Jump to content

Question

Posted

после обновления с 4.2.5 на 4.3а14 перестало подключаться к впн серверу /apps/vpn-ikev1

  • Need more info 1

4 answers to this question

Recommended Posts

  • 0
Posted

+ тоже перестал работать

при подключении с телефона в журнале ошибка на сервере

08[IKE] Aggressive Mode PSK disabled for security reasons

при подключении с другого кинетика

10[IKE] linked key for crypto map '(unnamed)' is not found, still searching
11[CFG] looking for XAuthInitPSK peer configs matching 

на клиенте

ndm
IpSec::Configurator: "IKE0": remote ID mismatch.

 

  • 0
Posted

на 4.3б0.1 с ios подключение заработало, но если есть tag ipsec-xauth то авторизация происходит независимо от проставленных галок на ike1  и ike2.
я так понимаю это больше не надо использовать

  • 0
Posted
1 час назад, Leshiyart сказал:

на 4.3б0.1 с ios подключение заработало, но если есть tag ipsec-xauth то авторизация происходит независимо от проставленных галок на ike1  и ike2.
я так понимаю это больше не надо использовать

Да, для совместимости авторизует с обоих тегов, то есть с ipsec-xauth и с ikev1, но предпочтительно пользоваться ikev1 теперь. Веб тоже в него сохраняет новые настройки.

  • 0
Posted (edited)

VPN-сервер L2TP/IPsec на KN-1811 4.2.5 тоже ругается, клиенты перестают подключаться, спустя какое-то время на
 

[IKE] linked key for crypto map '(unnamed)' is not found, still searching
Спойлер

[IKE] received NAT-T (RFC 3947) vendor ID 
[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID 
[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID 
[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID 
[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID 
[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID 
[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID 
[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID 
[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID 
[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID 
[IKE] received Cisco Unity vendor ID 
[IKE] received DPD vendor ID 
[IKE] x.x.x.x is initiating a Main Mode IKE_SA 
[CFG] received proposals: IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 
[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_768, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_384, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_256, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:DES_CBC/HMAC_SHA1_96/PRF [...]
[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 
[IKE] sending XAuth vendor ID 
[IKE] sending DPD vendor ID 
[IKE] sending NAT-T (RFC 3947) vendor ID 
[IKE] remote host is behind NAT 
[IKE] linked key for crypto map '(unnamed)' is not found, still searching 
[JOB] deleting half open IKE_SA with x.x.x.x after timeout 

 

Edited by Goryaev Dmitrii

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

This site uses cookies. By clicking "I accept" or continuing to browse the site, you authorize their use in accordance with the Privacy Policy.