Bonjour j'utilise ipcop depuis plus de deux ans et j'ai 11 vpn sur un site central qui fonctionnent sans soucis depuis cette époque, je suis avec la dernière version 1.4.11 sur tous les sites.
Aujourd'hui vers 12h tous les vpn se sont coupés, j'ai du redémarré ipcop sur le site central et relancer ipsec à distance sur tous les autres sites pour que les vpn se montent.
Depuis les tunnels sont ouverts mais j'ai des logs bizarres dans ipsec que je n'ai jamais eu avant (j'ai bien vérifié)
j'ai fais des recherches sur le net mais les informations que j'ai sont assez vagues.
Voici un exemples des logs qui me posent problèmes et dont j'aimerai connaitre la cause. Si vous pouvez m'eclairer sur IPSEC.
15:20:03 pluto[6703] "Oraison" #13: received and ignored informational message
15:20:03 pluto[6703] "Oraison" #13: ignoring informational payload, type INVALID_MESSAGE_ID
15:20:03 pluto[6703] "Loriol" #15: received and ignored informational message
15:20:03 pluto[6703] "Loriol" #15: ignoring informational payload, type INVALID_MESSAGE_ID
15:20:03 pluto[6703] "acv" #9: received and ignored informational message
15:20:03 pluto[6703] "acv" #9: ignoring informational payload, type INVALID_MESSAGE_ID
15:20:03 pluto[6703] "Pernes" #8: received and ignored informational message
15:20:03 pluto[6703] "Pernes" #8: ignoring informational payload, type INVALID_MESSAGE_ID
15:20:03 pluto[6703] "Mazan" #2: received and ignored informational message
15:20:03 pluto[6703] "Mazan" #2: ignoring informational payload, type INVALID_MESSAGE_ID
15:20:03 pluto[6703] "Gap" #1: received and ignored informational message
15:20:03 pluto[6703] "Gap" #1: ignoring informational payload, type INVALID_MESSAGE_ID
15:20:03 pluto[6703] "Gap" #1: received and ignored informational message
15:20:03 pluto[6703] "Gap" #1: ignoring informational payload, type INVALID_MESSAGE_ID
15:20:03 pluto[6703] "CoteauxVentoux" #14: received and ignored informational message
15:20:03 pluto[6703] "CoteauxVentoux" #14: ignoring informational payload, type INVALID_MESSAGE_ID
15:20:03 pluto[6703] "Gigondas" #11: received and ignored informational message
15:20:03 pluto[6703] "Gigondas" #11: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:52 pluto[6703] "Cavaillon" #78: received and ignored informational message
15:19:52 pluto[6703] "Cavaillon" #78: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:44 pluto[6703] "Gigondas" #11: received and ignored informational message
15:19:44 pluto[6703] "Gigondas" #11: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:44 pluto[6703] "CoteauxVentoux" #14: received and ignored informational message
15:19:44 pluto[6703] "CoteauxVentoux" #14: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:44 pluto[6703] "Gap" #1: received and ignored informational message
15:19:44 pluto[6703] "Gap" #1: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:44 pluto[6703] "Gap" #1: received and ignored informational message
15:19:44 pluto[6703] "Gap" #1: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:44 pluto[6703] "Mazan" #2: received and ignored informational message
15:19:44 pluto[6703] "Mazan" #2: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:44 pluto[6703] "acv" #9: received and ignored informational message
15:19:44 pluto[6703] "acv" #9: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:44 pluto[6703] "Pernes" #8: received and ignored informational message
15:19:44 pluto[6703] "Pernes" #8: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:44 pluto[6703] "Loriol" #15: received and ignored informational message
15:19:44 pluto[6703] "Loriol" #15: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:44 pluto[6703] "Oraison" #13: received and ignored informational message
15:19:44 pluto[6703] "Oraison" #13: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:33 pluto[6703] "Oraison" #13: received and ignored informational message
15:19:33 pluto[6703] "Oraison" #13: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:33 pluto[6703] "Loriol" #15: received and ignored informational message
15:19:33 pluto[6703] "Loriol" #15: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:33 pluto[6703] "Pernes" #8: received and ignored informational message
15:19:33 pluto[6703] "Pernes" #8: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:33 pluto[6703] "acv" #9: received and ignored informational message
15:19:33 pluto[6703] "acv" #9: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:33 pluto[6703] "Mazan" #2: received and ignored informational message
15:19:33 pluto[6703] "Mazan" #2: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:33 pluto[6703] "Gap" #1: received and ignored informational message
15:19:33 pluto[6703] "Gap" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:33 pluto[6703] "Gap" #1: received and ignored informational message
15:19:33 pluto[6703] "Gap" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:33 pluto[6703] "CoteauxVentoux" #14: received and ignored informational message
15:19:33 pluto[6703] "CoteauxVentoux" #14: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:33 pluto[6703] "Gigondas" #11: received and ignored informational message
15:19:33 pluto[6703] "Gigondas" #11: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:33 pluto[6703] "Oraison" #140: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #122
15:19:33 pluto[6703] "Oraison" #122: starting keying attempt 7 of an unlimited number
15:19:33 pluto[6703] "Oraison" #122: max number of retransmissions (2) reached STATE_QUICK_I1
15:19:33 pluto[6703] "Loriol" #139: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #123
15:19:33 pluto[6703] "Loriol" #123: starting keying attempt 9 of an unlimited number
15:19:33 pluto[6703] "Loriol" #123: max number of retransmissions (2) reached STATE_QUICK_I1
15:19:33 pluto[6703] "Pernes" #138: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #124
15:19:33 pluto[6703] "Pernes" #124: starting keying attempt 11 of an unlimited number
15:19:33 pluto[6703] "Pernes" #124: max number of retransmissions (2) reached STATE_QUICK_I1
15:19:33 pluto[6703] "acv" #137: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #125
15:19:33 pluto[6703] "acv" #125: starting keying attempt 13 of an unlimited number
15:19:33 pluto[6703] "acv" #125: max number of retransmissions (2) reached STATE_QUICK_I1
15:19:33 pluto[6703] "Mazan" #136: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #126
15:19:33 pluto[6703] "Mazan" #126: starting keying attempt 14 of an unlimited number
15:19:33 pluto[6703] "Mazan" #126: max number of retransmissions (2) reached STATE_QUICK_I1
15:19:33 pluto[6703] "Gap" #135: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #127
15:19:33 pluto[6703] "Gap" #127: starting keying attempt 14 of an unlimited number
15:19:33 pluto[6703] "Gap" #127: max number of retransmissions (2) reached STATE_QUICK_I1
15:19:33 pluto[6703] "Gap" #134: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #128
15:19:33 pluto[6703] "Gap" #128: starting keying attempt 10 of an unlimited number
15:19:33 pluto[6703] "Gap" #128: max number of retransmissions (2) reached STATE_QUICK_I1
15:19:33 pluto[6703] "CoteauxVentoux" #133: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #129
15:19:33 pluto[6703] "CoteauxVentoux" #129: starting keying attempt 8 of an unlimited number
15:19:33 pluto[6703] "CoteauxVentoux" #129: max number of retransmissions (2) reached STATE_QUICK_I1
15:19:33 pluto[6703] "Gigondas" #132: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #130
15:19:33 pluto[6703] "Gigondas" #130: starting keying attempt 6 of an unlimited number
15:19:33 pluto[6703] "Gigondas" #130: max number of retransmissions (2) reached STATE_QUICK_I1
15:19:32 pluto[6703] "Cavaillon" #78: received and ignored informational message
15:19:32 pluto[6703] "Cavaillon" #78: ignoring informational payload, type INVALID_MESSAGE_ID
15:19:22 pluto[6703] "Cavaillon" #78: received and ignored informational message
15:19:22 pluto[6703] "Cavaillon" #78: ignoring informational payload, type NO_PROPOSAL_CHOSEN
15:19:22 pluto[6703] "Cavaillon" #131: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #121
15:19:22 pluto[6703] "Cavaillon" #121: starting keying attempt 6 of an unlimited number
15:19:22 pluto[6703] "Cavaillon" #121: max number of retransmissions (2) reached STATE_QUICK_I1
Merci de votre aide
Message bizarre LOG IPSEC
Modérateur: modos Ixus
2 messages
• Page 1 sur 1
Message bizarre LOG IPSEC
par greg84 » 11 Oct 2006 15:30
- greg84
- Quartier Maître
- Messages: 20
- Inscrit le: 30 Sep 2004 12:03
par S0l0 » 13 Oct 2006 14:04
Tentatices d'attaques sur ton Ipsec avec brute force , mais la personne qu est en train de faire a drolement avancer on dirait...
Tu devrais limiter le nombre de tentative de possibilite de connection par utilisateurs voir par IP
Il se peut que tu fasse tourner une version vulnerables d'un composant d'Ipsec sur ton/tes serveurs.
Tu devrais limiter le nombre de tentative de possibilite de connection par utilisateurs voir par IP
Que dise tes logs a ce moment laAujourd'hui vers 12h tous les vpn se sont coupés, j'ai du redémarré ipcop sur le site central
Il se peut que tu fasse tourner une version vulnerables d'un composant d'Ipsec sur ton/tes serveurs.
-
S0l0 - Contre-Amiral
- Messages: 407
- Inscrit le: 01 Déc 2005 20:52
- Localisation: 21 55
2 messages
• Page 1 sur 1
Qui est en ligne ?
Utilisateur(s) parcourant actuellement ce forum : Aucun utilisateur inscrit et 1 invité