teratail
回答率
85.48%
質問するログイン新規登録
トップに関する質問vyosへのVPN接続設定について

編集履歴

質問編集履歴

2

イメージ図を追加しました

2017/03/03 10:08

投稿

teketeke
teketeke

スコア46

test CHANGED
File without changes
test CHANGED
@@ -351,3 +351,7 @@
351
351
  外からvyosに繋いで、そこからvyosにつながっているローカル環境へつなげればと考えています。
352
352
 
353
353
  http://qiita.com/khayama/items/c63d4d5f02abdf348889
354
+
355
+
356
+
357
+ ![イメージ図](08ab9ec98a1790652ee746b2b6933fe7.png)

1

ログの追記、接続イメージを追記しました。

2017/03/03 10:08

投稿

teketeke
teketeke

スコア46

test CHANGED
File without changes
test CHANGED
@@ -4,6 +4,10 @@
4
4
 
5
5
  VPNの設定については以下のサイトを参考にしたのですが、接続できませんでした。
6
6
 
7
+ http://qiita.com/khayama/items/c63d4d5f02abdf348889
8
+
9
+
10
+
7
11
  vyosの設定は以下になるのですが、何か設定が足りないのでしょうか。
8
12
 
9
13
  ※IPアドレス、パスワードなどは実際とは変更しています。
@@ -257,3 +261,93 @@
257
261
 
258
262
 
259
263
  ![イメージ説明](07960fd9c5083c5c6dfb62dbd49b2ec4.png)
264
+
265
+
266
+
267
+ ■事前共有キーについて
268
+
269
+ vyosへの投入コマンドをテキストに書いてからコピペしていたので、間違えてはいないと思います。
270
+
271
+ ■ログについて
272
+
273
+ ログは以下となっておりました。現在メッセージ内容について調査しています。
274
+
275
+ ```
276
+
277
+ packet from xxx.xxx.xxx.xxx:11711: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
278
+
279
+ packet from xxx.xxx.xxx.xxx:11711: received Vendor ID payload [RFC 3947]
280
+
281
+ packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
282
+
283
+ packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [FRAGMENTATION]
284
+
285
+ packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
286
+
287
+ packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [Vid-Initial-Contact]
288
+
289
+ packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [IKE CGA version 1]
290
+
291
+ "remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx:11711
292
+
293
+ "remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Oakley Transform [AES_CBC (256), HMAC_SHA1, ECP_384] refused due to strict flag
294
+
295
+ "remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Oakley Transform [AES_CBC (128), HMAC_SHA1, ECP_256] refused due to strict flag
296
+
297
+ "remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Oakley Transform [AES_CBC (256), HMAC_SHA1, MODP_2048] refused due to strict flag
298
+
299
+ "remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP_2048] refused due to strict flag
300
+
301
+ "remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: NAT-Traversal: Result using RFC 3947: peer is NATed
302
+
303
+ "remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Peer ID is ID_IPV4_ADDR: '192.168.250.111'
304
+
305
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:11711 #7: deleting connection "remote-access-mac-zzz" instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
306
+
307
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sent MR3, ISAKMP SA established
308
+
309
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: cannot respond to IPsec SA request because no connection is known for 111.111.111.111:4500[111.111.111.111]:17/1701...xxx.xxx.xxx.xxx:27258[192.168.250.111]:17/%any===192.168.250.111/32
310
+
311
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.xxx:27258
312
+
313
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
314
+
315
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
316
+
317
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
318
+
319
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
320
+
321
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
322
+
323
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
324
+
325
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
326
+
327
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
328
+
329
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
330
+
331
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
332
+
333
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
334
+
335
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
336
+
337
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: received Delete SA payload: deleting ISAKMP State #7
338
+
339
+ "remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258: deleting connection "remote-access-mac-zzz" instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
340
+
341
+ ```
342
+
343
+
344
+
345
+ ■接続設定に関して
346
+
347
+ PPPoE接続やNAPTについて知識が乏しくよくわからない状態で設定をしています。
348
+
349
+ 参考にしたサイトのURLが抜けていたのですが、接続イメージはそこのサイトと同じと考えています。
350
+
351
+ 外からvyosに繋いで、そこからvyosにつながっているローカル環境へつなげればと考えています。
352
+
353
+ http://qiita.com/khayama/items/c63d4d5f02abdf348889