Здравствуйте.
Прошу помощи в настройки сетевой части сервера ipsec, поскольку у самого не хватает знаний понять, как должно быть. Кое-как со словарём прочитал документацию по strongSwan, но так ничего и не понял.
Дано: VDS на DigitalOcean с белым ip; на нём запущен и работает strongSwan; смартфон на Android с приложением strongSwan, который авторизуется по ключу. Я могу присоединиться к своему серверу, но не из всех сетей, и ходить в интернет.
Что надо: настроить так, что бы я мог создавать защищённое соединение из любого места, где есть Wi-Fi.
config setup
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"
conn %default
keyexchange=ikev2
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp409$
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256$
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftsubnet=0.0.0.0/0
leftcert=vpncert.der
right=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=10.42.42.0/24
conn IPSec-IKEv2
keyexchange=ikev2
auto=add
rightsourceip=10.3.0.5
leftsourceip=10.3.0.6
eth0 Link encap:Ethernet HWaddr 04:01:70:14:ce:01
inet addr:%адрес_vds% Bcast:%bcast_адрес% Mask:255.255.192.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:492743 errors:0 dropped:0 overruns:0 frame:0
TX packets:636895 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:501364924 (501.3 MB) TX bytes:528433781 (528.4 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Sep 16 03:22:48 do charon: 09[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500]
Sep 16 03:22:48 do charon: 09[NET] waiting for data on sockets
Sep 16 03:22:48 do charon: 16[MGR] checkout IKE_SA by message
Sep 16 03:22:48 do charon: 16[MGR] created IKE_SA (unnamed)[53]
Sep 16 03:22:48 do charon: 16[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500] (1012 bytes)
Sep 16 03:22:48 do charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) N((16431)) ]
Sep 16 03:22:48 do charon: 16[CFG] looking for an ike config for %адрес_vds%...%мой_внешний_адрес%
Sep 16 03:22:48 do charon: 16[CFG] candidate: %any...%any, prio 28
Sep 16 03:22:48 do charon: 16[CFG] candidate: %any...%any, prio 28
Sep 16 03:22:48 do charon: 16[CFG] found matching ike config: %any...%any with prio 28
Sep 16 03:22:48 do charon: 16[IKE] %мой_внешний_адрес% is initiating an IKE_SA
Sep 16 03:15:26 do charon: 03[MGR] check-in of IKE_SA successful.
Sep 16 03:17:01 do CRON[11335]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Sep 16 03:19:59 do charon: 04[MGR] checkout IKE_SA
Sep 16 03:19:59 do charon: 04[MGR] IKE_SA IPSec-IKEv2[52] successfully checked out
Sep 16 03:19:59 do charon: 04[KNL] querying policy 10.3.0.5/32 === 0.0.0.0/0 in (mark 0/0x00000000)
Sep 16 03:19:59 do charon: 04[KNL] querying policy 10.3.0.5/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)
Sep 16 03:19:59 do charon: 04[MGR] checkin IKE_SA IPSec-IKEv2[52]
Sep 16 03:19:59 do charon: 04[MGR] check-in of IKE_SA successful.
Sep 16 03:22:48 do charon: 09[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500]
Sep 16 03:22:48 do charon: 09[NET] waiting for data on sockets
Sep 16 03:22:48 do charon: 16[MGR] checkout IKE_SA by message
Sep 16 03:22:48 do charon: 16[MGR] created IKE_SA (unnamed)[53]
Sep 16 03:22:48 do charon: 16[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500] (1012 bytes)
Sep 16 03:22:48 do charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) N((16431)) ]
Sep 16 03:22:48 do charon: 16[CFG] looking for an ike config for %адрес_vds%...%мой_внешний_адрес%
Sep 16 03:22:48 do charon: 16[CFG] candidate: %any...%any, prio 28
Sep 16 03:22:48 do charon: 16[CFG] candidate: %any...%any, prio 28
Sep 16 03:22:48 do charon: 16[CFG] found matching ike config: %any...%any with prio 28
Sep 16 03:22:48 do charon: 16[IKE] %мой_внешний_адрес% is initiating an IKE_SA
Sep 16 03:22:48 do charon: 16[IKE] IKE_SA (unnamed)[53] state change: CREATED => CONNECTING
Sep 16 03:22:48 do charon: 16[CFG] selecting proposal:
Sep 16 03:22:48 do charon: 16[CFG] proposal matches
Sep 16 03:22:48 do charon: 16[CFG] received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2$
Sep 16 03:22:48 do charon: 16[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC$
Sep 16 03:22:48 do charon: 16[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Sep 16 03:22:48 do charon: 16[IKE] remote host is behind NAT
Sep 16 03:22:48 do charon: 16[IKE] DH group MODP_2048 inacceptable, requesting ECP_256
Sep 16 03:22:48 do charon: 16[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Sep 16 03:22:48 do charon: 16[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887] (38 bytes)
Sep 16 03:22:48 do charon: 10[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887]
Sep 16 03:22:48 do charon: 16[MGR] checkin and destroy IKE_SA (unnamed)[53]
Sep 16 03:22:48 do charon: 16[IKE] IKE_SA (unnamed)[53] state change: CONNECTING => DESTROYING
Sep 16 03:22:48 do charon: 16[MGR] check-in and destroy of IKE_SA successful
Sep 16 03:22:48 do charon: 09[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500]
Sep 16 03:22:48 do charon: 09[NET] waiting for data on sockets
Sep 16 03:22:48 do charon: 05[MGR] checkout IKE_SA by message
Sep 16 03:22:48 do charon: 05[MGR] created IKE_SA (unnamed)[54]
Sep 16 03:22:48 do charon: 05[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500] (820 bytes)
Sep 16 03:22:48 do charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) N((16431)) ]
Sep 16 03:22:48 do charon: 16[CFG] selecting proposal:
Sep 16 03:22:48 do charon: 16[CFG] proposal matches
Sep 16 03:22:48 do charon: 16[CFG] received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2$
Sep 16 03:22:48 do charon: 16[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC$
Sep 16 03:22:48 do charon: 16[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Sep 16 03:22:48 do charon: 16[IKE] remote host is behind NAT
Sep 16 03:22:48 do charon: 16[IKE] DH group MODP_2048 inacceptable, requesting ECP_256
Sep 16 03:22:48 do charon: 16[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Sep 16 03:22:48 do charon: 16[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887] (38 bytes)
Sep 16 03:22:48 do charon: 10[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887]
Sep 16 03:22:48 do charon: 16[MGR] checkin and destroy IKE_SA (unnamed)[53]
Sep 16 03:22:48 do charon: 16[IKE] IKE_SA (unnamed)[53] state change: CONNECTING => DESTROYING
Sep 16 03:22:48 do charon: 16[MGR] check-in and destroy of IKE_SA successful
Sep 16 03:22:48 do charon: 09[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500]
Sep 16 03:22:48 do charon: 09[NET] waiting for data on sockets
Sep 16 03:22:48 do charon: 05[MGR] checkout IKE_SA by message
Sep 16 03:22:48 do charon: 05[MGR] created IKE_SA (unnamed)[54]
Sep 16 03:22:48 do charon: 05[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500] (820 bytes)
Sep 16 03:22:48 do charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) N((16431)) ]
Sep 16 03:22:48 do charon: 05[CFG] looking for an ike config for %адрес_vds%...%мой_внешний_адрес%
Sep 16 03:22:48 do charon: 05[CFG] candidate: %any...%any, prio 28
Sep 16 03:22:48 do charon: 05[CFG] candidate: %any...%any, prio 28
Sep 16 03:22:48 do charon: 05[CFG] found matching ike config: %any...%any with prio 28
Sep 16 03:22:48 do charon: 05[IKE] %мой_внешний_адрес% is initiating an IKE_SA
Sep 16 03:22:48 do charon: 05[IKE] IKE_SA (unnamed)[54] state change: CREATED => CONNECTING
Sep 16 03:22:48 do charon: 05[CFG] selecting proposal:
Sep 16 03:22:48 do charon: 05[CFG] proposal matches
Sep 16 03:22:48 do charon: 05[CFG] received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2$
Sep 16 03:22:48 do charon: 05[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC$
Sep 16 03:22:48 do charon: 05[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Sep 16 03:22:48 do charon: 05[IKE] remote host is behind NAT
Sep 16 03:22:48 do charon: 05[IKE] sending cert request for "C=NL, O=DigitalOcean, CN=Ubuntu VDS"
Sep 16 03:22:48 do charon: 05[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Sep 16 03:22:48 do charon: 05[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887] (273 bytes)
Sep 16 03:22:48 do charon: 10[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887]
Sep 16 03:22:48 do charon: 05[MGR] checkin IKE_SA (unnamed)[54]
Sep 16 03:22:48 do charon: 05[MGR] check-in of IKE_SA successful.
Sep 16 03:23:04 do charon: 09[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500]
Sep 16 03:23:04 do charon: 09[NET] waiting for data on sockets
Sep 16 03:22:48 do charon: 05[CFG] candidate: %any...%any, prio 28
Sep 16 03:22:48 do charon: 05[CFG] candidate: %any...%any, prio 28
Sep 16 03:22:48 do charon: 05[CFG] found matching ike config: %any...%any with prio 28
Sep 16 03:22:48 do charon: 05[IKE] %мой_внешний_адрес% is initiating an IKE_SA
Sep 16 03:22:48 do charon: 05[IKE] IKE_SA (unnamed)[54] state change: CREATED => CONNECTING
Sep 16 03:22:48 do charon: 05[CFG] selecting proposal:
Sep 16 03:22:48 do charon: 05[CFG] proposal matches
Sep 16 03:22:48 do charon: 05[CFG] received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2$
Sep 16 03:22:48 do charon: 05[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC$
Sep 16 03:22:48 do charon: 05[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Sep 16 03:22:48 do charon: 05[IKE] remote host is behind NAT
Sep 16 03:22:48 do charon: 05[IKE] sending cert request for "C=NL, O=DigitalOcean, CN=Ubuntu VDS"
Sep 16 03:22:48 do charon: 05[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Sep 16 03:22:48 do charon: 05[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887] (273 bytes)
Sep 16 03:22:48 do charon: 10[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887]
Sep 16 03:22:48 do charon: 05[MGR] checkin IKE_SA (unnamed)[54]
Sep 16 03:22:48 do charon: 05[MGR] check-in of IKE_SA successful.
Sep 16 03:23:04 do charon: 09[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500]
Sep 16 03:23:04 do charon: 09[NET] waiting for data on sockets
Sep 16 03:23:04 do charon: 13[MGR] checkout IKE_SA by message
Sep 16 03:23:04 do charon: 13[MGR] created IKE_SA (unnamed)[55]
Sep 16 03:23:04 do charon: 13[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500] (1012 bytes)
Sep 16 03:23:04 do charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) N((16431)) ]
Sep 16 03:23:04 do charon: 13[CFG] looking for an ike config for %адрес_vds%...%мой_внешний_адрес%
Sep 16 03:23:04 do charon: 13[CFG] candidate: %any...%any, prio 28
Sep 16 03:23:04 do charon: 13[CFG] candidate: %any...%any, prio 28
Sep 16 03:23:04 do charon: 13[CFG] found matching ike config: %any...%any with prio 28
Sep 16 03:23:04 do charon: 13[IKE] %мой_внешний_адрес% is initiating an IKE_SA
Sep 16 03:23:04 do charon: 13[IKE] IKE_SA (unnamed)[55] state change: CREATED => CONNECTING
Sep 16 03:23:04 do charon: 13[CFG] selecting proposal:
Sep 16 03:23:04 do charon: 13[CFG] proposal matches
Sep 16 03:23:04 do charon: 13[CFG] received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2$
Sep 16 03:23:04 do charon: 13[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC$
Sep 16 03:23:04 do charon: 13[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Sep 16 03:23:04 do charon: 13[IKE] remote host is behind NAT
Sep 16 03:23:04 do charon: 13[IKE] DH group MODP_2048 inacceptable, requesting ECP_256
Sep 16 03:23:04 do charon: 13[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Sep 16 03:23:04 do charon: 13[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887] (38 bytes)
Sep 16 03:23:04 do charon: 10[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887]
Sep 16 03:23:04 do charon: 13[MGR] created IKE_SA (unnamed)[55]
Sep 16 03:23:04 do charon: 13[NET] received packet: from %мой_внешний_адрес%[46887] to %адрес_vds%[500] (1012 bytes)
Sep 16 03:23:04 do charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) N((16431)) ]
Sep 16 03:23:04 do charon: 13[CFG] looking for an ike config for %адрес_vds%...%мой_внешний_адрес%
Sep 16 03:23:04 do charon: 13[CFG] candidate: %any...%any, prio 28
Sep 16 03:23:04 do charon: 13[CFG] candidate: %any...%any, prio 28
Sep 16 03:23:04 do charon: 13[CFG] found matching ike config: %any...%any with prio 28
Sep 16 03:23:04 do charon: 13[IKE] %мой_внешний_адрес% is initiating an IKE_SA
Sep 16 03:23:04 do charon: 13[IKE] IKE_SA (unnamed)[55] state change: CREATED => CONNECTING
Sep 16 03:23:04 do charon: 13[CFG] selecting proposal:
Sep 16 03:23:04 do charon: 13[CFG] proposal matches
Sep 16 03:23:04 do charon: 13[CFG] received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2$
Sep 16 03:23:04 do charon: 13[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC$
Sep 16 03:23:04 do charon: 13[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Sep 16 03:23:04 do charon: 13[IKE] remote host is behind NAT
Sep 16 03:23:04 do charon: 13[IKE] DH group MODP_2048 inacceptable, requesting ECP_256
Sep 16 03:23:04 do charon: 13[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Sep 16 03:23:04 do charon: 13[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887] (38 bytes)
Sep 16 03:23:04 do charon: 10[NET] sending packet: from %адрес_vds%[500] to %мой_внешний_адрес%[46887]
Sep 16 03:23:04 do charon: 13[MGR] checkin and destroy IKE_SA (unnamed)[55]
Sep 16 03:23:04 do charon: 13[IKE] IKE_SA (unnamed)[55] state change: CONNECTING => DESTROYING
Sep 16 03:23:04 do charon: 13[MGR] check-in and destroy of IKE_SA successful
Sep 16 10:22:48 00[DMN] Starting IKE charon daemon (strongSwan 5.3.3dr1, Linux 3.4.67, armv7l)
Sep 16 10:22:48 00[LIB] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls
Sep 16 10:22:48 00[JOB] spawning 16 worker threads
Sep 16 10:22:48 07[CFG] loaded user certificate 'C=NL, O=DigitalOcean, CN=Ubuntu VDS' and private key
Sep 16 10:22:48 07[IKE] initiating IKE_SA android[4] to %адрес_vds%
Sep 16 10:22:48 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
Sep 16 10:22:48 07[NET] sending packet: from 10.0.184.65[46887] to %адрес_vds%[500] (1012 bytes)
Sep 16 10:22:48 09[NET] received packet: from %адрес_vds%[500] to 10.0.184.65[46887] (38 bytes)
Sep 16 10:22:48 09[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Sep 16 10:22:48 09[IKE] peer didn't accept DH group MODP_2048, it requested ECP_256
Sep 16 10:22:48 09[IKE] initiating IKE_SA android[4] to %адрес_vds%
Sep 16 10:22:48 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
Sep 16 10:22:48 09[NET] sending packet: from 10.0.184.65[46887] to %адрес_vds%[500] (820 bytes)
Sep 16 10:22:48 10[NET] received packet: from %адрес_vds%[500] to 10.0.184.65[46887] (273 bytes)
Sep 16 10:22:48 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Sep 16 10:22:48 10[IKE] local host is behind NAT, sending keep alives
Sep 16 10:22:49 10[IKE] received cert request for "C=NL, O=DigitalOcean, CN=Ubuntu VDS"
Sep 16 10:22:49 10[IKE] authentication of 'C=NL, O=DigitalOcean, CN=Ubuntu VDS' (myself) with RSA signature successful
Sep 16 10:22:49 10[IKE] sending end entity cert "C=NL, O=DigitalOcean, CN=Ubuntu VDS"
Sep 16 10:22:49 10[IKE] establishing CHILD_SA android
Sep 16 10:22:49 10[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Sep 16 10:22:49 10[NET] sending packet: from 10.0.184.65[33180] to %адрес_vds%[4500] (5488 bytes)
Sep 16 10:22:51 13[IKE] retransmit 1 of request with message ID 1
Sep 16 10:22:51 13[NET] sending packet: from 10.0.184.65[33180] to %адрес_vds%[4500] (5488 bytes)
Sep 16 10:22:54 14[IKE] retransmit 2 of request with message ID 1
Sep 16 10:22:55 14[NET] sending packet: from 10.0.184.65[33180] to %адрес_vds%[4500] (5488 bytes)
Sep 16 10:22:59 15[IKE] retransmit 3 of request with message ID 1
Sep 16 10:22:59 15[NET] sending packet: from 10.0.184.65[33180] to %адрес_vds%[4500] (5488 bytes)
Sep 16 10:23:04 06[IKE] giving up after 3 retransmits
Sep 16 10:23:04 06[IKE] peer not responding, trying again (2/0)
Sep 16 10:23:04 06[IKE] initiating IKE_SA android[4] to %адрес_vds%
Sep 16 10:23:05 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
Sep 16 10:23:05 06[NET] sending packet: from 10.0.184.65[46887] to %адрес_vds%[500] (1012 bytes)
Sep 16 10:23:05 07[IKE] destroying IKE_SA in state CONNECTING without notification
Лог удачного соеденения через мобильный интернет