调试两个网络之间的连通性

tag-icon tag-icon networking vpn zywall
调试两个网络之间的连通性

有两个网络通过很少有 Zywall 防火墙的互联网上的 VPN 进行连接。

一周前,VPN 连接失败,从此无法建立。

网络现在无法互相看到,它们甚至无法 ping/ssh 其公共地址。从互联网上的任何其他网络,它们都可见。当使用 4g wan 出口而不是 wan1 时,它们还可以看到对方的公共地址。

我尝试过暂时禁用安全策略(防火墙本身),但没有成功。它们无法互相 ssh/ping,更不用说建立 vpn 了。

没有任何 NAT 规则涉及端口 500 或任何奇怪的端口。这可能是路由问题吗?防火墙是否希望使用 VPN 路由到达其他网络?

除了 traceroute 之外,我还能运行什么来调试这个可见性问题?

跟踪路由报告:

FROM Network 2

# ping 11.22.33.44 -n -c 3 -I eth1
PING 11.22.33.44 (11.22.33.44) from 44.33.22.11 eth1: 56(84) bytes of data.
64 bytes from 11.22.33.44: icmp_seq=1 ttl=46 time=151 ms
64 bytes from 11.22.33.44: icmp_seq=2 ttl=46 time=74.6 ms
64 bytes from 11.22.33.44: icmp_seq=3 ttl=46 time=76.6 ms

--- 11.22.33.44 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 74.645/100.804/151.091/35.568 ms

# traceroute -4 11.22.33.44 -n -i eth1
traceroute to 11.22.33.44 (11.22.33.44), 30 hops max, 60 byte packets
 1  192.168.8.1  0.509 ms  0.518 ms  0.370 ms
 2  100.64.64.1  35.393 ms  35.274 ms  35.137 ms
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  11.22.33.44  87.177 ms  87.052 ms  87.776 ms
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

# traceroute -4 11.22.33.44 -n -i eth0
traceroute to 11.22.33.44 (11.22.33.44), 30 hops max, 60 byte packets
 1  10.17.0.1  10.913 ms  10.704 ms  10.466 ms
 2  37.0.32.61  14.442 ms  14.439 ms  15.098 ms
 3  10.250.7.1  14.050 ms  14.235 ms  14.105 ms
 4  10.253.72.10  14.962 ms  14.820 ms  14.964 ms
 5  213.230.56.15  15.026 ms  14.874 ms  19.417 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

FROM network 1

# traceroute -4 44.33.22.11 -n -i eth0
traceroute to 44.33.22.11 (44.33.22.11), 30 hops max, 60 byte packets
 1  10.10.254.26  9.157 ms  9.089 ms  8.980 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

# traceroute -4 44.33.22.11 -n -i eth1
traceroute to 44.33.22.11 (44.33.22.11), 30 hops max, 60 byte packets
 1  192.168.8.1  0.505 ms  0.769 ms  0.734 ms
 2  * * *
 3  10.200.102.217  137.352 ms  137.312 ms  137.098 ms
 4  10.200.102.65  140.616 ms  140.575 ms  148.781 ms
 5  10.200.102.66  140.246 ms  140.062 ms  139.860 ms
 6  212.161.142.13  140.036 ms  139.658 ms  139.466 ms
 7  91.206.52.172  148.026 ms  41.202 ms  41.152 ms
 8  * * *
 9  62.192.25.38  58.491 ms  58.504 ms  58.153 ms
10  213.230.52.158  58.334 ms 213.230.52.156  58.097 ms  58.110 ms
11  * * *
12  * * *
13  37.0.32.62  55.943 ms  55.779 ms  55.724 ms
14  44.33.22.11  65.207 ms  59.644 ms  59.476 ms
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

VPN 协商

从网络 1 到网络 2 的 IKE 协商

[...]
Dec 19 12:06:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="Detect deleted tunnel[NET1-NET2](#2, 0x1066eb5c), IKE[NET1-NET2-GW](#4), refcount: 2, deletion: 0" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:06:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="Not a deleted tunnel[NET1-NET2](#2, 0x1066eb5c), refcount: 2, deletion: 0" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:06:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="Starting DNS query" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:06:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="DNS query ended" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:06:54 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0xa39f20188f6f1b51 / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:06:54 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Tunnel [NET1-NET2] Sending IKE request" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:06:54 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0xa39f20188f6f1b51 / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:06:54 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Send Main Mode request to [44.33.22.11]" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:06:54 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0xa39f20188f6f1b51 / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:06:54 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID]" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:01 helisrv CRON[17748]: (www-data) CMD (/usr/bin/php5 /usr/share/glpi/front/cron.php)
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="Starting DNS query" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="DNS query ended" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="Auto-start: Auto-start already active for rule NET1-NET2" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0xa39f20188f6f1b51 / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="ISAKMP SA [NET1-NET2-GW] is disconnected" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="IKEv1 SA [Initiator] negotiation failed:" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Local IKE peer  11.22.33.44:500 ID (null)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Remote IKE peer 44.33.22.11:500 ID (null)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Message: Timed out (65540)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="[NET1-NET2-GW(#4)] IKE SA negotiations: 7194 done, 0 successful, 7194 failed" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  IKEv1 Error : Timeout" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Peer not reachable" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="IKE SA destroyed: " note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:07:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Initiator SPI a39f2018 8f6f1b51 Responder SPI 00000000 00000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:00 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="as_fail_retry: 1, Tunnel:[NET1-NET2](#2, 0x1066eb5c)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:00 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0x4217f44e670a69ec / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:00 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Tunnel [NET1-NET2] Sending IKE request" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:00 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0x4217f44e670a69ec / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:00 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Send Main Mode request to [44.33.22.11]" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:00 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0x4217f44e670a69ec / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:00 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID]" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:01 helisrv CRON[17857]: (www-data) CMD (/usr/bin/php5 /usr/share/glpi/front/cron.php)
Dec 19 12:08:30 2017 helizywall-110 src="44.33.22.11:500" dst="11.22.33.44:500" msg="The cookie pair is : 0xb81615cfd668d493 / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:30 2017 helizywall-110 src="44.33.22.11:500" dst="11.22.33.44:500" msg="Recv Main Mode request from [44.33.22.11]" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:30 2017 helizywall-110 src="44.33.22.11:500" dst="11.22.33.44:500" msg="The cookie pair is : 0x599860b4b9cfb933 / 0xb81615cfd668d493" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:30 2017 helizywall-110 src="44.33.22.11:500" dst="11.22.33.44:500" msg="Recv:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID]" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="IKE auth method Pre-shared keys, SA lifetime: 3000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:30 2017 helizywall-110 src="44.33.22.11:500" dst="11.22.33.44:500" msg="Recv IKE sa: SA([0] protocol = IKE (1), DES, HMAC-MD5 PRF, HMAC-MD5-96, 768 bit MODP; )." note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:30 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0xb81615cfd668d493 / 0x599860b4b9cfb933" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:30 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID]" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="Starting DNS query" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="DNS query ended" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:08:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="Auto-start: Auto-start already active for rule NET1-NET2" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0x4217f44e670a69ec / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="ISAKMP SA [NET1-NET2-GW] is disconnected" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="IKEv1 SA [Initiator] negotiation failed:" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Local IKE peer  11.22.33.44:500 ID (null)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Remote IKE peer 44.33.22.11:500 ID (null)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Message: Timed out (65540)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="[NET1-NET2-GW(#4)] IKE SA negotiations: 7195 done, 0 successful, 7195 failed" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  IKEv1 Error : Timeout" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="IKE SA destroyed: " note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:00 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Initiator SPI 4217f44e 670a69ec Responder SPI 00000000 00000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:02 helisrv CRON[17902]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -ignore_readdir_race -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete)
Dec 19 12:09:02 helisrv CRON[17906]: (www-data) CMD (/usr/bin/php5 /usr/share/glpi/front/cron.php)
Dec 19 12:09:05 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="as_fail_retry: 2, Tunnel:[NET1-NET2](#2, 0x1066eb5c)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:10 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="as_fail_retry: 1, Tunnel:[NET1-NET2](#2, 0x1066eb5c)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0xb81615cfd668d493 / 0x599860b4b9cfb933" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="ISAKMP SA [NET1-NET2-GW] is disconnected" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="IKEv1 SA [Responder] negotiation failed:" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Local IKE peer  11.22.33.44:500 ID (null)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Remote IKE peer 44.33.22.11:500 ID (null)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Message: Timed out (65540)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="[NET1-NET2-GW(#4)] IKE SA negotiations: 7196 done, 0 successful, 7196 failed" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  IKEv1 Error : Timeout" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="IKE SA destroyed: " note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="  Initiator SPI b81615cf d668d493 Responder SPI 599860b4 b9cfb933" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:30 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="as_fail_retry: 3, Tunnel:[NET1-NET2](#2, 0x1066eb5c)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:35 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="as_fail_retry: 2, Tunnel:[NET1-NET2](#2, 0x1066eb5c)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:41 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="as_fail_retry: 1, Tunnel:[NET1-NET2](#2, 0x1066eb5c)" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:41 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0xc17aaf4fa8a5f060 / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:41 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Tunnel [NET1-NET2] Sending IKE request" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:41 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0xc17aaf4fa8a5f060 / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:41 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Send Main Mode request to [44.33.22.11]" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:41 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="The cookie pair is : 0xc17aaf4fa8a5f060 / 0x0000000000000000" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:41 2017 helizywall-110 src="11.22.33.44:500" dst="44.33.22.11:500" msg="Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID]" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="Starting DNS query" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="DNS query ended" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"
Dec 19 12:09:54 2017 helizywall-110 src="0.0.0.0:0" dst="0.0.0.0:0" msg="Auto-start: Auto-start already active for rule NET1-NET2" note="IKE_LOG" user="unknown" devID="a0e4cb7dd124" cat="IKE"

mtr 输出网络 1 至网络 2

Start: Tue Dec 19 15:16:19 2017
HOST: boo                         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.168.30.1               0.0%    10    0.4   0.3   0.2   0.4   0.0
  2.|-- 10.10.254.26               0.0%    10    8.3   8.6   6.3  12.6   1.7
  3.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0

mtr 输出网络 2 至网络 1

HOST: foo                         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.168.1.254              0.0%    10    0.4   0.4   0.4   0.5   0.0
  2.|-- 10.17.0.1                  0.0%    10   29.9  15.8  11.0  29.9   5.4
  3.|-- 10.17.0.1                 20.0%    10   14.0  14.8  10.5  25.1   5.1
  4.|-- 37.0.32.61                 0.0%    10   15.7  16.5  12.2  22.9   3.3
  5.|-- 10.250.7.1                 0.0%    10   16.1  16.2  10.4  23.9   3.9
  6.|-- 10.253.72.10               0.0%    10   19.9  18.3  11.8  28.7   5.0
  7.|-- 213.230.56.15             40.0%    10   16.8  15.5  12.6  18.3   1.8
  8.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0

相关内容