Giga II
Прошивка - 2.16.D.1.0-0
Пытаюсь заставить работать VPN туннель по L2TP/IPSec. На другом конце VPS c Debian 9. На этом дебиане поднят strongswan + xl2tpd.
Настройки на роутере:
Янв 16 14:13:12 ipsec 11[IKE] received FRAGMENTATION vendor ID
Янв 16 14:13:12 ipsec 11[IKE] received NAT-T (RFC 3947) vendor ID
Янв 16 14:13:12 ipsec 11[CFG] received proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Янв 16 14:13:12 ipsec 11[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Янв 16 14:13:12 ipsec 11[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Янв 16 14:13:13 ipsec 05[IKE] received INVALID_KE_PAYLOAD error notify
Янв 16 14:13:13 ndm IpSec::Configurator: remote peer of crypto map "L2TP0" returned invalid key notification.
Янв 16 14:13:13 ndm IpSec::Configurator: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.
Янв 16 14:13:13 ndm Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer.
Янв 16 14:13:13 ndm Network::Interface::Ppp: "L2TP0": disabled connection.
Янв 16 14:13:13 ndm IpSec::Configurator: fallback peer is not defined for crypto map "L2TP0", retry.
Янв 16 14:13:13 ndm IpSec::Configurator: "L2TP0": schedule reconnect for crypto map.