Stongswan Check: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „=VPN Check= *CONN=s2s *CHECK="(CHILD_SA|failed|error|could not)" *PATTERN=${CONN}.*$CHECK ==Initiator== ===Check=== *tail -f /var/log/strongswan/charon.log | e…“)
 
 
(2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 3: Zeile 3:
 
*CHECK="(CHILD_SA|failed|error|could not)"
 
*CHECK="(CHILD_SA|failed|error|could not)"
 
*PATTERN=${CONN}.*$CHECK
 
*PATTERN=${CONN}.*$CHECK
==Initiator==
+
=Verbindung erfolgreich=
===Check===
 
 
*tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
 
*tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
===Verbindung erfolgreich===
 
 
  Nov 16 11:26:44 15[IKE] <s2s|6> CHILD_SA s2s{3} established with SPIs cbe2c3f8_i c64ca73c_o and TS 10.83.33.0/24 === 10.83.32.0/24
 
  Nov 16 11:26:44 15[IKE] <s2s|6> CHILD_SA s2s{3} established with SPIs cbe2c3f8_i c64ca73c_o and TS 10.83.33.0/24 === 10.83.32.0/24
===PSK falsch===
+
=PSK falsch=
 +
*tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
 
  Nov 16 12:11:47 13[ENC] <s2s|102> invalid HASH_V1 payload length, decryption failed?
 
  Nov 16 12:11:47 13[ENC] <s2s|102> invalid HASH_V1 payload length, decryption failed?
 
  Nov 16 12:11:47 13[ENC] <s2s|102> could not decrypt payloads
 
  Nov 16 12:11:47 13[ENC] <s2s|102> could not decrypt payloads
 
  Nov 16 12:11:47 13[IKE] <s2s|102> message parsing failed
 
  Nov 16 12:11:47 13[IKE] <s2s|102> message parsing failed
 
  Nov 16 12:11:47 13[IKE] <s2s|102> INFORMATIONAL_V1 request with message ID 1439430924 processing failed
 
  Nov 16 12:11:47 13[IKE] <s2s|102> INFORMATIONAL_V1 request with message ID 1439430924 processing failed
===Falsche PHASE1 oder PHASE2 Proposals ===
+
=Falsche PHASE1 oder PHASE2 Proposals=
 +
*tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
 
  Nov 16 12:24:57 05[IKE] <s2s|10> received NO_PROPOSAL_CHOSEN error notify
 
  Nov 16 12:24:57 05[IKE] <s2s|10> received NO_PROPOSAL_CHOSEN error notify
===PHASE1 Proposals werden nicht beantwortet===
+
==PHASE1 Proposals werden nicht beantwortet==
 
*tail -f /var/log/strongswan/charon.log | egrep "$CONN.*proposal.*IKE"
 
*tail -f /var/log/strongswan/charon.log | egrep "$CONN.*proposal.*IKE"
 
  Nov 16 21:51:19 12[CFG] <s2s|7> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
 
  Nov 16 21:51:19 12[CFG] <s2s|7> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
===Verschiedene DH in Phase2===
+
==Verschiedene Phase2 Proposals==
 
*tail -f /var/log/strongswan/charon.log | egrep "$CONN.*proposal.*ESP"
 
*tail -f /var/log/strongswan/charon.log | egrep "$CONN.*proposal.*ESP"
 
  Nov 16 20:29:38 15[CFG] <s2s|4> received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
 
  Nov 16 20:29:38 15[CFG] <s2s|4> received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
 
  Nov 16 20:29:38 15[CFG] <s2s|4> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
 
  Nov 16 20:29:38 15[CFG] <s2s|4> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
===Falsches Netz===
+
 
 +
=Falsches Netz=
 +
*tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
 
  Nov 16 20:00:41 01[IKE] <s2s|6> received INVALID_ID_INFORMATION error notify
 
  Nov 16 20:00:41 01[IKE] <s2s|6> received INVALID_ID_INFORMATION error notify
===Falsche ID===
+
 
 +
=Falsche ID=
 +
*tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
 
  Nov 16 20:12:55 12[IKE] <s2s|2> received AUTHENTICATION_FAILED error notify
 
  Nov 16 20:12:55 12[IKE] <s2s|2> received AUTHENTICATION_FAILED error notify

Aktuelle Version vom 16. November 2017, 20:59 Uhr

VPN Check

  • CONN=s2s
  • CHECK="(CHILD_SA|failed|error|could not)"
  • PATTERN=${CONN}.*$CHECK

Verbindung erfolgreich

  • tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
Nov 16 11:26:44 15[IKE] <s2s|6> CHILD_SA s2s{3} established with SPIs cbe2c3f8_i c64ca73c_o and TS 10.83.33.0/24 === 10.83.32.0/24

PSK falsch

  • tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
Nov 16 12:11:47 13[ENC] <s2s|102> invalid HASH_V1 payload length, decryption failed?
Nov 16 12:11:47 13[ENC] <s2s|102> could not decrypt payloads
Nov 16 12:11:47 13[IKE] <s2s|102> message parsing failed
Nov 16 12:11:47 13[IKE] <s2s|102> INFORMATIONAL_V1 request with message ID 1439430924 processing failed

Falsche PHASE1 oder PHASE2 Proposals

  • tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
Nov 16 12:24:57 05[IKE] <s2s|10> received NO_PROPOSAL_CHOSEN error notify

PHASE1 Proposals werden nicht beantwortet

  • tail -f /var/log/strongswan/charon.log | egrep "$CONN.*proposal.*IKE"
Nov 16 21:51:19 12[CFG] <s2s|7> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

Verschiedene Phase2 Proposals

  • tail -f /var/log/strongswan/charon.log | egrep "$CONN.*proposal.*ESP"
Nov 16 20:29:38 15[CFG] <s2s|4> received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
Nov 16 20:29:38 15[CFG] <s2s|4> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ

Falsches Netz

  • tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
Nov 16 20:00:41 01[IKE] <s2s|6> received INVALID_ID_INFORMATION error notify

Falsche ID

  • tail -f /var/log/strongswan/charon.log | egrep "$PATTERN"
Nov 16 20:12:55 12[IKE] <s2s|2> received AUTHENTICATION_FAILED error notify
Abgerufen von „http://wiki.ixheim.de/index.php?title=Stongswan_Check&oldid=15558