- 0
Android 13 IKEv2/IPSec ощибка "received retransmit of request with ID 1, retransmitting response"
-
Recently Browsing 0 members
- No registered users viewing this page.
This site uses cookies. By clicking "I accept" or continuing to browse the site, you authorize their use in accordance with the Privacy Policy.
Question
vasek00
Глюк или не глюк, ПО 4.0.17
Мобильный телефон (Android 13) вчера через MTS работал как удаленный клиент VPN сервера на роутере "IKEv2/IPsec VPN".
На смартфоне встроенный клиент и настройки :
- тип = IKEv2/IPSec MSCHAPv2
- адрес сервера = 2хх.ххх.ххх.хх1
- сертификат ЦС IPSec = "не проверять сервер"
- сертификат сервера IPsec = "получение от сервера"
- user/пароль = ****/****
MTS - работал (вчера)
[I] Apr 14 16:45:49 ipsec: 12[IKE] ххх.ххх.ххх.хх3 is initiating an IKE_SA [I] Apr 14 16:45:49 ipsec: 12[CFG] received proposals: IKE:AES_CBC=256/AES_CBC=128/HMAC_SHA2_512_256/HMAC_SHA2_384_192/HMAC_SHA2_256_128/HMAC_SHA1_96/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048_256/ECP_384/ECP_256/MODP_2048/MODP_1536, IKE:AES_GCM_16=256/AES_GCM_16=128/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048_256/ECP_384/ECP_256/MODP_2048/MODP_1536 [I] Apr 14 16:45:49 ipsec: 12[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256 [I] Apr 14 16:45:49 ipsec: 12[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 [I] Apr 14 16:45:49 ipsec: 12[IKE] remote host is behind NAT [I] Apr 14 16:45:49 ipsec: 12[IKE] DH group MODP_2048_256 unacceptable, requesting MODP_2048 [I] Apr 14 16:45:49 ipsec: 13[IKE] ххх.ххх.ххх.хх3 is initiating an IKE_SA [I] Apr 14 16:45:49 ipsec: 13[CFG] received proposals: IKE:AES_CBC=256/AES_CBC=128/HMAC_SHA2_512_256/HMAC_SHA2_384_192/HMAC_SHA2_256_128/HMAC_SHA1_96/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048/MODP_2048_256/ECP_384/ECP_256/MODP_1536, IKE:AES_GCM_16=256/AES_GCM_16=128/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048/MODP_2048_256/ECP_384/ECP_256/MODP_1536 [I] Apr 14 16:45:49 ipsec: 13[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256 [I] Apr 14 16:45:49 ipsec: 13[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 [I] Apr 14 16:45:49 ipsec: 13[IKE] remote host is behind NAT [I] Apr 14 16:45:49 ipsec: 07[CFG] looking for peer configs matching 1хх.ххх.ххх.хх1[%any]...ххх.ххх.ххх.хх3[rsa_key] [I] Apr 14 16:45:49 ipsec: 07[CFG] selected peer config 'VirtualIPServerIKE2' [I] Apr 14 16:45:49 ipsec: 07[IKE] initiating EAP_IDENTITY method (id 0x00) [I] Apr 14 16:45:49 ipsec: 07[IKE] peer supports MOBIKE, but disabled in config [I] Apr 14 16:45:49 ipsec: 07[IKE] authentication of 'ххх-ххх-ххх.keenetic.pro' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful [I] Apr 14 16:45:49 ipsec: 07[IKE] sending end entity cert "CN=ххх-ххх-ххх.keenetic.pro" [I] Apr 14 16:45:49 ipsec: 07[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=R3" [I] Apr 14 16:45:49 ipsec: 07[IKE] sending issuer cert "C=US, O=Internet Security Research Group, CN=ISRG Root X1" [I] Apr 14 16:45:49 ipsec: 03[IKE] received EAP identity 'U******N' [I] Apr 14 16:45:49 ipsec: 03[IKE] initiating EAP_MSCHAPV2 method (id 0xEB) [I] Apr 14 16:45:49 ipsec: 09[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established [I] Apr 14 16:45:49 ipsec: 10[IKE] authentication of 'rsa_key' with EAP successful [I] Apr 14 16:45:49 ipsec: 10[IKE] authentication of 'ххх-ххх-ххх.keenetic.pro' (myself) with EAP [I] Apr 14 16:45:49 ipsec: 10[IKE] IKE_SA VirtualIPServerIKE2[10] established between 1хх.ххх.ххх.хх1[ххх-ххх-ххх.keenetic.pro]...ххх.ххх.ххх.хх3[rsa_key] [I] Apr 14 16:45:49 ipsec: 10[IKE] peer requested virtual IP %any [I] Apr 14 16:45:49 ndm: IpSec::CryptoMapInfo: "VirtualIPServerIKE2": allocated address "172.18.2.41" for user "UserVPN" @ "rsa_key" from "ххх.ххх.ххх.хх3". [I] Apr 14 16:45:49 ipsec: 10[IKE] assigning virtual IP 172.18.2.41 to peer 'U*****'
MTS сегодня не работает
Апр 15 14:27:25 ipsec 11[IKE] ххх.ххх.ххх.хх7 is initiating an IKE_SA Апр 15 14:27:25 ipsec 11[CFG] received proposals: IKE:AES_CBC=256/AES_CBC=128/HMAC_SHA2_512_256/HMAC_SHA2_384_192/HMAC_SHA2_256_128/HMAC_SHA1_96/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048_256/ECP_384/ECP_256/MODP_2048/MODP_1536, IKE:AES_GCM_16=256/AES_GCM_16=128/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048_256/ECP_384/ECP_256/MODP_2048/MODP_1536 Апр 15 14:27:25 ipsec 11[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256 Апр 15 14:27:25 ipsec 11[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 Апр 15 14:27:25 ipsec 11[IKE] remote host is behind NAT Апр 15 14:27:25 ipsec 11[IKE] DH group MODP_2048_256 unacceptable, requesting MODP_2048 Апр 15 14:27:25 ipsec 14[IKE] ххх.ххх.ххх.хх7 is initiating an IKE_SA Апр 15 14:27:25 ipsec 14[CFG] received proposals: IKE:AES_CBC=256/AES_CBC=128/HMAC_SHA2_512_256/HMAC_SHA2_384_192/HMAC_SHA2_256_128/HMAC_SHA1_96/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048/MODP_2048_256/ECP_384/ECP_256/MODP_1536, IKE:AES_GCM_16=256/AES_GCM_16=128/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048/MODP_2048_256/ECP_384/ECP_256/MODP_1536 Апр 15 14:27:25 ipsec 14[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256 Апр 15 14:27:25 ipsec 14[CFG] selected proposal: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 Апр 15 14:27:25 ipsec 14[IKE] remote host is behind NAT Апр 15 14:27:25 ipsec 10[CFG] looking for peer configs matching 1хх.ххх.ххх.хх1[%any]...2ххх.ххх.ххх.хх7[ikev2] Апр 15 14:27:25 ipsec 10[CFG] selected peer config 'VirtualIPServerIKE2' Апр 15 14:27:25 ipsec 10[IKE] initiating EAP_IDENTITY method (id 0x00) Апр 15 14:27:25 ipsec 10[IKE] peer supports MOBIKE, but disabled in config Апр 15 14:27:25 ipsec 10[IKE] authentication of 'ххх-ххх-ххх.keenetic.pro' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful Апр 15 14:27:25 ipsec 10[IKE] sending end entity cert "CN=ххх-ххх-ххх.keenetic.pro" Апр 15 14:27:25 ipsec 10[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=R3" Апр 15 14:27:25 ipsec 10[IKE] sending issuer cert "C=US, O=Internet Security Research Group, CN=ISRG Root X1" Апр 15 14:27:26 ipsec 06[IKE] received retransmit of request with ID 1, retransmitting response Апр 15 14:27:28 ipsec 05[IKE] received retransmit of request with ID 1, retransmitting response Апр 15 14:27:31 ipsec 15[IKE] received retransmit of request with ID 1, retransmitting response Апр 15 14:27:37 ipsec 06[IKE] received retransmit of request with ID 1, retransmitting response Апр 15 14:27:47 ipsec 15[IKE] received retransmit of request with ID 1, retransmitting response Апр 15 14:27:55 ipsec 07[JOB] deleting half open IKE_SA with ххх.ххх.ххх.хх7 after timeout
и аналогично не работает
Апр 15 14:52:08 ipsec 15[CFG] looking for peer configs matching 1хх.ххх.ххх.хх1[%any]...ххх.ххх.ххх.хх2[rsa_key] Апр 15 14:52:08 ipsec 15[CFG] selected peer config 'VirtualIPServerIKE2' Апр 15 14:52:08 ipsec 15[IKE] initiating EAP_IDENTITY method (id 0x00) Апр 15 14:52:08 ipsec 15[IKE] peer supports MOBIKE, but disabled in config Апр 15 14:52:08 ipsec 15[IKE] authentication of 'ххх-ххх-ххх.keenetic.pro' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful Апр 15 14:52:08 ipsec 15[IKE] sending end entity cert "CN=ххх-ххх-ххх.keenetic.pro" Апр 15 14:52:08 ipsec 15[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=R3" Апр 15 14:52:08 ipsec 15[IKE] sending issuer cert "C=US, O=Internet Security Research Group, CN=ISRG Root X1" Апр 15 14:52:09 ipsec 08[IKE] received retransmit of request with ID 1, retransmitting response Апр 15 14:52:10 ipsec 14[IKE] received retransmit of request with ID 1, retransmitting response Апр 15 14:52:14 ipsec 12[IKE] received retransmit of request with ID 1, retransmitting response Апр 15 14:52:20 ipsec 10[IKE] received retransmit of request with ID 1, retransmitting response Апр 15 14:52:30 ipsec 13[IKE] received retransmit of request with ID 1, retransmitting response
По Tele2 при тех же настройках все ОК.
... Апр 15 14:55:27 ipsec 08[CFG] looking for peer configs matching 1хх.ххх.ххх.хх1[%any]...х.хх.хх.хх8[rsa_key] Апр 15 14:55:27 ipsec 08[CFG] selected peer config 'VirtualIPServerIKE2' Апр 15 14:55:27 ipsec 08[IKE] initiating EAP_IDENTITY method (id 0x00) Апр 15 14:55:27 ipsec 08[IKE] peer supports MOBIKE, but disabled in config Апр 15 14:55:27 ipsec 08[IKE] authentication of 'ххх-ххх-ххх.keenetic.pro' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful Апр 15 14:55:27 ipsec 08[IKE] sending end entity cert "CN=ххх-ххх-ххх.keenetic.pro" Апр 15 14:55:27 ipsec 08[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=R3" Апр 15 14:55:27 ipsec 08[IKE] sending issuer cert "C=US, O=Internet Security Research Group, CN=ISRG Root X1" Апр 15 14:55:28 ipsec 12[IKE] received EAP identity 'U****' Апр 15 14:55:28 ipsec 12[IKE] initiating EAP_MSCHAPV2 method (id 0x5E) Апр 15 14:55:28 ipsec 11[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established Апр 15 14:55:28 ipsec 07[IKE] authentication of 'rsa_key' with EAP successful Апр 15 14:55:28 ipsec 07[IKE] authentication of 'ххх-ххх-ххх.keenetic.pro' (myself) with EAP Апр 15 14:55:28 ipsec 07[IKE] IKE_SA VirtualIPServerIKE2[24] established between 1хх.ххх.ххх.хх1[ххх-ххх-ххх.keenetic.pro]...х.хх.хх.хх8[rsa_key] Апр 15 14:55:28 ipsec 07[IKE] peer requested virtual IP %any ...
Что могло случиться за ночь через MTS или это бзик который может завтра/после завтра пройти.
5 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.