2

Резюме:

Я не могу подключиться к VPN с Cisco IPSec, очевидно, потому что общий секретный ключ не сохраняется после его ввода (он всегда остается пустым).

Детальное объяснение:

Я создал VPN-соединение с Cisco IPSec и успешно подключился. Внезапно (через пару часов) я отключился и получил следующую ошибку после попытки переподключения:

"Сервер VPN не ответил. Проверьте адрес сервера и попробуйте восстановить соединение. "

Адрес был в порядке, поэтому я проверил логи и нашел:

Feb 22 17:59:35 gerry racoon[4401]: couldn't find the pskey by address 204.232.144.166.

Я проверил общий секрет, и он был пустым; я набрал его снова, щелкнул ОК, сразу открыл и снова получил пустой секретный ключ. Я снова набрал общий секрет и попытался подключиться, получив следующие журналы:

Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSetFillColorWithColor: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSetStrokeColorWithColor: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetCompositeOperation: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSetCompositeOperation: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextFillRects: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSetCompositeOperation: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextClipToRect: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetShouldSmoothFonts: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetFontSmoothingStyle: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetFontAntialiasingStyle: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSetFontSmoothingStyle: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetCTM: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetDefaultUserSpaceToDeviceSpaceTransform: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSaveGState: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextConcatCTM: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSaveGState: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextDrawImages: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextRestoreGState: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 --- last message repeated 1 time ---
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetCTM: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetShouldSmoothFonts: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetFontSmoothingStyle: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSetFontSmoothingStyle: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 --- last message repeated 1 time ---
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetCTM: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetDefaultUserSpaceToDeviceSpaceTransform: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSaveGState: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextConcatCTM: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSaveGState: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextDrawImages: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextRestoreGState: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 --- last message repeated 1 time ---
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetCTM: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 --- last message repeated 1 time ---
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetDefaultUserSpaceToDeviceSpaceTransform: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSaveGState: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextConcatCTM: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextSaveGState: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextDrawImages: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextRestoreGState: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.
Feb 22 18:10:41 --- last message repeated 1 time ---
Feb 22 18:10:41 gerry com.apple.preference.network.remoteservice[4315]: CGContextGetCTM: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.

Я искал информацию относительно этих журналов, но не мог выяснить, были ли они связаны с проблемой.

Я попытался удалить VPN-соединение и создать новое (кстати, я не смог использовать одно и то же имя), и оно тоже не сработало, поэтому я снова просматриваю логи:

Feb 22 18:16:26 gerry nesessionmanager[951]: Failed to load configuration with ID <__NSConcreteUUID 0x7fedfa504910> A7892601-20D6-4D80-88B7-8D2AA22CF4E1
Feb 22 18:16:26 gerry nesessionmanager[951]: Failed to create a session with type 1 and configuration ID <__NSConcreteUUID 0x7fedfa504910> A7892601-20D6-4D80-88B7-8D2AA22CF4E1
Feb 22 18:16:26 gerry nesessionmanager[951]: Failed to load configuration with ID <__NSConcreteUUID 0x7fedfa407490> A7892601-20D6-4D80-88B7-8D2AA22CF4E1
Feb 22 18:16:26 gerry nesessionmanager[951]: Failed to create a session with type 1 and configuration ID <__NSConcreteUUID 0x7fedfa407490> A7892601-20D6-4D80-88B7-8D2AA22CF4E1

К сожалению, я не смог ничего сделать без этих журналов (один и тот же журнал повторялся примерно 20 раз и останавливался), поэтому я удалил все свои VPN-подключения (снова), создал новое (на этот раз я смог выбрать то же имя ) и получил другую запись в журнале:

Feb 22 18:31:49 gerry nehelper[217]: 3C44D371-6954-4001-A2D7-0100446EDA8A.XAUTH: SecKeychainItemCreateFromContent failed: User interaction is not allowed.
Feb 22 18:31:49 gerry nehelper[217]: 3C44D371-6954-4001-A2D7-0100446EDA8A.SS: SecKeychainItemCreateFromContent failed: User interaction is not allowed.

Наконец, я искал запись цепочки для ключей (в доступе цепочки для ключей) для моего VPN-соединения, но не нашел ничего. Я думаю, это может быть проблемой.

Есть идеи, в чем может быть проблема? Я попытался подключиться к другому Mac (та же операционная система, El Capitan), и у меня не было никаких проблем, но я не мог заставить VPN работать на моем Mac.

Спасибо!

Полные журналы, созданные после попытки подключения (для контекста):

Feb 22 17:59:35 gerry nesessionmanager[951]: NESMLegacySession[VPN (Cisco IPSec):47CF9F0A-25FA-43A3-A675-9B30B55D84C0]: Received a start command from SystemUIServer[292]
Feb 22 17:59:35 gerry nesessionmanager[951]: NESMLegacySession[VPN (Cisco IPSec):47CF9F0A-25FA-43A3-A675-9B30B55D84C0]: status changed to connecting
Feb 22 17:59:35 gerry nesessionmanager[951]: IPSec connecting to server 204.232.144.166
Feb 22 17:59:35 gerry nesessionmanager[951]: IPSec Phase1 starting.
Feb 22 17:59:35 gerry racoon[4401]: accepted connection on vpn control socket.
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: IPSec connecting to server 204.232.144.166
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: Connecting.
Feb 22 17:59:35 gerry racoon[4401]: IPSec Phase 1 started (Initiated by me).
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
Feb 22 17:59:35 gerry racoon[4401]: >>>>> phase change status = Phase 1 started by us
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: none message must be encrypted, status 0x14a1, side 0
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry nesessionmanager[951]: IPSec Controller: IKE FAILED. phase 2, assert 0
Feb 22 17:59:35 gerry nesessionmanager[951]: IPSec Controller: retry IPSec aggressive mode with DH Group 2
Feb 22 17:59:35 gerry nesessionmanager[951]: IPSec Phase1 starting.
Feb 22 17:59:35 gerry racoon[4401]: IPSec connecting to server 204.232.144.166
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: Connecting.
Feb 22 17:59:35 gerry racoon[4401]: IPSec Phase 1 started (Initiated by me).
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
Feb 22 17:59:35 gerry racoon[4401]: >>>>> phase change status = Phase 1 started by us
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: port 62465 expected, but 0
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: try to get pskey by the peer's address.
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: couldn't find the pskey by address 204.232.144.166.
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: couldn't find the pskey for 204.232.144.166.
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: failed to generate SKEYID
Feb 22 17:59:35 --- last message repeated 1 time ---
Feb 22 17:59:35 gerry racoon[4401]: IKE Packet: receive failed. (Initiator, Aggressive-Mode Message 2).
Feb 22 17:59:38 gerry racoon[4401]: IKE Packet: transmit success. (Phase 1 Retransmit).
Feb 22 17:59:38 gerry racoon[4401]: port 37905 expected, but 0
Feb 22 17:59:38 --- last message repeated 1 time ---
Feb 22 17:59:38 gerry racoon[4401]: try to get pskey by the peer's address.
Feb 22 17:59:38 --- last message repeated 1 time ---
Feb 22 17:59:38 gerry racoon[4401]: couldn't find the pskey by address 204.232.144.166.
Feb 22 17:59:38 --- last message repeated 1 time ---
Feb 22 17:59:38 gerry racoon[4401]: couldn't find the pskey for 204.232.144.166.
Feb 22 17:59:38 --- last message repeated 1 time ---
Feb 22 17:59:38 gerry racoon[4401]: failed to generate SKEYID
Feb 22 17:59:38 --- last message repeated 1 time ---
Feb 22 17:59:38 gerry racoon[4401]: IKE Packet: receive failed. (Initiator, Aggressive-Mode Message 2).
Feb 22 17:59:41 gerry racoon[4401]: IKE Packet: transmit success. (Phase 1 Retransmit).
Feb 22 17:59:43 gerry racoon[4401]: port 37905 expected, but 0
Feb 22 17:59:43 --- last message repeated 1 time ---
Feb 22 17:59:43 gerry racoon[4401]: try to get pskey by the peer's address.
Feb 22 17:59:43 --- last message repeated 1 time ---
Feb 22 17:59:43 gerry racoon[4401]: couldn't find the pskey by address 204.232.144.166.
Feb 22 17:59:43 --- last message repeated 1 time ---
Feb 22 17:59:43 gerry racoon[4401]: couldn't find the pskey for 204.232.144.166.
Feb 22 17:59:43 --- last message repeated 1 time ---
Feb 22 17:59:43 gerry racoon[4401]: failed to generate SKEYID
Feb 22 17:59:43 --- last message repeated 1 time ---
Feb 22 17:59:43 gerry racoon[4401]: IKE Packet: receive failed. (Initiator, Aggressive-Mode Message 2).
Feb 22 17:59:45 gerry racoon[4401]: IKE Packet: transmit success. (Phase 1 Retransmit).
Feb 22 17:59:45 gerry nesessionmanager[951]: NESMLegacySession[VPN (Cisco IPSec):47CF9F0A-25FA-43A3-A675-9B30B55D84C0]: status changed to disconnecting
Feb 22 17:59:45 gerry nesessionmanager[951]: IPSec disconnecting from server 204.232.144.166
Feb 22 17:59:45 gerry racoon[4401]: IPSec disconnecting from server 204.232.144.166
Feb 22 17:59:45 --- last message repeated 3 times ---
Feb 22 17:59:45 gerry nesessionmanager[951]: NESMLegacySession[VPN (Cisco IPSec):47CF9F0A-25FA-43A3-A675-9B30B55D84C0]: status changed to disconnected, last stop reason None
Feb 22 17:59:45 gerry racoon[4401]: glob found no matches for path "/var/run/racoon/*.conf"
Feb 22 17:59:46 gerry racoon[4401]: Connecting.
Feb 22 17:59:46 --- last message repeated 1 time ---
Feb 22 17:59:46 gerry racoon[4401]: Unknown Informational exchange received.
|источник

1 ответ1

0

Проблема была действительно с цепочкой для ключей Apple, я не мог разобраться с ней, поэтому я решил сбросить цепочку для ключей (Доступ к цепочке для ключей> Настройки> Сбросить мою цепочку для ключей по умолчанию), и это работало, единственный (незначительный) недостаток состоял в том, что мне нужно было добавить все мои пароли снова.

Я не мог понять, что вызвало проблему в первую очередь, поэтому, если у кого-то есть идеи, что может привести к сбою цепочки для ключей, пожалуйста, поделитесь!

ОБНОВИТЬ

Проблема повторяется, поэтому я думаю, что что-то между цепочкой для ключей и vpn не работает. Единственный способ сохранить его работоспособность - перезапускать цепочку для ключей снова и снова ... Какие-либо предложения?

ОБНОВЛЕНИЕ 2

Я наконец нашел причину этой проблемы: последняя версия (5.1.2) Phusion Passenger вносит изменения в /Library/Preferences/com.apple.security.plist, вызывая проблемы с цепочкой для ключей.

Полное описание проблемы и временное решение можно найти здесь.

|источник

Всё ещё ищете ответ? Посмотрите другие вопросы с метками .