Jump to content

Search the Community

Showing results for tags 'ipsec ikev2'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Keenetic Community
    • Keenetic Development
    • Keenetic Community Support
    • KeeneticOS Testing
    • Mobile App
  • Open Package Support
    • Opkg Help
    • Opkg Cookbook
    • Opkg Cookbook RUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Location


Web-site


Interests


Occupation


AOL Account


ICQ Account


WLM


YAHOO


Facebook Account


Twitter Account


Skype Account


Youtube Account


Google+ Account


Keenetic

Found 4 results

  1. Так как l2tp/ipsec перестает быть доступным в использовании, и лютое большинство нормальных VPN провайдеров отказалось от него еще в прошлом году, то единственной альтернативой остаются OPENVPN и IKEv2 /IPSec. К сожалению даже самые мощные модели из линейки кинетиков, VIVA, GIGA и Ultra могут пропустить максимум 20 - 25 мбит при использовании протокола OPENVPN. В то время как IKEv2 /IPSec на данных моделях может предоставлять скорость выше 200мбит. По слухам уже вскоре будет выпущено новое ядро для Кинетиков. Большая просьба интегрировать поддержку IKEv2 /IPSec client for VPN providers with a certificate для соединения с современными VPN провайдерами. Спасибо
  2. при создании IP Sec Туннелей, в настройках указаны только две сети - удаленная сеть и локальная сеть Можно ли всетаки добавить возможность иметь в таких туннелях больше одной подсети настройках? местных может быть не одна, в некоторых случаях хочется в маршут включить только несколько хостов с маской 32, запретив тем самым доступ извне другим IP. очень не удобно. поправьте пожалуйста. или подкажите методику добавления маршрутов, т.к. для такого интерфейса не добавляются стандартные маршруты - данного интерфейса просто в списке нет. у меня:Keenetic Giga II сейчас версия 2.16.D.1.0-1
  3. В настройках VPN в Android есть такой вариант: IPSec IKEv2 PSK. Может быть кто-то знает как на Keenetic настроить этот тип соединения?
  4. Добрый день! Собственно, как и следует из названия темы, устройство начинает пробрасывать тоннель, причём, по какой-то непостижимой причине, производится сразу несколько попыток. В результате, соединение успешно устанавливается в рамках одного из согласований, а затем благополучно дропается, т.к. другое не получает ответа от Циски и рубит по тайм-ауту. Что характерно, с самим соединений никаких проблем нет: пакеты ходят, компы друг друга видят, пингуют... Версия прошивки: v2.08(AAUU.4)C2 Версия Циски: 15.4 Логи Кинетика: Nov 10 13:15:01ipsec 06[MGR] ignoring request with ID 0, already processing Nov 10 13:15:08ipsec 16[IKE] remote host is behind NAT Nov 10 13:15:08ipsec 14[CFG] looking for peer configs matching ZYXEL_IP[%any]...CISCO_IP[192.168.0.2] Nov 10 13:15:08ipsec 14[CFG] selected peer config 'Test' Nov 10 13:15:08ipsec 14[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:15:08ipsec 14[IKE] authentication of '192.168.0.2' with pre-shared key successful Nov 10 13:15:08ipsec 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Nov 10 13:15:08ipsec 14[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:15:08ipsec 14[IKE] authentication of 'ZYXEL_IP' (myself) with pre-shared key Nov 10 13:15:08ipsec 14[IKE] IKE_SA Test[4] established between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:15:08ipsec 14[IKE] scheduling reauthentication in 3573s Nov 10 13:15:08ipsec 14[IKE] maximum IKE_SA lifetime 3593s Nov 10 13:15:08ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 0. Nov 10 13:15:08ipsec 14[CFG] received proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:15:08ipsec 14[CFG] configured proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/MODP_4096/NO_EXT_SEQ Nov 10 13:15:08ipsec 14[CFG] selected proposal: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:15:08ipsec 14[IKE] CHILD_SA Test{2} established with SPIs c12ee9c8_i c20b83b1_o and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:15:08ndm IpSec::Configurator: crypto map "Test" is up. Nov 10 13:15:08ndm IpSec::Configurator: reconnection for crypto map "Test" was cancelled. Nov 10 13:15:08ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 1. Nov 10 13:15:08ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:15:08ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:15:11ipsec 10[IKE] retransmit 1 of request with message ID 0 Nov 10 13:15:20ipsec 08[IKE] retransmit 2 of request with message ID 0 Nov 10 13:15:30ipsec 10[IKE] retransmit 3 of request with message ID 0 Nov 10 13:15:41ipsec 09[IKE] retransmit 4 of request with message ID 0 Nov 10 13:15:52ipsec 05[IKE] retransmit 5 of request with message ID 0 Nov 10 13:16:05ipsec 10[IKE] retransmit 6 of request with message ID 0 Nov 10 13:16:20ipsec 09[IKE] retransmit 7 of request with message ID 0 Nov 10 13:16:35ipsec 16[IKE] retransmit 8 of request with message ID 0 Nov 10 13:16:52ipsec 12[IKE] giving up after 8 retransmits Nov 10 13:16:52ndm IpSec::Configurator: remote peer of crypto map "Test" is down. Nov 10 13:16:52ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:16:52ndm IpSec::Configurator: fallback peer is not defined for crypto map "Test", retry. Nov 10 13:16:52ndm IpSec::Configurator: schedule reconnect for crypto map "Test". Nov 10 13:16:52ipsec 12[IKE] establishing IKE_SA failed, peer not responding Nov 10 13:17:08ndm IpSec::Configurator: reconnecting crypto map "Test". Nov 10 13:17:10ndm IpSec::Configurator: crypto map "Test" shutdown started. Nov 10 13:17:10ipsec 12[CFG] received stroke: unroute 'Test' Nov 10 13:17:10ipsec 13[CFG] received stroke: terminate 'Test{*}' Nov 10 13:17:10ipsec 16[IKE] closing CHILD_SA Test{2} with SPIs c12ee9c8_i (40144 bytes) c20b83b1_o (811908 bytes) and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:17:10ipsec 16[IKE] sending DELETE for ESP CHILD_SA with SPI c12ee9c8 Nov 10 13:17:10ipsec 09[IKE] received DELETE for ESP CHILD_SA with SPI c20b83b1 Nov 10 13:17:10ipsec 09[IKE] CHILD_SA closed Nov 10 13:17:10ipsec 14[CFG] received stroke: terminate 'Test[*]' Nov 10 13:17:10ndm IpSec::Configurator: crypto map "Test" shutdown complete. Nov 10 13:17:11ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:17:11ipsec 06[IKE] deleting IKE_SA Test[4] between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:17:11ipsec 06[IKE] sending DELETE for IKE_SA Test[4] Nov 10 13:17:11ipsec 11[IKE] IKE_SA deleted Nov 10 13:17:11ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:17:11ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:17:11ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:17:11ipsec 15[IKE] received Cisco Delete Reason vendor ID Nov 10 13:17:11ipsec 15[IKE] CISCO_IP is initiating an IKE_SA Nov 10 13:17:11ipsec 15[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:17:11ipsec 15[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:17:11ipsec 15[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:17:11ipsec 12[CFG] received stroke: initiate 'Test' Nov 10 13:17:11ndm IpSec::Configurator: crypto map "Test" initialized. Nov 10 13:17:13ipsec 07[MGR] ignoring request with ID 0, already processing Nov 10 13:17:17ipsec 09[MGR] ignoring request with ID 0, already processing Nov 10 13:17:19ipsec 15[IKE] remote host is behind NAT Nov 10 13:17:19ipsec 16[IKE] initiating IKE_SA Test[6] to CISCO_IP Nov 10 13:17:20ipsec 14[CFG] looking for peer configs matching ZYXEL_IP[%any]...CISCO_IP[192.168.0.2] Nov 10 13:17:20ipsec 14[CFG] selected peer config 'Test' Nov 10 13:17:20ipsec 14[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:17:20ipsec 14[IKE] authentication of '192.168.0.2' with pre-shared key successful Nov 10 13:17:20ipsec 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Nov 10 13:17:20ipsec 14[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:17:20ipsec 14[IKE] authentication of 'ZYXEL_IP' (myself) with pre-shared key Nov 10 13:17:20ipsec 14[IKE] IKE_SA Test[5] established between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:17:20ipsec 14[IKE] scheduling reauthentication in 3569s Nov 10 13:17:20ipsec 14[IKE] maximum IKE_SA lifetime 3589s Nov 10 13:17:20ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 0. Nov 10 13:17:20ipsec 14[CFG] received proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:17:20ipsec 14[CFG] configured proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/MODP_4096/NO_EXT_SEQ Nov 10 13:17:20ipsec 14[CFG] selected proposal: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:17:20ipsec 14[IKE] CHILD_SA Test{3} established with SPIs c96d5999_i 8d98ca14_o and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:17:20ndm IpSec::Configurator: crypto map "Test" is up. Nov 10 13:17:20ndm IpSec::Configurator: reconnection for crypto map "Test" was cancelled. Nov 10 13:17:20ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 1. Nov 10 13:17:20ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:17:20ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:17:32ipsec 11[IKE] retransmit 1 of request with message ID 0 Nov 10 13:17:41ipsec 07[IKE] retransmit 2 of request with message ID 0 Nov 10 13:17:50ipsec 05[IKE] retransmit 3 of request with message ID 0 Nov 10 13:18:01ipsec 13[IKE] retransmit 4 of request with message ID 0 Nov 10 13:18:13ipsec 05[IKE] retransmit 5 of request with message ID 0 Nov 10 13:18:26ipsec 15[IKE] retransmit 6 of request with message ID 0 Nov 10 13:18:40ipsec 13[IKE] retransmit 7 of request with message ID 0 Nov 10 13:18:55ipsec 16[IKE] retransmit 8 of request with message ID 0 Nov 10 13:19:13ipsec 14[IKE] giving up after 8 retransmits Nov 10 13:19:13ndm IpSec::Configurator: remote peer of crypto map "Test" is down. Nov 10 13:19:13ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:19:13ndm IpSec::Configurator: fallback peer is not defined for crypto map "Test", retry. Nov 10 13:19:13ndm IpSec::Configurator: schedule reconnect for crypto map "Test". Nov 10 13:19:13ipsec 14[IKE] establishing IKE_SA failed, peer not responding Nov 10 13:19:29ndm IpSec::Configurator: reconnecting crypto map "Test". Nov 10 13:19:31ndm IpSec::Configurator: crypto map "Test" shutdown started. Nov 10 13:19:31ipsec 14[CFG] received stroke: unroute 'Test' Nov 10 13:19:31ipsec 08[CFG] received stroke: terminate 'Test{*}' Nov 10 13:19:31ipsec 16[IKE] closing CHILD_SA Test{3} with SPIs c96d5999_i (24735 bytes) 8d98ca14_o (68197 bytes) and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:19:31ipsec 16[IKE] sending DELETE for ESP CHILD_SA with SPI c96d5999 Nov 10 13:19:31ipsec 13[IKE] received DELETE for ESP CHILD_SA with SPI 8d98ca14 Nov 10 13:19:31ipsec 13[IKE] CHILD_SA closed Nov 10 13:19:31ipsec 09[CFG] received stroke: terminate 'Test[*]' Nov 10 13:19:31ndm IpSec::Configurator: crypto map "Test" shutdown complete. Nov 10 13:19:31ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:19:31ipsec 10[IKE] deleting IKE_SA Test[5] between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:19:31ipsec 10[IKE] sending DELETE for IKE_SA Test[5] Nov 10 13:19:31ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:19:31ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:19:32ipsec 12[CFG] received stroke: initiate 'Test' Nov 10 13:19:32ndm IpSec::Configurator: crypto map "Test" initialized. Nov 10 13:19:39ipsec 15[IKE] unable to create CHILD_SA while deleting IKE_SA Nov 10 13:19:39ipsec 05[IKE] IKE_SA deleted Nov 10 13:19:39ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:19:39ipsec 07[IKE] initiating IKE_SA Test[7] to CISCO_IP Nov 10 13:19:51ipsec 08[IKE] retransmit 1 of request with message ID 0 Nov 10 13:20:00ipsec 13[IKE] retransmit 2 of request with message ID 0 Nov 10 13:20:01ipsec 10[IKE] received Cisco Delete Reason vendor ID Nov 10 13:20:01ipsec 10[IKE] CISCO_IP is initiating an IKE_SA Nov 10 13:20:01ipsec 10[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:20:01ipsec 10[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:20:01ipsec 10[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:20:03ipsec 14[MGR] ignoring request with ID 0, already processing Nov 10 13:20:06ipsec 16[MGR] ignoring request with ID 0, already processing Nov 10 13:20:09ipsec 10[IKE] remote host is behind NAT Nov 10 13:20:09ipsec 08[CFG] looking for peer configs matching ZYXEL_IP[%any]...CISCO_IP[192.168.0.2] Nov 10 13:20:09ipsec 08[CFG] selected peer config 'Test' Nov 10 13:20:09ipsec 08[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:20:09ipsec 08[IKE] authentication of '192.168.0.2' with pre-shared key successful Nov 10 13:20:09ipsec 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Nov 10 13:20:09ipsec 08[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:20:09ipsec 08[IKE] authentication of 'ZYXEL_IP' (myself) with pre-shared key Nov 10 13:20:09ipsec 08[IKE] IKE_SA Test[8] established between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:20:09ipsec 08[IKE] scheduling reauthentication in 3567s Nov 10 13:20:09ipsec 08[IKE] maximum IKE_SA lifetime 3587s Nov 10 13:20:09ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 0. Nov 10 13:20:09ipsec 08[CFG] received proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:20:09ipsec 08[CFG] configured proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/MODP_4096/NO_EXT_SEQ Nov 10 13:20:09ipsec 08[CFG] selected proposal: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:20:09ipsec 08[IKE] CHILD_SA Test{4} established with SPIs cdeb3b19_i 00d56f15_o and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:20:09ndm IpSec::Configurator: crypto map "Test" is up. Nov 10 13:20:09ndm IpSec::Configurator: reconnection for crypto map "Test" was cancelled. Nov 10 13:20:09ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 1. Nov 10 13:20:09ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:20:10ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:20:10ipsec 05[IKE] retransmit 3 of request with message ID 0 Nov 10 13:20:20ipsec 15[IKE] retransmit 4 of request with message ID 0 Nov 10 13:20:32ipsec 05[IKE] retransmit 5 of request with message ID 0 Nov 10 13:20:45ipsec 08[IKE] retransmit 6 of request with message ID 0 Nov 10 13:20:48ndhcps _WEBADMIN: DHCPREQUEST received (STATE_SELECTING) for 192.168.10.45 from 74:04:2b:84:60:e8. Nov 10 13:20:48ndhcps _WEBADMIN: sending ACK of 192.168.10.45 to 74:04:2b:84:60:e8. Nov 10 13:20:59ipsec 16[IKE] retransmit 7 of request with message ID 0 Nov 10 13:21:15ipsec 15[IKE] retransmit 8 of request with message ID 0 Nov 10 13:21:32ipsec 13[IKE] giving up after 8 retransmits Nov 10 13:21:32ndm IpSec::Configurator: remote peer of crypto map "Test" is down. Nov 10 13:21:32ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:21:32ndm IpSec::Configurator: fallback peer is not defined for crypto map "Test", retry. Nov 10 13:21:32ndm IpSec::Configurator: schedule reconnect for crypto map "Test". Nov 10 13:21:32ipsec 13[IKE] establishing IKE_SA failed, peer not responding Nov 10 13:21:48ndm IpSec::Configurator: reconnecting crypto map "Test". Nov 10 13:21:50ndm IpSec::Configurator: crypto map "Test" shutdown started. Nov 10 13:21:50ipsec 13[CFG] received stroke: unroute 'Test' Nov 10 13:21:50ipsec 07[CFG] received stroke: terminate 'Test{*}' Nov 10 13:21:50ipsec 15[IKE] closing CHILD_SA Test{4} with SPIs cdeb3b19_i (24726 bytes) 00d56f15_o (85210 bytes) and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:21:50ipsec 15[IKE] sending DELETE for ESP CHILD_SA with SPI cdeb3b19 Nov 10 13:21:50ipsec 16[IKE] received DELETE for ESP CHILD_SA with SPI 00d56f15 Nov 10 13:21:50ipsec 16[IKE] CHILD_SA closed Nov 10 13:21:50ipsec 06[CFG] received stroke: terminate 'Test[*]' Nov 10 13:21:50ndm IpSec::Configurator: crypto map "Test" shutdown complete. Nov 10 13:21:50ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:21:50ipsec 08[IKE] deleting IKE_SA Test[8] between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:21:50ipsec 08[IKE] sending DELETE for IKE_SA Test[8] Nov 10 13:21:50ipsec 05[IKE] IKE_SA deleted Nov 10 13:21:50ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Спасибо!
×
×
  • Create New...