OpenSwan IPSec 日志解释

OpenSwan IPSec 日志解释

我正在尝试了解 IPSec 日志。如果有人能帮助我了解我寻找的主要内容以及如何解决任何 IPSec 问题,那就太好了。如果有人能帮助我直观地了解这个 IPSec 隧道是如何设置的,那就太好了

我特别想知道这一点:166.83.21.33==[114.23.239.222]<4500><----->[210.54.48.233]==166.83.0.0

SNAT:166.83.21.33
公网IP:114.23.239.222

右端公网ip:210.54.48.233

166.83.0.0-??

Tunnel Id=35180     State=STATE_QUICK_R2 - ISAKMP Header, Connected Notification
166.83.21.33==[114.23.239.222]<4500><----->[210.54.48.233]==166.83.0.0
Connection argument used:  --name tun35180 --id 114.23.239.222 --host 114.23.239.222 --client 166.83.21.33/255.255.255.255 --nexthop 114.23.3.254 --updown /lib/ipsec/_updown  --to  --id 210.54.48.233 --host 210.54.48.233 --client 166.83.0.0/255.255.0.0 --pfs  --pfsgroup=modp1024  --esp=aes128-sha1     --ipseclifetime=10800  --ikelifetime=14400  --keyingtries=5 --encrypt  --psk      --updown /lib/ipsec/_updown  --delete
Log:
2016-10-06 06:37:04 added connection description "tun35180"
2016-10-06 06:37:04 "tun35180" #1: initiating Main Mode
2016-10-06 06:37:04 ERROR: "tun35180" #1: sendto on ppp2 to 210.54.48.233:500 failed in main_outI1. Errno 1: Operation not permitted
2016-10-06 06:37:14 "tun35180" #1: ignoring unknown Vendor ID payload [4f45755c645c6a795c5c6170]
2016-10-06 06:37:14 "tun35180" #1: received Vendor ID payload [Dead Peer Detection]
2016-10-06 06:37:14 "tun35180" #1: received Vendor ID payload [RFC 3947] method set to=115
2016-10-06 06:37:14 "tun35180" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
2016-10-06 06:37:14 "tun35180" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
2016-10-06 06:37:14 "tun35180" #1: STATE_MAIN_I2: sent MI2, expecting MR2
2016-10-06 06:37:15 "tun35180" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
2016-10-06 06:37:15 "tun35180" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
2016-10-06 06:37:15 "tun35180" #1: STATE_MAIN_I3: sent MI3, expecting MR3
2016-10-06 06:37:15 "tun35180" #1: Main mode peer ID is ID_IPV4_ADDR: '210.54.48.233'
2016-10-06 06:37:15 "tun35180" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
2016-10-06 06:37:15 "tun35180" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
2016-10-06 06:37:15 "tun35180" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1 msgid:c49a6cd8 proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
2016-10-06 06:37:15 "tun35180" #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
2016-10-06 06:37:15 "tun35180" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x46eba4aa <0x334fea87 xfrm

相关内容