论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2012-03-25 22:06 |只看该作者 |倒序浏览

我用openswan在进行ipsec的协商，出现了如下问题，不知道是什么原因：
002 listening for IKE messages
002 found mast0 device already present
002 device mast0 already in use
002 adding interface mast0/eth1 10.10.17.1:500 (fd=11)
002 adding interface mast0/eth0 192.168.1.17:500 (fd=12)
002 loading secrets from "17.secret"
002 loaded private key for keyid: PPK_RSA:AQOf5acKq
002 added connection description "0fa41cbcef9d3f0563ffebdfcd102b2b"
002 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: initiating Main Mode
104 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: STATE_MAIN_I1: initiate
003 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: received Vendor ID payload [Openswan (this version) 2.6.28 ]
003 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: received Vendor ID payload [Dead Peer Detection]
002 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: received and ignored informational message
010 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: discarding duplicate packet; already STATE_MAIN_I3
003 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
031 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "0fa41cbcef9d3f0563ffebdfcd102b2b" #1: starting keying attempt 2 of at most 3, but releasing whack

文库|博客

yb1018

白手起家

论坛徽章:: 0

2楼 [报告]

发表于 2012-03-25 22:09 |只看该作者

我的配置文件使用命令行形式的，两端的配置相同，就是ip地址互换一下：
./tncfg --attach --virtual ipsec0 --physical eth0
ifconfig ipsec0 192.168.1.15 netmask 255.255.255.0 up

# set gw route
route add -host 192.168.1.1 dev ipsec0

./pluto --secretsfile 15.secret
./whack --listen

./whack --keyid @0fa41cbcef9d3f0563ffebdfcd102b2b --addkey --pubkeyrsa '0sAQORvwrku3s9Tg/Fuf9nH//7AwR5iJGJ8rMwLLncEJiy2shOlFii3/Fs8U4+mzUZoROn/P50qkFYIPZT/mM1eeZ1nguI2vkXfvrA3hsFE921oe7x6HtR5p5xQHaQzFWc7ewmWZgPEZp0jAKJLCX3/SFRNvV/wdEYjqEWyRhqG9XkaefRKY6cvrt6eMzUk+CHkG7KSw38Lgnp3MsK3twI33a5+eOk7k+sxasJsxKDqlfiaLsf6y74O0J7WrkQ026z3/Pp5hlFch9yHoqcWvNWT/g3zjy8+QjKglFbeghwPDtp54XQ0KHnJivhAJFFWOF6pfdy7x+r2LPks/pg1Ed4KQpn'

./whack --name 0fa41cbcef9d3f0563ffebdfcd102b2b --id @f9926b3197699cedc36f46a02349d112 --host 192.168.1.15 --client 10.10.15.0/24 --nexthop 192.168.1.1 --updown /sd/ipsec/_updown --to --id @0fa41cbcef9d3f0563ffebdfcd102b2b --host 192.168.1.156 --client 10.10.156.0/24 --encrypt --keyingtries 3 --tunnel --esp=aes128 --ike=aes --rsasig --ikelifetime 86400 --ipseclifetime 43200 --updown /sd/ipsec/_updown

./whack --initiate --name 0fa41cbcef9d3f0563ffebdfcd102b2b

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

返回列表

Chinaunix › 论坛 › IT运维 › 网络技术 › openswan的配置问题

openswan的配置问题 [复制链接]