質問編集履歴
2
イメージ図を追加しました
test
CHANGED
File without changes
|
test
CHANGED
@@ -351,3 +351,7 @@
|
|
351
351
|
外からvyosに繋いで、そこからvyosにつながっているローカル環境へつなげればと考えています。
|
352
352
|
|
353
353
|
http://qiita.com/khayama/items/c63d4d5f02abdf348889
|
354
|
+
|
355
|
+
|
356
|
+
|
357
|
+
![イメージ図](08ab9ec98a1790652ee746b2b6933fe7.png)
|
1
ログの追記、接続イメージを追記しました。
test
CHANGED
File without changes
|
test
CHANGED
@@ -4,6 +4,10 @@
|
|
4
4
|
|
5
5
|
VPNの設定については以下のサイトを参考にしたのですが、接続できませんでした。
|
6
6
|
|
7
|
+
http://qiita.com/khayama/items/c63d4d5f02abdf348889
|
8
|
+
|
9
|
+
|
10
|
+
|
7
11
|
vyosの設定は以下になるのですが、何か設定が足りないのでしょうか。
|
8
12
|
|
9
13
|
※IPアドレス、パスワードなどは実際とは変更しています。
|
@@ -257,3 +261,93 @@
|
|
257
261
|
|
258
262
|
|
259
263
|
![イメージ説明](07960fd9c5083c5c6dfb62dbd49b2ec4.png)
|
264
|
+
|
265
|
+
|
266
|
+
|
267
|
+
■事前共有キーについて
|
268
|
+
|
269
|
+
vyosへの投入コマンドをテキストに書いてからコピペしていたので、間違えてはいないと思います。
|
270
|
+
|
271
|
+
■ログについて
|
272
|
+
|
273
|
+
ログは以下となっておりました。現在メッセージ内容について調査しています。
|
274
|
+
|
275
|
+
```
|
276
|
+
|
277
|
+
packet from xxx.xxx.xxx.xxx:11711: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
|
278
|
+
|
279
|
+
packet from xxx.xxx.xxx.xxx:11711: received Vendor ID payload [RFC 3947]
|
280
|
+
|
281
|
+
packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
|
282
|
+
|
283
|
+
packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [FRAGMENTATION]
|
284
|
+
|
285
|
+
packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
|
286
|
+
|
287
|
+
packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [Vid-Initial-Contact]
|
288
|
+
|
289
|
+
packet from xxx.xxx.xxx.xxx:11711: ignoring Vendor ID payload [IKE CGA version 1]
|
290
|
+
|
291
|
+
"remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx:11711
|
292
|
+
|
293
|
+
"remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Oakley Transform [AES_CBC (256), HMAC_SHA1, ECP_384] refused due to strict flag
|
294
|
+
|
295
|
+
"remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Oakley Transform [AES_CBC (128), HMAC_SHA1, ECP_256] refused due to strict flag
|
296
|
+
|
297
|
+
"remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Oakley Transform [AES_CBC (256), HMAC_SHA1, MODP_2048] refused due to strict flag
|
298
|
+
|
299
|
+
"remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP_2048] refused due to strict flag
|
300
|
+
|
301
|
+
"remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: NAT-Traversal: Result using RFC 3947: peer is NATed
|
302
|
+
|
303
|
+
"remote-access-mac-zzz"[13] xxx.xxx.xxx.xxx:11711 #7: Peer ID is ID_IPV4_ADDR: '192.168.250.111'
|
304
|
+
|
305
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:11711 #7: deleting connection "remote-access-mac-zzz" instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
|
306
|
+
|
307
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sent MR3, ISAKMP SA established
|
308
|
+
|
309
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: cannot respond to IPsec SA request because no connection is known for 111.111.111.111:4500[111.111.111.111]:17/1701...xxx.xxx.xxx.xxx:27258[192.168.250.111]:17/%any===192.168.250.111/32
|
310
|
+
|
311
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.xxx:27258
|
312
|
+
|
313
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
|
314
|
+
|
315
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
|
316
|
+
|
317
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
|
318
|
+
|
319
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
|
320
|
+
|
321
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
|
322
|
+
|
323
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
|
324
|
+
|
325
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
|
326
|
+
|
327
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
|
328
|
+
|
329
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
|
330
|
+
|
331
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
|
332
|
+
|
333
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
|
334
|
+
|
335
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:27258
|
336
|
+
|
337
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258 #7: received Delete SA payload: deleting ISAKMP State #7
|
338
|
+
|
339
|
+
"remote-access-mac-zzz"[14] xxx.xxx.xxx.xxx:27258: deleting connection "remote-access-mac-zzz" instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
|
340
|
+
|
341
|
+
```
|
342
|
+
|
343
|
+
|
344
|
+
|
345
|
+
■接続設定に関して
|
346
|
+
|
347
|
+
PPPoE接続やNAPTについて知識が乏しくよくわからない状態で設定をしています。
|
348
|
+
|
349
|
+
参考にしたサイトのURLが抜けていたのですが、接続イメージはそこのサイトと同じと考えています。
|
350
|
+
|
351
|
+
外からvyosに繋いで、そこからvyosにつながっているローカル環境へつなげればと考えています。
|
352
|
+
|
353
|
+
http://qiita.com/khayama/items/c63d4d5f02abdf348889
|