abclinuxu.cz AbcLinuxu.cz itbiz.cz ITBiz.cz HDmag.cz HDmag.cz abcprace.cz AbcPráce.cz
AbcLinuxu hledá autory!
Inzerujte na AbcPráce.cz od 950 Kč
Rozšířené hledání
×
eParkomat, startup z ČR, postoupil mezi finalisty evropského akcelerátoru ChallengeUp!
Robot na pivo mu otevřel dveře k opravdovému byznysu
Internet věcí: Propojený svět? Už se to blíží...
dnes 17:02 | Pozvánky

Přijďte si popovídat o open source obecně a openSUSE konkrétně s dalšími uživateli a vývojáři. Oslava nového vydání openSUSE Leap se uskuteční 16. prosince od 17:00 v nových prostorách firmy SUSE v Praze. K dispozici bude nějaké občerstvení a DVD pro ty, kdo je sbírají nebo ještě mají mechaniku. Po párty v kanceláři se bude pokračovat v některé z hospod v okolí.

Miška | Komentářů: 1
dnes 14:55 | Zajímavý software

Byla vydána verze Alpha 1.0 otevřeného operačního systému pro chytré hodinky AsteroidOS. Podporovány jsou hodinky LG G Watch, LG G Watch Urbane, Asus ZenWatch 2 a Sony Smartwatch 3. Ukázka ovládání hodinek na YouTube. Jaroslav Řezník přednášel o AsteroidOS na chytrých hodinkách (videozáznam) na letošní konferenci OpenAlt.

Ladislav Hagara | Komentářů: 0
dnes 13:30 | Zajímavý software

Byly uvolněny zdrojové kódy známé rogue-like hry DoomRL. Počátky hry jsou v roce 2002. Je napsána ve FreePascalu a zdrojový kód je nyní k dispozici na GitHubu pod licencí GNU GPL 2.0. Autor pracuje na nové hře Jupiter Hell, která je moderním nástupcem DoomRL a na jejíž vývoj shání peníze prostřednictvím Kickstarteru.

Blaazen | Komentářů: 0
dnes 13:15 | Pozvánky

Přijďte s námi oslavit vydání Fedory 25. Na programu budou přednášky o novinkách, diskuse, neřízený networking atd. Release Party se bude konat 16. prosince v prostorách společnosti Etnetera. Na party budou volně k dispozici také propagační materiály, nová DVD s Fedorou 25 a samozřejmě občerstvení. Přednášky budou probíhat v češtině. Pro více informací se můžete podívat na web MojeFedora.cz. Jen připomínám, že tentokrát jsme zavedli

… více »
frantisekz | Komentářů: 0
včera 16:38 | Komunita

Byly zveřejněny videozáznamy přednášek a workshopů z letošní konference OpenAlt konané 5. a 6. listopadu v Brně. K videozáznamům lze přistupovat ze stránky na SuperLectures nebo přes program konference, detaily o vybrané přednášce nebo workshopu a dále kliknutím na ikonku filmového pásu. Celkově bylo zpracováno 65 hodin z 89 přednášek a workshopů.

Ladislav Hagara | Komentářů: 0
včera 11:30 | Komunita

Bylo oznámeno, že bude proveden bezpečnostní audit zdrojových kódů open source softwaru pro implementaci virtuálních privátních sítí OpenVPN. Audit provede Matthew D. Green (blog), uznávaný kryptolog a profesor na Univerzitě Johnse Hopkinse. Auditována bude verze 2.4 (aktuálně RC 1, stabilní verze je 2.3.14). Audit bude financován společností Private Internet Access [reddit].

Ladislav Hagara | Komentářů: 4
včera 06:00 | Komunita

Na YouTube byl publikován Blender Institute Reel 2016, ani ne dvouminutový sestřih z filmů, které vznikly za posledních 10 let díky Blender Institutu. V institutu aktuálně pracují na novém filmu Agent 327. Dění kolem filmu lze sledovat na Blender Cloudu. Videoukázka Agenta 327 z června letošního roku na YouTube.

Ladislav Hagara | Komentářů: 0
včera 01:02 | Zajímavý článek

Minulý týden byly vydány verze 1.2.3 a 1.1.7 webového poštovního klienta Roundcube. V oznámení o vydání bylo zmíněno řešení bezpečnostního problému nalezeného společností RIPS a souvisejícího s voláním funkce mail() v PHP. Tento týden byly zveřejněny podrobnosti. Útočník mohl pomocí speciálně připraveného emailu spustit na serveru libovolný příkaz. Stejně, jak je popsáno v článku Exploit PHP’s mail() to get remote code execution z roku 2014.

Ladislav Hagara | Komentářů: 1
8.12. 16:00 | Nová verze

Byla vydána verze 0.98 svobodného nelineárního video editoru Pitivi. Z novinek lze zmínit například přizpůsobitelné klávesové zkratky. Videoukázka práce s nejnovější verzí Pitivi na YouTube.

Ladislav Hagara | Komentářů: 1
8.12. 15:00 | Zajímavý software

Stop motion je technika animace, při níž je reálný objekt mezi jednotlivými snímky ručně upravován a posouván o malé úseky, tak aby po spojení vyvolala animace dojem spojitosti. Jaký software lze pro stop motion použít na Linuxu? Článek na OMG! Ubuntu! představuje Heron Animation. Ten bohužel podporuje pouze webové kamery. Podpora digitálních zrcadlovek je začleněna například v programu qStopMotion.

Ladislav Hagara | Komentářů: 5
Kolik máte dat ve svém domovském adresáři na svém primárním osobním počítači?
 (32%)
 (24%)
 (29%)
 (7%)
 (5%)
 (3%)
Celkem 808 hlasů
 Komentářů: 50, poslední 29.11. 15:50
Rozcestník
Reklama

Dotaz: VPN tunel

23.5.2013 19:25 Vláďa
VPN tunel
Přečteno: 1479×
Dobrý den,

Byl by někdo ochoten pomoci či udělat VPN tunel mezi Mikrotik RouterOS v5.4 a Planet MH 3400. Na Planetu již mám tunel na Cisco, který mi již funguje (Osobně jsem nastavoval Planet). Myslím že mám problém to nějak nastavit na tom Mikrotiku, vlastně moc ani nevím jak, nastavil jsem na něm funkční PPTP server ale musel jsem mít vypnutej firewall (nebyl jsem schopnej ho nastavit tak aby mohl být v provozu).

Jsem ochoten se revanšovat :)

Řešení dotazu:


Odpovědi

23.5.2013 21:51 NN
Rozbalit Rozbalit vše Re: VPN tunel
Pochopil jsem dobre, ze to bude site to site ipsec?
23.5.2013 22:39 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
Ano

Ipsec idealni.
23.5.2013 23:04 NN
Rozbalit Rozbalit vše Re: VPN tunel
Teorie je stale stejna a Mikrotik ma dobre zdokumentovanou konfigurci. Cesky je to pekne posano treba tady.
23.5.2013 23:21 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
Ja jsem to vsechno cetl a stravil jsem nad tim nekolik hodin, ale me schopnosti na to nestacili. Budu rad pokud mi stim dokazete pomoci.
24.5.2013 09:19 NN
Rozbalit Rozbalit vše Re: VPN tunel
No ja Vam prece nebudu vysvetlovat teorii. V kostce se definuji protistrany, dohodnute metody sifrovani a site ktere se budou ucastnit. Ten navod je pruzracny jako sklo. Pokud to konfigurovat nechcete, nabidnete problem jako brigadu, ale rozhodne ne tady.
24.5.2013 09:31 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
No ja pricip zhruba chapu, ale delam tam nekde chybu a se svoji praxi to nedokazu rozchodit. Doporucite mi kde bych tuto praci (brigadu) mohl poptat?

dekuji
24.5.2013 10:19 NN
Rozbalit Rozbalit vše Re: VPN tunel
abcprace.cz jobs.cz etc..
28.5.2013 15:11 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
tak jsem dosel do mrtveho bodu:

Log na mikrotiku:
May/28/2013 14:58:40 ipsec,debug failed to get proposal for responder.
May/28/2013 14:58:40 ipsec,debug failed to pre-process packet.
May/28/2013 14:58:48 ipsec,debug,packet ==========
May/28/2013 14:58:48 ipsec,debug,packet 300 bytes message received from 84.242.109.98[500] to 94.112.84.47[500]
May/28/2013 14:58:48 ipsec,debug,packet 5da6b066 94d1123d 1c6a7eb5 7723e007 08102001 c6ca1f51 0000012c 8d3e6f3d
May/28/2013 14:58:48 ipsec,debug,packet 7f727aa3 07b421a1 1be04d57 bffac2ac 46f2a2fc efcdf2a1 71bf8973 41d130d6
May/28/2013 14:58:48 ipsec,debug,packet 35609599 c5ab6cf7 58710e46 c3573309 cac993f3 2dbd7c30 3dc1e3c7 762b23e5
May/28/2013 14:58:48 ipsec,debug,packet 553ee407 5d725e8f 1d5f6fce 84344083 43a16859 5d35fe75 189474cf 809ee3b7
May/28/2013 14:58:48 ipsec,debug,packet 666db240 c3446f5b a18e6419 ec27e72c 9dda3240 f5e00df9 8dc791c5 dc6ca8c2
May/28/2013 14:58:48 ipsec,debug,packet c824d9a3 44ff18f6 887dd2b4 8c298ab2 94862a8a b7971a8e 5f172e11 b1a636cf
May/28/2013 14:58:48 ipsec,debug,packet 0c71724c e7d52595 9733490a 90493928 8b5d4d12 8b597624 5a94139f 7538a7c1
May/28/2013 14:58:48 ipsec,debug,packet fc96a691 e34de9be b92a2637 abe77c0d e7658041 eb6f9c6d 506c45dd 4a89e673
May/28/2013 14:58:48 ipsec,debug,packet 86eb11ed 6d58aa6d 9b066aa8 27200f0e d2ee7538 0c9d8611 088793b5 ed56432b
May/28/2013 14:58:48 ipsec,debug,packet fd6837a0 4a4e841e 430dbf8d
May/28/2013 14:58:48 ipsec,debug,packet compute IV for phase2
May/28/2013 14:58:48 ipsec,debug,packet phase1 last IV:
May/28/2013 14:58:48 ipsec,debug,packet 673eb185 1a829075 7da5cc5a 7a84235d c6ca1f51
May/28/2013 14:58:48 ipsec,debug,packet hash(md5)
May/28/2013 14:58:48 ipsec,debug,packet encryption(aes)
May/28/2013 14:58:48 ipsec,debug,packet phase2 IV computed:
May/28/2013 14:58:48 ipsec,debug,packet 1c9b9fa7 7951cf92 f7ed7244 71cc17b9
May/28/2013 14:58:48 ipsec,debug,packet ===
May/28/2013 14:58:48 ipsec,debug respond new phase 2 negotiation: X.X.X.X[500]<=>X.X.X.X[500]
May/28/2013 14:58:48 ipsec,debug,packet encryption(aes)
May/28/2013 14:58:48 ipsec,debug,packet IV was saved for next processing:
May/28/2013 14:58:48 ipsec,debug,packet ed56432b fd6837a0 4a4e841e 430dbf8d
May/28/2013 14:58:48 ipsec,debug,packet encryption(aes)
May/28/2013 14:58:48 ipsec,debug,packet with key:
May/28/2013 14:58:48 ipsec,debug,packet 87c48bae 79736e47 2bf36965 b11ee11e
May/28/2013 14:58:48 ipsec,debug,packet decrypted payload by IV:
May/28/2013 14:58:48 ipsec,debug,packet 1c9b9fa7 7951cf92 f7ed7244 71cc17b9
May/28/2013 14:58:48 ipsec,debug,packet decrypted payload, but not trimed.
May/28/2013 14:58:48 ipsec,debug,packet 01000014 4388782c c6c97581 5eb428a8 0f9186bd 0a000038 00000001 00000001
May/28/2013 14:58:48 ipsec,debug,packet 0

Log Planet:

May 28 15:07:09 2013 VPN Log (g2gips1) #381: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
May 28 15:07:09 2013 VPN Log (g2gips1) #381: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS to replace #375 {using isakmp#379}
May 28 15:07:09 2013 VPN Log (g2gips1) #375: starting keying attempt 2 of an unlimited number
May 28 15:07:09 2013 VPN Log (g2gips1) #375: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
May 28 15:07:03 2013 VPN Log (g2gips1) #380: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
May 28 15:07:03 2013 VPN Log (g2gips1) #380: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS {using isakmp#379}
May 28 15:07:03 2013 VPN Log (g2gips1) #379: sent AR1, expecting AI2
May 28 15:07:03 2013 VPN Log (g2gips1) #379: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
May 28 15:07:03 2013 VPN Log (g2gips1) #379: Peer ID is ID_IPV4_ADDR: 'X.X.X.X'
May 28 15:07:03 2013 VPN Log (g2gips1) #379: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
May 28 15:07:03 2013 VPN Log (g2gips1) #379: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
May 28 15:07:03 2013 VPN Log (g2gips1) #379: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
May 28 15:07:03 2013 VPN Log (g2gips1) #379: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
May 28 15:07:03 2013 VPN Log (g2gips1) #379: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
May 28 15:07:03 2013 VPN Log (g2gips1) #379: received Vendor ID payload [Dead Peer Detection]
May 28 15:07:03 2013 VPN Log (g2gips1) #379: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
May 28 15:07:03 2013 VPN Log (g2gips1) #379: initiating Main Mode
May 28 15:07:03 2013 VPN Log (g2gips1) #373: ipsecdoi_initiate: (g2gips1) has retry 3 times [policy:65; serial no:175], so reset this connection!
May 28 15:07:03 2013 VPN Log (g2gips1) #373: starting keying attempt 3 of an unlimited number
May 28 15:07:03 2013 VPN Log (g2gips1) #373: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
May 28 15:06:13 2013 VPN Log (g2gips1) #378: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
May 28 15:06:13 2013 VPN Log (g2gips1) #378: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS to replace #372 {using isakmp#376}
May 28 15:06:13 2013 VPN Log (g2gips1) #372: starting keying attempt 2 of an unlimited number
May 28 15:06:13 2013 VPN Log (g2gips1) #372: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal


Strávil jsem nad tím dost času a už nevím kam dál.

Napadává vás něco?

děkuji
Řešení 1× (phr)
28.5.2013 16:00 NN
Rozbalit Rozbalit vše Re: VPN tunel
Tipuju zle nakonfigurovana druhoa faze(aes?):
failed to get proposal for responder
packet encryption(aes)
Mikrotik pouziva nasledujici default proposal kombinaci Phase 1 SHA1/MODP1024(DH group 2)/MD5 konfigurovane pomoci /ip ipsec peer a Phase 2 SHA1/MODP1024(DH group 2)/3DES konfigurovane pomoci /ip ipsec proposal(optional), na planetu se nastavuje manualne..
28.5.2013 16:11 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
Zkusil jsem na planetu nastavit do faze dve: 3des misto AES128 a pak i do faze jedna nastavit group2 a v podstate se to chova stejne.

diky
28.5.2013 21:36 NN
Rozbalit Rozbalit vše Re: VPN tunel
Posli novy log a dost by se hodila konfigurace obou stran..
28.5.2013 21:49 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
Mikrotik:

May/28/2013 21:42:00 ipsec,debug,packet ==========
May/28/2013 21:42:00 ipsec,debug,packet 84 bytes message received from X.X.X.X[500] to X.X.X.X[500]
May/28/2013 21:42:00 ipsec,debug,packet 21b4cdde 292c060a 00000000 00000000 01100200 00000000 00000054 00000038
May/28/2013 21:42:00 ipsec,debug,packet 00000001 00000001 0000002c 00010001 00000024 00010000 800b0001 800c7080
May/28/2013 21:42:00 ipsec,debug,packet 80010007 80020001 800e0080 80030001 80040002
May/28/2013 21:42:00 ipsec,debug,packet begin.
May/28/2013 21:42:00 ipsec,debug,packet seen nptype=1(sa)
May/28/2013 21:42:00 ipsec,debug,packet succeed.
May/28/2013 21:42:00 ipsec,debug,packet total SA len=52
May/28/2013 21:42:00 ipsec,debug,packet 00000001 00000001 0000002c 00010001 00000024 00010000 800b0001 800c7080
May/28/2013 21:42:00 ipsec,debug,packet 80010007 80020001 800e0080 80030001 80040002
May/28/2013 21:42:00 ipsec,debug,packet begin.
May/28/2013 21:42:00 ipsec,debug,packet seen nptype=2(prop)
May/28/2013 21:42:00 ipsec,debug,packet succeed.
May/28/2013 21:42:00 ipsec,debug,packet proposal #0 len=44
May/28/2013 21:42:00 ipsec,debug,packet begin.
May/28/2013 21:42:00 ipsec,debug,packet seen nptype=3(trns)
May/28/2013 21:42:00 ipsec,debug,packet succeed.
May/28/2013 21:42:00 ipsec,debug,packet transform #0 len=36
May/28/2013 21:42:00 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 21:42:00 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
May/28/2013 21:42:00 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
May/28/2013 21:42:00 ipsec,debug,packet encryption(aes)
May/28/2013 21:42:00 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
May/28/2013 21:42:00 ipsec,debug,packet hash(md5)
May/28/2013 21:42:00 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
May/28/2013 21:42:00 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 21:42:00 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
May/28/2013 21:42:00 ipsec,debug,packet hmac(modp1024)
May/28/2013 21:42:00 ipsec,debug,packet pair 0:
May/28/2013 21:42:00 ipsec,debug,packet 0x48c0a8: next=(nil) tnext=(nil)
May/28/2013 21:42:00 ipsec,debug,packet proposal #0: 1 transform
May/28/2013 21:42:00 ipsec,debug,packet prop#=0, prot-id=ISAKMP, spi-size=0, #trns=1
May/28/2013 21:42:00 ipsec,debug,packet trns#=0, trns-id=IKE
May/28/2013 21:42:00 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 21:42:00 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
May/28/2013 21:42:00 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
May/28/2013 21:42:00 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
May/28/2013 21:42:00 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
May/28/2013 21:42:00 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 21:42:00 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
May/28/2013 21:42:00 ipsec,debug,packet Compared: DB:Peer
May/28/2013 21:42:00 ipsec,debug,packet (lifetime = 88200:28800)
May/28/2013 21:42:00 ipsec,debug,packet (lifebyte = 0:0)
May/28/2013 21:42:00 ipsec,debug,packet enctype = AES-CBC:AES-CBC
May/28/2013 21:42:00 ipsec,debug,packet (encklen = 128:128)
May/28/2013 21:42:00 ipsec,debug,packet hashtype = MD5:MD5
May/28/2013 21:42:00 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
May/28/2013 21:42:00 ipsec,debug,packet dh_group = 768-bit MODP group:1024-bit MODP group
May/28/2013 21:42:00 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 21:42:00 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
May/28/2013 21:42:00 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
May/28/2013 21:42:00 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
May/28/2013 21:42:00 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
May/28/2013 21:42:00 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 21:42:00 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
May/28/2013 21:42:00 ipsec,debug rejected dh_group: DB(prop#1:trns#1):Peer(prop#0:trns#0) = 768-bit MODP group:1024-bit MODP group
May/28/2013 21:42:00 ipsec,debug no suitable proposal found.
May/28/2013 21:42:00 ipsec,debug failed to get valid proposal.


Mas nejaky napad jak dostat z Mikrotiku nastaveni? Zkusim kouknout jak by to slo pres konzoli, pouzivam webovou administraci.

zatím díky
28.5.2013 21:55 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
[admin@MikroTik] /ip ipsec policy> print
Flags: T - template, X - disabled, D - dynamic, I - inactive
0 src-address=192.168.0.0/24 src-port=any dst-address=192.168.1.0/24
dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=X.X.X.X
sa-dst-address=X.X.X.X proposal=default priority=0
[admin@MikroTik] /ip ipsec policy> print stats
0 ph2-state=no-phase2

Zminoval si phase2 nebude zde ten problem ?
29.5.2013 09:08 NN
Rozbalit Rozbalit vše Re: VPN tunel
Pokud to opravis, viz nize, a nepojede to znovu posli log..
28.5.2013 22:01 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
nastaveni PLanet:

Keying Mode: IKE with Preshared Key
Phase1 DHGroup: Group2
Phase1 Encryption: AES-128
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800 seconds
Perfect Forward Secrecy (true)
Phase2 DHGroup: Group2
Phase2 Encryption: 3DES
Phase2 Authentication: MD5
Phase2 SA Life Time: 3600 seconds
Preshared Key: xxxxx
Aggressive Mode (false)
Keep-Alive (True)
NetBIOS Broadcast (false)
NAT Traversal (false)
Dead Peer Detection(DPD) Enable Automatic Version Check Every 10 seconds (false)
Heart Beat, Remote Host ... (false)
Enable Automatic Version Check Every 30 seconds,Retry 5 count
29.5.2013 09:07 NN
Rozbalit Rozbalit vše Re: VPN tunel
Jak je nastavena protistrana(peer) na Mikrotiku zadavana pomoci prikazu /ip ipsec peer? Ocividne ti nesouhlasi HD group:
ipsec,debug rejected dh_group: DB(prop#1:trns#1):Peer(prop#0:trns#0) = 768-bit MODP group:1024-bit MODP group
29.5.2013 10:25 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
Nastavil jsem na Planetu Group 2 pro obe faze a na Mikrotiku je DH Group modp1024, coz by podle toho co jsem nasel na netu mohlo odpovidat.
Nize je log.

diky

gdhMay/29/2013 10:07:00 ipsec,debug,packet begin.
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=4(ke)
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=10(nonce)
May/29/2013 10:07:00 ipsec,debug,packet succeed.
May/29/2013 10:07:00 ipsec,debug,packet ===
May/29/2013 10:07:00 ipsec,debug,packet compute DH's private.
May/29/2013 10:07:00 ipsec,debug,packet 45a8979f 652ad35e 0afbaf61 b7d85cc1 5acf322b 2d271393 aa792d21 173810b8
May/29/2013 10:07:00 ipsec,debug,packet 04415e26 1903b971 bc5a1085 69a3e3e4 e7b41c16 bf927e4c 909b192b a78eb423
May/29/2013 10:07:00 ipsec,debug,packet 5832d72b 6cff0c5b 4f6d034a 6d867cf7 65a6d05a 12653702 9570a1a5 460bc9d7
May/29/2013 10:07:00 ipsec,debug,packet 78eae4a0 c8cf9c5f 08fe01a6 a605509c c2cf01be 60adfd93 94724de0 aabd931e
May/29/2013 10:07:00 ipsec,debug,packet compute DH's public.
May/29/2013 10:07:00 ipsec,debug,packet b9c14dc1 5a04a1bb 136fb3a9 4c04421b 06dc2aff 5abac143 9af84b4f 1c4bdcdb
May/29/2013 10:07:00 ipsec,debug,packet 28c0c744 8b84fdbd 924570c3 563c9535 f1b041e1 a5895789 97cb7dd6 0ae66034
May/29/2013 10:07:00 ipsec,debug,packet 8ec58597 233c9efa b3b877e2 e55ad236 e7da3280 f71f9e6f eb8e0573 eee37286
May/29/2013 10:07:00 ipsec,debug,packet 66dc0558 40554f8d 3d17a319 49ee3227 3260c2fd 8330d393 584e85e3 ddf7f7d6
May/29/2013 10:07:00 ipsec,debug,packet add payload of len 128, next type 10
May/29/2013 10:07:00 ipsec,debug,packet add payload of len 24, next type 0
May/29/2013 10:07:00 ipsec,debug,packet 188 bytes from X[500] to X[500]
May/29/2013 10:07:00 ipsec,debug,packet sockname X[500]
May/29/2013 10:07:00 ipsec,debug,packet send packet from X[500]
May/29/2013 10:07:00 ipsec,debug,packet send packet to X[500]
May/29/2013 10:07:00 ipsec,debug,packet src4 X[500]
May/29/2013 10:07:00 ipsec,debug,packet dst4 X[500]
May/29/2013 10:07:00 ipsec,debug,packet 1 times of 188 bytes message will be sent to X[500]
May/29/2013 10:07:00 ipsec,debug,packet d38db86e e6493457 0b548ac0 98076f87 04100200 00000000 000000bc 0a000084
May/29/2013 10:07:00 ipsec,debug,packet b9c14dc1 5a04a1bb 136fb3a9 4c04421b 06dc2aff 5abac143 9af84b4f 1c4bdcdb
May/29/2013 10:07:00 ipsec,debug,packet 28c0c744 8b84fdbd 924570c3 563c9535 f1b041e1 a5895789 97cb7dd6 0ae66034
May/29/2013 10:07:00 ipsec,debug,packet 8ec58597 233c9efa b3b877e2 e55ad236 e7da3280 f71f9e6f eb8e0573 eee37286
May/29/2013 10:07:00 ipsec,debug,packet 66dc0558 40554f8d 3d17a319 49ee3227 3260c2fd 8330d393 584e85e3 ddf7f7d6
May/29/2013 10:07:00 ipsec,debug,packet 0000001c 979ab587 e15293b9 cb34b588 46e67219 2635750c 4c69c855
May/29/2013 10:07:00 ipsec,debug,packet resend phase1 packet d38db86ee6493457:0b548ac098076f87
May/29/2013 10:07:00 ipsec,debug,packet compute DH's shared.
May/29/2013 10:07:00 ipsec,debug,packet
May/29/2013 10:07:00 ipsec,debug,packet 334e2f7b e55d675f f9efb51b dc4e885a a9aedd5f 5e84c80d 7afacea6 748fec00
May/29/2013 10:07:00 ipsec,debug,packet 3f1e8dc4 735c3572 8fffb111 a1b9939f 1d2feebd 2b0e26aa 7e61848f d2ebe6d6
May/29/2013 10:07:00 ipsec,debug,packet 6ace1e1a 899d1bb9 df69602e 0c2ba200 b96af81e 3c41ea71 0cfcb3e1 c79d65da
May/29/2013 10:07:00 ipsec,debug,packet e26031f9 170944b5 01d8d15a 32dbae3c 53238365 d551758d f1699e0c b657b571
May/29/2013 10:07:00 ipsec,debug,packet the psk found.
May/29/2013 10:07:00 ipsec,debug,packet nonce 1:
May/29/2013 10:07:00 ipsec,debug,packet 985aabba bbf398e8 806c4e05 13669a13
May/29/2013 10:07:00 ipsec,debug,packet nonce 2:
May/29/2013 10:07:00 ipsec,debug,packet 979ab587 e15293b9 cb34b588 46e67219 2635750c 4c69c855
May/29/2013 10:07:00 ipsec,debug,packet hmac(hmac_md5)
May/29/2013 10:07:00 ipsec,debug,packet SKEYID computed:
May/29/2013 10:07:00 ipsec,debug,packet 89abcb33 4a7c2f0a 1be2f152 fe356651
May/29/2013 10:07:00 ipsec,debug,packet hmac(hmac_md5)
May/29/2013 10:07:00 ipsec,debug,packet SKEYID_d computed:
May/29/2013 10:07:00 ipsec,debug,packet 11a74254 ac903c8b 497a936e bd0a7401
May/29/2013 10:07:00 ipsec,debug,packet hmac(hmac_md5)
May/29/2013 10:07:00 ipsec,debug,packet SKEYID_a computed:
May/29/2013 10:07:00 ipsec,debug,packet 97afb5d1 164e9f4a 1916d330 35257fdc
May/29/2013 10:07:00 ipsec,debug,packet hmac(hmac_md5)
May/29/2013 10:07:00 ipsec,debug,packet SKEYID_e computed:
May/29/2013 10:07:00 ipsec,debug,packet 97aa77c7 e0fc901e 4ef83e93 03427cfb
May/29/2013 10:07:00 ipsec,debug,packet encryption(aes)
May/29/2013 10:07:00 ipsec,debug,packet hash(md5)
May/29/2013 10:07:00 ipsec,debug,packet final encryption key computed:
May/29/2013 10:07:00 ipsec,debug,packet 97aa77c7 e0fc901e 4ef83e93 03427cfb
May/29/2013 10:07:00 ipsec,debug,packet hash(md5)
May/29/2013 10:07:00 ipsec,debug,packet encryption(aes)
May/29/2013 10:07:00 ipsec,debug,packet IV computed:
May/29/2013 10:07:00 ipsec,debug,packet b7112c5d 086c306e 49e6abd6 b37fcb8d
May/29/2013 10:07:00 ipsec,debug,packet ==========
May/29/2013 10:07:00 ipsec,debug,packet 60 bytes message received from X[500] to X[500]
May/29/2013 10:07:00 ipsec,debug,packet d38db86e e6493457 0b548ac0 98076f87 05100201 00000000 0000003c e5da4fec
May/29/2013 10:07:00 ipsec,debug,packet 8faf517e 5ba5bd51 f47ede15 96976de0 764c88f1 9573f6a8 ad42cef3
May/29/2013 10:07:00 ipsec,debug,packet encryption(aes)
May/29/2013 10:07:00 ipsec,debug,packet IV was saved for next processing:
May/29/2013 10:07:00 ipsec,debug,packet 96976de0 764c88f1 9573f6a8 ad42cef3
May/29/2013 10:07:00 ipsec,debug,packet encryption(aes)
May/29/2013 10:07:00 ipsec,debug,packet with key:
May/29/2013 10:07:00 ipsec,debug,packet 97aa77c7 e0fc901e 4ef83e93 03427cfb
May/29/2013 10:07:00 ipsec,debug,packet decrypted payload by IV:
May/29/2013 10:07:00 ipsec,debug,packet b7112c5d 086c306e 49e6abd6 b37fcb8d
May/29/2013 10:07:00 ipsec,debug,packet decrypted payload, but not trimed.
May/29/2013 10:07:00 ipsec,debug,packet 0800000c 01000000 54f26d62 00000014 9ad7fa73 94d10872 736a0bff 59fa6edd
May/29/2013 10:07:00 ipsec,debug,packet padding len=222
May/29/2013 10:07:00 ipsec,debug,packet skip to trim padding.
May/29/2013 10:07:00 ipsec,debug,packet decrypted.
May/29/2013 10:07:00 ipsec,debug,packet d38db86e e6493457 0b548ac0 98076f87 05100201 00000000 0000003c 0800000c
May/29/2013 10:07:00 ipsec,debug,packet 01000000 54f26d62 00000014 9ad7fa73 94d10872 736a0bff 59fa6edd
May/29/2013 10:07:00 ipsec,debug,packet begin.
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=5(id)
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=8(hash)
May/29/2013 10:07:00 ipsec,debug,packet succeed.
May/29/2013 10:07:00 ipsec,debug,packet HASH received:
May/29/2013 10:07:00 ipsec,debug,packet 9ad7fa73 94d10872 736a0bff 59fa6edd
May/29/2013 10:07:00 ipsec,debug,packet HASH with:
May/29/2013 10:07:00 ipsec,debug,packet f830dc88 1f3e92e0 4c4cd0b8 f3c71297 431bfc11 6ba00e0a 78d57943 e21ce216
May/29/2013 10:07:00 ipsec,debug,packet f6fb51c5 6af6e16f e3f77ff4 a1042ba0 d4847852 6161c24d 0c923788 365554d3
May/29/2013 10:07:00 ipsec,debug,packet fc5f5c15 6b1d9218 e710d29d 1a6ff3de f8364669 b95a3290 3826ced8 af7f9a88
May/29/2013 10:07:00 ipsec,debug,packet 62f76bfa 3688acae 2a57e7aa fcf4d1c5 2f86c5d7 ee6dd957 c47225d0 5f69e25f
May/29/2013 10:07:00 ipsec,debug,packet b9c14dc1 5a04a1bb 136fb3a9 4c04421b 06dc2aff 5abac143 9af84b4f 1c4bdcdb
May/29/2013 10:07:00 ipsec,debug,packet 28c0c744 8b84fdbd 924570c3 563c9535 f1b041e1 a5895789 97cb7dd6 0ae66034
May/29/2013 10:07:00 ipsec,debug,packet 8ec58597 233c9efa b3b877e2 e55ad236 e7da3280 f71f9e6f eb8e0573 eee37286
May/29/2013 10:07:00 ipsec,debug,packet 66dc0558 40554f8d 3d17a319 49ee3227 3260c2fd 8330d393 584e85e3 ddf7f7d6
May/29/2013 10:07:00 ipsec,debug,packet d38db86e e6493457 0b548ac0 98076f87 00000001 00000001 0000002c 00010001
May/29/2013 10:07:00 ipsec,debug,packet 00000024 00010000 800b0001 800c7080 80010007 80020001 800e0080 80030001
May/29/2013 10:07:00 ipsec,debug,packet 80040002 01000000 54f26d62
May/29/2013 10:07:00 ipsec,debug,packet hmac(hmac_md5)
May/29/2013 10:07:00 ipsec,debug,packet HASH computed:
May/29/2013 10:07:00 ipsec,debug,packet 9ad7fa73 94d10872 736a0bff 59fa6edd
May/29/2013 10:07:00 ipsec,debug,packet HASH for PSK validated.
May/29/2013 10:07:00 ipsec,debug,packet peer's ID
May/29/2013 10:07:00 ipsec,debug,packet 01000000 54f26d62
May/29/2013 10:07:00 ipsec,debug,packet ===
May/29/2013 10:07:00 ipsec,debug,packet use ID type of IPv4_address
May/29/2013 10:07:00 ipsec,debug,packet generate HASH_R
May/29/2013 10:07:00 ipsec,debug,packet HASH with:
May/29/2013 10:07:00 ipsec,debug,packet b9c14dc1 5a04a1bb 136fb3a9 4c04421b 06dc2aff 5abac143 9af84b4f 1c4bdcdb
May/29/2013 10:07:00 ipsec,debug,packet 28c0c744 8b84fdbd 924570c3 563c9535 f1b041e1 a5895789 97cb7dd6 0ae66034
May/29/2013 10:07:00 ipsec,debug,packet 8ec58597 233c9efa b3b877e2 e55ad236 e7da3280 f71f9e6f eb8e0573 eee37286
May/29/2013 10:07:00 ipsec,debug,packet 66dc0558 40554f8d 3d17a319 49ee3227 3260c2fd 8330d393 584e85e3 ddf7f7d6
May/29/2013 10:07:00 ipsec,debug,packet f830dc88 1f3e92e0 4c4cd0b8 f3c71297 431bfc11 6ba00e0a 78d57943 e21ce216
May/29/2013 10:07:00 ipsec,debug,packet f6fb51c5 6af6e16f e3f77ff4 a1042ba0 d4847852 6161c24d 0c923788 365554d3
May/29/2013 10:07:00 ipsec,debug,packet fc5f5c15 6b1d9218 e710d29d 1a6ff3de f8364669 b95a3290 3826ced8 af7f9a88
May/29/2013 10:07:00 ipsec,debug,packet 62f76bfa 3688acae 2a57e7aa fcf4d1c5 2f86c5d7 ee6dd957 c47225d0 5f69e25f
May/29/2013 10:07:00 ipsec,debug,packet 0b548ac0 98076f87 d38db86e e6493457 00000001 00000001 0000002c 00010001
May/29/2013 10:07:00 ipsec,debug,packet 00000024 00010000 800b0001 800c7080 80010007 80020001 800e0080 80030001
May/29/2013 10:07:00 ipsec,debug,packet 80040002 011101f4 5e70542f
May/29/2013 10:07:00 ipsec,debug,packet hmac(hmac_md5)
May/29/2013 10:07:00 ipsec,debug,packet HASH computed:
May/29/2013 10:07:00 ipsec,debug,packet 9f8e08cd e413ccee f3a2bd00 5496df0c
May/29/2013 10:07:00 ipsec,debug,packet add payload of len 8, next type 8
May/29/2013 10:07:00 ipsec,debug,packet add payload of len 16, next type 0
May/29/2013 10:07:00 ipsec,debug,packet begin encryption.
May/29/2013 10:07:00 ipsec,debug,packet encryption(aes)
May/29/2013 10:07:00 ipsec,debug,packet pad length = 16
May/29/2013 10:07:00 ipsec,debug,packet 0800000c 011101f4 5e70542f 00000014 9f8e08cd e413ccee f3a2bd00 5496df0c
May/29/2013 10:07:00 ipsec,debug,packet b6912d82 b5cefef6 457dfdd0 1253380f
May/29/2013 10:07:00 ipsec,debug,packet encryption(aes)
May/29/2013 10:07:00 ipsec,debug,packet with key:
May/29/2013 10:07:00 ipsec,debug,packet 97aa77c7 e0fc901e 4ef83e93 03427cfb
May/29/2013 10:07:00 ipsec,debug,packet encrypted payload by IV:
May/29/2013 10:07:00 ipsec,debug,packet 96976de0 764c88f1 9573f6a8 ad42cef3
May/29/2013 10:07:00 ipsec,debug,packet save IV for next:
May/29/2013 10:07:00 ipsec,debug,packet 7755f09f 55077c5f d0698a05 4fe20338
May/29/2013 10:07:00 ipsec,debug,packet encrypted.
May/29/2013 10:07:00 ipsec,debug,packet 76 bytes from X[500] to X[500]
May/29/2013 10:07:00 ipsec,debug,packet sockname X[500]
May/29/2013 10:07:00 ipsec,debug,packet send packet from X[500]
May/29/2013 10:07:00 ipsec,debug,packet send packet to X[500]
May/29/2013 10:07:00 ipsec,debug,packet src4 X[500]
May/29/2013 10:07:00 ipsec,debug,packet dst4 X[500]
May/29/2013 10:07:00 ipsec,debug,packet 1 times of 76 bytes message will be sent to Y.Y.Y.Y[500]
May/29/2013 10:07:00 ipsec,debug,packet d38db86e e6493457 0b548ac0 98076f87 05100201 00000000 0000004c 6d3eb009
May/29/2013 10:07:00 ipsec,debug,packet 146ce026 bf52cb51 38cd3493 9fa4bb01 c946e986 42bb2ab1 af97f9f8 7755f09f
May/29/2013 10:07:00 ipsec,debug,packet 55077c5f d0698a05 4fe20338
May/29/2013 10:07:00 ipsec,debug ISAKMP-SA established X.X.X.X[500]-Y.Y.Y.Y[500] spi:d38db86ee6493457:0b548ac098076f87
May/29/2013 10:07:00 ipsec,debug,packet ===
May/29/2013 10:07:00 ipsec,debug,packet ==========
May/29/2013 10:07:00 ipsec,debug,packet 284 bytes message received from Y.Y.Y.Y[500] to X.X.X.X[500]
May/29/2013 10:07:00 ipsec,debug,packet d38db86e e6493457 0b548ac0 98076f87 08102001 2c739cd6 0000011c 15d60fc3
May/29/2013 10:07:00 ipsec,debug,packet 99003612 43c7f4b7 08501c36 e26781cb e0ade6bb b58691c3 f6b78adb c5fed04b
May/29/2013 10:07:00 ipsec,debug,packet 7a413175 5ecb04e2 21c1f3e5 fbe394d2 e4236384 f2a2516e 7c311a96 f088604c
May/29/2013 10:07:00 ipsec,debug,packet 31cacd62 787bbdac 784ca33f 43f7c24a fb3508a0 3541b7aa 9d8d621c 567473e6
May/29/2013 10:07:00 ipsec,debug,packet 8b4d8623 77dfe903 8105d6bf 27fd3f19 03065c83 8d38f79e ebcdf68f e0509e13
May/29/2013 10:07:00 ipsec,debug,packet 16d14e6d 338c673c 3b943be6 ecb29f29 24b2ecd5 08eddc9f cdb295c5 1fa455d7
May/29/2013 10:07:00 ipsec,debug,packet 7063b1b3 cfe29bc7 9230437a 35e9433f f3626a9a 032e6527 c0fb592c 3805d3aa
May/29/2013 10:07:00 ipsec,debug,packet f46394ed 50875096 faeca3c7 4091ae34 9ccef401 3f758e7c 917598fb 3993a23d
May/29/2013 10:07:00 ipsec,debug,packet 80c747d4 0c626a45 2546c1ad 2d57f257 9f146a20 7c499c30 4c292c0a
May/29/2013 10:07:00 ipsec,debug,packet compute IV for phase2
May/29/2013 10:07:00 ipsec,debug,packet phase1 last IV:
May/29/2013 10:07:00 ipsec,debug,packet 7755f09f 55077c5f d0698a05 4fe20338 2c739cd6
May/29/2013 10:07:00 ipsec,debug,packet hash(md5)
May/29/2013 10:07:00 ipsec,debug,packet encryption(aes)
May/29/2013 10:07:00 ipsec,debug,packet phase2 IV computed:
May/29/2013 10:07:00 ipsec,debug,packet 818256b3 312dcb2d 7fd5d802 fd2f28a5
May/29/2013 10:07:00 ipsec,debug,packet ===
May/29/2013 10:07:00 ipsec,debug respond new phase 2 negotiation: X.X.X.X[500]<=>Y.Y.Y.Y[500]
May/29/2013 10:07:00 ipsec,debug,packet encryption(aes)
May/29/2013 10:07:00 ipsec,debug,packet IV was saved for next processing:
May/29/2013 10:07:00 ipsec,debug,packet 2d57f257 9f146a20 7c499c30 4c292c0a
May/29/2013 10:07:00 ipsec,debug,packet encryption(aes)
May/29/2013 10:07:00 ipsec,debug,packet with key:
May/29/2013 10:07:00 ipsec,debug,packet 97aa77c7 e0fc901e 4ef83e93 03427cfb
May/29/2013 10:07:00 ipsec,debug,packet decrypted payload by IV:
May/29/2013 10:07:00 ipsec,debug,packet 818256b3 312dcb2d 7fd5d802 fd2f28a5
May/29/2013 10:07:00 ipsec,debug,packet decrypted payload, but not trimed.
May/29/2013 10:07:00 ipsec,debug,packet 01000014 eb5eeeea c70eb089 ff94d7d8 52e53ad1 0a000034 00000001 00000001
May/29/2013 10:07:00 ipsec,debug,packet 00000028 00030401 2f2d3cb5 0000001c 00030000 80030002 80040001 80010001
May/29/2013 10:07:00 ipsec,debug,packet 80020e10 80050001 04000014 459e77b7 5ea9fdfe 35a00d29 05cf61e3 05000084
May/29/2013 10:07:00 ipsec,debug,packet 29507632 25900b5d d59b72c3 726a2fc3 6998f46e 414a1939 ea0ee3e0 ef8da028
May/29/2013 10:07:00 ipsec,debug,packet ec11d400 bbacc921 0bf38bb4 d1f0041b 0968ffac fcd4df51 b8ce32b8 c1419e65
May/29/2013 10:07:00 ipsec,debug,packet 0e90476b eb23da89 b229577c 8ec2c802 eaa3b98c 43ad20bb 27b38b0e 40e34c89
May/29/2013 10:07:00 ipsec,debug,packet 1afad7e8 7f0973e3 e3f3b765 e72ee8b0 3d188487 426a6f17 4a3dfafa 4f0a37b0
May/29/2013 10:07:00 ipsec,debug,packet 05000010 04000000 c0a80000 ffffff00 00000010 04000000 c0a80100 ffffff00
May/29/2013 10:07:00 ipsec,debug,packet padding len=1
May/29/2013 10:07:00 ipsec,debug,packet skip to trim padding.
May/29/2013 10:07:00 ipsec,debug,packet decrypted.
May/29/2013 10:07:00 ipsec,debug,packet d38db86e e6493457 0b548ac0 98076f87 08102001 2c739cd6 0000011c 01000014
May/29/2013 10:07:00 ipsec,debug,packet eb5eeeea c70eb089 ff94d7d8 52e53ad1 0a000034 00000001 00000001 00000028
May/29/2013 10:07:00 ipsec,debug,packet 00030401 2f2d3cb5 0000001c 00030000 80030002 80040001 80010001 80020e10
May/29/2013 10:07:00 ipsec,debug,packet 80050001 04000014 459e77b7 5ea9fdfe 35a00d29 05cf61e3 05000084 29507632
May/29/2013 10:07:00 ipsec,debug,packet 25900b5d d59b72c3 726a2fc3 6998f46e 414a1939 ea0ee3e0 ef8da028 ec11d400
May/29/2013 10:07:00 ipsec,debug,packet bbacc921 0bf38bb4 d1f0041b 0968ffac fcd4df51 b8ce32b8 c1419e65 0e90476b
May/29/2013 10:07:00 ipsec,debug,packet eb23da89 b229577c 8ec2c802 eaa3b98c 43ad20bb 27b38b0e 40e34c89 1afad7e8
May/29/2013 10:07:00 ipsec,debug,packet 7f0973e3 e3f3b765 e72ee8b0 3d188487 426a6f17 4a3dfafa 4f0a37b0 05000010
May/29/2013 10:07:00 ipsec,debug,packet 04000000 c0a80000 ffffff00 00000010 04000000 c0a80100 ffffff00
May/29/2013 10:07:00 ipsec,debug,packet begin.
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=8(hash)
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=1(sa)
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=10(nonce)
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=4(ke)
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=5(id)
May/29/2013 10:07:00 ipsec,debug,packet seen nptype=5(id)
May/29/2013 10:07:00 ipsec,debug,packet succeed.
May/29/2013 10:07:00 ipsec,debug,packet received IDci2:
May/29/2013 10:07:00 ipsec,debug,packet 04000000 c0a80000 ffffff00
May/29/2013 10:07:00 ipsec,debug,packet received IDcr2:
May/29/2013 10:07:00 ipsec,debug,packet 04000000 c0a80100 ffffff00
May/29/2013 10:07:00 ipsec,debug,packet HASH(1) validate:
May/29/2013 10:07:00 ipsec,debug,packet eb5eeeea c70eb089 ff94d7d8 52e53ad1
May/29/2013 10:07:00 ipsec,debug,packet HASH with:
May/29/2013 10:07:00 ipsec,debug,packet 2c739cd6 0a000034 00000001 00000001 00000028 00030401 2f2d3cb5 0000001c
May/29/2013 10:07:00 ipsec,debug,packet 00030000 80030002 80040001 80010001 80020e10 80050001 04000014 459e77b7
May/29/2013 10:07:00 ipsec,debug,packet 5ea9fdfe 35a00d29 05cf61e3 05000084 29507632 25900b5d d59b72c3 726a2fc3
May/29/2013 10:07:00 ipsec,debug,packet 6998f46e 414a1939 ea0ee3e0 ef8da028 ec11d400 bbacc921 0bf38bb4 d1f0041b
May/29/2013 10:07:00 ipsec,debug,packet 0968ffac fcd4df51 b8ce32b8 c1419e65 0e90476b eb23da89 b229577c 8ec2c802
May/29/2013 10:07:00 ipsec,debug,packet eaa3b98c 43ad20bb 27b38b0e 40e34c89 1afad7e8 7f0973e3 e3f3b765 e72ee8b0
May/29/2013 10:07:00 ipsec,debug,packet 3d188487 426a6f17 4a3dfafa 4f0a37b0 05000010 04000000 c0a80000 ffffff00
May/29/2013 10:07:00 ipsec,debug,packet 00000010 04000000 c0a80100 ffffff00
May/29/2013 10:07:00 ipsec,debug,packet hmac(hmac_md5)
May/29/2013 10:07:00 ipsec,debug,packet HASH computed:
May/29/2013 10:07:00 ipsec,debug,packet eb5eeeea c70eb089 ff94d7d8 52e53ad1
May/29/2013 10:07:00 ipsec,debug,packet get a src address from ID payload 192.168.0.0[0] prefixlen=24 ul_proto=255
May/29/2013 10:07:00 ipsec,debug,packet get dst address from ID payload 192.168.1.0[0] prefixlen=24 ul_proto=255
May/29/2013 10:07:00 ipsec,debug,packet 0x7fbf2f30 masked with /24: 192.168.0.0[0]
May/29/2013 10:07:00 ipsec,debug,packet 0x482540 masked with /24: 192.168.1.0[0]
May/29/2013 10:07:00 ipsec,debug no policy found: 192.168.0.0/24[0] 192.168.1.0/24[0] proto=any dir=in
May/29/2013 10:07:00 ipsec,debug failed to get proposal for responder.
May/29/2013 10:07:00 ipsec,debug failed to pre-process packet.
29.5.2013 13:24 NN
Rozbalit Rozbalit vše Re: VPN tunel
Dobre, takze dalsi chyba:
ipsec,debug no policy found: 192.168.0.0/24[0] 192.168.1.0/24[0] proto=any dir=in
May/29/2013 10:07:00 ipsec,debug failed to get proposal for responder.
May/29/2013 10:07:00 ipsec,debug failed to pre-process packet.
Takze /ip ipsec policy definuje site ktere spolu budou komunikovat a brany pres ktere pujde provoz. Nakonfigurovane zrcadlove na obous stranach. Viz cesky navod, ktery jsem posilal na zacatku.
29.5.2013 13:36 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
Bingo! :)

Kam mam poslat sampansky?

Díky!!

V.
29.5.2013 14:44 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
Tak jeste tomu preci jen neco chybi, tunel se navazal ze strany planetu udelam ping na vnitrni sit za Mikrotikem, ale obracene se mi to zatim nedari. Nejde to ani primo z Miktoriku.
29.5.2013 15:04 NN
Rozbalit Rozbalit vše Re: VPN tunel
Budes muset projit celou cestu, jak odchozi pakety, tak prichozi odpovedi a dohledat kde je to zariznute.
29.5.2013 21:31 Vláďa
Rozbalit Rozbalit vše Re: VPN tunel
Tak jeste mi tam chybel NAT uz to vsechno beha. To sampansky plati pokud mi napises kam.

diky

V.
29.5.2013 22:37 NN
Rozbalit Rozbalit vše Re: VPN tunel
Ladislav Galli - NIDV
Senovážné náměstí 26
110 06 Praha 1
Hlavne ocenuju, ze jsi to nevzdal a nakonfiguroval.

Založit nové vláknoNahoru

Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

ISSN 1214-1267   www.czech-server.cz
© 1999-2015 Nitemedia s. r. o. Všechna práva vyhrazena.