Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
eko.one.pl → Oprogramowanie / Software → Ipsec iPhone
Strony 1
Zaloguj się lub zarejestruj by napisać odpowiedź
Konfigurowałem Ipsec według tego poradnika http://eko.one.pl/?p=openwrt-ipsec
Jednak telefon mówi, że serwer nie odpowiada. Porty otwarte. Od czego powinienem zacząć, aby znaleźć problem?
Użyłeś AA czy CC?
cc
W CC może być inaczej. Zrób iptables -v -L i zobacz czy w ogóle złapał się jakiś ruch na firewallu na tych regułkach.
Chyba się nie załapał w ogóle.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
14733 2297K delegate_input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3112K 2840M delegate_forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
13392 1703K delegate_output all -- any any anywhere anywhere
Chain delegate_forward (1 references)
pkts bytes target prot opt in out source destination
3112K 2840M forwarding_rule all -- any any anywhere anywhere /* user chain for forwarding */
3102K 2839M ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
10485 1660K zone_lan_forward all -- br-lan any anywhere anywhere
4 196 zone_wan_forward all -- eth0.2 any anywhere anywhere
0 0 reject all -- any any anywhere anywhere
Chain delegate_input (1 references)
pkts bytes target prot opt in out source destination
2421 124K ACCEPT all -- lo any anywhere anywhere
12312 2173K input_rule all -- any any anywhere anywhere /* user chain for input */
6268 1655K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
282 13060 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
5343 418K zone_lan_input all -- br-lan any anywhere anywhere
701 100K zone_wan_input all -- eth0.2 any anywhere anywhere
Chain delegate_output (1 references)
pkts bytes target prot opt in out source destination
2421 124K ACCEPT all -- any lo anywhere anywhere
10971 1579K output_rule all -- any any anywhere anywhere /* user chain for output */
5243 1178K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
37 11965 zone_lan_output all -- any br-lan anywhere anywhere
5691 388K zone_wan_output all -- any eth0.2 anywhere anywhere
Chain forwarding_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (3 references)
pkts bytes target prot opt in out source destination
300 21935 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
375 73560 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
282 13060 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
0 0 DROP all -- any any anywhere anywhere
Chain zone_lan_dest_ACCEPT (4 references)
pkts bytes target prot opt in out source destination
37 11965 ACCEPT all -- any br-lan anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
10485 1660K forwarding_lan_rule all -- any any anywhere anywhere /* user chain for forwarding */
10485 1660K zone_wan_dest_ACCEPT all -- any any anywhere anywhere /* forwarding lan -> wan */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* Accept port forwards */
0 0 zone_lan_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_input (1 references)
pkts bytes target prot opt in out source destination
5343 418K input_lan_rule all -- any any anywhere anywhere /* user chain for input */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* Accept port redirections */
5343 418K zone_lan_src_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_output (1 references)
pkts bytes target prot opt in out source destination
37 11965 output_lan_rule all -- any any anywhere anywhere /* user chain for output */
37 11965 zone_lan_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
5343 418K ACCEPT all -- br-lan any anywhere anywhere
Chain zone_wan_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
16176 2048K ACCEPT all -- any eth0.2 anywhere anywhere
Chain zone_wan_dest_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any eth0.2 anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
4 196 forwarding_wan_rule all -- any any anywhere anywhere /* user chain for forwarding */
0 0 zone_lan_dest_ACCEPT esp -- any any anywhere anywhere /* @rule[7] */
0 0 zone_lan_dest_ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp /* @rule[8] */
4 196 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* Accept port forwards */
0 0 zone_wan_dest_REJECT all -- any any anywhere anywhere
Chain zone_wan_input (1 references)
pkts bytes target prot opt in out source destination
701 100K input_wan_rule all -- any any anywhere anywhere /* user chain for input */
12 3936 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */
14 600 ACCEPT icmp -- any any anywhere anywhere icmp echo-request /* Allow-Ping */
0 0 ACCEPT igmp -- any any anywhere anywhere /* Allow-IGMP */
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:4500 /* @rule[9] */
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:4500 /* @rule[9] */
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:isakmp /* @rule[10] */
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp /* @rule[10] */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* Accept port redirections */
675 95495 zone_wan_src_REJECT all -- any any anywhere anywhere
Chain zone_wan_output (1 references)
pkts bytes target prot opt in out source destination
5691 388K output_wan_rule all -- any any anywhere anywhere /* user chain for output */
5691 388K zone_wan_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_wan_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
675 95495 reject all -- eth0.2 any anywhere anywhere Masz na wanie adres publiczny? Ktoś jest dostawcą internetu?
Ta, mam publiczny, normalnie http działa
Tak jak by ci się iphone w ogóle nie odwołał do serwera...
no bo to w koncu iphone, eh. Kombinuje nadal
L2TP z IPSec na iPhonie na pewno działa - sam sprawdzałem - co prawda na Debianie.
Ale chyba istnieje różnica pomiędzy L2TP a IPSec?
Ale chyba istnieje różnica pomiędzy L2TP a IPSec?
To dwie różne rzeczy 
Nawet w sieci lokalnej sie nie łączy. Pewnie coś z konfiguracja nie tak
Strony 1
Zaloguj się lub zarejestruj by napisać odpowiedź
eko.one.pl → Oprogramowanie / Software → Ipsec iPhone
Forum oparte o PunBB, wspierane przez Informer Technologies, Inc