Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC

    Scheduled Pinned Locked Moved Portuguese
    16 Posts 2 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      joaobrn
      last edited by

      Boa Noite neo_X,

      eu fiz o que você me sugeriu e continua apresentando o mesmo erro de log.

      Inclusive testei todas as opções de PFS key group.

      Tem alguma outra sugestão?

      Aguardo retorno.

      Obrigado!

      Atenciosamente,

      João Batista da Rocha Neto
      ROCHA NETO - Consultoria em TI
      Fone: (34) 99943-1030
      Skype: joaobrn.rochanetoconsultoria

      1 Reply Last reply Reply Quote 0
      • N Offline
        neo_X
        last edited by

        Só para tirar algumas dúvidas:
        a) liberou a porta 500 nas regras de firewall?
        b) Criou a regra Firewall Rules  - Ipec .

        1 Reply Last reply Reply Quote 0
        • J Offline
          joaobrn
          last edited by

          a) a porta 500 não havia liberado mas mesmo assim não resolveu. Ela não é utilizada para VPN em MAC?

          b) já havia criado as regras na guia IPSEC.

          Mesmo assim não funcionou!

          Atenciosamente,

          João Batista da Rocha Neto
          ROCHA NETO - Consultoria em TI
          Fone: (34) 99943-1030
          Skype: joaobrn.rochanetoconsultoria

          1 Reply Last reply Reply Quote 0
          • N Offline
            neo_X
            last edited by

            coloca ai os logs do ipsec.

            1 Reply Last reply Reply Quote 0
            • J Offline
              joaobrn
              last edited by

              Oct 25 19:58:48 racoon: [Self]: INFO: 192.168.1.254[500] used as isakmp port (fd=15)
              Oct 25 19:58:48 racoon: [Self]: INFO: 192.168.1.254[4500] used for NAT-T
              Oct 25 19:58:48 racoon: [Self]: INFO: 192.168.1.254[4500] used as isakmp port (fd=16)
              Oct 25 19:58:48 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[500] used as isakmp port (fd=17)
              Oct 25 19:58:48 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[4500] used as isakmp port (fd=18)
              Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[500] used for NAT-T
              Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[500] used as isakmp port (fd=19)
              Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[4500] used for NAT-T
              Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[4500] used as isakmp port (fd=20)
              Oct 25 19:58:48 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[500] used as isakmp port (fd=21)
              Oct 25 19:58:48 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[4500] used as isakmp port (fd=22)
              Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[500] used for NAT-T
              Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=23)
              Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[4500] used for NAT-T
              Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[4500] used as isakmp port (fd=24)
              Oct 25 19:58:48 racoon: [Self]: INFO: ::1[500] used as isakmp port (fd=25)
              Oct 25 19:58:48 racoon: [Self]: INFO: ::1[4500] used as isakmp port (fd=26)
              Oct 25 19:58:48 racoon: [Self]: INFO: fe80:7::1[500] used as isakmp port (fd=27)
              Oct 25 19:58:48 racoon: [Self]: INFO: fe80:7::1[4500] used as isakmp port (fd=28)
              Oct 25 19:58:48 racoon: INFO: fe80:9::223:54ff:fed2:3ef[500] used as isakmp port (fd=29)
              Oct 25 19:58:48 racoon: INFO: fe80:9::223:54ff:fed2:3ef[4500] used as isakmp port (fd=30)
              Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
              Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=31)
              Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
              Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=32)
              Oct 25 19:58:54 racoon: INFO: caught signal 15
              Oct 25 19:58:54 racoon: INFO: racoon process 39603 shutdown
              Oct 25 19:59:00 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
              Oct 25 19:59:00 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
              Oct 25 19:59:00 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
              Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
              Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=24)
              Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
              Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=25)
              Oct 25 19:59:00 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 25 19:59:00 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.254/32[0] 192.168.1.0/24[0] proto=any dir=out
              Oct 25 19:59:00 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.254/32[0] proto=any dir=in
              Oct 25 20:00:17 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 25 20:00:17 racoon: ERROR: such policy already exists. anyway replace it: 192.168.2.0/24[0] 192.168.1.0/24[0] proto=any dir=in
              Oct 25 20:00:17 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.2.0/24[0] proto=any dir=out
              Oct 25 20:00:17 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 25 20:02:17 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 28 10:30:38 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 28 10:32:02 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 28 10:46:08 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 28 10:47:20 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 28 11:06:15 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 28 11:07:04 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 28 11:10:22 racoon: INFO: unsupported PF_KEY message REGISTER
              Oct 28 11:13:51 racoon: INFO: unsupported PF_KEY message REGISTER

              Atenciosamente,

              João Batista da Rocha Neto
              ROCHA NETO - Consultoria em TI
              Fone: (34) 99943-1030
              Skype: joaobrn.rochanetoconsultoria

              1 Reply Last reply Reply Quote 0
              • N Offline
                neo_X
                last edited by

                Tenho um exemplo aqui.

                1.jpg
                1.jpg_thumb
                2.jpg
                2.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • N Offline
                  neo_X
                  last edited by

                  Na filial vc inverte o My identifier.

                  3.jpg
                  3.jpg_thumb
                  4.jpg
                  4.jpg_thumb

                  1 Reply Last reply Reply Quote 0
                  • J Offline
                    joaobrn
                    last edited by

                    @neo_X:

                    Na filial vc inverte o My identifier.

                    Tentei e não deu certo. Só que não entendi uma coisa você pediu p eu inverter o My identifier na filial, mas inverter pelo que, Peer identifier?

                    Se for tentei também e não funfou!!

                    Atenciosamente,

                    João Batista da Rocha Neto
                    ROCHA NETO - Consultoria em TI
                    Fone: (34) 99943-1030
                    Skype: joaobrn.rochanetoconsultoria

                    1 Reply Last reply Reply Quote 0
                    • N Offline
                      neo_X
                      last edited by

                      Informa os logs.

                      1 Reply Last reply Reply Quote 0
                      • J Offline
                        joaobrn
                        last edited by

                        racoon: [Self]: INFO: 127.0.0.1[4500] used as isakmp port (fd=35)
                        Oct 29 08:32:08 racoon: [Self]: INFO: ::1[500] used as isakmp port (fd=36)
                        Oct 29 08:32:08 racoon: [Self]: INFO: ::1[4500] used as isakmp port (fd=37)
                        Oct 29 08:32:08 racoon: [Self]: INFO: fe80:7::1[500] used as isakmp port (fd=38)
                        Oct 29 08:32:08 racoon: [Self]: INFO: fe80:7::1[4500] used as isakmp port (fd=39)
                        Oct 29 08:32:08 racoon: INFO: fe80:9::223:54ff:fed2:3ef[500] used as isakmp port (fd=40)
                        Oct 29 08:32:08 racoon: INFO: fe80:9::223:54ff:fed2:3ef[4500] used as isakmp port (fd=41)
                        Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
                        Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=42)
                        Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
                        Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=43)
                        Oct 29 08:32:08 racoon: INFO: unsupported PF_KEY message REGISTER
                        Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
                        Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=42)
                        Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
                        Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=43)
                        Oct 29 10:14:06 racoon: INFO: caught signal 15
                        Oct 29 10:14:06 racoon: INFO: racoon process 92995 shutdown
                        Oct 29 10:14:11 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
                        Oct 29 10:14:11 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
                        Oct 29 10:14:11 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
                        Oct 29 10:14:11 racoon: INFO: fe80:1::223:54ff:fed2:3ef[500] used as isakmp port (fd=16)
                        Oct 29 10:14:11 racoon: INFO: fe80:1::223:54ff:fed2:3ef[4500] used as isakmp port (fd=17)
                        Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[500] used for NAT-T
                        Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[500] used as isakmp port (fd=18)
                        Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[4500] used for NAT-T
                        Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[4500] used as isakmp port (fd=19)
                        Oct 29 10:14:11 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[500] used as isakmp port (fd=22)
                        Oct 29 10:14:11 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[4500] used as isakmp port (fd=23)
                        Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[500] used for NAT-T
                        Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[500] used as isakmp port (fd=24)
                        Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[4500] used for NAT-T
                        Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[4500] used as isakmp port (fd=25)
                        Oct 29 10:14:11 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[500] used as isakmp port (fd=26)
                        Oct 29 10:14:11 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[4500] used as isakmp port (fd=27)
                        Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[500] used for NAT-T
                        Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=28)
                        Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[4500] used for NAT-T
                        Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[4500] used as isakmp port (fd=29)
                        Oct 29 10:14:11 racoon: [Self]: INFO: ::1[500] used as isakmp port (fd=30)
                        Oct 29 10:14:11 racoon: [Self]: INFO: ::1[4500] used as isakmp port (fd=31)
                        Oct 29 10:14:11 racoon: [Self]: INFO: fe80:7::1[500] used as isakmp port (fd=32)
                        Oct 29 10:14:11 racoon: [Self]: INFO: fe80:7::1[4500] used as isakmp port (fd=33)
                        Oct 29 10:14:11 racoon: INFO: fe80:9::223:54ff:fed2:3ef[500] used as isakmp port (fd=34)
                        Oct 29 10:14:11 racoon: INFO: fe80:9::223:54ff:fed2:3ef[4500] used as isakmp port (fd=35)
                        Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
                        Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=36)
                        Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
                        Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=37)
                        Oct 29 10:14:11 racoon: INFO: unsupported PF_KEY message REGISTER

                        Atenciosamente,

                        João Batista da Rocha Neto
                        ROCHA NETO - Consultoria em TI
                        Fone: (34) 99943-1030
                        Skype: joaobrn.rochanetoconsultoria

                        1 Reply Last reply Reply Quote 0
                        • N Offline
                          neo_X
                          last edited by

                          João tem coisa errada aí srsr….mas as telas para eu dar uma olhada. quero ver onde vc informou a rede 10.x na configuração.

                          1 Reply Last reply Reply Quote 0
                          • J Offline
                            joaobrn
                            last edited by

                            Camarada a rede 10 é outra interface que eu tenho no firewall que libera acesso para visitantes.

                            A minha rede funciona o seguinte:

                            FW01
                            WAN - IP VALIDO (FIXO)
                            LAN - 192.168.1.0/24
                            WLAN - 10.1.1.0/24

                            FW02
                            WAN - IP VALIDO (DYNAMIC)
                            LAN - 192.168.2.0/24
                            WLAN - 10.1.1.0/24

                            Atenciosamente,

                            João Batista da Rocha Neto
                            ROCHA NETO - Consultoria em TI
                            Fone: (34) 99943-1030
                            Skype: joaobrn.rochanetoconsultoria

                            1 Reply Last reply Reply Quote 0
                            • J Offline
                              joaobrn
                              last edited by

                              Boa noite Senhores,

                              Podem fechar o Tópico, consegui resolver o problema. Estava na Operadora (Telemar). Fiz alguns testes mais avançados e descobri que as portas para conexão com a VPN estavam sendo barradas. Entrei em contato com a operadora e os mesmos liberaram.

                              Obrigado a todos que me ajudaram!

                              Atenciosamente,

                              João Batista da Rocha Neto

                              Atenciosamente,

                              João Batista da Rocha Neto
                              ROCHA NETO - Consultoria em TI
                              Fone: (34) 99943-1030
                              Skype: joaobrn.rochanetoconsultoria

                              1 Reply Last reply Reply Quote 0
                              • N Offline
                                neo_X
                                last edited by

                                Que bom ! :)

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.