Сервер zywall 35
Настройки ipsec на нем (да, des древний как г но нужно завести с этим)
Negotiation Mode Main
Encryption Algorithm DES
Authentication Algorithm MD5
SA Life Time (Seconds) 28800
Key Group DH1
Клиент strongswan
conn TESTING
left=my_client_ip
leftauth=psk
right=zywall_35_ip
rightsubnet=10.133.16.0/24
rightauth=psk
ike=3des-md5-modp768!
esp=3des-md5-modp768!
dpddelay=30
dpdtimeout=150
mediation=no
keyexchange=ikev1При подключении всегда одна и та же ошибка
Aug 3 12:37:40 debian-1 charon: 04[IKE] IKE_SA TESTING[1] established between my_client_ip[my_client_ip]...my_server_ip[my_server_ip]
Aug 3 12:37:40 debian-1 charon: 04[IKE] IKE_SA TESTING[1] state change: CONNECTING => ESTABLISHED
Aug 3 12:37:40 debian-1 charon: 04[IKE] scheduling reauthentication in 3270s
Aug 3 12:37:40 debian-1 charon: 04[IKE] maximum IKE_SA lifetime 3450s
Aug 3 12:37:40 debian-1 charon: 04[IKE] activating new tasks
Aug 3 12:37:40 debian-1 charon: 04[IKE] activating QUICK_MODE task
Aug 3 12:37:40 debian-1 charon: 04[CFG] configured proposals: ESP:3DES_CBC/HMAC_MD5_96/MODP_768/NO_EXT_SEQ
Aug 3 12:37:40 debian-1 charon: 04[CFG] configured proposals: ESP:3DES_CBC/HMAC_MD5_96/MODP_768/NO_EXT_SEQ
Aug 3 12:37:40 debian-1 charon: 04[CFG] proposing traffic selectors for us:
Aug 3 12:37:40 debian-1 charon: 04[CFG] my_client_ip/32
Aug 3 12:37:40 debian-1 charon: 04[CFG] proposing traffic selectors for other:
Aug 3 12:37:40 debian-1 charon: 04[CFG] my_server_ip/32
Aug 3 12:37:40 debian-1 charon: 04[IKE] Hash(1) => 16 bytes @ 0xaed01460
Aug 3 12:37:40 debian-1 charon: 04[IKE] 0: A0 5F 1B 19 97 D5 E6 04 AB 9A 74 4B 6A D1 4A D1 ._........tKj.J.
Aug 3 12:37:40 debian-1 charon: 04[ENC] generating QUICK_MODE request 1862884692 [ HASH SA No KE ID ID ]
Aug 3 12:37:40 debian-1 charon: 04[IKE] next IV for MID 1862884692 => 8 bytes @ 0xaed00878
Aug 3 12:37:40 debian-1 charon: 04[IKE] 0: CE A7 EB 42 29 5D 88 0B ...B)]..
Aug 3 12:37:40 debian-1 charon: 04[IKE] next IV for MID 1862884692 => 8 bytes @ 0xaed02920
Aug 3 12:37:40 debian-1 charon: 04[IKE] 0: 7C 4E 91 E5 24 2A EC 78 |N..$*.x
Aug 3 12:37:40 debian-1 charon: 04[NET] sending packet: from my_client_ip[500] to my_server_ip[500] (268 bytes)
Aug 3 12:37:40 debian-1 charon: 05[NET] received packet: from my_server_ip[500] to my_client_ip[500] (76 bytes)
Aug 3 12:37:40 debian-1 charon: 05[IKE] next IV for MID 1909653617 => 8 bytes @ 0xaef01578
Aug 3 12:37:40 debian-1 charon: 05[IKE] 0: 5E 97 AD A1 3B EE C6 42 ^...;..B
Aug 3 12:37:40 debian-1 charon: 05[ENC] parsed INFORMATIONAL_V1 request 1909653617 [ HASH N(INVAL_ID) ]
Aug 3 12:37:40 debian-1 charon: 05[IKE] Hash => 16 bytes @ 0xaef00a20
Aug 3 12:37:40 debian-1 charon: 05[IKE] 0: F5 D2 24 D0 F9 EC CC FD 87 B3 C5 C8 29 31 43 42 ..$.........)1CB
Aug 3 12:37:40 debian-1 charon: 05[IKE] received INVALID_ID_INFORMATION error notify
Aug 3 12:37:40 debian-1 charon: 05[NET] received packet: from my_server_ip[500] to my_client_ip[500] (76 bytes)
Aug 3 12:37:40 debian-1 charon: 05[IKE] next IV for MID 1882852347 => 8 bytes @ 0xaef01708
Aug 3 12:37:40 debian-1 charon: 05[IKE] 0: 6C 1F 33 B8 AF 48 15 52 l.3..H.R
Aug 3 12:37:40 debian-1 charon: 05[ENC] parsed INFORMATIONAL_V1 request 1882852347 [ HASH D ]
Aug 3 12:37:40 debian-1 charon: 05[IKE] Hash => 16 bytes @ 0xaef009d0
Aug 3 12:37:40 debian-1 charon: 05[IKE] 0: AF 2B 14 D7 0E 64 6E 99 5C 14 75 EC E5 34 97 B0 .+...dn.\.u..4..
Aug 3 12:37:40 debian-1 charon: 05[IKE] received DELETE for IKE_SA TESTING[1]
Aug 3 12:37:40 debian-1 charon: 05[IKE] deleting IKE_SA TESTING[1] between my_client_ip[my_client_ip]...my_server_ip[my_server_ip]
Aug 3 12:37:40 debian-1 charon: 05[IKE] IKE_SA TESTING[1] state change: ESTABLISHED => DELETING
Aug 3 12:37:40 debian-1 charon: 05[IKE] IKE_SA TESTING[1] state change: DELETING => DELETING
Aug 3 12:37:40 debian-1 charon: 05[IKE] IKE_SA TESTING[1] state change: DELETING => DESTROYING
т.е. соединение вроде бы устанавливается и сразу отваливается
