v.23.1.4 IPSEC IKEv1 monit restart swanctl startet nur Phase 1

Started by opnforumuser, March 28, 2023, 12:48:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 28, 2023, 12:48:17 PM
Wie kann man einen Tunnel über "monit" komplett verbinden?

Aktuell ist es in monit service settings wie folgt konfiguriert und es wird nur Phase-1 verbunden.
Code Select

Start : [ /usr/local/sbin/swanctl -i -i con2 ]
Stop  : [ /usr/local/sbin/swanctl -t -i con2 ]


Über console getestet, bekomme ich das gleiche Verhalten.

Code Select

root@RZFW1:~ # /usr/local/sbin/swanctl -t -i con2

[IKE] deleting IKE_SA con2[275] between 78.94.223.133[78.94.223.133]...212.202.137.9[212.202.137.9]
[IKE] sending DELETE for IKE_SA con2[275]
[ENC] generating INFORMATIONAL_V1 request 3928440156 [ HASH D ]
[NET] sending packet: from 78.94.223.133[500] to 212.202.137.9[500] (108 bytes)
terminate completed successfully

root@RZFW1:~ # /usr/local/sbin/swanctl -i -i con2

[IKE] initiating Main Mode IKE_SA con2[276] to 212.202.137.9
[ENC] generating ID_PROT request 0 [ SA V V V V V ]
[NET] sending packet: from 78.94.223.133[500] to 212.202.137.9[500] (180 bytes)
[NET] received packet: from 212.202.137.9[500] to 78.94.223.133[500] (160 bytes)
[ENC] parsed ID_PROT response 0 [ SA V V V V ]
[IKE] received XAuth vendor ID
[IKE] received DPD vendor ID
[IKE] received FRAGMENTATION vendor ID
[IKE] received NAT-T (RFC 3947) vendor ID
[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
[NET] sending packet: from 78.94.223.133[500] to 212.202.137.9[500] (396 bytes)
[NET] received packet: from 212.202.137.9[500] to 78.94.223.133[500] (396 bytes)
[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
[NET] sending packet: from 78.94.223.133[500] to 212.202.137.9[500] (108 bytes)
[NET] received packet: from 212.202.137.9[500] to 78.94.123.233[500] (92 bytes)
[ENC] parsed ID_PROT response 0 [ ID HASH ]
[IKE] IKE_SA con2[276] established between 78.94.223.133[78.94.223.133]...212.202.137.9[212.202.137.9]
[IKE] scheduling reauthentication in 3252s
[IKE] maximum IKE_SA lifetime 3609s
initiate completed successfully
Print
Go Up Pages1
User actions