Доброе время суток!
Не идёт соединение в VPN между Клиентом WinXP и DI-804HV.
Клиент на домашнем компе в Стриме через роутер-модем ADSL.
IP-адреса:
Комп с клиентом XP - 192.168.1.3
Роутер-модем (к компу) - 192.168.1.1
Роутер-модем (в интернет) - x.x.x.x (динамический)
DI-804HV (в интернет) - y.y.y.y
DI-804HV ( к внутренней сети) - 192.168.2.1
Ну и комп в сети, соответственно - 192.168.2.3
Клиент на XP был отконфигурирован в соответствии с
http://www.d-link.ru/technical/faq_vpn_18.php
Лог соединения на DI-804HV:
==========================================
Monday October 24, 2005 21:52:58 Receive IKE M1(INIT) : x.x.x.x --> y.y.y.y
Monday October 24, 2005 21:52:58 Try to match with ENC:3DES AUTH:PSK HASH:SHA1 Group:Group2
Monday October 24, 2005 21:52:58 Try to match with ENC:3DES AUTH:PSK HASH:MD5 Group:Group2
Monday October 24, 2005 21:52:58 Try to match with ENC:DES AUTH:PSK HASH:SHA1 Group:Group1
Monday October 24, 2005 21:52:58 Send IKE M2(RESP) : y.y.y.y --> x.x.x.x
Monday October 24, 2005 21:52:59 receiving a re-Tx MM msg, response the last msg
Monday October 24, 2005 21:52:59 IKED re-TX : MM to x.x.x.x
Monday October 24, 2005 21:53:01 receiving a re-Tx MM msg, response the last msg
Monday October 24, 2005 21:53:01 IKED re-TX : MM to x.x.x.x
Monday October 24, 2005 21:53:01 Receive IKE M3(KEYINIT) : x.x.x.x --> y.y.y.y
Monday October 24, 2005 21:53:01 Send IKE M4(KEYRESP) : y.y.y.y --> x.x.x.x
Monday October 24, 2005 21:53:01 Receive IKE M5(IDINIT) : x.x.x.x --> y.y.y.y
Monday October 24, 2005 21:53:02 Receive IKE M5(IDINIT) : x.x.x.x --> y.y.y.y
Monday October 24, 2005 21:53:04 Receive IKE M5(IDINIT) : x.x.x.x --> y.y.y.y
Monday October 24, 2005 21:53:06 IKED re-TX : KEYRESP to x.x.x.x
Monday October 24, 2005 21:53:08 Receive IKE M5(IDINIT) : x.x.x.x --> y.y.y.y
Monday October 24, 2005 21:53:11 IKED re-TX : KEYRESP to x.x.x.x
Monday October 24, 2005 21:53:16 Receive IKE M5(IDINIT) : x.x.x.x --> y.y.y.y
Monday October 24, 2005 21:53:21 IKED re-TX : KEYRESP to x.x.x.x
Monday October 24, 2005 21:53:31 IKED re-TX : KEYRESP to x.x.x.x
Monday October 24, 2005 21:53:32 Receive IKE M5(IDINIT) : x.x.x.x --> y.y.y.y
Monday October 24, 2005 21:53:51 IKED re-TX : KEYRESP to x.x.x.x
Monday October 24, 2005 21:53:52 Send IKE (INFO) : delete y.y.y.y -> x.x.x.x phase 1
Monday October 24, 2005 21:53:52 IKE phase1 (ISAKMP SA) remove : y.y.y.y <-> x.x.x.x
==========================================
После того, как на DI-804HV была включена Extended Authentication (xAUTH) - поставлена галочка на Enable Server mode и указаны User name и Password, лог принял вид:
==========================================
Tuesday October 25, 2005 15:07:42 Receive IKE M1(INIT) : x.x.x.x --> y.y.y.y
Tuesday October 25, 2005 15:07:42 Try to match with ENC:3DES AUTH:PSK HASH:SHA1 Group:Group2
Tuesday October 25, 2005 15:07:42 Try to match with ENC:3DES AUTH:PSK HASH:MD5 Group:Group2
Tuesday October 25, 2005 15:07:42 Try to match with ENC:DES AUTH:PSK HASH:SHA1 Group:Group1
Tuesday October 25, 2005 15:07:42 Try to match with ENC:DES AUTH:PSK HASH:MD5 Group:Group1
Tuesday October 25, 2005 15:07:43 Receive IKE M1(INIT) : x.x.x.x --> y.y.y.y
Tuesday October 25, 2005 15:07:43 Try to match with ENC:3DES AUTH:PSK HASH:SHA1 Group:Group2
Tuesday October 25, 2005 15:07:43 Try to match with ENC:3DES AUTH:PSK HASH:MD5 Group:Group2
Tuesday October 25, 2005 15:07:43 Try to match with ENC:DES AUTH:PSK HASH:SHA1 Group:Group1
Tuesday October 25, 2005 15:07:43 Try to match with ENC:DES AUTH:PSK HASH:MD5 Group:Group1
Tuesday October 25, 2005 15:07:45 Receive IKE M1(INIT) : x.x.x.x --> y.y.y.y
Tuesday October 25, 2005 15:07:45 Try to match with ENC:3DES AUTH:PSK HASH:SHA1 Group:Group2
Tuesday October 25, 2005 15:07:45 Try to match with ENC:3DES AUTH:PSK HASH:MD5 Group:Group2
Tuesday October 25, 2005 15:07:45 Try to match with ENC:DES AUTH:PSK HASH:SHA1 Group:Group1
Tuesday October 25, 2005 15:07:45 Try to match with ENC:DES AUTH:PSK HASH:MD5 Group:Group1
Tuesday October 25, 2005 15:07:47 Send IKE (INFO) : delete y.y.y.y -> x.x.x.x phase 1
Tuesday October 25, 2005 15:07:47 IKE phase1 (ISAKMP SA) remove : y.y.y.y <-> x.x.x.x
=============================
Пинг с компа с XP сначала показывает 4 раза "Согласование используемого уровня безопасности IP", после чего благополучно сообщает, что все 4 пакета потеряны!
В чём засада? Можно ли (хотя бы примерно) по логу определить, в каком направлении двигаться?
Если нужны ещё какие-нибудь подробности, с радостью предоставлю.