openwrt18.06.4配置strongswan对接山石网科(hillstone)记录①

首先感谢https://blog.csdn.net/d9394952/article/details/90734469 原贴作者

摸索了一个礼拜，将过程记录如下

首先将路由器连上网，更新opkg

root@OpenWrt:~# ping www.baidu.com
PING www.baidu.com (61.135.169.125): 56 data bytes
64 bytes from 61.135.169.125: seq=0 ttl=56 time=14.891 ms
^C
--- www.baidu.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 14.891/14.891/14.891 ms
root@OpenWrt:~# opkg update 

Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_kmods
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/base/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/luci/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/routing/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/telephony/Packages.sig
Signature check passed.

安装中文

root@OpenWrt:~# opkg install luci-i18n-base-zh-cn
Installing luci-i18n-base-zh-cn (git-20.112.60516-7cc22e1-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/luci/luci-i18n-base-zh-cn_git-20.112.60516-7cc22e1-1_all.ipk
Configuring luci-i18n-base-zh-cn.

 安装strongswan

root@OpenWrt:~# opkg install strongswan-default
Installing strongswan-default (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-default_5.6.3-3_mipsel_24kc.ipk
Installing libmnl (1.0.4-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/base/libmnl_1.0.4-1_mipsel_24kc.ipk
Installing ip-tiny (4.16.0-8) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/base/ip-tiny_4.16.0-8_mipsel_24kc.ipk
Installing kmod-crypto-hash (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-hash_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-null (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-null_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-aead (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-aead_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-pcompress (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-pcompress_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-manager (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-manager_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-authenc (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-authenc_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-cbc (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-cbc_4.14.131-1_mipsel_24kc.ipk
Installing kmod-lib-zlib-inflate (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-lib-zlib-inflate_4.14.131-1_mipsel_24kc.ipk
Installing kmod-lib-zlib-deflate (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-lib-zlib-deflate_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-acompress (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-acompress_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-deflate (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-deflate_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-des (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-des_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-echainiv (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-echainiv_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-hmac (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-hmac_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-sha256 (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-sha256_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-rng (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-rng_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-wq (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-wq_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-iv (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-iv_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-md5 (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-md5_4.14.131-1_mipsel_24kc.ipk
Installing kmod-crypto-sha1 (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-crypto-sha1_4.14.131-1_mipsel_24kc.ipk
Installing kmod-ipsec (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-ipsec_4.14.131-1_mipsel_24kc.ipk
Installing kmod-iptunnel4 (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-iptunnel4_4.14.131-1_mipsel_24kc.ipk
Installing kmod-ipsec4 (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-ipsec4_4.14.131-1_mipsel_24kc.ipk
Installing kmod-iptunnel6 (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-iptunnel6_4.14.131-1_mipsel_24kc.ipk
Installing kmod-ipsec6 (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-ipsec6_4.14.131-1_mipsel_24kc.ipk
Installing kmod-ipt-ipsec (4.14.131-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/kmods/4.14.131-1-94e97c3b21ec52cb72cec4eaff828985/kmod-ipt-ipsec_4.14.131-1_mipsel_24kc.ipk
Installing iptables-mod-ipsec (1.6.2-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/packages/iptables-mod-ipsec_1.6.2-1_mipsel_24kc.ipk
Installing strongswan (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-charon (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-charon_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-ipsec (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-ipsec_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-aes (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-aes_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-attr (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-attr_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-connmark (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-connmark_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-constraints (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-constraints_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-des (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-des_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-dnskey (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-dnskey_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-sha1 (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-sha1_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-fips-prf (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-fips-prf_5.6.3-3_mipsel_24kc.ipk
Installing libgmp (6.1.2-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/base/libgmp_6.1.2-1_mipsel_24kc.ipk
Installing strongswan-mod-gmp (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-gmp_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-hmac (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-hmac_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-kernel-netlink (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-kernel-netlink_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-md5 (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-md5_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-nonce (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-nonce_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-pem (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-pem_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-pgp (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-pgp_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-pkcs1 (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-pkcs1_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-pubkey (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-pubkey_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-random (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-random_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-rc2 (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-rc2_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-resolve (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-resolve_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-revocation (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-revocation_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-sha2 (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-sha2_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-socket-default (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-socket-default_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-sshkey (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-sshkey_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-stroke (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-stroke_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-updown (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-updown_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-x509 (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-x509_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-xauth-generic (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-xauth-generic_5.6.3-3_mipsel_24kc.ipk
Installing strongswan-mod-xcbc (5.6.3-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.4/packages/mipsel_24kc/packages/strongswan-mod-xcbc_5.6.3-3_mipsel_24kc.ipk
Configuring kmod-crypto-hash.
Configuring kmod-crypto-null.
Configuring kmod-crypto-aead.
Configuring kmod-crypto-pcompress.
Configuring kmod-crypto-manager.
Configuring libmnl.
Configuring ip-tiny.
Configuring kmod-crypto-authenc.
Configuring kmod-crypto-cbc.
Configuring kmod-lib-zlib-inflate.
Configuring kmod-lib-zlib-deflate.
Configuring kmod-crypto-acompress.
Configuring kmod-crypto-deflate.
Configuring kmod-crypto-des.
Configuring kmod-crypto-echainiv.
Configuring kmod-crypto-hmac.
Configuring kmod-crypto-sha256.
Configuring kmod-crypto-rng.
Configuring kmod-crypto-wq.
Configuring kmod-crypto-iv.
Configuring kmod-crypto-md5.
Configuring kmod-crypto-sha1.
Configuring kmod-ipsec.
Configuring kmod-iptunnel4.
Configuring kmod-ipsec4.
Configuring kmod-iptunnel6.
Configuring kmod-ipsec6.
Configuring kmod-ipt-ipsec.
Configuring iptables-mod-ipsec.
Configuring strongswan.
Configuring strongswan-mod-constraints.
Configuring strongswan-mod-sha1.
Configuring strongswan-mod-sha2.
Configuring strongswan-mod-connmark.
Configuring strongswan-mod-pem.
Configuring strongswan-mod-rc2.
Configuring strongswan-mod-aes.
Configuring strongswan-mod-pgp.
Configuring strongswan-mod-sshkey.
Configuring strongswan-mod-xcbc.
Configuring strongswan-mod-random.
Configuring strongswan-mod-pkcs1.
Configuring strongswan-mod-dnskey.
Configuring strongswan-mod-hmac.
Configuring strongswan-charon.
Configuring strongswan-mod-des.
Configuring strongswan-mod-fips-prf.
Configuring strongswan-mod-socket-default.
Configuring strongswan-mod-resolve.
Configuring strongswan-mod-pubkey.
Configuring strongswan-mod-kernel-netlink.
Configuring strongswan-ipsec.
Configuring strongswan-mod-attr.
Configuring libgmp.
Configuring strongswan-mod-gmp.
Configuring strongswan-mod-md5.
Configuring strongswan-mod-nonce.
Configuring strongswan-mod-revocation.
Configuring strongswan-mod-stroke.
Configuring strongswan-mod-updown.
Configuring strongswan-mod-x509.
Configuring strongswan-mod-xauth-generic.
Configuring strongswan-default.

备份原有的配置文件

root@OpenWrt:/etc# mv ipsec.conf ipsec.conf.bak 

使用vi或者nano等喜欢的编辑器编辑/etc/ipsec.conf文件如下（部分信息已脱敏处理）

config setup
conn tamz
  keyexchange=ikev1
  aggressive=yes #野蛮模式
  left=111.222.203.115 #本端IP
  right=222.111.105.103 #对端IP
  leftsubnet=192.168.1.0/24 #本端子网
  leftauth=psk
  rightauth=psk
  rightsubnet=11.11.11.0/27 #对端子网
  auto=start
  leftid=MOON #本端FQDN
  rightid=SUN #对端FQDN

  ike=des-md5-modp1024 #  P1提议

  esp=des-md5-modp1024 #P2提议
  lifetime=3600
  ikelifetime=10800
  type=tunnel

 编辑预存共享秘钥文件/etc/ipsec.secrets

root@OpenWrt:~# cat /etc/ipsec.secrets 
# /etc/ipsec.secrets - strongSwan IPsec secrets file
111.222.203.115 222.111.105.103 : PSK "123456"
: PSK "123456"
root@OpenWrt:~#

 

对端（山石网科）设备启动debug

debug

debug filter ip 111.222.203.115 #根据来源IP过滤

clear log deb #清除调试日志

show log deb #显示调试日志

启动ipsec （带调试）

root@OpenWrt:~# /usr/sbin/ipsec stop #装好strongswan默认启动，先停止
Stopping strongSwan IPsec...
root@OpenWrt:~# /usr/sbin/ipsec start --debug-all --nofork
Starting strongSwan 5.6.3 IPsec [starter]...
Loading config setup
Loading conn 'tamz'
  aggressive=yes
  auto=start
  esp=des-md5-modp1024
  ike=des-md5-modp1024
  ikelifetime=10800
  keyexchange=ikev1
  left=111.222.203.115
  leftauth=psk
  leftid=MOON
  leftsubnet=192.168.1.0/24
  lifetime=3600
  right=222.111.105.103
  rightauth=psk
  rightid=SUN
  rightsubnet=11.11.11.0/27
  type=tunnel
found netkey IPsec stack
Attempting to start charon...
00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.14.131, mips)
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[CFG]   loaded IKE secret for 111.222.203.115 222.111.105.103
00[CFG]   loaded IKE secret for %any
00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default connmark stroke updown xauth-generic
00[JOB] spawning 16 worker threads
charon (6472) started after 60 ms
07[CFG] received stroke: add connection 'tamz'
07[CFG] added configuration 'tamz'
08[CFG] received stroke: initiate 'tamz'
08[IKE] initiating Aggressive Mode IKE_SA tamz[1] to 222.111.105.103
08[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
08[NET] sending packet: from 111.222.203.115[500] to 222.111.105.103[500] (395 bytes)
10[NET] received packet: from 222.111.105.103[500] to 111.222.203.115[500] (305 bytes)
10[ENC] parsed AGGRESSIVE response 0 [ SA KE No ID HASH V V ]
10[IKE] received DPD vendor ID
10[ENC] received unknown vendor ID: 36:66:54:12:e8:c5:97:32:31:74:54:ee:ef:ef:85:b6
10[IKE] IKE_SA tamz[1] established between 111.222.203.115[MOON]...222.111.105.103[SUN]
10[IKE] scheduling reauthentication in 10083s
10[IKE] maximum IKE_SA lifetime 10623s
10[ENC] generating AGGRESSIVE request 0 [ HASH ]
10[NET] sending packet: from 111.222.203.115[500] to 222.111.105.103[500] (52 bytes)
10[ENC] generating QUICK_MODE request 3536586912 [ HASH SA No KE ID ID ]
10[NET] sending packet: from 111.222.203.115[500] to 222.111.105.103[500] (308 bytes)
09[NET] received packet: from 222.111.105.103[500] to 111.222.203.115[500] (292 bytes)
09[ENC] parsed QUICK_MODE response 3536586912 [ HASH SA No KE ID ID ]
09[IKE] CHILD_SA tamz{1} established with SPIs c769f274_i 71338dfa_o and TS 192.168.1.0/24 === 11.11.11.0/27
09[ENC] generating QUICK_MODE request 3536586912 [ HASH ]
09[NET] sending packet: from 111.222.203.115[500] to 222.111.105.103[500] (52 bytes)

新开ssh窗口，将隧道up

root@OpenWrt:~# /usr/sbin/ipsec up tamz
generating QUICK_MODE request 2481523623 [ HASH SA No KE ID ID ]
sending packet: from 111.222.203.115[500] to 112.250.105.103[500] (308 bytes)
received packet: from 112.250.105.103[500] to 111.222.203.115[500] (292 bytes)
parsed QUICK_MODE response 2481523623 [ HASH SA No KE ID ID ]
detected rekeying of CHILD_SA tamz{1}
CHILD_SA tamz{2} established with SPIs c143e092_i 71338dfc_o and TS 192.168.1.0/24 === 11.11.11.0/27
connection 'tamz' established successfully
root@OpenWrt:~# 

山石网科设备调试输出：

HILLSTONE@SUN[DBG]# sh log deb 
2020-04-28 07:40:30, DEBUG@VPN: Adding NON-ESP marker
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Receive Information.
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Begin decryption ...
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: IV was saved for next processing:
2020-04-28 07:40:32, DEBUG@VPN: f36fe69f 23e96f0e 
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: with key:
2020-04-28 07:40:32, DEBUG@VPN: a241f602 8ca2c206 
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Decrypted payload by IV:
2020-04-28 07:40:32, DEBUG@VPN: a7f2fe4a a92eb104 
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Skip to trim padding
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Decrypted packet:
....省略
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Decrypt packet sucessful!
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Hash validated.
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Purged SAs.
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Receive Information.
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Begin decryption ...
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: IV was saved for next processing:
2020-04-28 07:40:32, DEBUG@VPN: 34673ba3 0cfe67f2 
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: with key:
2020-04-28 07:40:32, DEBUG@VPN: a241f602 8ca2c206 
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Decrypted payload by IV:
2020-04-28 07:40:32, DEBUG@VPN: ce34f1ad 5536e4ef 
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Skip to trim padding
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Decrypted packet:
....省略
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Decrypt packet sucessful!
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Hash validated.
2020-04-28 07:40:32, DEBUG@VPN: Send IPSEC tunnel state change to inactive trap
2020-04-28 07:40:32, DEBUG@VPN: purged IPsec-SA proto_id=ESP spi=3303377835.
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Purged SAs.
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Receive Information.
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Begin decryption ...
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: IV was saved for next processing:
2020-04-28 07:40:32, DEBUG@VPN: a8b68c01 92bcb695 
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: with key:
2020-04-28 07:40:32, DEBUG@VPN: a241f602 8ca2c206 
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Decrypted payload by IV:
2020-04-28 07:40:32, DEBUG@VPN: 7b0798c7 f00ff11d 
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Skip to trim padding
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Decrypted packet:
....省略
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Decrypt packet sucessful!
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Hash validated.
2020-04-28 07:40:32, DEBUG@VPN: [111.222.203.115]: Purged SAs.
2020-04-28 07:40:33, DEBUG@VPN: [111.222.203.115]: ISAKMP-SA deleted 222.111.105.103:500-111.222.203.115:500 spi:3bf39aa0cecdb63c:db83e75920226378
2020-04-28 07:40:35, DEBUG@VPN: Adding NON-ESP marker
2020-04-28 07:40:37, DEBUG@VPN: phase2 negotiation failed due to time up waiting for phase1. 
2020-04-28 07:40:37, DEBUG@VPN: delete phase 2 handler.
2020-04-28 07:40:38, DEBUG@VPN: phase2 negotiation failed due to time up waiting for phase1. 
2020-04-28 07:40:38, DEBUG@VPN: delete phase 2 handler.
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Peer Aggressive mode, try to find rmconf.
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Peer id:
2020-04-28 07:40:39, DEBUG@VPN: 02000000 474b2d4c 444747
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Try to get rmconf by IP, id and local if.
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Peer ip: 111.222.203.115
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Local IP: 222.111.105.103
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Max dialup cache num: 100 current num:0
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to find rmconf with id
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Peer id:
2020-04-28 07:40:39, DEBUG@VPN: 474b2d4c 444747
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to find a dynamic rmconf with strict
2020-04-28 07:40:39, DEBUG@VPN: [anonymous]: Begin to compare ID of dynamic rmconf strictly!
2020-04-28 07:40:39, DEBUG@VPN: [anonymous]: ID match
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Find a dynamic rmconf with strict, The ISAKMP Peer name FromGK-LDGG
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Get rmconf sucessful
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to negotiate with found rmconf, name FromGK-LDGG
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: respond new phase 1 negotiation: 222.111.105.103:500<=>111.222.203.115:500
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: begin Aggressive mode.
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 1 aggressive mode first msg receive START.++++++++
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ===============Receive===============
2020-04-28 07:40:39, DEBUG@VPN: ISAKMP Header Format:
....省略
2020-04-28 07:40:39, DEBUG@VPN: ================================
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Dump of above packet:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: phase 1 (aggressive mode): remote supports DPD
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Rmconf flag 10122.
2020-04-28 07:40:39, DEBUG@VPN: 474b2d4c 444747
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Compared: DB:Peer
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: (lifetime = 10800:10800)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: (lifebyte = 0:0)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: enctype = DES-CBC:DES-CBC 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: (encklen = 0:0)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: hashtype = MD5:MD5
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: authmethod = pre-shared key:pre-shared key
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: dh_group = 1024-bit MODP group:1024-bit MODP group
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: An acceptable proposal found
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 1 aggressive mode first msg receive START.++++++++
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 1 aggressive mode first msg send START.+++++++
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to create ID payload for phase 1 ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Sucessful! Use ID type of FQDN
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to compute SKEYID...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: The pre-shared key found
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Pre-shared key:
2020-04-28 07:40:39, DEBUG@VPN: 31323334 3536
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: SKEYID computed sucessful!the SKEYID:
2020-04-28 07:40:39, DEBUG@VPN: 787e31f6 e7400a2c 7b1593f9 48e9aef4 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to compute SKEYID_d SKEYID_a SKEYID_e ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: SKEYID_d computed successful!the SKEYID_d:
2020-04-28 07:40:39, DEBUG@VPN: 382556c1 1a2faa9f d5d447fc 029d9b4c 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: SKEYID_a computed successful!the SKEYID_a:
2020-04-28 07:40:39, DEBUG@VPN: 4d09f23f bcebb11b ee9b61ed 4efa735b 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: SKEYID_e computed successful!the SKEYID_e:
2020-04-28 07:40:39, DEBUG@VPN: 06058653 85632a13 d31fcb0f a7ba43ce 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Compute sucessful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to compute final encryption key ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Compute final encryption key sucessful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Final encryption key computed:
2020-04-28 07:40:39, DEBUG@VPN: 06058653 85632a13 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to compute new IV ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Compute new IV sucessful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: IV computed:(for decoding packet)
2020-04-28 07:40:39, DEBUG@VPN: e2bec756 14bd735d 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: IV computed:(for encoding packet)
2020-04-28 07:40:39, DEBUG@VPN: e2bec756 14bd735d 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: phase 1 (aggressive mode): generate HASH_R
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to compute phase1 HASH ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: HASH computed:
2020-04-28 07:40:39, DEBUG@VPN: e598a989 9c7ce98c 8ed22b63 82259e61 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Compute phase1 HASH successful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ===============Send===============
....省略
2020-04-28 07:40:39, DEBUG@VPN: ================================
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Dump of above packet:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Resend phase1 packet 1204b97cd5269773:45bbb278f66d6b24
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 1 aggressive mode first msg send END.+++++++
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: +++++++Phase 1 aggressive mode second msg receive START.++++++++
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin decryption ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: IV was saved for next processing:
2020-04-28 07:40:39, DEBUG@VPN: 946af0ab 2973a006 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: with key:
2020-04-28 07:40:39, DEBUG@VPN: 06058653 85632a13 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Decrypted payload by IV:
2020-04-28 07:40:39, DEBUG@VPN: e2bec756 14bd735d 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Skip to trim padding
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Decrypted packet:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Decrypt packet sucessful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ===============Receive===============
2020-04-28 07:40:39, DEBUG@VPN: ISAKMP Header Format:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ================================
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: DUMP of above packet:
2020-04-28 07:40:39, DEBUG@VPN: 1204b97c d5269773 45bbb278 f66d6b24 08100401 00000000 00000034 00000014
e1f72f00 20cdb764 47575ace d6b25945 00000000 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to compute phase1 HASH ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: HASH computed:
2020-04-28 07:40:39, DEBUG@VPN: e1f72f00 20cdb764 47575ace d6b25945 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Compute phase1 HASH successful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: HASH for pre-shared key validated
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: +++++++Phase 1 aggressive mode second msg receive END.++++++++
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: +++++++Phase 1 aggressive mode second msg send START.+++++++
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: +++++++Phase 1 aggressive mode second msg send END.+++++++
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: isakmp sa created time 2932160
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: *****ISAKMP-SA established 222.111.105.103:500-111.222.203.115:500 spi:1204b97cd5269773:45bbb278f66d6b24*****
2020-04-28 07:40:39, DEBUG@VPN: #一阶段完成
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: respond new phase 2 negotiation: 222.111.105.103:500<=>111.222.203.115:500
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) first msg receive START.++++++++
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin decryption ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: IV was saved for next processing:
2020-04-28 07:40:39, DEBUG@VPN: 445a862c 96068fe9 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: with key:
2020-04-28 07:40:39, DEBUG@VPN: 06058653 85632a13 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Decrypted payload by IV:
2020-04-28 07:40:39, DEBUG@VPN: 7a65ff7d 38755899 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Skip to trim padding
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Decrypted packet:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Decrypt packet sucessful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ===============Receive===============
2020-04-28 07:40:39, DEBUG@VPN: ISAKMP Header Format:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ================================
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Dump of above packet:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : received IDci2:
2020-04-28 07:40:39, DEBUG@VPN: 04000000 c0a80100 ffffff00 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : received IDcr2:
2020-04-28 07:40:39, DEBUG@VPN: 04000000 0b0b0b00 ffffffe0 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : Begin to HASH(1) validate ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Phase 2 (quick mode) : HASH(1) matched.
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: get a src address from ID payload 192.168.1.0:0 prefixlen=24 ul_proto=255
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: get dst address from ID payload 11.11.11.0:0 prefixlen=27 ul_proto=255
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Suitable SP found:192.168.1.0:0/24[ 11.11.11.0:0/27[ proto=any dir=in
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]:   (trns_id=DES encklen=0 authtype=hmac-md5)
2020-04-28 07:40:39, DEBUG@VPN: life duration was in TLV.
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin compare proposals
2020-04-28 07:40:39, DEBUG@VPN: prop#=0 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=DES
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to compare my and peer's proposal ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Peer's single bundle:
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]:  (proto_id=ESP spisize=4 spi=cb4866e2 spi_p=00000000 encmode=Tunnel reqid=0:0)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]:   (trns_id=DES encklen=0 authtype=hmac-md5)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: My single bundle:
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]:   (trns_id=DES encklen=0 authtype=hmac-md5)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Matched #P2提议匹配
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) first msg receive END.++++++++
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: +++++++Phase 2 (quick mode) first msg send START.++++++++
2020-04-28 07:40:39, DEBUG@VPN: life duration was in TLV.
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ===============Send===============
2020-04-28 07:40:39, DEBUG@VPN: ISAKMP Header Format:
....省略
2020-04-28 07:40:39, DEBUG@VPN: ================================
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Dump of above packet:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin encryption ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Encrypted successful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: resend phase2 packet 1204b97cd5269773:45bbb278f66d6b24:0Xd5dedd08
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: +++++++Phase 2 (quick mode) first msg send END.++++++++
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) second msg receive START.++++++++
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin decryption ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: IV was saved for next processing:
2020-04-28 07:40:39, DEBUG@VPN: 47fcfc9c d6e08400 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: with key:
2020-04-28 07:40:39, DEBUG@VPN: 06058653 85632a13 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Decrypted payload by IV:
2020-04-28 07:40:39, DEBUG@VPN: 60b8ac7f aa36f7c2 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Skip to trim padding
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Decrypted packet:
2020-04-28 07:40:39, DEBUG@VPN: 1204b97c d5269773 45bbb278 f66d6b24 08102001 d5dedd08 00000034 00000014
08adb95e f4c49876 a251ab5b b89065ff 00000000 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Decrypt packet sucessful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ===============Receive===============
2020-04-28 07:40:39, DEBUG@VPN: ISAKMP Header Format:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ================================
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Dump of above packet:
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Phase 2 (quick mode) : HASH(3) validate ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: HASH(3) generate ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: HASH(3) generate successful!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : HASH(3) matched!
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) second msg receive END.++++++++
2020-04-28 07:40:39, DEBUG@VPN: 
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: Begin to compute KEYMAT ...
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: KEYMAT compute with
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: encklen=64 authklen=128
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: generating 384 bits of key (dupkeymat=3)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: generating K1...K3 for KEYMAT.
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: KEYMAT compute with
....省略
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: encklen=64 authklen=128
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: generating 384 bits of key (dupkeymat=3)
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: generating K1...K3 for KEYMAT.
2020-04-28 07:40:39, DEBUG@VPN: [111.222.203.115]: KEYMAT computed successful!
2020-04-28 07:40:39, DEBUG@VPN: ===auto ike track value sent to dplane===
2020-04-28 07:40:39, DEBUG@VPN: saindex 1516
2020-04-28 07:40:39, DEBUG@VPN: org src port 0
2020-04-28 07:40:39, DEBUG@VPN: local src port 25
2020-04-28 07:40:39, DEBUG@VPN: Vpn track enable: no
2020-04-28 07:40:39, DEBUG@VPN: Vpn track dst ip: 111.222.203.115
2020-04-28 07:40:39, DEBUG@VPN: Vpn track src ip: 222.111.105.103
2020-04-28 07:40:39, DEBUG@VPN: Vpn track interval: 10
2020-04-28 07:40:39, DEBUG@VPN: Vpn track threshold: 10
2020-04-28 07:40:39, DEBUG@VPN: Send IPSEC tunnel state change to active trap
2020-04-28 07:40:40, DEBUG@VPN: Adding NON-ESP marker
2020-04-28 07:40:40, DEBUG@VPN: Adding NON-ESP marker
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: respond new phase 2 negotiation: 222.111.105.103:500<=>111.222.203.115:500
2020-04-28 07:40:43, DEBUG@VPN: 
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) first msg receive START.++++++++
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Begin decryption ...
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: IV was saved for next processing:
2020-04-28 07:40:43, DEBUG@VPN: 1a9f2910 1d05631b 
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: with key:
2020-04-28 07:40:43, DEBUG@VPN: 06058653 85632a13 
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Decrypted payload by IV:
2020-04-28 07:40:43, DEBUG@VPN: f9349796 671f09f7 
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Skip to trim padding
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Decrypted packet:
....省略
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Decrypt packet sucessful!
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: ===============Receive===============
2020-04-28 07:40:43, DEBUG@VPN: ISAKMP Header Format:
....省略
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: ================================
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Dump of above packet:
....省略
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : received IDci2:
2020-04-28 07:40:43, DEBUG@VPN: 04000000 c0a80100 ffffff00 
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : received IDcr2:
2020-04-28 07:40:43, DEBUG@VPN: 04000000 0b0b0b00 ffffffe0 
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : Begin to HASH(1) validate ...
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Phase 2 (quick mode) : HASH(1) matched.
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: phase2 handler negotiating already exists, ignore phase2 negotiation request
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Just established one ,deny.
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : failed to get sainfo by ipsec doi id.
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) first msg receive END.++++++++
2020-04-28 07:40:43, DEBUG@VPN: 
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: failed to pre-process packet.
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Begin encryption ...
2020-04-28 07:40:43, DEBUG@VPN: [111.222.203.115]: Encrypted successful!
2020-04-28 07:40:45, DEBUG@VPN: Adding NON-ESP marker
2020-04-28 07:40:45, DEBUG@VPN: Adding NON-ESP marker
2020-04-28 07:40:46, DEBUG@VPN: Adding NON-ESP marker
2020-04-28 07:40:46, DEBUG@VPN: Adding NON-ESP marker
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: respond new phase 2 negotiation: 222.111.105.103:500<=>111.222.203.115:500
2020-04-28 07:40:47, DEBUG@VPN: #二阶段第一个包开始接收
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) first msg receive START.++++++++
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Begin decryption ...
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: IV was saved for next processing:
2020-04-28 07:40:47, DEBUG@VPN: 1a9f2910 1d05631b 
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: with key:
2020-04-28 07:40:47, DEBUG@VPN: 06058653 85632a13 
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Decrypted payload by IV:
2020-04-28 07:40:47, DEBUG@VPN: f9349796 671f09f7 
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Skip to trim padding
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Decrypted packet:
....
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Decrypt packet sucessful!
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: ===============Receive===============
2020-04-28 07:40:47, DEBUG@VPN: ISAKMP Header Format:
....省略
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: ================================
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Dump of above packet:
....省略
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : received IDci2:
2020-04-28 07:40:47, DEBUG@VPN: 04000000 c0a80100 ffffff00 
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : received IDcr2:
2020-04-28 07:40:47, DEBUG@VPN: 04000000 0b0b0b00 ffffffe0 
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : Begin to HASH(1) validate ...
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Phase 2 (quick mode) : HASH(1) matched.
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: get a src address from ID payload 192.168.1.0:0 prefixlen=24 ul_proto=255
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: get dst address from ID payload 11.11.11.0:0 prefixlen=27 ul_proto=255
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Suitable SP found:192.168.1.0:0/24[ 11.11.11.0:0/27[ proto=any dir=in
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]:   (trns_id=DES encklen=0 authtype=hmac-md5)
2020-04-28 07:40:47, DEBUG@VPN: life duration was in TLV.
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Begin compare proposals
2020-04-28 07:40:47, DEBUG@VPN: prop#=0 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=DES
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Begin to compare my and peer's proposal ...
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Peer's single bundle:
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]:  (proto_id=ESP spisize=4 spi=c67f2f16 spi_p=00000000 encmode=Tunnel reqid=0:0)
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]:   (trns_id=DES encklen=0 authtype=hmac-md5)
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: My single bundle:
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]:   (trns_id=DES encklen=0 authtype=hmac-md5)
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Matched
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) first msg receive END.++++++++
2020-04-28 07:40:47, DEBUG@VPN: #二阶段第一个包接收完毕
2020-04-28 07:40:47, DEBUG@VPN: #二阶段第一个包开始发送
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: +++++++Phase 2 (quick mode) first msg send START.++++++++
2020-04-28 07:40:47, DEBUG@VPN: life duration was in TLV.
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: ===============Send===============
2020-04-28 07:40:47, DEBUG@VPN: ISAKMP Header Format:
....省略
2020-04-28 07:40:47, DEBUG@VPN: ================================
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Dump of above packet:
....省略
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Begin encryption ...
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Encrypted successful!
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: resend phase2 packet 1204b97cd5269773:45bbb278f66d6b24:0X31e36627
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: +++++++Phase 2 (quick mode) first msg send END.++++++++
2020-04-28 07:40:47, DEBUG@VPN: #二阶段第一个包发送完毕
2020-04-28 07:40:47, DEBUG@VPN: #二阶段第二个包开始接收
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) second msg receive START.++++++++
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Begin decryption ...
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: IV was saved for next processing:
2020-04-28 07:40:47, DEBUG@VPN: 7a53a98a cd8225bf 
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: with key:
2020-04-28 07:40:47, DEBUG@VPN: 06058653 85632a13 
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Decrypted payload by IV:
2020-04-28 07:40:47, DEBUG@VPN: c70e9c0b 837d6de7 
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Skip to trim padding
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Decrypted packet:
2020-04-28 07:40:47, DEBUG@VPN: 1204b97c d5269773 45bbb278 f66d6b24 08102001 31e36627 00000034 00000014
7334de6b 349d6716 89c19607 d4a0458f 00000000 
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Decrypt packet sucessful!
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: ===============Receive===============
2020-04-28 07:40:47, DEBUG@VPN: ISAKMP Header Format:
....省略
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: ================================
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Dump of above packet:
....省略
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Phase 2 (quick mode) : HASH(3) validate ...
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: HASH(3) generate ...
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: HASH(3) generate successful!
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: phase 2 (quick mode) : HASH(3) matched!
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: ++++++++Phase 2 (quick mode) second msg receive END.++++++++
2020-04-28 07:40:47, DEBUG@VPN: #2阶段快读模式第二个包接收完毕
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: Begin to compute KEYMAT ...
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: KEYMAT compute with
....省略
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: encklen=64 authklen=128
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: generating 384 bits of key (dupkeymat=3)
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: generating K1...K3 for KEYMAT.
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: KEYMAT compute with
....省略
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: encklen=64 authklen=128
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: generating 384 bits of key (dupkeymat=3)
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: generating K1...K3 for KEYMAT.
2020-04-28 07:40:47, DEBUG@VPN: [111.222.203.115]: KEYMAT computed successful!
2020-04-28 07:40:47, DEBUG@VPN: ===auto ike track value sent to dplane=== #到这里，隧道起来了

剩下的应该就是写路由的事了，最困难的地方已经过去了