KESL блокирует доступ в рабочую VPN-сеть (StrongSwan socket error KES)

[Valerii Gamaley]

Доброго времени суток, коллеги. Недавно в рабочей сети перешли на использование KES как основного антивируса и возникла небольшая сложность при использовании его на Debian 11 KDE. Как только включаю антивирус, то блочится трафик и невозможно попасть во внутреннюю сеть. При отключении KES сервиса коннект нормальный и все работает корректно. В логах вижу примерно такие сообщения (вместо поля <адрес_сервера_компании> разумеется IP адрес VPN-сети):

Apr 15 11:09:21 DELLINSPIRON5490-DEBIAN11 NetworkManager[19083]: Stopping strongSwan IPsec failed: starter is not running
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 NetworkManager[19080]: Starting strongSwan 5.9.1 IPsec [starter]...
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 NetworkManager[19080]: Loading config setup
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 NetworkManager[19080]: Loading conn '547c105b-77a0-4c1d-b891-cbf52aa6c7a2'
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.1, Linux 5.10.0-21-amd64, x86_64)
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[CFG]   loaded IKE secret for %any
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 00[JOB] spawning 16 worker threads
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 05[CFG] received stroke: add connection '547c105b-77a0-4c1d-b891-cbf52aa6c7a2'
Apr 15 11:09:23 DELLINSPIRON5490-DEBIAN11 charon: 05[CFG] added configuration '547c105b-77a0-4c1d-b891-cbf52aa6c7a2'
Apr 15 11:09:24 DELLINSPIRON5490-DEBIAN11 charon: 08[CFG] rereading secrets
Apr 15 11:09:24 DELLINSPIRON5490-DEBIAN11 charon: 08[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 15 11:09:24 DELLINSPIRON5490-DEBIAN11 charon: 08[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 15 11:09:24 DELLINSPIRON5490-DEBIAN11 charon: 08[CFG]   loaded IKE secret for %any
Apr 15 11:09:24 DELLINSPIRON5490-DEBIAN11 charon: 10[CFG] received stroke: initiate '547c105b-77a0-4c1d-b891-cbf52aa6c7a2'
Apr 15 11:09:24 DELLINSPIRON5490-DEBIAN11 charon: 11[IKE] initiating Main Mode IKE_SA 547c105b-77a0-4c1d-b891-cbf52aa6c7a2[1] to <адрес_сервера_компании>
Apr 15 11:09:24 DELLINSPIRON5490-DEBIAN11 charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Apr 15 11:09:24 DELLINSPIRON5490-DEBIAN11 charon: 11[NET] sending packet: from 127.0.0.1[500] to <адрес_сервера_компании>[500] (532 bytes)
Apr 15 11:09:24 DELLINSPIRON5490-DEBIAN11 charon: 04[NET] error writing to socket: Invalid argument
Apr 15 11:09:28 DELLINSPIRON5490-DEBIAN11 charon: 12[IKE] sending retransmit 1 of request message ID 0, seq 1
Apr 15 11:09:28 DELLINSPIRON5490-DEBIAN11 charon: 12[NET] sending packet: from 127.0.0.1[500] to <адрес_сервера_компании>[500] (532 bytes)
Apr 15 11:09:28 DELLINSPIRON5490-DEBIAN11 charon: 04[NET] error writing to socket: Invalid argument
Apr 15 11:09:34 DELLINSPIRON5490-DEBIAN11 NetworkManager[19126]: Stopping strongSwan IPsec...
Apr 15 11:09:34 DELLINSPIRON5490-DEBIAN11 charon: 00[DMN] SIGINT received, shutting down
Apr 15 11:09:34 DELLINSPIRON5490-DEBIAN11 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Apr 15 11:09:34 DELLINSPIRON5490-DEBIAN11 NetworkManager[19122]: initiating Main Mode IKE_SA 547c105b-77a0-4c1d-b891-cbf52aa6c7a2[1] to 62.117.98.42
Apr 15 11:09:34 DELLINSPIRON5490-DEBIAN11 NetworkManager[19122]: generating ID_PROT request 0 [ SA V V V V V ]
Apr 15 11:09:34 DELLINSPIRON5490-DEBIAN11 NetworkManager[19122]: sending packet: from 127.0.0.1[500] to <адрес_сервера_компании>[500] (532 bytes)
Apr 15 11:09:34 DELLINSPIRON5490-DEBIAN11 NetworkManager[19122]: sending retransmit 1 of request message ID 0, seq 1
Apr 15 11:09:34 DELLINSPIRON5490-DEBIAN11 NetworkManager[19122]: sending packet: from 127.0.0.1[500] to <адрес_сервера_компании>[500] (532 bytes)
Apr 15 11:09:34 DELLINSPIRON5490-DEBIAN11 NetworkManager[19122]: destroying IKE_SA in state CONNECTING without notification

Из допинформации - так же настроена маршрутизация на сеть компании через шлюз, чтобы при работе в VPN оставался доступ во внешний интернет. Просьба помочь решить проблему.