Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC

    Scheduled Pinned Locked Moved Portuguese
    16 Posts 2 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      joaobrn
      last edited by

      Oct 25 19:58:48 racoon: [Self]: INFO: 192.168.1.254[500] used as isakmp port (fd=15)
      Oct 25 19:58:48 racoon: [Self]: INFO: 192.168.1.254[4500] used for NAT-T
      Oct 25 19:58:48 racoon: [Self]: INFO: 192.168.1.254[4500] used as isakmp port (fd=16)
      Oct 25 19:58:48 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[500] used as isakmp port (fd=17)
      Oct 25 19:58:48 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[4500] used as isakmp port (fd=18)
      Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[500] used for NAT-T
      Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[500] used as isakmp port (fd=19)
      Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[4500] used for NAT-T
      Oct 25 19:58:48 racoon: [Self]: INFO: 10.1.1.254[4500] used as isakmp port (fd=20)
      Oct 25 19:58:48 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[500] used as isakmp port (fd=21)
      Oct 25 19:58:48 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[4500] used as isakmp port (fd=22)
      Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[500] used for NAT-T
      Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=23)
      Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[4500] used for NAT-T
      Oct 25 19:58:48 racoon: [Self]: INFO: 127.0.0.1[4500] used as isakmp port (fd=24)
      Oct 25 19:58:48 racoon: [Self]: INFO: ::1[500] used as isakmp port (fd=25)
      Oct 25 19:58:48 racoon: [Self]: INFO: ::1[4500] used as isakmp port (fd=26)
      Oct 25 19:58:48 racoon: [Self]: INFO: fe80:7::1[500] used as isakmp port (fd=27)
      Oct 25 19:58:48 racoon: [Self]: INFO: fe80:7::1[4500] used as isakmp port (fd=28)
      Oct 25 19:58:48 racoon: INFO: fe80:9::223:54ff:fed2:3ef[500] used as isakmp port (fd=29)
      Oct 25 19:58:48 racoon: INFO: fe80:9::223:54ff:fed2:3ef[4500] used as isakmp port (fd=30)
      Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
      Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=31)
      Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
      Oct 25 19:58:48 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=32)
      Oct 25 19:58:54 racoon: INFO: caught signal 15
      Oct 25 19:58:54 racoon: INFO: racoon process 39603 shutdown
      Oct 25 19:59:00 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
      Oct 25 19:59:00 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
      Oct 25 19:59:00 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
      Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
      Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=24)
      Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
      Oct 25 19:59:00 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=25)
      Oct 25 19:59:00 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 25 19:59:00 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.254/32[0] 192.168.1.0/24[0] proto=any dir=out
      Oct 25 19:59:00 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.254/32[0] proto=any dir=in
      Oct 25 20:00:17 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 25 20:00:17 racoon: ERROR: such policy already exists. anyway replace it: 192.168.2.0/24[0] 192.168.1.0/24[0] proto=any dir=in
      Oct 25 20:00:17 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.2.0/24[0] proto=any dir=out
      Oct 25 20:00:17 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 25 20:02:17 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 28 10:30:38 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 28 10:32:02 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 28 10:46:08 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 28 10:47:20 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 28 11:06:15 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 28 11:07:04 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 28 11:10:22 racoon: INFO: unsupported PF_KEY message REGISTER
      Oct 28 11:13:51 racoon: INFO: unsupported PF_KEY message REGISTER

      Atenciosamente,

      João Batista da Rocha Neto
      ROCHA NETO - Consultoria em TI
      Fone: (34) 99943-1030
      Skype: joaobrn.rochanetoconsultoria

      1 Reply Last reply Reply Quote 0
      • N Offline
        neo_X
        last edited by

        Tenho um exemplo aqui.

        1.jpg
        1.jpg_thumb
        2.jpg
        2.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • N Offline
          neo_X
          last edited by

          Na filial vc inverte o My identifier.

          3.jpg
          3.jpg_thumb
          4.jpg
          4.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • J Offline
            joaobrn
            last edited by

            @neo_X:

            Na filial vc inverte o My identifier.

            Tentei e não deu certo. Só que não entendi uma coisa você pediu p eu inverter o My identifier na filial, mas inverter pelo que, Peer identifier?

            Se for tentei também e não funfou!!

            Atenciosamente,

            João Batista da Rocha Neto
            ROCHA NETO - Consultoria em TI
            Fone: (34) 99943-1030
            Skype: joaobrn.rochanetoconsultoria

            1 Reply Last reply Reply Quote 0
            • N Offline
              neo_X
              last edited by

              Informa os logs.

              1 Reply Last reply Reply Quote 0
              • J Offline
                joaobrn
                last edited by

                racoon: [Self]: INFO: 127.0.0.1[4500] used as isakmp port (fd=35)
                Oct 29 08:32:08 racoon: [Self]: INFO: ::1[500] used as isakmp port (fd=36)
                Oct 29 08:32:08 racoon: [Self]: INFO: ::1[4500] used as isakmp port (fd=37)
                Oct 29 08:32:08 racoon: [Self]: INFO: fe80:7::1[500] used as isakmp port (fd=38)
                Oct 29 08:32:08 racoon: [Self]: INFO: fe80:7::1[4500] used as isakmp port (fd=39)
                Oct 29 08:32:08 racoon: INFO: fe80:9::223:54ff:fed2:3ef[500] used as isakmp port (fd=40)
                Oct 29 08:32:08 racoon: INFO: fe80:9::223:54ff:fed2:3ef[4500] used as isakmp port (fd=41)
                Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
                Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=42)
                Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
                Oct 29 08:32:08 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=43)
                Oct 29 08:32:08 racoon: INFO: unsupported PF_KEY message REGISTER
                Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
                Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=42)
                Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
                Oct 29 10:14:03 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=43)
                Oct 29 10:14:06 racoon: INFO: caught signal 15
                Oct 29 10:14:06 racoon: INFO: racoon process 92995 shutdown
                Oct 29 10:14:11 racoon: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net)
                Oct 29 10:14:11 racoon: INFO: @(#)This product linked OpenSSL 1.0.1e 11 Feb 2013 (http://www.openssl.org/)
                Oct 29 10:14:11 racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
                Oct 29 10:14:11 racoon: INFO: fe80:1::223:54ff:fed2:3ef[500] used as isakmp port (fd=16)
                Oct 29 10:14:11 racoon: INFO: fe80:1::223:54ff:fed2:3ef[4500] used as isakmp port (fd=17)
                Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[500] used for NAT-T
                Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[500] used as isakmp port (fd=18)
                Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[4500] used for NAT-T
                Oct 29 10:14:11 racoon: [Self]: INFO: 192.168.1.254[4500] used as isakmp port (fd=19)
                Oct 29 10:14:11 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[500] used as isakmp port (fd=22)
                Oct 29 10:14:11 racoon: INFO: fe80:2::21a:3fff:fe8b:e88c[4500] used as isakmp port (fd=23)
                Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[500] used for NAT-T
                Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[500] used as isakmp port (fd=24)
                Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[4500] used for NAT-T
                Oct 29 10:14:11 racoon: [Self]: INFO: 10.1.1.254[4500] used as isakmp port (fd=25)
                Oct 29 10:14:11 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[500] used as isakmp port (fd=26)
                Oct 29 10:14:11 racoon: INFO: fe80:3::21a:3fff:fe8b:f147[4500] used as isakmp port (fd=27)
                Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[500] used for NAT-T
                Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=28)
                Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[4500] used for NAT-T
                Oct 29 10:14:11 racoon: [Self]: INFO: 127.0.0.1[4500] used as isakmp port (fd=29)
                Oct 29 10:14:11 racoon: [Self]: INFO: ::1[500] used as isakmp port (fd=30)
                Oct 29 10:14:11 racoon: [Self]: INFO: ::1[4500] used as isakmp port (fd=31)
                Oct 29 10:14:11 racoon: [Self]: INFO: fe80:7::1[500] used as isakmp port (fd=32)
                Oct 29 10:14:11 racoon: [Self]: INFO: fe80:7::1[4500] used as isakmp port (fd=33)
                Oct 29 10:14:11 racoon: INFO: fe80:9::223:54ff:fed2:3ef[500] used as isakmp port (fd=34)
                Oct 29 10:14:11 racoon: INFO: fe80:9::223:54ff:fed2:3ef[4500] used as isakmp port (fd=35)
                Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[500] used for NAT-T
                Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[500] used as isakmp port (fd=36)
                Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[4500] used for NAT-T
                Oct 29 10:14:11 racoon: [Self]: INFO: 187.6.215.64[4500] used as isakmp port (fd=37)
                Oct 29 10:14:11 racoon: INFO: unsupported PF_KEY message REGISTER

                Atenciosamente,

                João Batista da Rocha Neto
                ROCHA NETO - Consultoria em TI
                Fone: (34) 99943-1030
                Skype: joaobrn.rochanetoconsultoria

                1 Reply Last reply Reply Quote 0
                • N Offline
                  neo_X
                  last edited by

                  João tem coisa errada aí srsr….mas as telas para eu dar uma olhada. quero ver onde vc informou a rede 10.x na configuração.

                  1 Reply Last reply Reply Quote 0
                  • J Offline
                    joaobrn
                    last edited by

                    Camarada a rede 10 é outra interface que eu tenho no firewall que libera acesso para visitantes.

                    A minha rede funciona o seguinte:

                    FW01
                    WAN - IP VALIDO (FIXO)
                    LAN - 192.168.1.0/24
                    WLAN - 10.1.1.0/24

                    FW02
                    WAN - IP VALIDO (DYNAMIC)
                    LAN - 192.168.2.0/24
                    WLAN - 10.1.1.0/24

                    Atenciosamente,

                    João Batista da Rocha Neto
                    ROCHA NETO - Consultoria em TI
                    Fone: (34) 99943-1030
                    Skype: joaobrn.rochanetoconsultoria

                    1 Reply Last reply Reply Quote 0
                    • J Offline
                      joaobrn
                      last edited by

                      Boa noite Senhores,

                      Podem fechar o Tópico, consegui resolver o problema. Estava na Operadora (Telemar). Fiz alguns testes mais avançados e descobri que as portas para conexão com a VPN estavam sendo barradas. Entrei em contato com a operadora e os mesmos liberaram.

                      Obrigado a todos que me ajudaram!

                      Atenciosamente,

                      João Batista da Rocha Neto

                      Atenciosamente,

                      João Batista da Rocha Neto
                      ROCHA NETO - Consultoria em TI
                      Fone: (34) 99943-1030
                      Skype: joaobrn.rochanetoconsultoria

                      1 Reply Last reply Reply Quote 0
                      • N Offline
                        neo_X
                        last edited by

                        Que bom ! :)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.