VR-S1000ログ出力例6~8

公開日:

更新日:

ID: 15343

Q

VR-S1000ログ出力例6~8

A

ログ出力例 6~8

VR-S1000のファームウェアVerによって出力されるログ情報が異なります。
下記はファームウェアVer.2.09以降でのログ出力例です。

No DUT1
ログ
DUT2
ログ
Web設定
画面
6 失敗例 VPN policy 認証方式が違う場合 表示 表示 表示
7 失敗例 VPN policy リモート通信選択の範囲ミスでつながらない 表示 表示 表示
8 失敗例 IKE policy DH groupが異なっていてつながらない 表示 表示 表示

6.【失敗例】VPN policy 認証方式が違う場合

DUT1側のログ

PC1→PC2宛のpingでIPsecのトリガとする。(DUT1がイニシエーターとなる)
《IPsecパラメーター》
DUT1 VPNポリシー / SHA-256
DUT2 VPNポリシー / SHA-1 : デフォルト
他は IPsecウィザードのデフォルト値で設定

MEMO

Phase1 ISAKMP SAは成功するが、暗号化方式の提案が一致せず、Phase2 に失敗する。

Mar 21 19:34:48 VRB0C745BF000E pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 19:34:48 VRB0C745BF000E janus_run: Starting janus watcher...
Mar 21 19:34:48 VRB0C745BF000E janus watcher[16457]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 19:34:55 VRB0C745BF000E pluto: initiate on demand from 192.168.100.100:8 to 192.168.101.100:0 proto=1 state: fos_start because: acquire
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: initiating Main Mode
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: received Vendor ID payload [Dead Peer Detection]
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: STATE_MAIN_I2: sent MI2, expecting MR2
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: STATE_MAIN_I3: sent MI3, expecting MR3
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: received Vendor ID payload [CAN-IKEv2]
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.101'
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: Dead Peer Detection (RFC 3706): enabled
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #12: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK {using isakmp#11 msgid:69190bd9 proposal=3DES(3)_192-SHA2_256(5)_256 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:34:55 VRB0C745BF000E pluto: "IPsec_test" #11: received and ignored informational message
Mar 21 19:35:05 VRB0C745BF000E pluto: "IPsec_test" #11: received and ignored informational message
Mar 21 19:35:25 VRB0C745BF000E pluto: "IPsec_test" #11: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:35:25 VRB0C745BF000E pluto: "IPsec_test" #11: received and ignored informational message
Mar 21 19:36:05 VRB0C745BF000E pluto: "IPsec_test" #12: starting keying attempt 2 of at most 3
Mar 21 19:36:05 VRB0C745BF000E pluto: "IPsec_test" #13: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK to replace #12 {using isakmp#11 msgid:5b53dd99 proposal=3DES(3)_192-SHA2_256(5)_256 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 19:36:05 VRB0C745BF000E pluto: "IPsec_test" #11: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:36:05 VRB0C745BF000E pluto: "IPsec_test" #11: received and ignored informational message
Mar 21 19:36:15 VRB0C745BF000E pluto: "IPsec_test" #11: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:36:15 VRB0C745BF000E pluto: "IPsec_test" #11: received and ignored informational message
Mar 21 19:36:35 VRB0C745BF000E pluto: "IPsec_test" #11: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:36:35 VRB0C745BF000E pluto: "IPsec_test" #11: received and ignored informational message
Mar 21 19:37:15 VRB0C745BF000E pluto: "IPsec_test" #13: starting keying attempt 3 of at most 3
Mar 21 19:37:15 VRB0C745BF000E pluto: "IPsec_test" #14: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK to replace #13 {using isakmp#11 msgid:55383a20 proposal=3DES(3)_192-SHA2_256(5)_256 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 19:37:15 VRB0C745BF000E pluto: "IPsec_test" #11: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:37:15 VRB0C745BF000E pluto: "IPsec_test" #11: received and ignored informational message
Mar 21 19:37:25 VRB0C745BF000E pluto: "IPsec_test" #11: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:37:25 VRB0C745BF000E pluto: "IPsec_test" #11: received and ignored informational message
Mar 21 19:37:45 VRB0C745BF000E pluto: "IPsec_test" #11: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:37:45 VRB0C745BF000E pluto: "IPsec_test" #11: received and ignored informational message

DUT2側のログ

MEMO

Phase1 ISAKMP SAはOK。Phase2を張る段階で、相手側がSHA-256を提案しているため、接続を拒否している。

Mar 21 19:34:55 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 21 19:34:55 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 19:34:55 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 21 19:34:55 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 21 19:34:55 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 21 19:34:55 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: responding to Main Mode
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.100'
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: Dead Peer Detection (RFC 3706): enabled
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #18: IPsec Transform [ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA2_256] refused due to strict flag
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #18: no acceptable Proposal in IPsec SA
Mar 21 19:34:55 VRB0C745BF0018 pluto: "IPsec_DUT2" #18: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:35:05 VRB0C745BF0018 pluto: "IPsec_DUT2" #19: IPsec Transform [ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA2_256] refused due to strict flag
Mar 21 19:35:05 VRB0C745BF0018 pluto: "IPsec_DUT2" #19: no acceptable Proposal in IPsec SA
Mar 21 19:35:05 VRB0C745BF0018 pluto: "IPsec_DUT2" #19: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:35:25 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:35:25 VRB0C745BF0018 pluto: "IPsec_DUT2" #20: IPsec Transform [ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA2_256] refused due to strict flag
Mar 21 19:35:25 VRB0C745BF0018 pluto: "IPsec_DUT2" #20: no acceptable Proposal in IPsec SA
Mar 21 19:35:25 VRB0C745BF0018 pluto: "IPsec_DUT2" #20: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:36:05 VRB0C745BF0018 pluto: "IPsec_DUT2" #21: IPsec Transform [ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA2_256] refused due to strict flag
Mar 21 19:36:05 VRB0C745BF0018 pluto: "IPsec_DUT2" #21: no acceptable Proposal in IPsec SA
Mar 21 19:36:05 VRB0C745BF0018 pluto: "IPsec_DUT2" #21: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:36:15 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:36:15 VRB0C745BF0018 pluto: "IPsec_DUT2" #22: IPsec Transform [ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA2_256] refused due to strict flag
Mar 21 19:36:15 VRB0C745BF0018 pluto: "IPsec_DUT2" #22: no acceptable Proposal in IPsec SA
Mar 21 19:36:15 VRB0C745BF0018 pluto: "IPsec_DUT2" #22: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:36:35 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:36:35 VRB0C745BF0018 pluto: "IPsec_DUT2" #23: IPsec Transform [ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA2_256] refused due to strict flag
Mar 21 19:36:35 VRB0C745BF0018 pluto: "IPsec_DUT2" #23: no acceptable Proposal in IPsec SA
Mar 21 19:36:35 VRB0C745BF0018 pluto: "IPsec_DUT2" #23: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:37:15 VRB0C745BF0018 pluto: "IPsec_DUT2" #24: IPsec Transform [ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA2_256] refused due to strict flag
Mar 21 19:37:15 VRB0C745BF0018 pluto: "IPsec_DUT2" #24: no acceptable Proposal in IPsec SA
Mar 21 19:37:15 VRB0C745BF0018 pluto: "IPsec_DUT2" #24: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:37:25 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:37:25 VRB0C745BF0018 pluto: "IPsec_DUT2" #25: IPsec Transform [ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA2_256] refused due to strict flag
Mar 21 19:37:25 VRB0C745BF0018 pluto: "IPsec_DUT2" #25: no acceptable Proposal in IPsec SA
Mar 21 19:37:25 VRB0C745BF0018 pluto: "IPsec_DUT2" #25: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:37:45 VRB0C745BF0018 pluto: "IPsec_DUT2" #17: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:37:45 VRB0C745BF0018 pluto: "IPsec_DUT2" #26: IPsec Transform [ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA2_256] refused due to strict flag
Mar 21 19:37:45 VRB0C745BF0018 pluto: "IPsec_DUT2" #26: no acceptable Proposal in IPsec SA
Mar 21 19:37:45 VRB0C745BF0018 pluto: "IPsec_DUT2" #26: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500

Web設定画面 設定箇所

VPN > IPsec > IPsecポリシー > VPNポリシー

7.【失敗例】VPN policy リモート通信選択の範囲ミスでつながらない

DUT1側のログ

(1) 正しい宛先宛のping 実行
PC1(192.168.100.100)→PC2(192.168.101.100)宛のpingでは、VPNポリシー内の通信選択と一致しないのため、IPsecを張るトリガにならない。
したがって、特にログは出力されない。

(2) リモート通信選択を間違えて、更にpingの宛先も間違えた場合
PC1(192.168.100.100)→PC2(192.168.10.100)宛のpingを実行
PC1→PC2宛のpingでIPsecのトリガとする。(DUT1がイニシエーターとなる)
《IPsecパラメーター》
DUT1 VPNポリシー / リモートIPサブネットアドレス 192.168.10.0
DUT2 LAN側ネットワークアドレス 192.168.101.0/24
他は IPsecウィザードのデフォルト値で設定

MEMO

Phase1 ISAKMP SAは成功するが、無効なID情報となりPhase2 に失敗する。

Mar 21 19:47:35 VRB0C745BF000E dhcpd: DHCPACK to 192.168.100.100 (4c:e6:76:55:1b:59) via br1
Mar 21 19:49:38 VRB0C745BF000E pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 19:49:39 VRB0C745BF000E janus_run: Starting janus watcher...
Mar 21 19:49:39 VRB0C745BF000E janus watcher[6742]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: initiating Main Mode
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: received Vendor ID payload [Dead Peer Detection]
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: STATE_MAIN_I2: sent MI2, expecting MR2
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: STATE_MAIN_I3: sent MI3, expecting MR3
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: received Vendor ID payload [CAN-IKEv2]
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.101'
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: Dead Peer Detection (RFC 3706): enabled
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #16: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK {using isakmp#15 msgid:695110b9 proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Mar 21 19:52:46 VRB0C745BF000E pluto: "IPsec_test" #15: received and ignored informational message
Mar 21 19:52:56 VRB0C745BF000E pluto: "IPsec_test" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Mar 21 19:52:56 VRB0C745BF000E pluto: "IPsec_test" #15: received and ignored informational message
Mar 21 19:53:16 VRB0C745BF000E pluto: "IPsec_test" #15: received and ignored informational message
Mar 21 19:53:56 VRB0C745BF000E pluto: "IPsec_test" #16: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Mar 21 19:53:56 VRB0C745BF000E pluto: "IPsec_test" #16: starting keying attempt 2 of at most 3
Mar 21 19:53:56 VRB0C745BF000E pluto: "IPsec_test" #17: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK to replace #16 {using isakmp#15 msgid:41216aa9 proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 19:53:56 VRB0C745BF000E pluto: "IPsec_test" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Mar 21 19:53:56 VRB0C745BF000E pluto: "IPsec_test" #15: received and ignored informational message
Mar 21 19:54:06 VRB0C745BF000E pluto: "IPsec_test" #15: received and ignored informational message
Mar 21 19:54:26 VRB0C745BF000E pluto: "IPsec_test" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Mar 21 19:54:26 VRB0C745BF000E pluto: "IPsec_test" #15: received and ignored informational message
Mar 21 19:55:06 VRB0C745BF000E pluto: "IPsec_test" #17: starting keying attempt 3 of at most 3
Mar 21 19:55:06 VRB0C745BF000E pluto: "IPsec_test" #18: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK to replace #17 {using isakmp#15 msgid:e0f6c754 proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 19:55:06 VRB0C745BF000E pluto: "IPsec_test" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Mar 21 19:55:06 VRB0C745BF000E pluto: "IPsec_test" #15: received and ignored informational message
Mar 21 19:55:16 VRB0C745BF000E pluto: "IPsec_test" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Mar 21 19:55:16 VRB0C745BF000E pluto: "IPsec_test" #15: received and ignored informational message
Mar 21 19:55:36 VRB0C745BF000E pluto: "IPsec_test" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
Mar 21 19:55:36 VRB0C745BF000E pluto: "IPsec_test" #15: received and ignored informational message

DUT2側のログ

(1) 正しい宛先宛のping 実行
この場合、DUT2には接続要求が来ないので、ログは残らない。

(2) リモート通信選択を間違えて、更にpingの宛先も間違えた場合

MEMO

Phase1 ISAKMP SAは成功するが、 提案されるIPアドレスが実態と異なるため、無効なID情報となりPhase2 に失敗する。

Mar 21 19:52:46 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 21 19:52:46 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 19:52:46 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 21 19:52:46 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 21 19:52:46 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 21 19:52:46 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: responding to Main Mode
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.100'
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: Dead Peer Detection (RFC 3706): enabled
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: the peer proposed: 192.168.10.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===172.27.0.101<172.27.0.101>...172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 19:52:46 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: sending encrypted notification INVALID_ID_INFORMATION to 172.27.0.100:500
Mar 21 19:52:56 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: the peer proposed: 192.168.10.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:52:56 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===172.27.0.101<172.27.0.101>...172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 19:52:56 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: sending encrypted notification INVALID_ID_INFORMATION to 172.27.0.100:500
Mar 21 19:53:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===172.27.0.101<172.27.0.101>...172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 19:53:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: sending encrypted notification INVALID_ID_INFORMATION to 172.27.0.100:500
Mar 21 19:53:56 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: the peer proposed: 192.168.10.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:53:56 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===172.27.0.101<172.27.0.101>...172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 19:53:56 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: sending encrypted notification INVALID_ID_INFORMATION to 172.27.0.100:500
Mar 21 19:54:06 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===172.27.0.101<172.27.0.101>...172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 19:54:06 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: sending encrypted notification INVALID_ID_INFORMATION to 172.27.0.100:500
Mar 21 19:54:26 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: the peer proposed: 192.168.10.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:54:26 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===172.27.0.101<172.27.0.101>...172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 19:54:26 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: sending encrypted notification INVALID_ID_INFORMATION to 172.27.0.100:500
Mar 21 19:55:06 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===172.27.0.101<172.27.0.101>...172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 19:55:06 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: sending encrypted notification INVALID_ID_INFORMATION to 172.27.0.100:500
Mar 21 19:55:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: the peer proposed: 192.168.10.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:55:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===172.27.0.101<172.27.0.101>...172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 19:55:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: sending encrypted notification INVALID_ID_INFORMATION to 172.27.0.100:500
Mar 21 19:55:36 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: the peer proposed: 192.168.10.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:55:36 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===172.27.0.101<172.27.0.101>...172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 19:55:36 VRB0C745BF0018 pluto: "IPsec_DUT2" #27: sending encrypted notification INVALID_ID_INFORMATION to 172.27.0.100:500

Web設定画面 設定箇所

VPN > IPsec > IPsecポリシー > VPNポリシー

8.【失敗例】IKE policy DH groupが異なっていてつながらない

DUT1側のログ

PC1→PC2宛のpingでIPsecのトリガとする。 (DUT1がイニシエーターとなる)
《IPsecパラメーター》
DUT1 IKEポリシー / DH Group5(1536bit)
DUT2 IKEポリシー / DH Group2(1024bit) : デフォルト
他は IPsecウィザードのデフォルト値で設定

Mar 24 10:36:51 VRB0C745BF000E pluto: added connection description "IPsec_test"
Mar 24 10:36:51 VRB0C745BF000E pluto: loading secrets from "/etc/ipsec.secrets"
Mar 24 10:36:51 VRB0C745BF000E janus_run: Starting janus watcher...
Mar 24 10:36:52 VRB0C745BF000E janus watcher[28880]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 24 10:37:04 VRB0C745BF000E pluto: "IPsec_test" #3: initiating Main Mode
Mar 24 10:37:04 VRB0C745BF000E pluto: "IPsec_test" #3: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 24 10:37:04 VRB0C745BF000E pluto: "IPsec_test" #3: received and ignored informational message
Mar 24 10:37:14 VRB0C745BF000E pluto: "IPsec_test" #3: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 24 10:37:14 VRB0C745BF000E pluto: "IPsec_test" #3: received and ignored informational message
Mar 24 10:37:34 VRB0C745BF000E pluto: "IPsec_test" #3: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 24 10:37:34 VRB0C745BF000E pluto: "IPsec_test" #3: received and ignored informational message
Mar 24 10:38:14 VRB0C745BF000E pluto: "IPsec_test" #3: starting keying attempt 2 of at most 3
Mar 24 10:38:14 VRB0C745BF000E pluto: "IPsec_test" #4: initiating Main Mode to replace #3
Mar 24 10:38:14 VRB0C745BF000E pluto: "IPsec_test" #4: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 24 10:38:14 VRB0C745BF000E pluto: "IPsec_test" #4: received and ignored informational message
Mar 24 10:38:24 VRB0C745BF000E pluto: "IPsec_test" #4: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 24 10:38:24 VRB0C745BF000E pluto: "IPsec_test" #4: received and ignored informational message
Mar 24 10:38:44 VRB0C745BF000E pluto: "IPsec_test" #4: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 24 10:38:44 VRB0C745BF000E pluto: "IPsec_test" #4: received and ignored informational message
Mar 24 10:39:24 VRB0C745BF000E pluto: "IPsec_test" #4: starting keying attempt 3 of at most 3
Mar 24 10:39:24 VRB0C745BF000E pluto: "IPsec_test" #5: initiating Main Mode to replace #4
Mar 24 10:39:24 VRB0C745BF000E pluto: "IPsec_test" #5: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 24 10:39:24 VRB0C745BF000E pluto: "IPsec_test" #5: received and ignored informational message
Mar 24 10:39:34 VRB0C745BF000E pluto: "IPsec_test" #5: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 24 10:39:34 VRB0C745BF000E pluto: "IPsec_test" #5: received and ignored informational message
Mar 24 10:39:54 VRB0C745BF000E pluto: "IPsec_test" #5: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 24 10:39:54 VRB0C745BF000E pluto: "IPsec_test" #5: received and ignored informational message

DUT2側のログ

MEMO

Mainモードで接続要求に応答しているが、双方の提案が不一致のため、Phase1(ISAKMP SA)に失敗している。

Mar 24 10:37:04 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 24 10:37:04 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 24 10:37:04 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 24 10:37:04 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 24 10:37:04 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 24 10:37:04 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 24 10:37:04 VRB0C745BF0018 pluto: "IPsec_DUT2" #3: responding to Main Mode
Mar 24 10:37:04 VRB0C745BF0018 pluto: "IPsec_DUT2" #3: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1536] refused due to strict flag
Mar 24 10:37:04 VRB0C745BF0018 pluto: "IPsec_DUT2" #3: no acceptable Oakley Transform
Mar 24 10:37:04 VRB0C745BF0018 pluto: "IPsec_DUT2" #3: sending notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 24 10:37:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 24 10:37:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 24 10:37:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 24 10:37:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 24 10:37:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 24 10:37:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 24 10:37:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 24 10:37:14 VRB0C745BF0018 pluto: "IPsec_DUT2" #4: responding to Main Mode
Mar 24 10:37:14 VRB0C745BF0018 pluto: "IPsec_DUT2" #4: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1536] refused due to strict flag
Mar 24 10:37:14 VRB0C745BF0018 pluto: "IPsec_DUT2" #4: no acceptable Oakley Transform
Mar 24 10:37:14 VRB0C745BF0018 pluto: "IPsec_DUT2" #4: sending notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 24 10:37:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 24 10:37:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 24 10:37:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 24 10:37:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 24 10:37:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 24 10:37:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 24 10:37:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 24 10:37:34 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: responding to Main Mode
Mar 24 10:37:34 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1536] refused due to strict flag
Mar 24 10:37:34 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: no acceptable Oakley Transform
Mar 24 10:37:34 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: sending notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 24 10:38:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 24 10:38:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 24 10:38:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 24 10:38:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 24 10:38:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 24 10:38:14 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 24 10:38:14 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: responding to Main Mode
Mar 24 10:38:14 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1536] refused due to strict flag
Mar 24 10:38:14 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: no acceptable Oakley Transform
Mar 24 10:38:14 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: sending notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 24 10:38:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 24 10:38:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 24 10:38:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 24 10:38:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 24 10:38:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 24 10:38:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 24 10:38:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 24 10:38:24 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: responding to Main Mode
Mar 24 10:38:24 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1536] refused due to strict flag
Mar 24 10:38:24 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: no acceptable Oakley Transform
Mar 24 10:38:24 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: sending notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 24 10:38:44 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 24 10:38:44 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 24 10:38:44 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 24 10:38:44 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 24 10:38:44 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 24 10:38:44 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 24 10:38:44 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 24 10:38:44 VRB0C745BF0018 pluto: "IPsec_DUT2" #8: responding to Main Mode
Mar 24 10:38:44 VRB0C745BF0018 pluto: "IPsec_DUT2" #8: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1536] refused due to strict flag
Mar 24 10:38:44 VRB0C745BF0018 pluto: "IPsec_DUT2" #8: no acceptable Oakley Transform
Mar 24 10:38:44 VRB0C745BF0018 pluto: "IPsec_DUT2" #8: sending notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 24 10:38:56 VRB0C745BF0018 dhcpd: DHCPACK to 192.168.101.100 (60:eb:69:ce:51:c4) via br1
Mar 24 10:39:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 24 10:39:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 24 10:39:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 24 10:39:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 24 10:39:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 24 10:39:24 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 24 10:39:24 VRB0C745BF0018 pluto: "IPsec_DUT2" #9: responding to Main Mode
Mar 24 10:39:24 VRB0C745BF0018 pluto: "IPsec_DUT2" #9: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1536] refused due to strict flag
Mar 24 10:39:24 VRB0C745BF0018 pluto: "IPsec_DUT2" #9: no acceptable Oakley Transform
Mar 24 10:39:24 VRB0C745BF0018 pluto: "IPsec_DUT2" #9: sending notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 24 10:39:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 24 10:39:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 24 10:39:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 24 10:39:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 24 10:39:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 24 10:39:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 24 10:39:34 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 24 10:39:34 VRB0C745BF0018 pluto: "IPsec_DUT2" #10: responding to Main Mode
Mar 24 10:39:34 VRB0C745BF0018 pluto: "IPsec_DUT2" #10: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1536] refused due to strict flag
Mar 24 10:39:34 VRB0C745BF0018 pluto: "IPsec_DUT2" #10: no acceptable Oakley Transform
Mar 24 10:39:34 VRB0C745BF0018 pluto: "IPsec_DUT2" #10: sending notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 24 10:39:54 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 24 10:39:54 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 24 10:39:54 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 24 10:39:54 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 24 10:39:54 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 24 10:39:54 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 24 10:39:54 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 24 10:39:54 VRB0C745BF0018 pluto: "IPsec_DUT2" #11: responding to Main Mode
Mar 24 10:39:54 VRB0C745BF0018 pluto: "IPsec_DUT2" #11: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1536] refused due to strict flag
Mar 24 10:39:54 VRB0C745BF0018 pluto: "IPsec_DUT2" #11: no acceptable Oakley Transform
Mar 24 10:39:54 VRB0C745BF0018 pluto: "IPsec_DUT2" #11: sending notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500

Web設定画面 設定箇所

VPN > IPsec > IPsecポリシー > IKEポリシー

このご質問の対象となる商品・OS・接続機器を表示

商品

OS・接続機器