[ anon115774 @ 24.07.2011. 19:07 ] @
Zdravo svima pokusavam vec nekoliko dana bezuspesno da podesim mobilni telefon sa symbian operativnim sistemom da se poveze na mikrotik. Situacija je sledeca: - Telefon ima built-in aplikaciju za VPN koja radi samo IPSec. To sam podesio na sledeci nacin: IKE mode: IKEv1 aggressive Authentication method: pre-shared i to je to sto se tice telefona (naravno i ip adresu rutera sam upisao). Na ruteru sam podesio sledece: Code: Flags: X - disabled 0 address=0.0.0.0/0 port=500 auth-method=pre-shared-key secret="tajna" generate-policy=yes exchange-mode=aggressive send-initial-contact=no nat-traversal=no my-id-user-fqdn="" proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-128 dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=disable-dpd dpd-maximum-failures=1 I to je sve. E sad bilo je tu gomila problema jer nisu bili usaglaseni enc-algorithm pa hash algoritam... pa ovo... pa ono... uglavnom, sve je to sada usaglaseno i telefon se uspesno poveze. Code: 19:59:33 ipsec,debug ISAKMP-SA established 109.92.*.*[500]-109.245.*.*[556] spi:21bb543611b9d046:57b77848c31e4c0d I onda cim pokusam da otvorim neku adresu iz browsera telefona dobijem sledece u logu rutera: Code: 20:01:04 ipsec,debug IPsec-SA established: ESP/Tunnel 109.92.*[0]->109.245.*[0] spi=1990901542(0x76aabf26) 20:01:04 ipsec,debug,packet === 20:01:04 ipsec,debug,packet pk_recv: retry[0] recv() 20:01:04 ipsec,debug,packet such policy does not already exist: 10.107.126.206/32[0] 0.0.0.0/0[0] proto=any dir=in 20:01:04 ipsec,debug,packet pk_recv: retry[0] recv() 20:01:04 ipsec,debug,packet such policy does not already exist: 10.107.126.206/32[0] 0.0.0.0/0[0] proto=any dir=fwd 20:01:04 ipsec,debug,packet pk_recv: retry[0] recv() 20:01:04 ipsec,debug,packet such policy does not already exist: 0.0.0.0/0[0] 10.107.126.206/32[0] proto=any dir=out I onda mi automatski napravi polise: Code: Flags: X - disabled, D - dynamic, I - inactive 0 D src-address=10.107.126.206/32 src-port=any dst-address=0.0.0.0/0 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=109.92.*.* sa-dst-address=109.245.*.* proposal=default priority=2 1 D src-address=10.107.126.206/32 src-port=any dst-address=0.0.0.0/0 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=109.92.*.* sa-dst-address=109.245.*.* proposal=default priority=2 2 D src-address=0.0.0.0/0 src-port=any dst-address=10.107.126.206/32 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=109.245.*.* sa-dst-address=109.92.*.* proposal=default priority=2 Pri tom ja uopste ne znam odakle mu ove adrese 10.107.... taj opseg ne postoji na ruteru. Problem je u tome sto ni jednoj adresi bilo iz internog ili eksternog opsega nije moguce prici sa telefona. U logu nemam nikakve greske prijavljene osim sto na svaka dva tri minuta kaze da je dobio R-U-THERE i da je poslao ACK. Da li neko ima ideju kako bih mogao da debagujem i sta da uradim? |