IPSEC
-
Boa Noite neo_X,
eu fiz o que você me sugeriu e continua apresentando o mesmo erro de log.
Inclusive testei todas as opções de PFS key group.
Tem alguma outra sugestão?
Aguardo retorno.
Obrigado!
-
Só para tirar algumas dúvidas:
a) liberou a porta 500 nas regras de firewall?
b) Criou a regra Firewall Rules - Ipec . -
a) a porta 500 não havia liberado mas mesmo assim não resolveu. Ela não é utilizada para VPN em MAC?
b) já havia criado as regras na guia IPSEC.
Mesmo assim não funcionou!
-
coloca ai os logs do ipsec.
-
Oct 25 19:58:48 racoon: [Self]: INFO: 192.168.1.254[500] used as isakmp port (fd=15)
Oct 25 19:58:48 racoon: [Self]: INFO: 192.168.1.254[4500] used for NAT-T
Oct 25 19:58:48 racoon: [Self]: INFO: 192.168.1.254[4500] used as isakmp port (fd=16)
Oct 25 19:58:48 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[500] used as isakmp port (fd=17)
Oct 25 19:58:48 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[4500] used as isakmp port (fd=18)
Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[500] used for NAT-T
Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[500] used as isakmp port (fd=19)
Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[4500] used for NAT-T
Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[4500] used as isakmp port (fd=20)
Oct 25 19:58:48 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[500] used as isakmp port (fd=21)
Oct 25 19:58:48 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[4500] used as isakmp port (fd=22)
Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[500] used for NAT-T
Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=23)
Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[4500] used for NAT-T
Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[4500] used as isakmp port (fd=24)
Oct 25 19:58:48 racoon: [Self]: INFO: ::1[500] used as isakmp port (fd=25)
Oct 25 19:58:48 racoon: [Self]: INFO: ::1[4500] used as isakmp port (fd=26)
Oct 25 19:58:48 racoon: [Self]: INFO: fe80:7::1[500] used as isakmp port (fd=27)
Oct 25 19:58:48 racoon: [Self]: INFO: fe80:7::1[4500] used as isakmp port (fd=28)
Oct 25 19:58:48 racoon: INFO: fe80:9::223:54ff:fed2:3ef[500] used as isakmp port (fd=29)
Oct 25 19:58:48 racoon: INFO: fe80:9::223:54ff:fed2:3ef[4500] used as isakmp port (fd=30)
Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=31)
Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=32)
Oct 25 19:58:54 racoon: INFO: caught signal 15
Oct 25 19:58:54 racoon: INFO: racoon process 39603 shutdown
Oct 25 19:59:00 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
Oct 25 19:59:00 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
Oct 25 19:59:00 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=24)
Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=25)
Oct 25 19:59:00 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 25 19:59:00 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.254/32[0] 192.168.1.0/24[0] proto=any dir=out
Oct 25 19:59:00 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.254/32[0] proto=any dir=in
Oct 25 20:00:17 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 25 20:00:17 racoon: ERROR: such policy already exists. anyway replace it: 192.168.2.0/24[0] 192.168.1.0/24[0] proto=any dir=in
Oct 25 20:00:17 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.2.0/24[0] proto=any dir=out
Oct 25 20:00:17 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 25 20:02:17 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 28 10:30:38 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 28 10:32:02 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 28 10:46:08 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 28 10:47:20 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 28 11:06:15 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 28 11:07:04 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 28 11:10:22 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 28 11:13:51 racoon: INFO: unsupported PF_KEY message REGISTER -
Tenho um exemplo aqui.
-
Na filial vc inverte o My identifier.
-
Na filial vc inverte o My identifier.
Tentei e não deu certo. Só que não entendi uma coisa você pediu p eu inverter o My identifier na filial, mas inverter pelo que, Peer identifier?
Se for tentei também e não funfou!!
-
Informa os logs.
-
racoon: [Self]: INFO: 127.0.0.1[4500] used as isakmp port (fd=35)
Oct 29 08:32:08 racoon: [Self]: INFO: ::1[500] used as isakmp port (fd=36)
Oct 29 08:32:08 racoon: [Self]: INFO: ::1[4500] used as isakmp port (fd=37)
Oct 29 08:32:08 racoon: [Self]: INFO: fe80:7::1[500] used as isakmp port (fd=38)
Oct 29 08:32:08 racoon: [Self]: INFO: fe80:7::1[4500] used as isakmp port (fd=39)
Oct 29 08:32:08 racoon: INFO: fe80:9::223:54ff:fed2:3ef[500] used as isakmp port (fd=40)
Oct 29 08:32:08 racoon: INFO: fe80:9::223:54ff:fed2:3ef[4500] used as isakmp port (fd=41)
Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=42)
Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=43)
Oct 29 08:32:08 racoon: INFO: unsupported PF_KEY message REGISTER
Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=42)
Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=43)
Oct 29 10:14:06 racoon: INFO: caught signal 15
Oct 29 10:14:06 racoon: INFO: racoon process 92995 shutdown
Oct 29 10:14:11 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
Oct 29 10:14:11 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
Oct 29 10:14:11 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
Oct 29 10:14:11 racoon: INFO: fe80:1::223:54ff:fed2:3ef[500] used as isakmp port (fd=16)
Oct 29 10:14:11 racoon: INFO: fe80:1::223:54ff:fed2:3ef[4500] used as isakmp port (fd=17)
Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[500] used for NAT-T
Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[500] used as isakmp port (fd=18)
Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[4500] used for NAT-T
Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[4500] used as isakmp port (fd=19)
Oct 29 10:14:11 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[500] used as isakmp port (fd=22)
Oct 29 10:14:11 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[4500] used as isakmp port (fd=23)
Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[500] used for NAT-T
Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[500] used as isakmp port (fd=24)
Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[4500] used for NAT-T
Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[4500] used as isakmp port (fd=25)
Oct 29 10:14:11 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[500] used as isakmp port (fd=26)
Oct 29 10:14:11 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[4500] used as isakmp port (fd=27)
Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[500] used for NAT-T
Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=28)
Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[4500] used for NAT-T
Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[4500] used as isakmp port (fd=29)
Oct 29 10:14:11 racoon: [Self]: INFO: ::1[500] used as isakmp port (fd=30)
Oct 29 10:14:11 racoon: [Self]: INFO: ::1[4500] used as isakmp port (fd=31)
Oct 29 10:14:11 racoon: [Self]: INFO: fe80:7::1[500] used as isakmp port (fd=32)
Oct 29 10:14:11 racoon: [Self]: INFO: fe80:7::1[4500] used as isakmp port (fd=33)
Oct 29 10:14:11 racoon: INFO: fe80:9::223:54ff:fed2:3ef[500] used as isakmp port (fd=34)
Oct 29 10:14:11 racoon: INFO: fe80:9::223:54ff:fed2:3ef[4500] used as isakmp port (fd=35)
Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=36)
Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=37)
Oct 29 10:14:11 racoon: INFO: unsupported PF_KEY message REGISTER -
João tem coisa errada aí srsr….mas as telas para eu dar uma olhada. quero ver onde vc informou a rede 10.x na configuração.
-
Camarada a rede 10 é outra interface que eu tenho no firewall que libera acesso para visitantes.
A minha rede funciona o seguinte:
FW01
WAN - IP VALIDO (FIXO)
LAN - 192.168.1.0/24
WLAN - 10.1.1.0/24FW02
WAN - IP VALIDO (DYNAMIC)
LAN - 192.168.2.0/24
WLAN - 10.1.1.0/24 -
Boa noite Senhores,
Podem fechar o Tópico, consegui resolver o problema. Estava na Operadora (Telemar). Fiz alguns testes mais avançados e descobri que as portas para conexão com a VPN estavam sendo barradas. Entrei em contato com a operadora e os mesmos liberaram.
Obrigado a todos que me ajudaram!
Atenciosamente,
João Batista da Rocha Neto
-
Que bom ! :)