The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы
правила/FAQ
поиск
регистрация
вход
слежка
RSS



Версия для распечатки Пред. тема | След. тема
Новые ответы [ Отслеживать ]
Не удаётся настроить FreeS/WAN 2.02 мужду двумя Linux(2.4.22) машинами, !*! sol, 29-Сен-03, 12:34  [смотреть все]
Не удаётся настроить FreeS/WAN 2.02 мужду двумя Linux(2.4.22) машинами.
Имею такую конфигурацию:
192.168.99.0/28===192.168.168.6...192.168.168.10===192.168.99.16/28
тоесть требуется настроитить ipsec тунель между двумя сетями(192.168.99.0/28 и 192.168.99.16/28) через сеть 192.168.168.0/24. Програмное обеспечение:
На обеих машинах Linux(kernel 2.4.22) & FreeS/WAN 2.02 .

хост (Baden) ═ имеет:
192.168.168.6(eth0)
192.168.99.6(eth0)
192.168.168.10(ipsec0)

Маршрутизатор ( Prima )
═192.168.168.10(eth1)
═192.168.168.10(ipsec0)

═ 192.168.99.17 (eth0)

на хосте baden -
version 2.0 ═ ═ # conforms to second version of ipsec.conf specification
// прописаны интерфейсы
config setup
════════interfaces="ipsec0=eth0"
═ ═ ═ ═ klipsdebug=none
═ ═ ═ ═ plutodebug=dns
// настраиваются политики ═защиты ═соединений . я их игнорирую
conn block
═ ═ ═ ═ auto=ignore

conn clear
═ ═ ═ ═ auto=ignore

conn clear-or-private
═ ═ ═ ═ auto=ignore

conn private-or-clear
═ ═ ═ ═ auto=ignore

conn private
═ ═ ═ ═ auto=ignore

conn packetdefault
═ ═ ═ ═ auto=ignore
// соединение baden-prima
conn baden-prima
//адрес хоста baden
═ ═ ═ ═ left=192.168.168.6
// сеть в которой он находится
═ ═ ═ ═ leftsubnet=192.168.99.0/28
// хост на который baden отправляет все свои ipsec пакеты(первый маршрутизатор в направлении противоположного конца ipsec тунеля)
═ ═ ═ ═ leftnexthop=192.168.168.10
// адрес хоста prima ═ ═ ═ ═
════════right=192.168.168.10
// сеть в которой он находится
═ ═ ═ ═ rightsubnet=192.168.99.16/28
// хост на который prima отправляет все свои ipsec пакеты(первый маршрутизатор в направлении противоположного конца ipsec тунеля)
═ ═ ═ ═ rightnexthop=192.168.168.6 ═ ═ ═ ═
════════keyingtries=0
//выбираем протокол аутентификации AH
═ ═ ═ ═ auth=ah
// выбираем метод аутентификации RSA ключи ═ ═ ═
════════authby=rsasig
// RSA ключи обеих хостов (не полностью)
leftrsasigkey=0sAQOUuiC/0mVrYyDqIUzQHvGwnVBZQkFr77J4mNhQuAd6gtPTg80NE+P1BdQFNj7HpbflHLx17....
rightrsasigkey=0sAQPDruH1ODWGvZgdVh/Wr0RL6rLr2yB0go9taVlmtt5/NHftWW8TVRGgOU8NqVVv0Bb6jGRV.....
// соединение открывается в ручную ═ ═ ═ ═
════════auto=add


аналогично на prima :
version 2.0 ═ ═ # conforms to second version of ipsec.conf specification

# basic configuration
config setup
═ ═ ═ ═ interfaces="ipsec0=eth1"
═ ═ ═ ═ klipsdebug=none
═ ═ ═ ═ plutodebug=dns

conn clear
═ ═ ═ ═ auto=ignore

conn clear-or-private
═ ═ ═ ═ auto=ignore

conn private-or-clear
═ ═ ═ ═ auto=ignore

conn private
═ ═ ═ ═ auto=ignore

conn block
═ ═ ═ ═ auto=ignore


conn packetdefault
═ ═ ═ ═ auto=ignore

conn baden-prima
═ ═ ═ ═ left=192.168.168.10
═ ═ ═ ═ leftsubnet=192.168.99.16/28
═ ═ ═ ═ leftnexthop=192.168.168.6
═ ═ ═ ═ right=192.168.168.6
═ ═ ═ ═ rightsubnet=192.168.99.0/28
═ ═ ═ ═ rightnexthop=192.168.168.10
═ ═ ═ ═ keyingtries=3
═ ═ ═ ═ auth=ah
════════authby=rsasig
═ ═ ═ ═ leftrsasigkey=0sAQPDruH1ODWGvZgdVh/Wr0RL6rLr2yB0go9taVlmtt5/NHftWW8TVRGgOU8NqVVv0Bb6jGRVVpavVPqBheaI
═ ═ ═ ═ rightrsasigkey=0sAQOUuiC/0mVrYyDqIUzQHvGwnVBZQkFr77J4mNhQuAd6gtPTg80NE+P1BdQFNj7HpbflHLx17/JLDNL+OF+
═ ═ ═ ═ auto=add

сохранив эти файлы, запускаем на обеих машинах команду service ipsec restart

ipsec auto --up baden-prima
104 "baden-prima" #1: STATE_MAIN_I1: initiate
106 "baden-prima" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "baden-prima" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "baden-prima" #1: STATE_MAIN_I4: ISAKMP SA established
112 "baden-prima" #2: STATE_QUICK_I1: initiate
004 "baden-prima" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
на одной
и на второй:
112 "baden-prima" #3: STATE_QUICK_I1: initiate
004 "baden-prima" #3: STATE_QUICK_I2: sent QI2, IPsec SA established


вот что выдаёт klips:
ipsec_sa_wipe: removing SA= (error)(0pc1ba9200), SAref=6, table=0(0pd0920000), entry=6 from the refTable.
ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.

подскажите пожалуйста в чём проблема?

Ответить | Сообщить модератору
  • Не удаётся настроить FreeS/WAN 2.02 мужду двумя Linux(2.4.22..., !*! Gennadi, 13:00 , 29-Сен-03 (1)
    • Не удаётся настроить FreeS/WAN 2.02 мужду двумя Linux(2.4.22..., !*! sol, 13:12 , 29-Сен-03 (2)
      прописал я id.
      ни чего не изменилось.

      :ipsec_sa_wipe: removing SA= (error)(0pc4c0e200), SAref=6, table=0(0pd0920000), entry=6 from the refTable.
      :ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.

      Ответить | Сообщить модератору
      • Не удаётся настроить FreeS/WAN 2.02 мужду двумя Linux(2.4.22..., !*! Gennadi, 14:06 , 29-Сен-03 (3)
        • Не удаётся настроить FreeS/WAN 2.02 мужду двумя Linux(2.4.22..., !*! sol, 14:34 , 29-Сен-03 (4)
          >>прописал я id.
          >>ни чего не изменилось.
          >>
          >>:ipsec_sa_wipe: removing SA= (error)(0pc4c0e200), SAref=6, table=0(0pd0920000), entry=6 from the refTable.
          >>:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
          >>
          >
          >На Firewallе нужно открыть порты:
          >UDP Port 500 ( для IKE )
          >TCP-IP Port 50 ( для ESP )
          >TCP-IP Port 51( для AH )


          Firewalla - нет. пакеты с одной машины до другой - доходят. В чём прикол - что вторая машина их почему-то не хочет работать. (на расшифровывает и не отправляет в подсеть и не отвечает на них отправителю).  обратно - то же самое. Пакеты доходят  - и тишина.


          Ответить | Сообщить модератору
          • Не удаётся настроить FreeS/WAN 2.02 мужду двумя Linux(2.4.22..., !*! sol, 18:33 , 29-Сен-03 (5)
            поменял протокол AH на ESP. Вот что изменилось:
            команда ipsec auto --up baden-prima выдаёт следующее:
            104 "baden-prima" #1: STATE_MAIN_I1: initiate
            106 "baden-prima" #1: STATE_MAIN_I2: sent MI2, expecting MR2
            003 "baden-prima" #1: unable to locate my private key for RSA Signature
            224 "baden-prima" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
            010 "baden-prima" #1: STATE_MAIN_I2: retransmission; will wait 20s for response
            010 "baden-prima" #1: STATE_MAIN_I2: retransmission; will wait 40s for response

            Неужели ни кто не поможет?

            Ответить | Сообщить модератору
            • Не удаётся настроить FreeS/WAN 2.02 мужду двумя Linux(2.4.22..., !*! Mikhail, 10:08 , 30-Сен-03 (6)
              • Не удаётся настроить FreeS/WAN 2.02 мужду двумя Linux(2.4.22..., !*! sol, 12:30 , 30-Сен-03 (7)
                >Важно не то, какой протокол, а чтобы одинаково (правильно) было настроено на
                >разных сторонах, полностью одинаково, кроме зеркальных адресов.
                >
                >1) klipsdebug=all
                >plutodebug=all
                >2) останавливаем все на обеих машинах, чистим логи;
                >3) запускаем заново, после поднятия интерфейсов - ping с одной на другую;
                >
                >4) после появления в логах ошибки - разбираемся с ней.
                >
                >Пока что информации мало.

                сделал так как сказано выше. что я получил:
                на baden:
                [root@baden log]# service ipsec start
                ipsec_setup: Starting FreeS/WAN IPsec 2.02...
                ipsec_setup: Using /lib/modules/2.4.22/kernel/net/ipsec/ipsec.o
                [root@baden log]# ipsec auto --up baden-prima
                104 "baden-prima" #1: STATE_MAIN_I1: initiate
                106 "baden-prima" #1: STATE_MAIN_I2: sent MI2, expecting MR2
                108 "baden-prima" #1: STATE_MAIN_I3: sent MI3, expecting MR3
                004 "baden-prima" #1: STATE_MAIN_I4: ISAKMP SA established
                112 "baden-prima" #2: STATE_QUICK_I1: initiate
                010 "baden-prima" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
                004 "baden-prima" #2: STATE_QUICK_I2: sent QI2, IPsec SA established


                на prima:
                root@prima /var/log# service ipsec start
                ipsec_setup: Starting FreeS/WAN IPsec 2.02...
                ipsec_setup: Using /lib/modules/2.4.23-pre4/kernel/net/ipsec/ipsec.o
                root@prima /var/log# ipsec auto --up baden-prima
                112 "baden-prima" #2: STATE_QUICK_I1: initiate
                010 "baden-prima" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
                004 "baden-prima" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
                root@prima /var/log# ping 192.168.99.6
                PING 192.168.99.6 (192.168.99.6) 56(84) bytes of data.

                --- 192.168.99.6 ping statistics ---
                13 packets transmitted, 0 received, 100% packet loss, time 12014ms

                root@prima /var/log#

                теперь логи.
                на baden:
                09:43:58 baden ipsec_setup: Starting FreeS/WAN IPsec 2.02...
                09:43:58 baden ipsec_setup: Using /lib/modules/2.4.22/kernel/net/ipsec/ipsec.o
                09:43:58 baden kernel: klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: 2.02
                09:43:58 baden ipsec_setup: KLIPS debug `all'
                09:43:58 baden kernel: klips_debug:pfkey_x_debug_process: set
                09:43:58 baden kernel: klips_debug:pfkey_msg_interp: parsing message type 16(x-debug) with msg_parser 0pd08e2a90000), entry=0 from the refTable.
                09:43:58 baden kernel: klips_debug:pfkey_x_msg_debug_parse: .
                09:43:58 baden kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pc4724400), SAref=0, table=0(0pd0920
                09:43:58 baden kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
                09:43:58 baden kernel: klips_debug:pfkey_release: sock=0pc312d160 sk=0pc6ab8340
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: .
                09:43:58 baden kernel: klips_debug:pfkey_remove_socket: .
                09:43:58 baden kernel: klips_debug:pfkey_remove_socket: succeeded.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: sk(0pc6ab8340)->(&0pc6ab8388)receive_queue.{next=0pc6ab8388,prev=0pc6ab8388}.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: destroyed.
                09:43:58 baden kernel: klips_debug:pfkey_list_remove_socket: removing sock=0pc312d160
                09:43:58 baden last message repeated 12 times
                09:43:58 baden kernel: klips_debug:pfkey_release: succeeded.
                09:43:58 baden kernel: klips_debug:pfkey_create: sock=0pc312d160 type:3 state:1 flags:0 protocol:2
                09:43:58 baden kernel: klips_debug:pfkey_create: sock->fasync_list=0p00000000 sk->sleep=0pc312d17c.
                09:43:58 baden kernel: klips_debug:pfkey_insert_socket: sk=0pc4185ce0
                09:43:58 baden kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pc312d160
                09:43:58 baden kernel: klips_debug:pfkey_create: Socket sock=0pc312d160 sk=0pc4185ce0 initialised.
                09:43:58 baden kernel: klips_debug:pfkey_sendmsg: .
                09:43:58 baden kernel: klips_debug:pfkey_sendmsg: allocating 40 bytes for downward message.
                09:43:58 baden kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
                09:43:58 baden kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=15, errno=0, satype=0(UNKNOWN), len=5, res=0, seq=1, pid=3046.
                09:43:58 baden kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=1, cont=256, tail=255, listsize=256.
                09:43:58 baden kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=1, table=0, entry=1 of 65536.
                09:43:58 baden kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pc4724400 ref=1.
                09:43:58 baden kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pc4724400.
                09:43:58 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=15(x-delflow(eroute)), errno=0, satype=0(UNKNOWN), len=5, res=0, seq=1, pid=3046.
                09:43:58 baden kernel: klips_debug:pfkey_msg_parse: remain=3 ext_type=1(security-association) ext_len=3 parsing ext 0pc563bdf0 with parser pfkey_sa_parse.
                09:43:58 baden kernel: klips_debug:pfkey_sa_parse: successfully found len=3 exttype=1(security-association) spi=70560240 replay=0 state=0 auth=0 encrypt=0 flags=4 ref=-1.
                09:43:58 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=01e00c03, seen=00000003, required=00000001.
                09:43:58 baden kernel: klips_debug:pfkey_msg_interp: processing ext 1 0pc563bdf0 with processor 0pd08e3af0.
                09:43:58 baden kernel: klips_debug:pfkey_sa_process: .
                09:43:58 baden kernel: klips_debug:pfkey_msg_interp: parsing message type 15(x-delflow(eroute)) with msg_parser 0pd08e2470.
                09:43:58 baden kernel: klips_debug:pfkey_sa_process: .
                09:43:58 baden kernel: klips_debug:pfkey_msg_interp: parsing message type 15(x-delflow(eroute)) with msg_parser 0pd08e2470.
                09:43:58 baden kernel: klips_debug:pfkey_x_delflow_parse: .
                09:43:58 baden kernel: klips_debug:pfkey_x_delflow_parse: CLEARFLOW flag set, calling cleareroutes.
                09:43:58 baden kernel: klips_debug:rj_walktree: for: rn=0pcec18868 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
                09:43:58 baden kernel: klips_debug:rj_walktree: processing leaves, rn=0pcec18898 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
                09:43:58 baden kernel: klips_debug:rj_walktree: while: base=0p00000000 rn=0pcec18868 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
                09:43:58 baden kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pc4724400), SAref=1, table=0(0pd0920000), entry=1 from the refTable.
                09:43:58 baden kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
                09:43:58 baden kernel: klips_debug:pfkey_release: sock=0pc312d160 sk=0pc4185ce0
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: .
                09:43:58 baden kernel: klips_debug:pfkey_remove_socket: .
                09:43:58 baden kernel: klips_debug:pfkey_remove_socket: succeeded.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: sk(0pc4185ce0)->(&0pc4185d28)receive_queue.{next=0pc4185d28,prev=0pc4185d28}.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: destroyed.
                09:43:58 baden kernel: klips_debug:pfkey_list_remove_socket: removing sock=0pc312d160
                09:43:58 baden last message repeated 12 times
                09:43:58 baden kernel: klips_debug:pfkey_release: succeeded.
                09:43:58 baden kernel: klips_debug:pfkey_create: sock=0pc312d160 type:3 state:1 flags:0 protocol:2
                09:43:58 baden kernel: klips_debug:pfkey_create: sock->fasync_list=0p00000000 sk->sleep=0pc312d17c.
                09:43:58 baden kernel: klips_debug:pfkey_insert_socket: sk=0pc4185ce0
                09:43:58 baden kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pc312d160
                09:43:58 baden kernel: klips_debug:pfkey_create: Socket sock=0pc312d160 sk=0pc4185ce0 initialised.
                09:43:58 baden kernel: klips_debug:pfkey_sendmsg: .
                09:43:58 baden kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
                09:43:58 baden kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
                09:43:58 baden kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=9, errno=0, satype=0(UNKNOWN), len=2, res=0, seq=1, pid=3047.

                09:43:58 baden kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=2, cont=256, tail=255, listsize=256.
                09:43:58 baden kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=2, table=0, entry=2 of 65536.
                09:43:58 baden kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pc4724400 ref=2.
                09:43:58 baden kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pc4724400.
                09:43:58 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=9(flush), errno=0, satype=0(UNKNOWN), len=2, res=0, seq=1, pid=3047.
                09:43:58 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
                09:43:58 baden kernel: klips_debug:pfkey_msg_interp: parsing message type 9(flush) with msg_parser 0pd08e10a0.
                09:43:58 baden kernel: klips_debug:pfkey_flush_parse: flushing type 0 SAs
                09:43:58 baden kernel: klips_debug:ipsec_sadb_cleanup: cleaning up proto=0.
                09:43:58 baden kernel: klips_debug:ipsec_sadb_cleanup: removing SAref entries and tables.<6>klips_debug:ipsec_sadb_cleanup: cleaning SAref table=0.
                09:43:58 baden kernel: klips_debug:ipsec_sa_delchain: passed SA: (error)
                09:43:58 baden kernel: klips_debug:ipsec_sa_delchain: unlinking and delting SA: (error)<6>.
                09:43:58 baden kernel: klips_debug:ipsec_sa_del: deleting SA: (error), hashval=0.
                09:43:58 baden kernel: klips_debug:ipsec_sa_del: no entries in ipsec_sa table for hash=0 of SA: (error).
                09:43:58 baden kernel: klips_debug:ipsec_sa_delchain: ipsec_sa_del returned error 2.
                09:43:58 baden kernel: klips_debug:ipsec_sadb_cleanup: cleaning SAref table=1.
                09:43:58 baden kernel:
                09:43:58 baden kernel: klips_debug:ipsec_sadb_cleanup: cleaned 1 used refTables.
                09:43:58 baden kernel: klips_debug:pfkey_upmsg: allocating 16 bytes...
                09:43:58 baden kernel: klips_debug:pfkey_upmsg: ...allocated at 0pc13ea440.
                09:43:58 baden kernel: klips_debug:pfkey_flush_parse: sending up flush reply message for satype=0(UNKNOWN) to socket=0pc312d160 succeeded.
                09:43:58 baden kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pc4724400), SAref=2, table=0(0pd0920om the refTable.
                09:43:58 baden kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
                09:43:58 baden kernel: klips_debug:pfkey_release: sock=0pc312d160 sk=0pc4185ce0
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: .
                09:43:58 baden kernel: klips_debug:pfkey_remove_socket: .
                09:43:58 baden kernel: klips_debug:pfkey_remove_socket: succeeded.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: sk(0pc4185ce0)->(&0pc4185d28)receive_queue.{next=0pc13ea440,prev=0pc13ea440}.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: skb=0pc13ea440 freed.
                09:43:58 baden kernel: klips_debug:pfkey_destroy_socket: destroyed.
                09:43:58 baden kernel: klips_debug:pfkey_list_remove_socket: removing sock=0pc312d160
                09:43:58 baden last message repeated 12 times
                09:43:58 baden kernel: klips_debug:pfkey_release: succeeded.
                09:43:58 baden ipsec_setup: KLIPS ipsec0 on eth0 192.168.168.6/255.255.255.0 broadcast 192.168.168.255
                09:43:58 baden kernel: klips_debug:ipsec_tunnel_ioctl: tncfg service call #35312 for dev=ipsec0
                09:43:58 baden kernel: klips_debug:ipsec_tunnel_ioctl: calling ipsec_tunnel_attatch...
                09:43:58 baden kernel: klips_debug:ipsec_tunnel_attach: physical device eth0 being attached has HW address: 0:03:47:9e:a2:e7
                09:43:58 baden kernel: klips_debug:ipsec_tunnel_neigh_setup_dev: setting up ipsec0
                09:43:58 baden kernel: klips_debug:ipsec_tunnel_open: dev = ipsec0, prv->dev = eth0
                09:43:58 baden kernel: klips_debug:ipsec_device_event: NETDEV_UP dev=ipsec0
                09:43:58 baden kernel: klips_debug:pfkey_create: sock=0pc312de80 type:3 state:1 flags:0 protocol:2
                09:43:58 baden kernel: klips_debug:pfkey_create: sock->fasync_list=0p00000000 sk->sleep=0pc312de9c.
                09:43:58 baden kernel: klips_debug:pfkey_insert_socket: sk=0pc55f9080
                09:43:58 baden kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pc312de80
                09:43:58 baden kernel: klips_debug:pfkey_create: Socket sock=0pc312de80 sk=0pc55f9080 initialised.
                09:43:58 baden kernel: klips_debug:pfkey_sendmsg: .
                09:43:58 baden ipsec_setup: ...FreeS/WAN IPsec started
                09:43:58 baden kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
                09:43:59 baden kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
                09:43:59 baden kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=2(AH), len=2, res=0, seq=1, pid=3073.
                09:43:59 baden kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=3, cont=256, tail=255, listsize=256.
                09:43:59 baden kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=3, table=0, entry=3 of 65536.
                09:43:59 baden kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pc4724400 ref=3.
                09:43:59 baden kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pc4724400.
                09:43:59 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2, res=0, seq=1, pid=3073.
                09:43:59 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
                09:43:59 baden kernel: klips_debug:pfkey_msg_interp: parsing message type 7(register) with msg_parser 0pd08e0990.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: .
                09:43:59 baden kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pc312de80
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: SATYPE=02(AH) successfully registered by KMd (pid=3073).
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[2]=0pc3bca960
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: checking supported=0pc3bca960
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: adding auth alg.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: checking supported=0pc3bca940
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: adding auth alg.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: allocating 16 bytes for auth algs.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: found satype=2(AH) exttype=14 id=3 ivlen=0 minbits=160 maxbits=160.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: found satype=2(AH) exttype=14 id=2 ivlen=0 minbits=128 maxbits=128.
                09:43:59 baden kernel: klips_debug:pfkey_msg_hdr_build:
                09:43:59 baden kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pc2b7bd70 pfkey_ext=0pc2b7bda8  *pfkey_ext=0p00000000.
                09:43:59 baden kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pc2b7bd70 pfkey_ext=0pc2b7bda8 *pfkey_ext=0pc3bcaae0.
                09:43:59 baden kernel: klips_debug:pfkey_safe_build: error=0
                09:43:59 baden kernel: klips_debug:pfkey_safe_build:success.
                09:43:59 baden kernel: klips_debug:pfkey_safe_build: error=0
                09:43:59 baden kernel: klips_debug:pfkey_safe_build:success.
                09:43:59 baden kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pc563bee0 allocated 40 bytes, &(extensions[0])=0pc2b7bda8
                09:43:59 baden kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[14]=0pc3bcab00 to=0pc563bef0
                09:43:59 baden kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00004001, required=00000001.
                09:43:59 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=5, res=0, seq=1, pid=3073.
                09:43:59 baden kernel: klips_debug:pfkey_msg_parse: remain=3 ext_type=14(supported-auth) ext_len=3 parsing ext 0pc563bef0 with parser pfkey_supported_parse.
                09:43:59 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=0000c001, seen=00004001, required=00000001.
                09:43:59 baden kernel: klips_debug:pfkey_upmsg: allocating 40 bytes...
                09:43:59 baden kernel: klips_debug:pfkey_upmsg: ...allocated at 0pc13ea440.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=2(AH)  to socket=0pc312de80 succeeded.
                09:43:59 baden kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pc4724400), SAref=3, table=0(0pd0920000), entry=3 from the refTable.
                09:43:59 baden kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
                09:43:59 baden kernel: klips_debug:pfkey_sendmsg: .
                09:43:59 baden kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
                09:43:59 baden kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
                09:43:59 baden kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=3(ESP),  len=2, res=0, seq=2, pid=3073.
                09:43:59 baden kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=4, cont=256, tail=255, listsize=256.
                09:43:59 baden kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=4, table=0, entry=4 of 65536.
                09:43:59 baden kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pc4724800 ref=4.
                09:43:59 baden kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pc4724800.
                09:43:59 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=3073.
                09:43:59 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
                09:43:59 baden kernel: klips_debug:pfkey_msg_interp: parsing message type 7(register) with msg_parser 0pd08e0990.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: .
                09:43:59 baden kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pc312de80
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: SATYPE=03(ESP) successfully registered by KMd (pid=3073).
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[3]=0pc3bca9c0
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: checking supported=0pc3bca9c0
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: adding encrypt alg.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: checking supported=0pc3bca9a0
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: adding auth alg.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: checking supported=0pc3bca980
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: adding auth alg.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: allocating 16 bytes for auth algs.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: allocating 8 bytes for enc algs.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: found satype=3(ESP) exttype=15 id=3 ivlen=128 minbits=168 maxbits=168.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: found satype=3(ESP) exttype=14 id=3 ivlen=0 minbits=160 maxbits=160.
                09:43:59 baden kernel: klips_debug:pfkey_register_parse: found satype=3(ESP) exttype=14 id=2 ivlen=0 minbits=128 maxbits=128.
                09:43:59 baden kernel: klips_debug:pfkey_msg_hdr_build:
                09:43:59 baden kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pc2b7bd70 pfkey_ext=0pc2b7bda8 *pfkey_ext=0p00000000.
                09:43:59 baden kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pc2b7bd70 pfkey_ext=0pc2b7bda8 *pfkey_ext=0pc3bcab20.
                09:43:59 baden kernel: klips_debug:pfkey_safe_build: error=0
                09:43:59 baden kernel: klips_debug:pfkey_safe_build:success.
                09:43:59 baden kernel: klips_debug:pfkey_safe_build: error=0
                09:43:59 baden kernel: klips_debug:pfkey_safe_build:success.
                09:43:59 baden kernel: klips_debug:pfkey_safe_build: error=0
                09:43:59 baden kernel: klips_debug:pfkey_safe_build:success.
                09:43:59 baden kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pc563bc20 allocated 56 bytes, &(extensions[0])=0pc2b7bda8
                09:43:59 baden kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[14]=0pc3bcab40 to=0pc563bc30
                09:43:59 baden kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=0pc3bcab60 to=0pc56bc48
                09:43:59 baden kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=0000c001, required=00000001.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=7, res=0, seq=2, pid=3073.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: remain=5 ext_type=14(supported-auth) ext_len=3 parsing ext 0pc563bc48 with parser pfkey_supported_parse.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=0000c001, seen=0000c001, required=00000001.
                09:44:00 baden kernel: klips_debug:pfkey_upmsg: allocating 56 bytes...
                09:44:00 baden kernel: klips_debug:pfkey_upmsg: ...allocated at 0pc13ea140.
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=3(ESP)  to socket=0pc312de80 succeeded.
                09:44:00 baden kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pc4724800), SAref=4, table=0(0pd0920000), entry=4 from the refTable.
                09:44:00 baden kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
                09:44:00 baden kernel: klips_debug:pfkey_sendmsg: .
                09:44:00 baden kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
                09:44:00 baden kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
                09:44:00 baden kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=10(COMP), len=2, res=0, seq=3, pid=3073.
                09:44:00 baden kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=5, cont=256, tail=255, listsize=256.
                09:44:00 baden kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=5, table=0, entry=5 of 65536.
                09:44:00 baden kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pc4724800 ref=5.
                09:44:00 baden kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pc4724800.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=10(COMP), len=2, res=0, seq=3, pid=3073.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
                09:44:00 baden kernel: klips_debug:pfkey_msg_interp: parsing message type 7(register) with msg_parser 0pd08e990.
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: .
                09:44:00 baden kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pc312de80
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: SATYPE=10(COMP) successfully registered by KMd (pid=3073).
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[10]=0pc3bca9e0
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: checking supported=0pc3bca9e0
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: adding encrypt alg.
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: allocating 8 bytes for enc algs.
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: found satype=10(COMP) exttype=15 id=2 ivlen=0 minbits=1 maxbits=1.
                09:44:00 baden kernel: klips_debug:pfkey_msg_hdr_build:
                09:44:00 baden kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pc2b7bd70 pfkey_ext=0pc2b7bda8  *pfkey_ext=0p00000000.
                09:44:00 baden kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pc2b7bd70 pfkey_ext=0pc2b7bda8 *pfkey_ext=0pc3bcab20.
                09:44:00 baden kernel: klips_debug:pfkey_safe_build: error=0
                09:44:00 baden kernel: klips_debug:pfkey_safe_build:success.
                09:44:00 baden kernel: klips_debug:pfkey_safe_build: error=0
                09:44:00 baden kernel: klips_debug:pfkey_safe_build:success.
                09:44:00 baden kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pc3bcaae0 allocated 32 bytes, &(extensions[0])=0pc2b7bda8
                09:44:00 baden kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=0pc3bcaac0 to=0pc3bcaaf0
                09:44:00 baden kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00008001, required=00000001.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=10(COMP), len=4, res=0, seq=3, pid=3073.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: remain=2 ext_type=15(supported-cipher) ext_len=2 parsing ext 0pc3bcaaf0 with parser pfkey_supported_parse.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=0000c001, seen=00008001, required=00000001.
                09:44:00 baden kernel: klips_debug:pfkey_upmsg: allocating 32 bytes...
                09:44:00 baden kernel: klips_debug:pfkey_upmsg: ...allocated at 0pca0b4160.
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=10(COM) to socket=0pc312de80 succeeded.
                09:44:00 baden kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pc4724800), SAref=5, table=0(0pd0920000), entry=5 from the refTable.
                09:44:00 baden kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.
                09:44:00 baden kernel: klips_debug:pfkey_sendmsg: .
                09:44:00 baden kernel: klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
                09:44:00 baden kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
                09:44:00 baden kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=9(IPIP), len=2, res=0, seq=4, pid=3073.
                09:44:00 baden kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=6, cont=256, tail=255, listsize=256.
                09:44:00 baden kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=6, table=0, entry=6 of 65536.
                09:44:00 baden kernel: klips_debug:ipsec_sa_alloc: allocated 476 bytes for ipsec_sa struct=0pc4724400 ref=6.
                09:44:00 baden kernel: klips_debug:pfkey_msg_interp: allocated extr->ips=0pc4724400.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2, res=0, seq=4, pid=3073.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
                09:44:00 baden kernel: klips_debug:pfkey_msg_interp: parsing message type 7(register) with msg_parser 0pd08e0990.
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: .
                09:44:00 baden kernel: klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0pc312de80
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: SATYPE=09(IPIP) successfully registered by KMd (pid=3073).
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[9]=0pc3bcaa00
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: checking supported=0pc3bcaa00
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: adding encrypt alg.
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: allocating 8 bytes for enc algs.
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: found satype=9(IPIP) exttype=15 id=1 ivlen=0 minbits=32 maxbits=32.
                09:44:00 baden kernel: klips_debug:pfkey_msg_hdr_build:
                09:44:00 baden kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pc2b7bd70 pfkey_ext=0pc2b7bda8 *pfkey_ext=0p00000000.
                09:44:00 baden kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pc2b7bd70 pfkey_ext=0pc2b7bda8 *pfkey_ext=0pc3bcaae0.
                09:44:00 baden kernel: klips_debug:pfkey_safe_build: error=0
                09:44:00 baden kernel: klips_debug:pfkey_safe_build:success.
                09:44:00 baden kernel: klips_debug:pfkey_safe_build: error=0
                09:44:00 baden kernel: klips_debug:pfkey_safe_build:success.
                09:44:00 baden kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pc3bcab80 allocated 32 bytes, &(extensions[0])=0pc2b7bda8
                09:44:00 baden kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=0pc3bcab40 to=0pc3bcab90
                09:44:00 baden kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00008001, required=00000001.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=4, res=0, seq=4, pid=3073.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: remain=2 ext_type=15(supported-cipher) ext_len=2 parsing ext 0pc3bcab90 with parser pfkey_supported_parse.
                09:44:00 baden kernel: klips_debug:pfkey_msg_parse: extensions permitted=0000c001, seen=00008001, required=00000001.
                09:44:00 baden kernel: klips_debug:pfkey_upmsg: allocating 32 bytes...
                09:44:00 baden kernel: klips_debug:pfkey_upmsg: ...allocated at 0pcf53c920.
                09:44:00 baden kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=9(IPIP)to socket=0pc312de80 succeeded.
                09:44:00 baden kernel: klips_debug:ipsec_sa_wipe: removing SA= (error)(0pc4724400), SAref=6, table=0(0pd0920000), entry=6 from the refTable.
                09:44:00 baden kernel: klips_debug:ipsec_sa_put: ipsec_sa SA: (error), ref:-1 reference count decremented.

                --
                Вот логи.
                люди!!
                help me


                Ответить | Сообщить модератору

Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру