×

Strongswan与Andriod野蛮模式L2TPoverIPsec对接有时候不成功。

hqy hqy 发表于2025-02-20 01:46:41 浏览10 评论0

抢沙发发表评论

不成功的时候strongswan打印如下:

Dec 17 13:55:12 05[ENC] <net-net|8> generating AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ]

Dec 17 13:55:12 05[NET] <net-net|8> sending packet: from 192.168.0.132[500] to 192.168.0.124[500] (384 bytes)

Dec 17 13:55:12 04[NET] sending packet: from 192.168.0.132[500] to 192.168.0.124[500]

Dec 17 13:55:12 05[MGR] <net-net|8> checkin IKE_SA net-net[8]

Dec 17 13:55:12 05[MGR] <net-net|8> check-in of IKE_SA successful.

Dec 17 13:55:12 01[JOB] next event in 3s 999ms, waiting

Dec 17 13:55:13 03[NET] received packet: from 192.168.0.124[500] to 192.168.0.132[500]

Dec 17 13:55:13 03[NET] waiting for data on sockets

Dec 17 13:55:13 03[NET] received packet: from 192.168.0.124[500] to 192.168.0.132[500]

Dec 17 13:55:13 03[NET] waiting for data on sockets

Dec 17 13:55:13 06[MGR] checkout IKE_SA by message

Dec 17 13:55:13 06[MGR] IKE_SA net-net[8] successfully checked out

Dec 17 13:55:13 06[NET] <net-net|8> received packet: from 192.168.0.124[500] to 192.168.0.132[500] (92 bytes)

Dec 17 13:55:13 06[ENC] <net-net|8> parsed INFORMATIONAL_V1 request 2630201173 [ HASH N(INITIAL_CONTACT) ]

Dec 17 13:55:13 06[IKE] <net-net|8> calculated HASH does not match HASH payload

Dec 17 13:55:13 06[CFG] <net-net|8> no alternative config found

Dec 17 13:55:13 06[IKE] <net-net|8> queueing ISAKMP_DELETE task

Dec 17 13:55:13 06[IKE] <net-net|8> activating new tasks

Dec 17 13:55:13 06[IKE] <net-net|8>   activating ISAKMP_DELETE task

Dec 17 13:55:13 06[IKE] <net-net|8> deleting IKE_SA net-net[8] between 192.168.0.132[192.168.0.132]...192.168.0.124[123]

Dec 17 13:55:13 06[IKE] <net-net|8> sending DELETE for IKE_SA net-net[8]

Dec 17 13:55:13 06[IKE] <net-net|8> IKE_SA net-net[8] state change: CONNECTING => DELETING

Dec 17 13:55:13 06[ENC] <net-net|8> generating INFORMATIONAL_V1 request 3988102021 [ HASH D ]

Dec 17 13:55:13 06[NET] <net-net|8> sending packet: from 192.168.0.132[500] to 192.168.0.124[500] (84 bytes)

Dec 17 13:55:13 06[MGR] <net-net|8> checkin and destroy IKE_SA net-net[8]

Dec 17 13:55:13 06[IKE] <net-net|8> IKE_SA net-net[8] state change: DELETING => DESTROYING

Dec 17 13:55:13 06[MGR] check-in and destroy of IKE_SA successful


可以看出,原本应该期待收到AGG的第三条报文,但是却收到了个通知载荷 N(INITIAL_CONTACT) ]。通过抓包发现Andriod(racoon)确实也发了,

在strongswan的接收机器上通过tcpdump抓包如下顺序。

agg1/agg2/agg3/info


但是strongswan却先收到了information报文,导致处理错误

————————————————


                            版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

                        

原文链接:https://blog.csdn.net/xingyeping/article/details/50340833/


打赏

本文链接:https://www.kinber.cn/post/4897.html 转载需授权!

分享到:


推荐本站淘宝优惠价购买喜欢的宝贝:

image.png

 您阅读本篇文章共花了: 

群贤毕至

访客