Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tunnel IPsec comprendre les logs debug

    Français
    5
    9
    4.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Onitsha
      last edited by

      Bonjour,
      Je dois faire un Tunnel IPsec avec un fournisseur en acces distant j'ai suivis la procedure qu'une équipe du forum a partagé dans un dossier PDF.
      Cependant je n'arrive pas a comprendre les logs.

      Jun 10 19:15:21 	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
Jun 10 19:15:21 	racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
Jun 10 19:15:21 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Jun 10 19:15:21 	racoon: DEBUG: call pfkey_send_register for AH
Jun 10 19:15:21 	racoon: DEBUG: call pfkey_send_register for ESP
Jun 10 19:15:21 	racoon: DEBUG: call pfkey_send_register for IPCOMP
Jun 10 19:15:21 	racoon: DEBUG: reading config file /var/etc/racoon.conf
Jun 10 19:15:21 	racoon: DEBUG: no check of compression algorithm; not supported in sadb message.
Jun 10 19:15:21 	racoon: DEBUG: getsainfo params: loc='172.24.64.136/29' rmt='172.24.192.136/29' peer='NULL' client='NULL' id=1
Jun 10 19:15:21 	racoon: DEBUG: open /var/db/racoon/racoon.sock as racoon management.
Jun 10 19:15:21 	racoon: [Self]: INFO: 94.103.130.125[4500] used for NAT-T
Jun 10 19:15:21 	racoon: [Self]: INFO: 94.103.130.125[4500] used as isakmp port (fd=16)
Jun 10 19:15:21 	racoon: [Self]: INFO: 94.103.130.125[500] used for NAT-T
Jun 10 19:15:21 	racoon: [Self]: INFO: 94.103.130.125[500] used as isakmp port (fd=17)
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:21 	racoon: DEBUG: pfkey X_SPDDUMP failed: No such file or directory
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey REGISTER message
Jun 10 19:15:21 	racoon: INFO: unsupported PF_KEY message REGISTER
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDADD message
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDADD message
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548148: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDADD message
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548148: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548288: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDADD message
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548148: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548288: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: db :0x285483c8: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548148: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548148: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548288: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548148: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548288: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548508: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[1] recv()
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[2] recv()
Jun 10 19:15:32 	racoon: DEBUG: reading config file /var/etc/racoon.conf
Jun 10 19:15:32 	racoon: DEBUG: no check of compression algorithm; not supported in sadb message.
Jun 10 19:15:32 	racoon: DEBUG: getsainfo params: loc='172.24.64.136/29' rmt='172.24.192.136/29' peer='NULL' client='NULL' id=1
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey REGISTER message
Jun 10 19:15:32 	racoon: INFO: unsupported PF_KEY message REGISTER

      Déjà qu'est-ce que racoon ?
      Puis comment teste que mon tunnel est bien fonctionnel ?
      Est-ce qu'en mettant l'adresse ip du tunnel a une machine virtuelle et en essayant de me connecter via telnet cela fonctionne ? Car je me vois mal téléphoner a mon fournisseur pour lui demande d'effectuer des tests a chaque changement de configuration dans la configuration du parefeu .

      En vous remerciant .
      Oni'

      1 Reply Last reply Reply Quote 0
      • J
        jdh
        last edited by

        Les liens utiles :

        • http://fr.wikipedia.org/wiki/IPsec (assez général mais les bonnes rfc)
        • http://www.frameip.com/ipsec/ (pédagogique, attention chaque mot compte !)

        Il est notable que, pour Ipsec, il est important de bien regarder la connexion entre les 2 points Ipsec : présence ou non de routeurs NAT !

        Attention : la virtualisation complique la perception des réalités réseaux !!

        Albert EINSTEIN : Si vous ne pouvez pas l'exprimer simplement, c'est que vous ne le comprenez pas assez bien. (If you can’t explain it simply, you don’t understand it well enough.)

        1 Reply Last reply Reply Quote 0
        • A
          aabadie
          last edited by

          @Onitsha:

          Déjà qu'est-ce que racoon ?

          "service" qui gère le cryptage Ipsec sur freebsd

          @Onitsha:

          Puis comment teste que mon tunnel est bien fonctionnel ?

          Pour commencer, il faudrait savoir à quoi va servir le tunnel ?

          1 Reply Last reply Reply Quote 0
          • C
            chocoboss
            last edited by

            @Onitsha:

            Puis comment teste que mon tunnel est bien fonctionnel ?

            ping ? :D

            1 Reply Last reply Reply Quote 0
            • O
              Onitsha
              last edited by

              Resolu

              1 Reply Last reply Reply Quote 0
              • C
                ccnet
                last edited by

                http://doc.pfsense.org/index.php/IPsec_Troubleshooting

                1 Reply Last reply Reply Quote 0
                • O
                  Onitsha
                  last edited by

                  Merci le soucis est résolu :]

                  1 Reply Last reply Reply Quote 0
                  • A
                    aabadie
                    last edited by

                    Une explication pour ceux qui auraient un pb similaire ?

                    1 Reply Last reply Reply Quote 0
                    • O
                      Onitsha
                      last edited by

                      Oui je suis en train de rédiger quelque chose de plus ou moins correct .

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.