23_Alby23
14-09-2012, 11:56
VPN IPSec che ogni tanto (in modo *apparentemente* randomico) non vuole salire.
Questo il debug da un peer:
ike 0:VPN_NAME_:VPN_NAME__ph2-10: IPsec SA connect 8 OUR_IP->REMOTE_IP:500, natt_mode=0
ike 0:VPN_NAME_: using existing connection, dpd_fail=0
ike 0:VPN_NAME_: found phase2 VPN_NAME__ph2-10
ike 0:VPN_NAME_: IPsec SA connect 8 OUR_IP->REMOTE_IP:500 negotiating
ike 0:VPN_NAME_:8: cookie 61b4455598b04bea/fbdab48ecd5111c5:fddcfd97
ike 0:VPN_NAME_:8:VPN_NAME__ph2-10:3617: initiator selectors 0 0:10.200.1.0/255.255.255.0:0:0->0:172.24.7.0/255.255.255.0:0:0
ike 0:VPN_NAME_:8: sent IKE msg (quick_i1send): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:8: sent IKE msg (P2_RETRANSMIT): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:VPN_NAME__ph2-10: IPsec SA connect 8 OUR_IP->REMOTE_IP:500, natt_mode=0
ike 0:VPN_NAME_: using existing connection, dpd_fail=0
ike 0:VPN_NAME_: found phase2 VPN_NAME__ph2-10
ike 0:VPN_NAME_:8: sent IKE msg (P2_RETRANSMIT): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:VPN_NAME__ph2-10: IPsec SA connect 8 OUR_IP->REMOTE_IP:500, natt_mode=0
ike 0:VPN_NAME_: using existing connection, dpd_fail=0
ike 0:VPN_NAME_: found phase2 VPN_NAME__ph2-10
ike 0:VPN_NAME_:8: sent IKE msg (P2_RETRANSMIT): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:8: sent IKE msg (P2_RETRANSMIT): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:8:VPN_NAME__ph2-10:3617: quick-mode negotiation failed due to retry timeout
:mc: :muro:
A me pare che il peer remoto occasionalmente non sia raggiungibile, ma come posso dimostrarlo senza aver accesso al peer stesso?
Questo il debug da un peer:
ike 0:VPN_NAME_:VPN_NAME__ph2-10: IPsec SA connect 8 OUR_IP->REMOTE_IP:500, natt_mode=0
ike 0:VPN_NAME_: using existing connection, dpd_fail=0
ike 0:VPN_NAME_: found phase2 VPN_NAME__ph2-10
ike 0:VPN_NAME_: IPsec SA connect 8 OUR_IP->REMOTE_IP:500 negotiating
ike 0:VPN_NAME_:8: cookie 61b4455598b04bea/fbdab48ecd5111c5:fddcfd97
ike 0:VPN_NAME_:8:VPN_NAME__ph2-10:3617: initiator selectors 0 0:10.200.1.0/255.255.255.0:0:0->0:172.24.7.0/255.255.255.0:0:0
ike 0:VPN_NAME_:8: sent IKE msg (quick_i1send): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:8: sent IKE msg (P2_RETRANSMIT): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:VPN_NAME__ph2-10: IPsec SA connect 8 OUR_IP->REMOTE_IP:500, natt_mode=0
ike 0:VPN_NAME_: using existing connection, dpd_fail=0
ike 0:VPN_NAME_: found phase2 VPN_NAME__ph2-10
ike 0:VPN_NAME_:8: sent IKE msg (P2_RETRANSMIT): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:VPN_NAME__ph2-10: IPsec SA connect 8 OUR_IP->REMOTE_IP:500, natt_mode=0
ike 0:VPN_NAME_: using existing connection, dpd_fail=0
ike 0:VPN_NAME_: found phase2 VPN_NAME__ph2-10
ike 0:VPN_NAME_:8: sent IKE msg (P2_RETRANSMIT): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:8: sent IKE msg (P2_RETRANSMIT): OUR_IP:500->REMOTE_IP:500, len=172
ike 0:VPN_NAME_:8:VPN_NAME__ph2-10:3617: quick-mode negotiation failed due to retry timeout
:mc: :muro:
A me pare che il peer remoto occasionalmente non sia raggiungibile, ma come posso dimostrarlo senza aver accesso al peer stesso?