Jump to content
Как правильно добавить self-test и прочую отладку в тему
Официальное хранилище ПО в виде файлов

Не работает IKev2 на macOS

Языков Алексей
 Share

Recommended Posts

Языков Алексей Member

Языков Алексей

Posted
Posted

Добрый день. На роутера настроен IKEv2 сервер, работает с айфонами, телевизорами на андроид, ноутбуками на винде, но тут у меня появился мак. Настроил соединение, активирую, 2 секунды вижу "подключаю" после чего "отключено". Притом старые маки прекрасно работали. Может кто по логам поймёт что не так. 

 

Скрытый текст

Авг 4 19:18:14 ipsec

06[IKE] 93.100.**.*** is initiating an IKE_SA

 

Авг 4 19:18:14 ipsec

06[CFG] received proposals: IKE:AES_GCM_16=256/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16=256/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

 

Авг 4 19:18:14 ipsec

06[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256

 

Авг 4 19:18:14 ipsec

06[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

 

Авг 4 19:18:14 ipsec

06[IKE] remote host is behind NAT

 

Авг 4 19:18:14 ipsec

06[IKE] DH group ECP_256 unacceptable, requesting MODP_2048

 

Авг 4 19:18:14 ipsec

10[IKE] 93.100.**.*** is initiating an IKE_SA

 

Авг 4 19:18:14 ipsec

10[CFG] received proposals: IKE:AES_GCM_16=256/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_GCM_16=256/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

 

Авг 4 19:18:14 ipsec

10[CFG] configured proposals: IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256

 

Авг 4 19:18:14 ipsec

10[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

 

Авг 4 19:18:14 ipsec

10[IKE] remote host is behind NAT

 

Авг 4 19:18:15 ipsec

13[CFG] looking for peer configs matching 93.100.***.***[***.keenetic.link]...93.100.**.***[192.168.3.2]

 

Авг 4 19:18:15 ipsec

13[CFG] selected peer config 'VirtualIPServerIKE2'

 

Авг 4 19:18:15 ipsec

13[IKE] initiating EAP_IDENTITY method (id 0x00)

 

Авг 4 19:18:15 ipsec

13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding

 

Авг 4 19:18:15 ipsec

13[IKE] peer supports MOBIKE, but disabled in config

 

Авг 4 19:18:15 ipsec

13[IKE] authentication of ‘***.keenetic.link' (myself) with RSA signature successful

 

Авг 4 19:18:15 ipsec

13[IKE] sending end entity cert "CN=***.keenetic.link"

 

Авг 4 19:18:15 ipsec

13[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=R11"

 

Авг 4 19:18:32 ipsec

07[JOB] deleting half open IKE_SA with 93.100.**.*** after timeout

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

This site uses cookies. By clicking "I accept" or continuing to browse the site, you authorize their use in accordance with the Privacy Policy.

  I accept