K-II клиент VPN-L2TP/IPsec релиз 216D2

vasek00 · 14 мая, 2020

Показать контент

Май 14 14:07:51 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 663/1356, tunnel Ns/Nr: 1356/319, tunnel reception window size: 16 bytes)
Май 14 14:09:07 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 664/1358, tunnel Ns/Nr: 1358/319, tunnel reception window size: 16 bytes)
Май 14 14:10:22 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 665/1360, tunnel Ns/Nr: 1360/319, tunnel reception window size: 16 bytes)
Май 14 14:11:38 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 666/1362, tunnel Ns/Nr: 1362/319, tunnel reception window size: 16 bytes)
Май 14 14:12:53 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 667/1364, tunnel Ns/Nr: 1364/319, tunnel reception window size: 16 bytes)
Май 14 14:14:09 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 668/1366, tunnel Ns/Nr: 1366/319, tunnel reception window size: 16 bytes)
Май 14 14:15:25 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 669/1368, tunnel Ns/Nr: 1368/319, tunnel reception window size: 16 bytes)
Май 14 14:16:40 ppp-l2tp l2tp tunnel 27406-40209 (1х5.ххх.ххх.31:41200): discarding out of order message (packet Ns/Nr: 670/1371, tunnel Ns/Nr: 1371/319, tunnel reception window size: 16 bytes)

Viva(34B2)----Интернет----MikroTik_SXT_Lite5(bridge)-[WAN]K-II(216D2)

На Viva сервер, на K-II клиент VPN-L2TP/IPsec, как бы не ошибка но все же. Hа K-II за указанный период лог чистый.

Le ecureuil · 14 мая, 2020

Где-то дропы, бывает.

r13 · 14 мая, 2020

Эта тема старая,

Причём дропы стабильно с интервалом минута 15 секунд.

vasek00 · 14 мая, 2020

После перезагрузки сервера (Viva) и соединения пока тишина.

krass · 14 мая, 2020

В 14.05.2020 в 13:18, vasek00 сказал:

После перезагрузки сервера (Viva) и соединения пока тишина.

Показать

А вива у вас на какой кеен ос?

vasek00 · 15 мая, 2020

В 14.05.2020 в 14:03, krass сказал:

А вива у вас на какой кеен ос?

Показать

На 34B2, возможно с падением основного линка на GigabitEthernet1 но сразу подъем был GigabitEthernet1

Показать контент

Viva
Не стого не сего


[I] May 15 00:13:43 ipsec: 05[KNL] creating rekey job for CHILD_SA ESP/0xceef72af/VIVA-66 
[I] May 15 00:13:43 ipsec: 07[KNL] creating rekey job for CHILD_SA ESP/0xc63fa425/K-II-31 
[I] May 15 00:13:43 ipsec: 11[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] May 15 00:13:43 ipsec: 11[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_MD5_96/NO_EXT_SEQ 
[I] May 15 00:13:43 ipsec: 11[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] May 15 00:13:43 ipsec: 11[IKE] CHILD_SA VPNL2TPServer{6} established with SPIs c4826d7a_i c9bee081_o and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[W] May 15 00:13:43 ndm: IpSec::Configurator: "VPNL2TPServer": IPsec connection to L2TP/IPsec server from "K-II-31" is established.
[I] May 15 00:13:43 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] May 15 00:13:43 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.
[I] May 15 00:13:55 ipsec: 14[IKE] initiator did not reauthenticate as requested 
[I] May 15 00:13:55 ipsec: 14[IKE] reauthenticating IKE_SA VPNL2TPServer[13] disabled on passive side 
...
[I] May 15 00:13:59 ipsec: 03[IKE] scheduling reauthentication in 28773s 
[I] May 15 00:13:59 ipsec: 03[IKE] maximum IKE_SA lifetime 28793s 
[I] May 15 00:14:09 ipsec: 10[IKE] deleting IKE_SA VPNL2TPServer[13] between VIVA-66[VIVA-66]...K-II-31[K-II-31] 
[I] May 15 00:14:09 ipsec: 10[IKE] sending DELETE for IKE_SA VPNL2TPServer[13] 
[I] May 15 00:14:22 ipsec: 10[IKE] received DELETE for ESP CHILD_SA with SPI c63fa425 
[I] May 15 00:14:22 ipsec: 10[IKE] closing CHILD_SA VPNL2TPServer{5} with SPIs ceef72af_i (3871888938 bytes) c63fa425_o (93609575 bytes) and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[I] May 15 03:18:54 ipsec: 09[IKE] 216.218.206.122 is initiating a Main Mode IKE_SA 
[I] May 15 03:18:54 ipsec: 09[CFG] received proposals: IKE:CAST_CBC 
[I] May 15 03:18:54 ipsec: [truncated] 09[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_384, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_256, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_384, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_256, IKE:DES_CBC/HMAC_MD5_96/PRF_HMA
[I] May 15 03:18:54 ipsec: 09[IKE] no proposal found 
...
[I] May 15 06:54:39 ndm: Network::Interface::GigabitEthernet: "GigabitEthernet1": link up.
[I] May 15 06:54:39 ndm: Network::Interface::GigabitEthernet: "GigabitEthernet1": link down.
[I] May 15 06:54:41 ndm: Network::Interface::GigabitEthernet: "GigabitEthernet1": link up.
[I] May 15 06:54:44 ndm: Core::Server: started Session /var/run/ndm.core.socket.
[I] May 15 06:54:44 upnp: HTTP listening on port 49365
[I] May 15 06:54:44 upnp: Listening for NAT-PMP/PCP traffic on port 5351
[I] May 15 06:54:46 ndm: Network::InternetChecker: Internet access detected.
...
[W] May 15 07:14:28 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 717/1431, tunnel Ns/Nr: 1431/701, tunnel reception window size: 16 bytes)
[W] May 15 07:15:44 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 718/1433, tunnel Ns/Nr: 1433/701, tunnel reception window size: 16 bytes)

.... и по сыпало до 

[W] May 15 08:12:24 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 763/1528, tunnel Ns/Nr: 1528/701, tunnel reception window size: 16 bytes)
[I] May 15 08:13:06 ipsec: 03[KNL] creating rekey job for CHILD_SA ESP/0xc9bee081/K-II-31
[I] May 15 08:13:06 ipsec: 08[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] May 15 08:13:06 ipsec: 08[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_MD5_96/NO_EXT_SEQ 
[I] May 15 08:13:06 ipsec: 08[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ 
[I] May 15 08:13:06 ipsec: 08[IKE] CHILD_SA VPNL2TPServer{7} established with SPIs cecc1c09_i c1eca550_o and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[W] May 15 08:13:06 ndm: IpSec::Configurator: "VPNL2TPServer": IPsec connection to L2TP/IPsec server from "K-II-31" is established.
[I] May 15 08:13:06 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] May 15 08:13:06 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.

....

[I] May 15 08:13:35 ipsec: 03[IKE] IKE_SA VPNL2TPServer[16] established between VIVA-66[VIVA-66]...K-II-31[K-II-31] 
[I] May 15 08:13:35 ipsec: 03[IKE] scheduling reauthentication in 28762s 
[I] May 15 08:13:35 ipsec: 03[IKE] maximum IKE_SA lifetime 28782s 
[W] May 15 08:13:39 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 764/1530, tunnel Ns/Nr: 1530/701, tunnel reception window size: 16 bytes)
[I] May 15 08:13:43 ipsec: 10[KNL] creating delete job for CHILD_SA ESP/0xc4826d7a/VIVA-66 
[I] May 15 08:13:43 ipsec: 12[KNL] creating delete job for CHILD_SA ESP/0xc9bee081/K-II-31 
[I] May 15 08:13:43 ipsec: 10[IKE] closing expired CHILD_SA VPNL2TPServer{6} with SPIs c4826d7a_i c9bee081_o and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[I] May 15 08:13:43 ipsec: 10[IKE] sending DELETE for ESP CHILD_SA with SPI c4826d7a 
[I] May 15 08:13:43 ipsec: 05[JOB] CHILD_SA ESP/0xc9bee081/K-II-31 not found for delete 
[I] May 15 08:13:43 ipsec: 11[IKE] received DELETE for ESP CHILD_SA with SPI c9bee081 
[I] May 15 08:13:43 ipsec: 11[IKE] CHILD_SA not found, ignored 
[I] May 15 08:13:45 ipsec: 07[IKE] deleting IKE_SA VPNL2TPServer[14] between VIVA-66[VIVA-66]...K-II-31[K-II-31] 
[I] May 15 08:13:45 ipsec: 07[IKE] sending DELETE for IKE_SA VPNL2TPServer[14] 
[W] May 15 08:14:55 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): discarding out of order message (packet Ns/Nr: 765/1532, tunnel Ns/Nr: 1532/701, tunnel reception window size: 16 bytes)

... опять сыпало до 

[W] May 15 09:41:50 ppp-l2tp: l2tp tunnel 23913-136 (K-II-31:41200): no acknowledgement from peer after 5 retransmissions, deleting tunnel
[W] May 15 09:41:50 ppp-l2tp: l2tp0:UsrXXXXK: failed to get interface statistics
[W] May 15 09:41:50 ndm: IpSec::Configurator: "VPNL2TPServer": L2TP/IPsec client "UsrXXXXK" with address "172.17.22.22" (from "K-II-31") disconnected.
[I] May 15 09:41:53 ipsec: 15[CFG] received stroke: terminate 'VPNL2TPServer{7}' 
[I] May 15 09:41:53 ipsec: 07[IKE] closing CHILD_SA VPNL2TPServer{7} with SPIs cecc1c09_i (707738722 bytes) c1eca550_o (17744836 bytes) and TS VIVA-66/32[udp/l2tp] === K-II-31/32[udp/41200] 
[I] May 15 09:41:53 ipsec: 07[IKE] sending DELETE for ESP CHILD_SA with SPI cecc1c09 
[I] May 15 09:41:53 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] May 15 09:41:53 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.
[I] May 15 09:41:55 ipsec: 08[CFG] received stroke: terminate 'VPNL2TPServer[16]' 
[I] May 15 09:41:55 ipsec: 06[IKE] deleting IKE_SA VPNL2TPServer[16] between VIVA-66[VIVA-66]...K-II-31[K-II-31] 
[I] May 15 09:41:55 ipsec: 06[IKE] sending DELETE for IKE_SA VPNL2TPServer[16] 
[I] May 15 09:42:09 ipsec: 13[IKE] received DPD vendor ID 
[I] May 15 09:42:09 ipsec: 13[IKE] received FRAGMENTATION vendor ID 

...

[W] May 15 09:42:18 ndm: IpSec::Configurator: "VPNL2TPServer": IPsec connection to L2TP/IPsec server from "K-II-31" is established.
[I] May 15 09:42:19 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration...
[I] May 15 09:42:19 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done.
[I] May 15 09:42:20 ppp-l2tp: l2tp: new tunnel 21875-63396 created following reception of SCCRQ from K-II-31:41200
[I] May 15 09:42:21 ppp-l2tp: l2tp tunnel 21875-63396 (K-II-31:41200): established at VIVA-66:1701
[I] May 15 09:42:21 ppp-l2tp: l2tp tunnel 21875-63396 (K-II-31:41200): new session 8341-28042 created following reception of ICRQ
[I] May 15 09:42:21 ppp-l2tp: ppp0:: connect: ppp0 <--> l2tp(K-II-31:41200 session 21875-63396, 8341-28042)
[I] May 15 09:42:25 ppp-l2tp: ppp0:UsrXXXXK: UsrXXXXK: authentication succeeded
[I] May 15 09:42:25 kernel: l2tp0: renamed from ppp0
....

Изменено 15 мая, 2020 пользователем vasek00

Войти

K-II клиент VPN-L2TP/IPsec релиз 216D2

Рекомендуемые сообщения

vasek00

Le ecureuil

r13

vasek00

krass

vasek00

Присоединяйтесь к обсуждению

Последние посетители 0 пользователей онлайн

Обзор

Активность

Магазин

My Details

Важная информация