IPSec между dlink dfl-860e и StrongSwan в pfSense 2.2
-
Началось все с перехода на новую версию pfsense 2.2. В старой версии 2.1 был racoon и стабильно работал. В pfSense 2.2 установлен StrongSwan, тунель подвисает через n-часов работы.
На шлюзах белые IP одного провайдера в разных частях города, получаются по PPPoE. Reauth ipsec проходит нормально каждые 7 часов, наблюдал в течении дня.
Пробовал различные варианты шифрования. Все равно прихожу на следующий день - статус IPSec - Disconected. Отключаю службу ipsec на минуту и стартую - работает в течении рабочего дня.
Что можно сделать, чтоб не отваливался тунель?вот лог :
в 07:49:24 нажал connect тунеля
в 08:02:26 сделал рестарт службы
Feb 19 08:03:59 charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (92 bytes) Feb 19 08:03:59 charon: 13[ENC] generating INFORMATIONAL_V1 request 897668763 [ HASH N(DPD_ACK) ] Feb 19 08:03:59 charon: 13[ENC] parsed INFORMATIONAL_V1 request 3123146777 [ HASH N(DPD) ] Feb 19 08:03:59 charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (92 bytes) Feb 19 08:03:29 charon: 11[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (92 bytes) Feb 19 08:03:29 charon: 11[ENC] generating INFORMATIONAL_V1 request 3676726118 [ HASH N(DPD_ACK) ] Feb 19 08:03:29 charon: 11[ENC] parsed INFORMATIONAL_V1 request 4025495893 [ HASH N(DPD) ] Feb 19 08:03:29 charon: 11[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (92 bytes) Feb 19 08:02:48 charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (60 bytes) Feb 19 08:02:48 charon: 10[ENC] generating QUICK_MODE request 1402268389 [ HASH ] Feb 19 08:02:48 charon: 10[IKE] CHILD_SA con1000{1} established with SPIs c0cd1952_i 9e69bc78_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0 Feb 19 08:02:48 charon: 10[IKE] <con1000|2> CHILD_SA con1000{1} established with SPIs c0cd1952_i 9e69bc78_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0 Feb 19 08:02:48 charon: 10[ENC] parsed QUICK_MODE response 1402268389 [ HASH SA No KE ID ID ] Feb 19 08:02:48 charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (268 bytes) Feb 19 08:02:48 charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (284 bytes) Feb 19 08:02:48 charon: 10[ENC] generating QUICK_MODE request 1402268389 [ HASH SA No KE ID ID ] Feb 19 08:02:48 charon: 10[IKE] maximum IKE_SA lifetime 28599s Feb 19 08:02:48 charon: 10[IKE] <con1000|2> maximum IKE_SA lifetime 28599s Feb 19 08:02:48 charon: 10[IKE] scheduling reauthentication in 28059s Feb 19 08:02:48 charon: 10[IKE] <con1000|2> scheduling reauthentication in 28059s Feb 19 08:02:48 charon: 10[IKE] IKE_SA con1000[2] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX] Feb 19 08:02:48 charon: 10[IKE] <con1000|2> IKE_SA con1000[2] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX] Feb 19 08:02:48 charon: 10[ENC] parsed ID_PROT response 0 [ ID HASH ] Feb 19 08:02:48 charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (60 bytes) Feb 19 08:02:48 charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (76 bytes) Feb 19 08:02:48 charon: 10[ENC] generating ID_PROT request 0 [ ID HASH ] Feb 19 08:02:48 charon: 10[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] Feb 19 08:02:48 charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (188 bytes) Feb 19 08:02:48 charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (204 bytes) Feb 19 08:02:48 charon: 10[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] Feb 19 08:02:48 charon: 10[ENC] received unknown vendor ID: 12:f5:f2:8c:45:71:68:a9:70:2d:9f:e2:74:cc Feb 19 08:02:48 charon: 10[IKE] received DPD vendor ID Feb 19 08:02:48 charon: 10[IKE] <con1000|2> received DPD vendor ID Feb 19 08:02:48 charon: 10[IKE] received XAuth vendor ID Feb 19 08:02:48 charon: 10[IKE] <con1000|2> received XAuth vendor ID Feb 19 08:02:48 charon: 10[IKE] received NAT-T (RFC 3947) vendor ID Feb 19 08:02:48 charon: 10[IKE] <con1000|2> received NAT-T (RFC 3947) vendor ID Feb 19 08:02:48 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Feb 19 08:02:48 charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Feb 19 08:02:48 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Feb 19 08:02:48 charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Feb 19 08:02:48 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Feb 19 08:02:48 charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Feb 19 08:02:48 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Feb 19 08:02:48 charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-00 vendor ID Feb 19 08:02:48 charon: 10[IKE] received draft-stenberg-ipsec-nat-traversal-02 vendor ID Feb 19 08:02:48 charon: 10[IKE] <con1000|2> received draft-stenberg-ipsec-nat-traversal-02 vendor ID Feb 19 08:02:48 charon: 10[IKE] received draft-stenberg-ipsec-nat-traversal-01 vendor ID Feb 19 08:02:48 charon: 10[IKE] <con1000|2> received draft-stenberg-ipsec-nat-traversal-01 vendor ID Feb 19 08:02:48 charon: 10[ENC] received unknown vendor ID: 8f:9c:c9:4e:01:24:8e:cd:f1:47:59:4c:28:4b:21:3b Feb 19 08:02:48 charon: 10[ENC] parsed ID_PROT response 0 [ SA V V V V V V V V V V V ] Feb 19 08:02:48 charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (294 bytes) Feb 19 08:02:48 charon: 12[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes) Feb 19 08:02:48 charon: 12[ENC] generating ID_PROT request 0 [ SA V V V V V V ] Feb 19 08:02:48 charon: 12[IKE] initiating Main Mode IKE_SA con1000[2] to (IP DFL-860E) XX.XX.XX.XX Feb 19 08:02:48 charon: 12[IKE] <con1000|2> initiating Main Mode IKE_SA con1000[2] to (IP DFL-860E) XX.XX.XX.XX Feb 19 08:02:48 charon: 13[CFG] received stroke: initiate 'con1000' Feb 19 08:02:48 charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (92 bytes) Feb 19 08:02:48 charon: 13[ENC] generating INFORMATIONAL_V1 request 2256457257 [ HASH D ] Feb 19 08:02:48 charon: 13[IKE] sending DELETE for IKE_SA con1000[1] Feb 19 08:02:48 charon: 13[IKE] <con1000|1> sending DELETE for IKE_SA con1000[1] Feb 19 08:02:48 charon: 13[IKE] deleting IKE_SA con1000[1] between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX] Feb 19 08:02:48 charon: 13[IKE] <con1000|1> deleting IKE_SA con1000[1] between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX] Feb 19 08:02:48 charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (76 bytes) Feb 19 08:02:48 charon: 13[ENC] generating INFORMATIONAL_V1 request 984300203 [ HASH D ] Feb 19 08:02:48 charon: 13[IKE] sending DELETE for ESP CHILD_SA with SPI cf629bd6 Feb 19 08:02:48 charon: 13[IKE] <con1000|1> sending DELETE for ESP CHILD_SA with SPI cf629bd6 Feb 19 08:02:48 charon: 13[IKE] closing CHILD_SA con1000{1} with SPIs cf629bd6_i (0 bytes) 2e302337_o (0 bytes) and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0 Feb 19 08:02:48 charon: 13[IKE] <con1000|1> closing CHILD_SA con1000{1} with SPIs cf629bd6_i (0 bytes) 2e302337_o (0 bytes) and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0 Feb 19 08:02:48 charon: 15[CFG] received stroke: terminate 'con1000' Feb 19 08:02:46 charon: 15[IKE] CHILD_SA con1000{1} established with SPIs cf629bd6_i 2e302337_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0 Feb 19 08:02:46 charon: 15[IKE] <con1000|1> CHILD_SA con1000{1} established with SPIs cf629bd6_i 2e302337_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0 Feb 19 08:02:46 charon: 15[ENC] parsed QUICK_MODE request 828592377 [ HASH ] Feb 19 08:02:46 charon: 15[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (60 bytes) Feb 19 08:02:46 charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (284 bytes) Feb 19 08:02:46 charon: 15[ENC] generating QUICK_MODE response 828592377 [ HASH SA No KE ID ID ] Feb 19 08:02:46 charon: 15[ENC] parsed QUICK_MODE request 828592377 [ HASH SA No KE ID ID ] Feb 19 08:02:46 charon: 15[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (268 bytes) Feb 19 08:02:46 charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (76 bytes) Feb 19 08:02:46 charon: 13[ENC] generating ID_PROT response 0 [ ID HASH ] Feb 19 08:02:46 charon: 13[IKE] maximum IKE_SA lifetime 28715s Feb 19 08:02:46 charon: 13[IKE] <con1000|1> maximum IKE_SA lifetime 28715s Feb 19 08:02:46 charon: 13[IKE] scheduling reauthentication in 28175s Feb 19 08:02:46 charon: 13[IKE] <con1000|1> scheduling reauthentication in 28175s Feb 19 08:02:46 charon: 13[IKE] IKE_SA con1000[1] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX] Feb 19 08:02:46 charon: 13[IKE] <con1000|1> IKE_SA con1000[1] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX] Feb 19 08:02:46 charon: 13[CFG] selected peer config "con1000" Feb 19 08:02:46 charon: 13[CFG] looking for pre-shared key peer configs matching (IP pfSense) XX.XX.XX.XX...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX] Feb 19 08:02:46 charon: 13[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] Feb 19 08:02:46 charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (76 bytes) Feb 19 08:02:46 charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (204 bytes) Feb 19 08:02:46 charon: 13[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Feb 19 08:02:46 charon: 13[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Feb 19 08:02:46 charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (188 bytes) Feb 19 08:02:46 charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (156 bytes) Feb 19 08:02:46 charon: 13[ENC] generating ID_PROT response 0 [ SA V V V V ] Feb 19 08:02:46 charon: 13[IKE] (IP DFL-860E) XX.XX.XX.XX is initiating a Main Mode IKE_SA Feb 19 08:02:46 charon: 13[IKE] <1> (IP DFL-860E) XX.XX.XX.XX is initiating a Main Mode IKE_SA Feb 19 08:02:46 charon: 13[IKE] received DPD vendor ID Feb 19 08:02:46 charon: 13[IKE] <1> received DPD vendor ID Feb 19 08:02:46 charon: 13[IKE] received NAT-T (RFC 3947) vendor ID Feb 19 08:02:46 charon: 13[IKE] <1> received NAT-T (RFC 3947) vendor ID Feb 19 08:02:46 charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Feb 19 08:02:46 charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Feb 19 08:02:46 charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Feb 19 08:02:46 charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Feb 19 08:02:46 charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Feb 19 08:02:46 charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Feb 19 08:02:46 charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Feb 19 08:02:46 charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-00 vendor ID Feb 19 08:02:46 charon: 13[IKE] received draft-stenberg-ipsec-nat-traversal-02 vendor ID Feb 19 08:02:46 charon: 13[IKE] <1> received draft-stenberg-ipsec-nat-traversal-02 vendor ID Feb 19 08:02:46 charon: 13[IKE] received draft-stenberg-ipsec-nat-traversal-01 vendor ID Feb 19 08:02:46 charon: 13[IKE] <1> received draft-stenberg-ipsec-nat-traversal-01 vendor ID Feb 19 08:02:46 charon: 13[ENC] received unknown vendor ID: 8f:9c:c9:4e:01:24:8e:cd:f1:47:59:4c:28:4b:21:3b Feb 19 08:02:46 charon: 13[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ] Feb 19 08:02:46 charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (264 bytes) Feb 19 08:02:26 ipsec_starter[64483]: Feb 19 08:02:26 ipsec_starter[64483]: 'con1000' routed Feb 19 08:02:26 charon: 15[CFG] received stroke: route 'con1000' Feb 19 08:02:26 charon: 14[CFG] added configuration 'con1000' Feb 19 08:02:26 charon: 14[CFG] received stroke: add connection 'con1000' Feb 19 08:02:26 ipsec_starter[64483]: charon (64678) started after 120 ms Feb 19 08:02:26 charon: 00[JOB] spawning 16 worker threads Feb 19 08:02:26 charon: 00[LIB] unable to load 6 plugin features (5 due to unmet dependencies) Feb 19 08:02:26 charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf gmp xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke smp updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock unity Feb 19 08:02:26 charon: 00[CFG] loaded 0 RADIUS server configurations Feb 19 08:02:26 charon: 00[CFG] opening triplet file /var/etc/ipsec/ipsec.d/triplets.dat failed: No such file or directory Feb 19 08:02:26 charon: 00[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 08:02:26 charon: 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 08:02:26 charon: 00[CFG] loading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 08:02:26 charon: 00[CFG] loading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 08:02:26 charon: 00[CFG] loading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 08:02:26 charon: 00[CFG] loading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 08:02:26 charon: 00[CFG] loading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 08:02:26 charon: 00[CFG] ipseckey plugin is disabled Feb 19 08:02:26 charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed Feb 19 08:02:26 charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument Feb 19 08:02:26 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, FreeBSD 10.1-RELEASE-p4, i386) Feb 19 08:02:26 ipsec_starter[64035]: no known IPsec stack detected, ignoring! Feb 19 08:02:26 ipsec_starter[64035]: no KLIPS IPsec stack detected Feb 19 08:02:26 ipsec_starter[64035]: no netkey IPsec stack detected Feb 19 08:02:26 ipsec_starter[64035]: Starting strongSwan 5.2.1 IPsec [starter]... Feb 19 07:58:56 ipsec_starter[37946]: ipsec starter stopped Feb 19 07:58:56 ipsec_starter[37946]: charon stopped after 200 ms Feb 19 07:58:56 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification Feb 19 07:58:56 charon: 00[IKE] <con1000|5> destroying IKE_SA in state CONNECTING without notification Feb 19 07:58:56 charon: 00[DMN] signal of type SIGINT received. Shutting down Feb 19 07:58:46 charon: 15[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:58:46 charon: 15[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:58:46 charon: 15[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:58:46 charon: 15[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:58:46 charon: 15[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:58:46 charon: 15[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:58:46 charon: 15[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:58:46 charon: 15[CFG] rereading secrets Feb 19 07:58:30 charon: 04[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes) Feb 19 07:58:30 charon: 04[IKE] sending retransmit 5 of request message ID 0, seq 1 Feb 19 07:58:30 charon: 04[IKE] <con1000|5> sending retransmit 5 of request message ID 0, seq 1 Feb 19 07:57:52 charon: 04[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:57:52 charon: 04[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:57:52 charon: 04[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:57:52 charon: 04[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:57:52 charon: 04[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:57:52 charon: 04[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:57:52 charon: 04[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:57:52 charon: 04[CFG] rereading secrets Feb 19 07:57:48 charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes) Feb 19 07:57:48 charon: 15[IKE] sending retransmit 4 of request message ID 0, seq 1 Feb 19 07:57:48 charon: 15[IKE] <con1000|5> sending retransmit 4 of request message ID 0, seq 1 Feb 19 07:57:25 charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes) Feb 19 07:57:25 charon: 15[IKE] sending retransmit 3 of request message ID 0, seq 1 Feb 19 07:57:25 charon: 15[IKE] <con1000|5> sending retransmit 3 of request message ID 0, seq 1 Feb 19 07:57:12 charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes) Feb 19 07:57:12 charon: 15[IKE] sending retransmit 2 of request message ID 0, seq 1 Feb 19 07:57:12 charon: 15[IKE] <con1000|5> sending retransmit 2 of request message ID 0, seq 1 Feb 19 07:57:04 charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes) Feb 19 07:57:04 charon: 15[IKE] sending retransmit 1 of request message ID 0, seq 1 Feb 19 07:57:04 charon: 15[IKE] <con1000|5> sending retransmit 1 of request message ID 0, seq 1 Feb 19 07:57:00 charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes) Feb 19 07:57:00 charon: 15[ENC] generating ID_PROT request 0 [ SA V V V V V V ] Feb 19 07:57:00 charon: 15[IKE] initiating Main Mode IKE_SA con1000[5] to (IP DFL-860E) XX.XX.XX.XX Feb 19 07:57:00 charon: 15[IKE] <con1000|5> initiating Main Mode IKE_SA con1000[5] to (IP DFL-860E) XX.XX.XX.XX Feb 19 07:57:00 charon: 16[CFG] received stroke: initiate 'con1000' Feb 19 07:57:00 charon: 13[CFG] no IKE_SA named 'con1000' found Feb 19 07:57:00 charon: 13[CFG] received stroke: terminate 'con1000' Feb 19 07:56:09 charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:56:09 charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:56:09 charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:56:09 charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:56:09 charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:56:09 charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:56:09 charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:56:09 charon: 16[CFG] rereading secrets Feb 19 07:55:21 charon: 13[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:55:21 charon: 13[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:55:21 charon: 13[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:55:21 charon: 13[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:55:21 charon: 13[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:55:21 charon: 13[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:55:21 charon: 13[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:55:21 charon: 13[CFG] rereading secrets Feb 19 07:50:10 charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:50:10 charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:50:10 charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:50:10 charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:50:10 charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:50:10 charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:50:10 charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:50:10 charon: 16[CFG] rereading secrets Feb 19 07:49:24 charon: 13[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:49:24 charon: 13[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:49:24 charon: 13[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:49:24 charon: 13[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:49:24 charon: 13[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:49:24 charon: 13[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:49:24 charon: 13[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:49:24 charon: 13[CFG] rereading secrets Feb 19 07:26:14 charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:26:14 charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:26:14 charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:26:14 charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:26:14 charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:26:14 charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:26:14 charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:26:14 charon: 11[CFG] rereading secrets Feb 19 07:26:04 charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:26:04 charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:26:04 charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:26:04 charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:26:04 charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:26:04 charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:26:04 charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:26:04 charon: 16[CFG] rereading secrets Feb 19 07:25:42 charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:25:42 charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:25:42 charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:25:42 charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:25:42 charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:25:42 charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:25:42 charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:25:42 charon: 11[CFG] rereading secrets Feb 19 07:25:41 charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:25:41 charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:25:41 charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:25:41 charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:25:41 charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:25:41 charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:25:41 charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:25:41 charon: 16[CFG] rereading secrets Feb 19 07:17:06 charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:17:06 charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:17:06 charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:17:06 charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:17:06 charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:17:06 charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:17:06 charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:17:06 charon: 11[CFG] rereading secrets Feb 19 07:16:09 charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:16:09 charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:16:09 charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:16:09 charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:16:09 charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:16:09 charon: 12[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:16:09 charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:16:09 charon: 12[CFG] rereading secrets Feb 19 07:10:35 charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:10:35 charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:10:35 charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:10:35 charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:10:35 charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:10:35 charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:10:35 charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:10:35 charon: 11[CFG] rereading secrets Feb 19 07:09:44 charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:09:44 charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:09:44 charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:09:44 charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:09:44 charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:09:44 charon: 12[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:09:44 charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:09:44 charon: 12[CFG] rereading secrets Feb 19 07:08:37 charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:08:37 charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:08:37 charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:08:37 charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:08:37 charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:08:37 charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:08:37 charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:08:37 charon: 11[CFG] rereading secrets Feb 19 07:07:47 charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 07:07:47 charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 07:07:47 charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 07:07:47 charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 07:07:47 charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 07:07:47 charon: 12[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 07:07:47 charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 07:07:47 charon: 12[CFG] rereading secrets Feb 19 06:58:30 charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 06:58:30 charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 06:58:30 charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 06:58:30 charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 06:58:30 charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 06:58:30 charon: 07[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 06:58:30 charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 06:58:30 charon: 07[CFG] rereading secrets Feb 19 06:57:44 charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 06:57:44 charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 06:57:44 charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 06:57:44 charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 06:57:44 charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 06:57:44 charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 06:57:44 charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 06:57:44 charon: 11[CFG] rereading secrets Feb 19 06:53:53 charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 06:53:53 charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 06:53:53 charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 06:53:53 charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 06:53:53 charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 06:53:53 charon: 07[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 06:53:53 charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 06:53:53 charon: 07[CFG] rereading secrets Feb 19 06:53:10 charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 06:53:10 charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 06:53:10 charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 06:53:10 charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 06:53:10 charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 06:53:10 charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 06:53:10 charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 06:53:10 charon: 11[CFG] rereading secrets Feb 19 06:50:46 charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 06:50:46 charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 06:50:46 charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 06:50:46 charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 06:50:46 charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 06:50:46 charon: 07[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 06:50:46 charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 06:50:46 charon: 07[CFG] rereading secrets Feb 19 06:48:59 charon: 10[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 06:48:59 charon: 10[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 06:48:59 charon: 10[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 06:48:59 charon: 10[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 06:48:59 charon: 10[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 06:48:59 charon: 10[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 06:48:59 charon: 10[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 06:48:59 charon: 10[CFG] rereading secrets Feb 19 06:45:20 charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 06:45:20 charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 06:45:20 charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 06:45:20 charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 06:45:20 charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 06:45:20 charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 06:45:20 charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 06:45:20 charon: 11[CFG] rereading secrets Feb 19 06:44:21 charon: 10[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 06:44:21 charon: 10[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 06:44:21 charon: 10[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts' Feb 19 06:44:21 charon: 10[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts' Feb 19 06:44:21 charon: 10[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts' Feb 19 06:44:21 charon: 10[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX Feb 19 06:44:21 charon: 10[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Feb 19 06:44:21 charon: 10[CFG] rereading secrets Feb 19 06:43:38 charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls' Feb 19 06:43:38 charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts' Feb 19 06:43:38 charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'</con1000|5></con1000|5></con1000|5></con1000|5></con1000|5></con1000|5></con1000|5></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2> ```![01.jpg](/public/_imported_attachments_/1/01.jpg) ![02.jpg](/public/_imported_attachments_/1/02.jpg) ![01.jpg_thumb](/public/_imported_attachments_/1/01.jpg_thumb) ![02.jpg_thumb](/public/_imported_attachments_/1/02.jpg_thumb)
-
Похоже что это проблемы StrongSwan в pfSense 2.2
https://forum.pfsense.org/index.php?topic=88080.0
"2.2 is just IPSEC nightmare." -
на pfsense 2.2 можно racoon поставить, а strongSwan отключить?
-
1. Обновить прошивку dlink dfl-860e до самой последней.
2. http://www.dlink.ru/ru/faq/92/927.htmlПосле применения настроек нажмите кнопку Back, затем кнопку IPSec Proposal.
Заполните следующие поля в указанном ниже порядке.Шаг 1: В поле Proposal Name укажите ipsec_3des_md5
Шаг 2: В поле DH Group выберите Group 2
Шаг 3: В поле Encrypt algorithm укажите 3DES
Шаг 4: В поле Auth algorithm укажите MD5
Шаг 5: В поле Life Time укажите 3600
Шаг 6: В поле Proposal ID выберите 1.
Шаг 7: Нажмите кнопку Add to.
Шаг 8: Нажмите кнопку Apply.Пробуйте с такими типами шифрования , авторизации etc. У вас на скринах - другие.
-
1. Обновить прошивку dlink dfl-860e до самой последней.
2. http://www.dlink.ru/ru/faq/92/927.htmlПосле применения настроек нажмите кнопку Back, затем кнопку IPSec Proposal.
Заполните следующие поля в указанном ниже порядке.Шаг 1: В поле Proposal Name укажите ipsec_3des_md5
Шаг 2: В поле DH Group выберите Group 2
Шаг 3: В поле Encrypt algorithm укажите 3DES
Шаг 4: В поле Auth algorithm укажите MD5
Шаг 5: В поле Life Time укажите 3600
Шаг 6: В поле Proposal ID выберите 1.
Шаг 7: Нажмите кнопку Add to.
Шаг 8: Нажмите кнопку Apply.Пробуйте с такими типами шифрования , авторизации etc. У вас на скринах - другие.
Прошивка 860 тут не причем, стоит свежее и стабильнее, чем на оффе.
Для теста настроил такой же тунель на pfSense 2.1 (racoon) - не отваливается (открываю номально web-морды, звоню по VoIP, работаю по RDP).
На 2.2 запускаю такой же тунель - пинг идет стабильно, стоит только попытаться открыть web-морду pfSense с удаленной тачки за 860м, пинг отрубается, pfSense минуту не открывается, потом все же открывается и показывает crash-рапорт.
Я накатывал 2.2 автоматическим обновлением, может быть в этом дело и поставить его начисто.
-
сегодня еще улыбнуло, на pfSense 2.2 удалил все IPSec настройки и отключил службу, но он все равно упорно устанавливает соединения с 860, первую фазу :o :o :o
седня снесу нафик и поставлю чистую 2.1 ;D -
сегодня еще улыбнуло, на pfSense 2.2 удалил все IPSec настройки и отключил службу, но он все равно упорно устанавливает соединения с 860, первую фазу :o :o :o
седня снесу нафик и поставлю чистую 2.1 ;DПопробуйте чистый 2.2
-
Попробуйте чистый 2.2
Восстановил 2.1, вернулась стабильность ;D
Чистую 2.2 я конечно же потестю, но не на рабочих шлюзах. На следующей неделе соберу из старого железа шлюзик, из дома попробую пробросить тунели и к d link 860 и к cisco 1921. О результатах отпишу тут.
-
На следующей неделе соберу из старого железа шлюзик
"Вы всё ещё
кипятитене виртуализированы ? Тогда мы идем к Вам" (с) ;D -
свежая pfsense 2.2.2 (strongswan на борту) в связке с dlink dfl 860e
Phase 1
Negotiation mode - main
Encryption algorithm - 3des
Hash algorithm - md5
DH key group - 2
Phase 2
Protocol - ESP
Encryption algorithms - 3des
Hash algorithms - md5
PFS key group - 2моментально устанавливает связь, идут пинги с обоих сторон, стоит попытаться залогиниться на вебморду или ssh pfsense через тунель - pfsense уходит в даун… после ребута выдает crash -рапорт
Fatal double fault:
eip = 0xc12b5a90
esp = 0xdefd5ff4
ebp = 0xdefd605c
cpuid = 0; apic id = 00
panic: double fault
cpuid = 0
KDB: enter: panic:o :o :o выше я описывал схожие симптомы при обновлении с 2.1
почему так легко положить pfsense стандартными настройками??? -
https://forum.pfsense.org/index.php?topic=94929.msg527954#msg527954
-
https://forum.pfsense.org/index.php?topic=94929.msg527954#msg527954
Спасибо, заработало! :D
Оказывается у кого стоит версия i386, при обращении к pfsense через ipsec-тунель, чтобы не крашилась система, нужно добавить настройку:
System->Advanced->System Tunables, жмем "+"
Tunable - net.inet.ipsec.directdispatch
Value - 0