Задать вопрос
@alex_terekhov
windows

Как связать по ipsec Centos7 и Windows Server 2016?

Добрый день!
Подскажите пожалуйста как связать по ipsec Centos7 и Windows Server 2016?
Инициатор - windows server, на centos использую пакет libreswan, соединяю по PSK, пробовал подключаться через shrew vpn - не получается

Feb 5 09:50:56.680377: packet from a.a.a.a:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
Feb 5 09:50:56.680536: "test2"[1] a.a.a.a #1: responding to Main Mode from unknown peer a.a.a.a on port 500
Feb 5 09:50:56.680620: "test2"[1] a.a.a.a #1: OAKLEY_DES_CBC(UNUSED) is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Feb 5 09:50:56.680733: "test2"[1] a.a.a.a #1: STATE_MAIN_R1: sent MR1, expecting MI2
Feb 5 09:50:56.688398: "test2"[1] a.a.a.a #1: STATE_MAIN_R2: sent MR2, expecting MI3
Feb 5 09:50:56.695191: "test2"[1] a.a.a.a #1: Peer ID is ID_IPV4_ADDR: 'x.x.x.x'
Feb 5 09:50:56.695729: "test2"[1] a.a.a.a #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_128 integ=sha group=MODP1024}
Feb 5 09:50:56.701721: "test2"[1] a.a.a.a #1: the peer proposed: x.x.x.x/32:0/0 -> 0.0.0.0/0:0/0
Feb 5 09:50:57.317102: FIPS Product: NO
Feb 5 09:50:57.317247: FIPS Kernel: NO
Feb 5 09:50:57.317255: FIPS Mode: NO
Feb 5 09:50:57.317267: NSS DB directory: sql:/etc/ipsec.d
Feb 5 09:50:57.317412: Initializing NSS
Feb 5 09:50:57.317431: Opening NSS database "sql:/etc/ipsec.d" read-only
Feb 5 09:50:57.443809: NSS initialized
Feb 5 09:50:57.443844: NSS crypto library initialized
Feb 5 09:50:57.443850: FIPS HMAC integrity support [enabled]
Feb 5 09:50:57.443854: FIPS mode disabled for pluto daemon
Feb 5 09:50:57.477169: FIPS HMAC integrity verification self-test passed
Feb 5 09:50:57.477513: libcap-ng support [enabled]
Feb 5 09:50:57.477529: Linux audit support [enabled]
Feb 5 09:50:57.477574: Linux audit activated
Feb 5 09:50:57.477580: Starting Pluto (Libreswan Version 3.25 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO GCC_EXCEPTIONS NSS DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:3232
Feb 5 09:50:57.477584: core dump dir: /run/pluto
Feb 5 09:50:57.477588: secrets file: /etc/ipsec.secrets
Feb 5 09:50:57.477592: leak-detective enabled
Feb 5 09:50:57.477595: NSS crypto [enabled]
Feb 5 09:50:57.477599: XAUTH PAM support [enabled]
Feb 5 09:50:57.477717: NAT-Traversal support [enabled]
Feb 5 09:50:57.477769: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
Feb 5 09:50:57.478111: Encryption algorithms:
Feb 5 09:50:57.478133: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm aes_ccm_c)
Feb 5 09:50:57.478139: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_b)
Feb 5 09:50:57.478149: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_a)
Feb 5 09:50:57.478154: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] (3des)
Feb 5 09:50:57.478159: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Feb 5 09:50:57.478164: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (camellia)
Feb 5 09:50:57.478170: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm aes_gcm_c)
Feb 5 09:50:57.478175: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_b)
Feb 5 09:50:57.478195: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_a)
Feb 5 09:50:57.478216: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aesctr)
Feb 5 09:50:57.478221: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes)
Feb 5 09:50:57.478225: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (serpent)
Feb 5 09:50:57.478230: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (twofish)
Feb 5 09:50:57.478235: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} (twofish_cbc_ssh)
Feb 5 09:50:57.478249: CAST_CBC IKEv1: ESP IKEv2: ESP {*128} (cast)
Feb 5 09:50:57.478272: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} (aes_gmac)
Feb 5 09:50:57.478277: NULL IKEv1: ESP IKEv2: ESP []
Feb 5 09:50:57.478287: Hash algorithms:
Feb 5 09:50:57.478295: MD5 IKEv1: IKE IKEv2:
Feb 5 09:50:57.478309: SHA1 IKEv1: IKE IKEv2: FIPS (sha)
Feb 5 09:50:57.478314: SHA2_256 IKEv1: IKE IKEv2: FIPS (sha2 sha256)
Feb 5 09:50:57.478318: SHA2_384 IKEv1: IKE IKEv2: FIPS (sha384)
Feb 5 09:50:57.478322: SHA2_512 IKEv1: IKE IKEv2: FIPS (sha512)
Feb 5 09:50:57.478333: PRF algorithms:
Feb 5 09:50:57.478353: HMAC_MD5 IKEv1: IKE IKEv2: IKE (md5)
Feb 5 09:50:57.478358: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS (sha sha1)
Feb 5 09:50:57.478362: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS (sha2 sha256 sha2_256)
Feb 5 09:50:57.478381: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS (sha384 sha2_384)
Feb 5 09:50:57.478385: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS (sha512 sha2_512)
Feb 5 09:50:57.478389: AES_XCBC IKEv1: IKEv2: IKE FIPS (aes128_xcbc)
Feb 5 09:50:57.478401: Integrity algorithms:
Feb 5 09:50:57.478407: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (md5 hmac_md5)
Feb 5 09:50:57.478411: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha sha1 sha1_96 hmac_sha1)
Feb 5 09:50:57.478428: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha512 sha2_512 hmac_sha2_512)
Feb 5 09:50:57.478433: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha384 sha2_384 hmac_sha2_384)
Feb 5 09:50:57.478437: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha2 sha256 sha2_256 hmac_sha2_256)
Feb 5 09:50:57.478443: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH FIPS (aes_xcbc aes128_xcbc aes128_xcbc_96)
Feb 5 09:50:57.478448: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_cmac)
Feb 5 09:50:57.478452: NONE IKEv1: ESP IKEv2: ESP FIPS (null)
Feb 5 09:50:57.478465: DH algorithms:
Feb 5 09:50:57.478470: NONE IKEv1: IKEv2: IKE ESP AH (null dh0)
Feb 5 09:50:57.478474: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh2)
Feb 5 09:50:57.478478: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh5)
Feb 5 09:50:57.478482: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh14)
Feb 5 09:50:57.478486: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh15)
Feb 5 09:50:57.478490: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh16)
Feb 5 09:50:57.478494: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh17)
Feb 5 09:50:57.478498: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh18)
Feb 5 09:50:57.478502: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_256)
Feb 5 09:50:57.478507: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_384)
Feb 5 09:50:57.478511: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_521)
Feb 5 09:50:57.478515: DH22 IKEv1: IKE ESP AH IKEv2: IKE ESP AH
Feb 5 09:50:57.478519: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
Feb 5 09:50:57.478523: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
Feb 5 09:50:57.481077: starting up 4 crypto helpers
Feb 5 09:50:57.481168: started thread for crypto helper 0
Feb 5 09:50:57.481199: started thread for crypto helper 1
Feb 5 09:50:57.481225: started thread for crypto helper 2
Feb 5 09:50:57.481289: started thread for crypto helper 3
  • Вопрос задан
  • 246 просмотров
4 комментария
Подписаться 1 Простой 4 комментария
Пригласить эксперта
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы
Вакансии с Хабр Карьеры
Оператор 1-я, 2-я линия техподдержки(поддержка клиентов)
MYRTEX
от 40 000 ₽
Системный администратор
Метта Уфа
от 50 000 до 60 000 ₽
Ведущий администратор средств защиты информации
FS Travel Москва
от 195 000 ₽
Ещё вакансии
Заказы с Хабр Фриланса
Взлом автомобильной программы
19 апр. 2024, в 05:01
999999 руб./за проект
Доработать телеграм бота
19 апр. 2024, в 03:52
1000 руб./за проект
Написать код на python
19 апр. 2024, в 03:01
1000 руб./за проект
Ещё заказы