ikev2 strongswan нет подключения с мобильного интернета, не могу понять почему?
Форум — Admin
Всем привет!
подскажите пожалуйста, есть vps с strongswan ikev2, конфигурация ниже. С компа нормально подключается, с телефона подключенного к домашнему wi-fi тоже без проблем, но с мобильного интернета - борода. В логи смотрю и не хватает ума понять в чем дело. Подскажите пожалуйста, кто шарит?
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=xxx.xxx.xx.xx
leftid=xxx.xxx.xx.xx
leftcert=/etc/ipsec.d/certs/server-cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.10.10.0/24
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=%identity
ike=aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048,chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048,chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!
логи сторнгсвана в момент подключения вот такие:
Nov 04 15:54:43 x.stark-industries.solutions charon[115176]: 13[NET] received packet: from 1.1.1.90[45177] to 2.2.2.41[500] (1072 bytes)
Nov 04 15:54:43 x.stark-industries.solutions charon[115176]: 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
Nov 04 15:54:43 x.stark-industries.solutions charon[115176]: 13[IKE] 1.1.1.90 is initiating an IKE_SA
Nov 04 15:54:43 x.stark-industries.solutions charon[115176]: 13[IKE] 1.1.1.90 is initiating an IKE_SA
Nov 04 15:54:43 x.stark-industries.solutions charon[115176]: 13[IKE] remote host is behind NAT
Nov 04 15:54:43 x.stark-industries.solutions charon[115176]: 13[IKE] DH group MODP_4096 unacceptable, requesting MODP_2048
Nov 04 15:54:43 x.stark-industries.solutions charon[115176]: 13[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Nov 04 15:54:43 x.stark-industries.solutions charon[115176]: 13[NET] sending packet: from 2.2.2.41[500] to 1.1.1.90[45177] (38 bytes)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 12[NET] received packet: from 1.1.1.90[29661] to 2.2.2.41[500] (816 bytes)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 12[IKE] 1.1.1.90 is initiating an IKE_SA
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 12[IKE] 1.1.1.90 is initiating an IKE_SA
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 12[IKE] remote host is behind NAT
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 12[NET] sending packet: from 2.2.2.41[500] to 1.1.1.90[29661] (472 bytes)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[NET] received packet: from 1.1.1.90[9336] to 2.2.2.41[4500] (528 bytes)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[ENC] parsed IKE_AUTH request 1 [ IDi IDr N(MOBIKE_SUP) SA TSi TSr CPRQ(ADDR ADDR6 DNS DNS6 MASK VER) ]
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[IKE] initiating EAP_IDENTITY method (id 0x00)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[IKE] peer supports MOBIKE
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[IKE] authentication of '2.2.2.41' (myself) with RSA_EMSA_PKCS1_SHA2_384 successful
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[IKE] sending end entity cert "CN=2.2.2.41"
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[ENC] splitting IKE message (1920 bytes) into 2 fragments
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[NET] sending packet: from 2.2.2.41[4500] to 1.1.1.90[9336] (1236 bytes)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 16[NET] sending packet: from 2.2.2.41[4500] to 1.1.1.90[9336] (756 bytes)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 14[NET] received packet: from 1.1.1.90[9336] to 2.2.2.41[4500] (80 bytes)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 14[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 14[IKE] initiating EAP_MSCHAPV2 method (id 0x37)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 14[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 14[NET] sending packet: from 2.2.2.41[4500] to 1.1.1.90[9336] (112 bytes)
Nov 04 15:54:44 x.stark-industries.solutions charon[115176]: 11[JOB] deleting half open IKE_SA with 1.1.1.90 after timeout
Почему на домашнем вай-фае работает, а с мобильного - нет? пробовал на разных операторах.
Отнеситесь к новичку снисходительно пожалуйста.