Strongswan 站点与 fortigate 之间的问题似乎与第 2 阶段有关

Strongswan 站点与 fortigate 之间的问题似乎与第 2 阶段有关

大家好,很抱歉打扰你们,我已经花了 3 天时间,但还是无法让它工作,你能看看吗?提前谢谢你们 <3。

强化信息:

  Public ip: 41.223.XX.XX
  Internal ip: 172.16.20.25
  Subnet : 192.168.0.223/32,192.168.0.219/32
  enable nat_traversal


  PSK: testpasswd

  Phase1: IKE v1 main
  3des sha1 DH GROUP 2
  86400 seconds


  Phase2: 3des sha1
  No PFS
  3600 seconds

//////////////////////////////////////////////////////

Strongswan ubuntu 服务器(Oracle 云):

  Public ip: 141.147.YY.YY
  Internal ip: 10.0.0.186
  Subnet : 10.0.0.186/32,10.7.0.1/24

ipsec.conf:

config setup
        # strictcrlpolicy=yes
        # uniqueids = no
        charondebug="all"
        uniqueids=yes
        strictcrlpolicy=no

# connection to Fortigate
conn linux-to-fg
        authby=secret
        left=10.0.0.186
        leftid=141.147.YY.YY
        leftsubnet=10.0.0.186/32,10.7.0.1/24
        right=41.223.XX.XX
        rightid=172.16.20.25
        rightsubnet=192.168.0.223/32,192.168.0.219/32
        ike=3des-sha1-modp1024!
        esp=3des-sha1!
        keyexchange=ikev1
        keyingtries=0
        ikelifetime=24h
        lifetime=1h
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart
        auto=start
        type=tunnel

ipsec.secret

%any %any : PSK "testpasswd"

系统日志:

Sep  4 19:56:54 vpn-server charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.15.0-1041-oracle, aarch64)
Sep  4 19:56:54 vpn-server charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Sep  4 19:56:54 vpn-server charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Sep  4 19:56:54 vpn-server charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Sep  4 19:56:54 vpn-server charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Sep  4 19:56:54 vpn-server charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Sep  4 19:56:54 vpn-server charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Sep  4 19:56:54 vpn-server charon: 00[CFG]   loaded IKE secret for %any %any
Sep  4 19:56:54 vpn-server charon: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Sep  4 19:56:54 vpn-server charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Sep  4 19:56:54 vpn-server charon: 00[JOB] spawning 16 worker threads
Sep  4 19:56:54 vpn-server charon: 05[CFG] received stroke: add connection 'linux-to-fg'
Sep  4 19:56:54 vpn-server charon: 05[CFG] added configuration 'linux-to-fg'
Sep  4 19:56:54 vpn-server charon: 07[CFG] received stroke: initiate 'linux-to-fg'
Sep  4 19:56:54 vpn-server charon: 07[IKE] initiating Main Mode IKE_SA linux-to-fg[1] to 41.223.XX.XX
Sep  4 19:56:54 vpn-server charon: 07[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Sep  4 19:56:54 vpn-server charon: 07[NET] sending packet: from 10.0.0.186[500] to 41.223.XX.XX[500] (180 bytes)
Sep  4 19:56:54 vpn-server charon: 09[NET] received packet: from 41.223.XX.XX[500] to 10.0.0.186[500] (188 bytes)
Sep  4 19:56:54 vpn-server charon: 09[ENC] parsed ID_PROT response 0 [ SA V V V V V ]
Sep  4 19:56:54 vpn-server charon: 09[IKE] received NAT-T (RFC 3947) vendor ID
Sep  4 19:56:54 vpn-server charon: 09[IKE] received DPD vendor ID
Sep  4 19:56:54 vpn-server charon: 09[ENC] received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
Sep  4 19:56:54 vpn-server charon: 09[IKE] received FRAGMENTATION vendor ID
Sep  4 19:56:54 vpn-server charon: 09[IKE] received FRAGMENTATION vendor ID
Sep  4 19:56:54 vpn-server charon: 09[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Sep  4 19:56:54 vpn-server charon: 09[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Sep  4 19:56:54 vpn-server charon: 09[NET] sending packet: from 10.0.0.186[500] to 41.223.XX.XX[500] (244 bytes)
Sep  4 19:56:55 vpn-server charon: 10[NET] received packet: from 41.223.XX.XX[500] to 10.0.0.186[500] (228 bytes)
Sep  4 19:56:55 vpn-server charon: 10[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Sep  4 19:56:55 vpn-server charon: 10[IKE] local host is behind NAT, sending keep alives
Sep  4 19:56:55 vpn-server charon: 10[IKE] remote host is behind NAT
Sep  4 19:56:55 vpn-server charon: 10[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Sep  4 19:56:55 vpn-server charon: 10[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (100 bytes)
Sep  4 19:56:55 vpn-server charon: 11[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (68 bytes)
Sep  4 19:56:55 vpn-server charon: 11[ENC] parsed ID_PROT response 0 [ ID HASH ]
Sep  4 19:56:55 vpn-server charon: 11[IKE] IKE_SA linux-to-fg[1] established between 10.0.0.186[141.147.YY.YY]...41.223.XX.XX[172.16.20.25]
Sep  4 19:56:55 vpn-server charon: 11[IKE] scheduling reauthentication in 85437s
Sep  4 19:56:55 vpn-server charon: 11[IKE] maximum IKE_SA lifetime 85977s
Sep  4 19:56:55 vpn-server charon: 11[ENC] generating QUICK_MODE request 210004719 [ HASH SA No ID ID ]
Sep  4 19:56:55 vpn-server charon: 11[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (164 bytes)
Sep  4 19:56:55 vpn-server charon: 12[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (148 bytes)
Sep  4 19:56:55 vpn-server charon: 12[ENC] parsed QUICK_MODE response 210004719 [ HASH SA No ID ID ]
Sep  4 19:56:55 vpn-server charon: 12[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Sep  4 19:56:55 vpn-server charon: 12[IKE] CHILD_SA linux-to-fg{1} established with SPIs ce44d95c_i e78ec623_o and TS 10.0.0.186/32 === 192.168.0.223/32
Sep  4 19:56:55 vpn-server charon: 12[ENC] generating QUICK_MODE request 210004719 [ HASH ]
Sep  4 19:56:55 vpn-server charon: 12[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (60 bytes)
Sep  4 19:56:59 vpn-server charon: 05[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (148 bytes)
Sep  4 19:56:59 vpn-server charon: 05[ENC] parsed QUICK_MODE request 2995459665 [ HASH SA No ID ID ]
Sep  4 19:56:59 vpn-server charon: 05[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Sep  4 19:56:59 vpn-server charon: 05[ENC] generating QUICK_MODE response 2995459665 [ HASH SA No ID ID ]
Sep  4 19:56:59 vpn-server charon: 05[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (164 bytes)
Sep  4 19:56:59 vpn-server charon: 06[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (156 bytes)
Sep  4 19:56:59 vpn-server charon: 06[ENC] parsed QUICK_MODE request 187159232 [ HASH SA No ID ID ]
Sep  4 19:56:59 vpn-server charon: 06[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Sep  4 19:56:59 vpn-server charon: 06[ENC] generating QUICK_MODE response 187159232 [ HASH SA No ID ID ]
Sep  4 19:56:59 vpn-server charon: 06[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (172 bytes)
Sep  4 19:56:59 vpn-server charon: 07[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (156 bytes)
Sep  4 19:56:59 vpn-server charon: 07[ENC] parsed QUICK_MODE request 1224828342 [ HASH SA No ID ID ]
Sep  4 19:56:59 vpn-server charon: 07[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Sep  4 19:56:59 vpn-server charon: 07[ENC] generating QUICK_MODE response 1224828342 [ HASH SA No ID ID ]
Sep  4 19:56:59 vpn-server charon: 07[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (172 bytes)
Sep  4 19:56:59 vpn-server charon: 09[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (60 bytes)
Sep  4 19:56:59 vpn-server charon: 09[ENC] parsed QUICK_MODE request 2995459665 [ HASH ]
Sep  4 19:56:59 vpn-server charon: 09[IKE] CHILD_SA linux-to-fg{2} established with SPIs cc30dc2d_i e78ec63c_o and TS 10.0.0.186/32 === 192.168.0.219/32
Sep  4 19:56:59 vpn-server charon: 10[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (60 bytes)
Sep  4 19:56:59 vpn-server charon: 10[ENC] parsed QUICK_MODE request 187159232 [ HASH ]
Sep  4 19:56:59 vpn-server charon: 10[IKE] CHILD_SA linux-to-fg{3} established with SPIs ccc8e962_i e78ec63d_o and TS 10.7.0.0/24 === 192.168.0.219/32
Sep  4 19:56:59 vpn-server charon: 11[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (60 bytes)
Sep  4 19:56:59 vpn-server charon: 11[ENC] parsed QUICK_MODE request 1224828342 [ HASH ]
Sep  4 19:56:59 vpn-server charon: 11[IKE] CHILD_SA linux-to-fg{4} established with SPIs c2d794af_i e78ec63e_o and TS 10.7.0.0/24 === 192.168.0.223/32
Sep  4 19:57:00 vpn-server charon: 12[NET] received packet: from 41.223.XX.XX[500] to 10.0.0.186[500] (288 bytes)
Sep  4 19:57:00 vpn-server charon: 12[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V ]
Sep  4 19:57:00 vpn-server charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Sep  4 19:57:00 vpn-server charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Sep  4 19:57:00 vpn-server charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Sep  4 19:57:00 vpn-server charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Sep  4 19:57:00 vpn-server charon: 12[ENC] received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
Sep  4 19:57:00 vpn-server charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Sep  4 19:57:00 vpn-server charon: 12[IKE] received DPD vendor ID
Sep  4 19:57:00 vpn-server charon: 12[IKE] received FRAGMENTATION vendor ID
Sep  4 19:57:00 vpn-server charon: 12[IKE] received FRAGMENTATION vendor ID
Sep  4 19:57:00 vpn-server charon: 12[ENC] received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
Sep  4 19:57:00 vpn-server charon: 12[IKE] 41.223.XX.XX is initiating a Main Mode IKE_SA
Sep  4 19:57:00 vpn-server charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Sep  4 19:57:00 vpn-server charon: 12[ENC] generating ID_PROT response 0 [ SA V V V V ]
Sep  4 19:57:00 vpn-server charon: 12[NET] sending packet: from 10.0.0.186[500] to 41.223.XX.XX[500] (160 bytes)
Sep  4 19:57:00 vpn-server charon: 14[NET] received packet: from 41.223.XX.XX[500] to 10.0.0.186[500] (228 bytes)
Sep  4 19:57:00 vpn-server charon: 14[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Sep  4 19:57:00 vpn-server charon: 14[IKE] local host is behind NAT, sending keep alives
Sep  4 19:57:00 vpn-server charon: 14[IKE] remote host is behind NAT
Sep  4 19:57:00 vpn-server charon: 14[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Sep  4 19:57:00 vpn-server charon: 14[NET] sending packet: from 10.0.0.186[500] to 41.223.XX.XX[500] (244 bytes)
Sep  4 19:57:00 vpn-server charon: 15[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (68 bytes)
Sep  4 19:57:00 vpn-server charon: 15[ENC] parsed ID_PROT request 0 [ ID HASH ]
Sep  4 19:57:00 vpn-server charon: 15[CFG] looking for pre-shared key peer configs matching 10.0.0.186...41.223.XX.XX[172.16.20.25]
Sep  4 19:57:00 vpn-server charon: 15[CFG] selected peer config "linux-to-fg"
Sep  4 19:57:00 vpn-server charon: 15[IKE] detected reauth of existing IKE_SA, adopting 4 children and 0 virtual IPs
Sep  4 19:57:00 vpn-server charon: 15[IKE] schedule delete of duplicate IKE_SA for peer '172.16.20.25' due to uniqueness policy and suspected reauthentication
Sep  4 19:57:00 vpn-server charon: 15[IKE] IKE_SA linux-to-fg[2] established between 10.0.0.186[141.147.YY.YY]...41.223.XX.XX[172.16.20.25]
Sep  4 19:57:00 vpn-server charon: 15[IKE] scheduling reauthentication in 85326s
Sep  4 19:57:00 vpn-server charon: 15[IKE] maximum IKE_SA lifetime 85866s
Sep  4 19:57:00 vpn-server charon: 15[ENC] generating ID_PROT response 0 [ ID HASH ]
Sep  4 19:57:00 vpn-server charon: 15[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (68 bytes)
Sep  4 19:57:10 vpn-server charon: 08[IKE] deleting IKE_SA linux-to-fg[1] between 10.0.0.186[141.147.YY.YY]...41.223.XX.XX[172.16.20.25]
Sep  4 19:57:10 vpn-server charon: 08[IKE] sending DELETE for IKE_SA linux-to-fg[1]
Sep  4 19:57:10 vpn-server charon: 08[ENC] generating INFORMATIONAL_V1 request 1435944686 [ HASH D ]
Sep  4 19:57:10 vpn-server charon: 08[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (84 bytes)
Sep  4 19:57:21 vpn-server charon: 11[IKE] sending keep alive to 41.223.XX.XX[4500]
Sep  4 19:57:30 vpn-server charon: 15[IKE] sending DPD request
Sep  4 19:57:30 vpn-server charon: 15[ENC] generating INFORMATIONAL_V1 request 1320012911 [ HASH N(DPD) ]
Sep  4 19:57:30 vpn-server charon: 15[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (92 bytes)
Sep  4 19:57:30 vpn-server charon: 16[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (92 bytes)
Sep  4 19:57:30 vpn-server charon: 16[ENC] parsed INFORMATIONAL_V1 request 3545732010 [ HASH N(DPD_ACK) ]
Sep  4 19:57:51 vpn-server charon: 06[IKE] sending keep alive to 41.223.XX.XX[4500]
Sep  4 19:58:00 vpn-server charon: 07[IKE] sending DPD request
Sep  4 19:58:00 vpn-server charon: 07[ENC] generating INFORMATIONAL_V1 request 853219907 [ HASH N(DPD) ]
Sep  4 19:58:00 vpn-server charon: 07[NET] sending packet: from 10.0.0.186[4500] to 41.223.XX.XX[4500] (92 bytes)
Sep  4 19:58:00 vpn-server charon: 08[NET] received packet: from 41.223.XX.XX[4500] to 10.0.0.186[4500] (92 bytes)
Sep  4 19:58:00 vpn-server charon: 08[ENC] parsed INFORMATIONAL_V1 request 878772427 [ HASH N(DPD_ACK) ]
Sep  4 19:58:21 vpn-server charon: 09[IKE] sending keep alive to 41.223.XX.XX[4500]
Sep  4 19:58:30 vpn-server charon: 10[IKE] sending DPD request

ipsec 状态全部:

root@vpn-server:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.8.2, Linux 5.15.0-1041-oracle, aarch64):
  uptime: 5 minutes, since Sep 04 19:56:54 2023
  malloc: sbrk 2580480, mmap 0, used 746944, free 1833536
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 9
  loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Listening IP addresses:
  10.0.0.186
Connections:
 linux-to-fg:  10.0.0.186...41.223.XX.XX  IKEv1, dpddelay=30s
 linux-to-fg:   local:  [141.147.YY.YY] uses pre-shared key authentication
 linux-to-fg:   remote: [172.16.20.25] uses pre-shared key authentication
 linux-to-fg:   child:  10.0.0.186/32 10.7.0.0/24 === 192.168.0.223/32 192.168.0.219/32 TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
 linux-to-fg[2]: ESTABLISHED 5 minutes ago, 10.0.0.186[141.147.YY.YY]...41.223.XX.XX[172.16.20.25]
 linux-to-fg[2]: IKEv1 SPIs: a1411fa1ae6a928e_i 0b4214238133dd1c_r*, pre-shared key reauthentication in 23 hours
 linux-to-fg[2]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
 linux-to-fg{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: ce44d95c_i e78ec623_o
 linux-to-fg{1}:  3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 39 minutes
 linux-to-fg{1}:   10.0.0.186/32 === 192.168.0.223/32
 linux-to-fg{2}:  INSTALLED, TUNNEL, reqid 2, ESP in UDP SPIs: cc30dc2d_i e78ec63c_o
 linux-to-fg{2}:  3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 38 minutes
 linux-to-fg{2}:   10.0.0.186/32 === 192.168.0.219/32
 linux-to-fg{3}:  INSTALLED, TUNNEL, reqid 3, ESP in UDP SPIs: ccc8e962_i e78ec63d_o
 linux-to-fg{3}:  3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 39 minutes
 linux-to-fg{3}:   10.7.0.0/24 === 192.168.0.219/32
 linux-to-fg{4}:  INSTALLED, TUNNEL, reqid 4, ESP in UDP SPIs: c2d794af_i e78ec63e_o
 linux-to-fg{4}:  3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 40 minutes
 linux-to-fg{4}:   10.7.0.0/24 === 192.168.0.223/32

tcpdump 目标 41.223.XX.XX

root@vpn-server:/etc# tcpdump dst 41.223.XX.XX
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s6, link-type EN10MB (Ethernet), capture size 262144 bytes
00:51:53.128740 IP vpn-server.subnet03252117.vcn03252117.oraclevcn.com.ipsec-nat-t > 41.223.XX.XX.ipsec-nat-t: isakmp-nat-keep-alive
00:52:04.307484 IP vpn-server.subnet03252117.vcn03252117.oraclevcn.com.ipsec-nat-t > 41.223.XX.XX.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others ? inf[E]
00:52:24.129341 IP vpn-server.subnet03252117.vcn03252117.oraclevcn.com.ipsec-nat-t > 41.223.XX.XX.ipsec-nat-t: isakmp-nat-keep-alive
00:52:35.308099 IP vpn-server.subnet03252117.vcn03252117.oraclevcn.com.ipsec-nat-t > 41.223.XX.XX.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others ? inf[E]
00:52:55.129863 IP vpn-server.subnet03252117.vcn03252117.oraclevcn.com.ipsec-nat-t > 41.223.XX.XX.ipsec-nat-t: isakmp-nat-keep-alive
00:53:06.308739 IP vpn-server.subnet03252117.vcn03252117.oraclevcn.com.ipsec-nat-t > 41.223.XX.XX.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others ? inf[E]
00:53:26.130433 IP vpn-server.subnet03252117.vcn03252117.oraclevcn.com.ipsec-nat-t > 41.223.XX.XX.ipsec-nat-t: isakmp-nat-keep-alive
00:53:37.309418 IP vpn-server.subnet03252117.vcn03252117.oraclevcn.com.ipsec-nat-t > 41.223.XX.XX.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others ? inf[E]
00:53:57.131073 IP vpn-server.subnet03252117.vcn03252117.oraclevcn.com.ipsec-nat-t > 41.223.XX.XX.ipsec-nat-t: isakmp-nat-keep-alive

相关内容