Доброй ночи уважаемые эксперты. Прошу помощи в настройке vpn до Zyxel usg-50.
С домашнего компьютера (Linux Mint 18 KDE) который находится за NAT, пытаюсь подключиться к Zyxel usg-50 с помощью пакета strongswan 5.3.5. Перелопатил кучу форумов но так и не получилось разобраться.
Настройки Zyxel usg-50: Authentication: pre-shared key Phase1 settings SA Life Time:86400 Negotiation Mode: Main Proposal: 3DES-sha1, 3DES-md5, DES-sha1 Key group: DH2 Nat Traversal: Enable Dead Pear Detection (DPD) : Enable Скрин настроек VPN Gateway
Настройки клиента
cat /etc/ipsec.conf
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
dpdaction=restart
dpdtimeout=180s
conn stroymedservice
left=94.137.244.163
leftsubnet=192.168.66.0/24
leftauth=psk
leftfirewall=yes
right=92.54.100.4
rightsubnet=192.168.1.0/24
ike=3des-sha1-modp1024
esp=3des-sha1-modp1024
authby=secret
keyexchange=ikev2
type=tunnel
auto=start
cat /etc/ipsec.secrets
94.137.244.163 92.54.100.4 : PSK "12345678"
cat /etc/strongswan.conf
# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
include strongswan.d/*.conf
eel-N56VZ feel # ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.3.5 IPsec [starter]...
feel-N56VZ feel # ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-21-generic, x86_64):
uptime: 4 seconds, since Jan 24 02:37:38 2017
malloc: sbrk 1880064, mmap 0, used 481408, free 1398656
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp lookip error-notify certexpire led addrblock unity
Listening IP addresses:
192.168.66.1
Connections:
stroymedservice: 94.137.244.163...92.54.100.4 IKEv2, dpddelay=30s
stroymedservice: local: [94.137.244.163] uses pre-shared key authentication
stroymedservice: remote: [92.54.100.4] uses pre-shared key authentication
stroymedservice: child: 192.168.66.0/24 === 192.168.1.0/24 TUNNEL, dpdaction=restart
Security Associations (0 up, 1 connecting):
stroymedservice[1]: CONNECTING, 94.137.244.163[%any]...92.54.100.4[%any]
stroymedservice[1]: IKEv2 SPIs: 290cfb76200b2149_i* 0000000000000000_r
stroymedservice[1]: Tasks active: IKE_VENDOR IKE_INIT IKE_NATD IKE_CERT_PRE IKE_AUTH IKE_CERT_POST IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME IKE_MOBIKE
syslog
24.01.17 2:27 feel-N56VZ charon 12[IKE] retransmit 3 of request with message ID 0
24.01.17 2:27 feel-N56VZ charon 12[NET] sending packet: from 94.137.244.163[500] to 92.54.100.4[500] (528 bytes)
24.01.17 2:27 feel-N56VZ charon 16[NET] error writing to socket: Invalid argument
authlog
24.01.17 2:26 feel-N56VZ ipsec_starter[16078] charon stopped after 200 ms
24.01.17 2:26 feel-N56VZ ipsec_starter[16078] ipsec starter stopped
24.01.17 2:26 feel-N56VZ ipsec_starter[17358] Starting strongSwan 5.3.5 IPsec [starter]...
24.01.17 2:26 feel-N56VZ ipsec_starter[17381] charon (17382) started after 20 ms
24.01.17 2:26 feel-N56VZ charon 07[IKE] initiating IKE_SA stroymedservice[1] to 92.54.100.4
Пробовал так же подключиться через NM-stronfswan, выдет ошибку «Пароли, необходимые для VPN подключения не были указаны». Нахожусь в полном тупике.
