[SOLUCIONADO] IPsec No proposal chosen

odric

¿Alguien puede ayudarme? tengo un túnel site to site con pfsense 2.2 a un sonywall y la conexión me da estos mensajes recurrentes. ???

el caso es que funciona, pero de vez en cuando se cae la conexión y no se si tendrá algo que ver. :o

Gracias ;)

Feb 19 11:22:08 charon: 09[ENC] generating INFORMATIONAL_V1 request 1212684313 [ N(NO_PROP) ]
Feb 19 11:22:08 charon: 09[NET] sending packet: from (IP WAN)[500] to (IP Remota)[500] (40 bytes)
Feb 19 11:22:48 charon: 09[NET] received packet: from (IP Remota) [500] to (IP WAN)[500] (216 bytes)
Feb 19 11:22:48 charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]
Feb 19 11:22:48 charon: 09[IKE] <4739> no IKE config found for (IP WAN)…(IP Remota), sending NO_PROPOSAL_CHOSEN
Feb 19 11:22:48 charon: 09[IKE] no IKE config found for (IP WAN)…(IP Remota), sending NO_PROPOSAL_CHOSEN

bellera

Google ipsec pfsense sonicwall

odric

Hola, esa guía es la que seguí para montarlo. Alguna vez me ha conectado y funcionado bien. Pero hoy se ha caido y no hay forma de que levante. Deshabilitado el tunel, reiniciado el servicio, nada.

hace cosas raras, se reinicia cada 60 segundos aprox y no llega a haber tráfico en el tunel.

adjunto una imagen para que veáis alguna curiosidad. Luego desaparece la de Connecting y queda el de conectado pero no funciona.

Debería de actualizar (actualmente tengo versión 2.2

Gracias.

Apr 22 13:58:50 	charon: 06[NET] sending packet: from 192.168.150.1[500] to 194.xx.xx.xx[500] (152 bytes)
Apr 22 13:58:50 	charon: 06[NET] received packet: from REMOTEIP[500] to 192.168.150.1[500] (280 bytes)
Apr 22 13:58:50 	charon: 06[ENC] parsed ID_PROT request 0 [ KE NAT-D NAT-D No V V V V ]
Apr 22 13:58:50 	charon: 06[ENC] received unknown vendor ID: 52:2c:a3:f6
Apr 22 13:58:50 	charon: 06[IKE] <58> received XAuth vendor ID
Apr 22 13:58:50 	charon: 06[IKE] received XAuth vendor ID
Apr 22 13:58:50 	charon: 06[ENC] received unknown vendor ID: 80:01:00:00
Apr 22 13:58:50 	charon: 06[IKE] <58> received DPD vendor ID
Apr 22 13:58:50 	charon: 06[IKE] received DPD vendor ID
Apr 22 13:58:50 	charon: 06[IKE] <58> local host is behind NAT, sending keep alives
Apr 22 13:58:50 	charon: 06[IKE] local host is behind NAT, sending keep alives
Apr 22 13:58:50 	charon: 06[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 22 13:58:50 	charon: 06[NET] sending packet: from 192.168.150.1[500] to 194.xx.xx.xx[500] (236 bytes)
Apr 22 13:58:50 	charon: 06[NET] received packet: from REMOTEIP[4500] to 192.168.150.1[4500] (92 bytes)
Apr 22 13:58:50 	charon: 06[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Apr 22 13:58:50 	charon: 06[CFG] looking for pre-shared key peer configs matching 192.168.150.1...REMOTEIP[REMOTEIP]
Apr 22 13:58:50 	charon: 06[CFG] selected peer config "con1000"
Apr 22 13:58:50 	charon: 06[IKE] <con1000|58> IKE_SA con1000[58] established between 192.168.150.1[WANIP]...REMOTEIP]
Apr 22 13:58:50 	charon: 06[IKE] IKE_SA con1000[58] established between 192.168.150.1[WANIP]...REMOTEIP
Apr 22 13:58:50 	charon: 06[IKE] <con1000|58> scheduling reauthentication in 28242s
Apr 22 13:58:50 	charon: 06[IKE] scheduling reauthentication in 28242s
Apr 22 13:58:50 	charon: 06[IKE] <con1000|58> maximum IKE_SA lifetime 28782s
Apr 22 13:58:50 	charon: 06[IKE] maximum IKE_SA lifetime 28782s
Apr 22 13:58:50 	charon: 06[ENC] generating ID_PROT response 0 [ ID HASH ]
Apr 22 13:58:50 	charon: 06[NET] sending packet: from 192.168.150.1[4500] to REMOTEIP[4500] (68 bytes)
Apr 22 13:58:50 	charon: 06[IKE] <con1000|55> destroying duplicate IKE_SA for peer '194.xx.xx.xx', received INITIAL_CONTACT
Apr 22 13:58:50 	charon: 06[IKE] destroying duplicate IKE_SA for peer 'REMOTEIP', received INITIAL_CONTACT
Apr 22 13:58:50 	charon: 06[KNL] unable to delete SAD entry with SPI c0f951ce: No such file or directory (2)
Apr 22 13:58:57 	charon: 11[NET] received packet: from REMOTEIP[4500] to 192.168.150.1[4500] (92 bytes)
Apr 22 13:58:57 	charon: 11[IKE] <con1000|58> received retransmit of request with ID 0, retransmitting response
Apr 22 13:58:57 	charon: 11[IKE] received retransmit of request with ID 0, retransmitting response
Apr 22 13:58:57 	charon: 11[NET] sending packet: from 192.168.150.1[4500] to 194.xx.xx.xx[4500] (68 bytes)
Apr 22 13:59:06 	charon: 11[NET] received packet: from REMOTEIP[4500] to 192.168.150.1[4500] (92 bytes)
Apr 22 13:59:06 	charon: 11[IKE] <con1000|58> received retransmit of request with ID 0, retransmitting response
Apr 22 13:59:06 	charon: 11[IKE] received retransmit of request with ID 0, retransmitting response
Apr 22 13:59:06 	charon: 11[NET] sending packet: from 192.168.150.1[4500] to REMOTEIP[4500] (68 bytes)
Apr 22 13:59:06 	charon: 11[KNL] creating acquire job for policy 192.168.150.1/32|/0 === 194.179.72.108/32|/0 with reqid {1}
Apr 22 13:59:06 	charon: 06[ENC] generating QUICK_MODE request 1260588757 [ HASH SA No KE ID ID ]
Apr 22 13:59:06 	charon: 06[NET] sending packet: from 192.168.150.1[4500] to REMOTEIP[4500] (308 bytes)
Apr 22 13:59:10 	charon: 06[IKE] <con1000|58> sending retransmit 1 of request message ID 1260588757, seq 1
Apr 22 13:59:10 	charon: 06[IKE] sending retransmit 1 of request message ID 1260588757, seq 1
Apr 22 13:59:10 	charon: 06[NET] sending packet: from 192.168.150.1[4500] to REMOTEIP[4500] (308 bytes)</con1000|58></con1000|58></con1000|58></con1000|55></con1000|58></con1000|58></con1000|58>

tunel_duplicado.png_thumb

bellera

Parece que hace la fase 1 y no sigue.

https://doc.pfsense.org/index.php/IPsec_Troubleshooting#Normal_.2F_OK_Connection

Activa Debug a ver qué más podemos ver:

https://doc.pfsense.org/index.php/Advanced_IPsec_Settings

odric

Hola de nuevo y gracias por contestar.
Actualicé a la versión 2.2.2 y parecía todo bien.
Tengo dos túneles REMOTE1 y REMOTE2. El segundo se ha caido este fin desemana y no quiere funcionar. Activé los logs y esto es lo que tiene:

¿Alguna idea?

Una vez intenté activar un tunel OpenVPN site to site y me tiró las conexiones IPsec, deshabilité el tunel OpenVPN porque no conectaba y reconecté las conexiones IPsec sin problemas. ¿Puede haber alguna relación?


Apr 25 10:53:37	charon: 13[IKE] <con1000|2009>sending DPD request
Apr 25 10:53:37	charon: 13[IKE] <con1000|2009>sending DPD request
Apr 25 10:53:37	charon: 13[ENC] <con1000|2009>generating INFORMATIONAL_V1 request 2022976848 [ HASH N(DPD) ]
Apr 25 10:53:37	charon: 13[NET] <con1000|2009>sending packet: from 192.168.150.1[4500] to REMOTE1[4500] (84 bytes)
Apr 25 10:53:37	charon: 13[NET] <con1000|2009>received packet: from REMOTE1[4500] to 192.168.150.1[4500] (84 bytes)
Apr 25 10:53:37	charon: 13[ENC] <con1000|2009>parsed INFORMATIONAL_V1 request 4201881736 [ HASH N(DPD_ACK) ]
Apr 25 10:53:45	charon: 13[IKE] <2300> sending keep alive to REMOTE1[500]
Apr 25 10:53:45	charon: 13[IKE] <2300> sending keep alive to REMOTE1[500]
Apr 25 10:53:47	charon: 13[IKE] <con1000|2009>sending DPD request
Apr 25 10:53:47	charon: 13[IKE] <con1000|2009>sending DPD request
Apr 25 10:53:47	charon: 13[ENC] <con1000|2009>generating INFORMATIONAL_V1 request 400793340 [ HASH N(DPD) ]
Apr 25 10:53:47	charon: 13[NET] <con1000|2009>sending packet: from 192.168.150.1[4500] to REMOTE1[4500] (84 bytes)
Apr 25 10:53:47	charon: 13[NET] <con1000|2009>received packet: from REMOTE1[4500] to 192.168.150.1[4500] (84 bytes)
Apr 25 10:53:47	charon: 13[ENC] <con1000|2009>parsed INFORMATIONAL_V1 request 2138457174 [ HASH N(DPD_ACK) ]
Apr 25 10:53:55	charon: 13[JOB] <2300> deleting half open IKE_SA after timeout
Apr 25 10:53:57	charon: 15[IKE] <con1000|2009>sending DPD request
Apr 25 10:53:57	charon: 15[IKE] <con1000|2009>sending DPD request
Apr 25 10:53:57	charon: 15[ENC] <con1000|2009>generating INFORMATIONAL_V1 request 3453592459 [ HASH N(DPD) ]
Apr 25 10:53:57	charon: 15[NET] <con1000|2009>sending packet: from 192.168.150.1[4500] to REMOTE1[4500] (84 bytes)
Apr 25 10:53:57	charon: 15[NET] <con1000|2009>received packet: from REMOTE1[4500] to 192.168.150.1[4500] (84 bytes)
Apr 25 10:53:57	charon: 15[ENC] <con1000|2009>parsed INFORMATIONAL_V1 request 2613038798 [ HASH N(DPD_ACK) ]
Apr 25 10:54:06	charon: 15[IKE] <con2|2294>retransmit 5 of request with message ID 0
Apr 25 10:54:06	charon: 15[IKE] <con2|2294>retransmit 5 of request with message ID 0
Apr 25 10:54:06	charon: 15[NET] <con2|2294>sending packet: from 192.168.130.1[500] to REMOTE2[500] (324 bytes)
Apr 25 10:54:07	charon: 15[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:07	charon: 15[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:07	charon: 15[ENC] <con1000|2009>generating INFORMATIONAL_V1 request 1212184714 [ HASH N(DPD) ]
Apr 25 10:54:07	charon: 15[NET] <con1000|2009>sending packet: from 192.168.150.1[4500] to REMOTE1[4500] (84 bytes)
Apr 25 10:54:07	charon: 15[NET] <con1000|2009>received packet: from REMOTE1[4500] to 192.168.150.1[4500] (84 bytes)
Apr 25 10:54:07	charon: 15[ENC] <con1000|2009>parsed INFORMATIONAL_V1 request 3732841539 [ HASH N(DPD_ACK) ]
Apr 25 10:54:11	charon: 07[CFG] received stroke: terminate 'con2'
Apr 25 10:54:11	charon: 15[IKE] <con2|2294>destroying IKE_SA in state CONNECTING without notification
Apr 25 10:54:11	charon: 15[IKE] <con2|2294>destroying IKE_SA in state CONNECTING without notification
Apr 25 10:54:11	charon: 04[CFG] received stroke: initiate 'con2'
Apr 25 10:54:11	charon: 07[IKE] <con2|2301>initiating IKE_SA con2[2301] to REMOTE2
Apr 25 10:54:11	charon: 07[IKE] <con2|2301>initiating IKE_SA con2[2301] to REMOTE2
Apr 25 10:54:11	charon: 07[ENC] <con2|2301>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
Apr 25 10:54:11	charon: 07[NET] <con2|2301>sending packet: from 192.168.130.1[500] to REMOTE2[500] (324 bytes)
Apr 25 10:54:15	charon: 07[IKE] <con2|2301>retransmit 1 of request with message ID 0
Apr 25 10:54:15	charon: 07[IKE] <con2|2301>retransmit 1 of request with message ID 0
Apr 25 10:54:15	charon: 07[NET] <con2|2301>sending packet: from 192.168.130.1[500] to REMOTE2[500] (324 bytes)
Apr 25 10:54:17	charon: 07[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:17	charon: 07[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:17	charon: 07[ENC] <con1000|2009>generating INFORMATIONAL_V1 request 2973678887 [ HASH N(DPD) ]
Apr 25 10:54:17	charon: 07[NET] <con1000|2009>sending packet: from 192.168.150.1[4500] to REMOTE1[4500] (84 bytes)
Apr 25 10:54:17	charon: 07[NET] <con1000|2009>received packet: from REMOTE1[4500] to 192.168.150.1[4500] (84 bytes)
Apr 25 10:54:17	charon: 07[ENC] <con1000|2009>parsed INFORMATIONAL_V1 request 939179093 [ HASH N(DPD_ACK) ]
Apr 25 10:54:22	charon: 12[IKE] <con2|2301>retransmit 2 of request with message ID 0
Apr 25 10:54:22	charon: 12[IKE] <con2|2301>retransmit 2 of request with message ID 0
Apr 25 10:54:22	charon: 12[NET] <con2|2301>sending packet: from 192.168.130.1[500] to REMOTE2[500] (324 bytes)
Apr 25 10:54:27	charon: 12[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:27	charon: 12[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:27	charon: 12[ENC] <con1000|2009>generating INFORMATIONAL_V1 request 2180186270 [ HASH N(DPD) ]
Apr 25 10:54:27	charon: 12[NET] <con1000|2009>sending packet: from 192.168.150.1[4500] to REMOTE1[4500] (84 bytes)
Apr 25 10:54:27	charon: 12[NET] <con1000|2009>received packet: from REMOTE1[4500] to 192.168.150.1[4500] (84 bytes)
Apr 25 10:54:27	charon: 12[ENC] <con1000|2009>parsed INFORMATIONAL_V1 request 3393194558 [ HASH N(DPD_ACK) ]
Apr 25 10:54:35	charon: 12[IKE] <con2|2301>retransmit 3 of request with message ID 0
Apr 25 10:54:35	charon: 12[IKE] <con2|2301>retransmit 3 of request with message ID 0
Apr 25 10:54:35	charon: 12[NET] <con2|2301>sending packet: from 192.168.130.1[500] to REMOTE2[500] (324 bytes)
Apr 25 10:54:36	charon: 12[NET] <2302> received packet: from REMOTE1[500] to 192.168.150.1[500] (172 bytes)
Apr 25 10:54:36	charon: 12[ENC] <2302> parsed ID_PROT request 0 [ SA V V V V V ]
Apr 25 10:54:36	charon: 12[ENC] <2302> received unknown vendor ID: 5b:36:2b:c8:20:f6:00:08
Apr 25 10:54:36	charon: 12[IKE] <2302> received NAT-T (RFC 3947) vendor ID
Apr 25 10:54:36	charon: 12[IKE] <2302> received NAT-T (RFC 3947) vendor ID
Apr 25 10:54:36	charon: 12[IKE] <2302> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Apr 25 10:54:36	charon: 12[IKE] <2302> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Apr 25 10:54:36	charon: 12[IKE] <2302> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 25 10:54:36	charon: 12[IKE] <2302> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 25 10:54:36	charon: 12[IKE] <2302> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Apr 25 10:54:36	charon: 12[IKE] <2302> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Apr 25 10:54:36	charon: 12[IKE] <2302> REMOTE1 is initiating a Main Mode IKE_SA
Apr 25 10:54:36	charon: 12[IKE] <2302> REMOTE1 is initiating a Main Mode IKE_SA
Apr 25 10:54:36	charon: 12[ENC] <2302> generating ID_PROT response 0 [ SA V V V V ]
Apr 25 10:54:36	charon: 12[NET] <2302> sending packet: from 192.168.150.1[500] to REMOTE1[500] (152 bytes)
Apr 25 10:54:36	charon: 06[NET] <2302> received packet: from REMOTE1[500] to 192.168.150.1[500] (280 bytes)
Apr 25 10:54:36	charon: 06[ENC] <2302> parsed ID_PROT request 0 [ KE NAT-D NAT-D No V V V V ]
Apr 25 10:54:36	charon: 06[ENC] <2302> received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6
Apr 25 10:54:36	charon: 06[IKE] <2302> received XAuth vendor ID
Apr 25 10:54:36	charon: 06[IKE] <2302> received XAuth vendor ID
Apr 25 10:54:36	charon: 06[ENC] <2302> received unknown vendor ID: da:8e:93:78:80:01:00:00
Apr 25 10:54:36	charon: 06[IKE] <2302> received DPD vendor ID
Apr 25 10:54:36	charon: 06[IKE] <2302> received DPD vendor ID
Apr 25 10:54:36	charon: 06[IKE] <2302> local host is behind NAT, sending keep alives
Apr 25 10:54:36	charon: 06[IKE] <2302> local host is behind NAT, sending keep alives
Apr 25 10:54:36	charon: 06[ENC] <2302> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 25 10:54:36	charon: 06[NET] <2302> sending packet: from 192.168.150.1[500] to REMOTE1[500] (236 bytes)
Apr 25 10:54:37	charon: 06[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:37	charon: 06[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:37	charon: 06[ENC] <con1000|2009>generating INFORMATIONAL_V1 request 96035541 [ HASH N(DPD) ]
Apr 25 10:54:37	charon: 06[NET] <con1000|2009>sending packet: from 192.168.150.1[4500] to REMOTE1[4500] (84 bytes)
Apr 25 10:54:37	charon: 06[NET] <con1000|2009>received packet: from REMOTE1[4500] to 192.168.150.1[4500] (84 bytes)
Apr 25 10:54:37	charon: 06[ENC] <con1000|2009>parsed INFORMATIONAL_V1 request 2018776121 [ HASH N(DPD_ACK) ]
Apr 25 10:54:47	charon: 06[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:47	charon: 06[IKE] <con1000|2009>sending DPD request
Apr 25 10:54:47	charon: 06[ENC] <con1000|2009>generating INFORMATIONAL_V1 request 1557657604 [ HASH N(DPD) ]
Apr 25 10:54:47	charon: 06[NET] <con1000|2009>sending packet: from 192.168.150.1[4500] to REMOTE1[4500] (84 bytes)
Apr 25 10:54:47	charon: 06[NET] <con1000|2009>received packet: from REMOTE1[4500] to 192.168.150.1[4500] (84 bytes)
Apr 25 10:54:47	charon: 06[ENC] <con1000|2009>parsed INFORMATIONAL_V1 request 3596244849 [ HASH N(DPD_ACK) ]</con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con2|2301></con2|2301></con2|2301></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con2|2301></con2|2301></con2|2301></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con2|2301></con2|2301></con2|2301></con2|2301></con2|2301></con2|2301></con2|2301></con2|2294></con2|2294></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con2|2294></con2|2294></con2|2294></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009></con1000|2009>

bellera

¿Cómo tienes estas opciones?

If a tunnel comes up initially, but then fails after a Phase 1 or Phase 2 expiration, try changing the following settings on both ends of the tunnel:

System > Advanced, Miscellaneous tab: uncheck Prefer Old IPsec SA (VPN > IPsec, Advanced Settings tab on pfSense 2.2+)
On the IPsec Phase 1 settings, disable NAT Traversal (NAT-T)
On the IPsec Phase 1 settings, enable DPD
On the IPsec Phase 2 settings, enter an Automaitcally Ping Host in the remote Phase 2 subnet.

https://doc.pfsense.org/index.php/IPsec_Troubleshooting#Renegotiation_Errors

Una vez intenté activar un tunel OpenVPN site to site y me tiró las conexiones IPsec

Bueno, si hiciste la prueba con las mismas subredes es posible que se liara el tema. Ambas VPN pueden coexistir.

Si te da igual emplear IPSEC u OpenVPN, te sugiero emplees la última. Normalmente se usa IPSEC porque es más conocida pero OpenVPN es más versátil.

http://es.wikipedia.org/wiki/OpenVPN#Comparaci.C3.B3n_entre_OpenVPN_e_IPsec_VPN

gersonofstone

hola

Para empezar si actualizaste de 2.1.x a 2.2.x es un problema grande, el demomio que gestiona las comunicaciones sobre ipsec en la version 2.1.x se llama raccon con la actualizcion se cambio por strongswan, al parecer tiene tiene algunas funcionalidades nuevas.. pero eso es otro cuento

Me paso lo mismo con ciertos tuneles, que tiene una ip Virtual no se si sea tu caso y con el ajuste de las reglas NAT de salida con el puerto 500

odric

De momento parece que funciona bien.

El túnel que me estaba dando problemas parece que tenía algo del otro extremo mal. Reiniciamos los dos lados y ok.
Desde que actualicé de la versión 2.2 a la 2.2.2 ha mejorado la estabilidad y los túneles funcionan. Llevo más de una semana si que se caigan.

Muchas gracias por los aportes.

bellera

Gracias también a ti por informar de la resolución.

odric

Vuelve a caerse el tunel :-\ ya no se que hacer. a ver si alguien majo sabe que pasa. 8)

Gracias

Tengo 2 tuneles configurados

Tunel con el que tengo problema, ahora está desconectado túnel 194.xx.xx.xa pero aparece como activo.
Tengo cortado el acceso a la ip 195.xx.xx.xx Pero aparecen intentos de conexión.
Por otro lado tengo otro pfsense al que no le hago los nateos en el router y conecta con el remoto. De hecho cuando falla la conexión desde este firewall tengo que conectar con el otro (si funciona, que no siempre, dejo la conexión así y genero reglas de enrutado. A veces conecta pero sin trafico y deshabilito y vuelvo a conectar desde el primero y entonces vuelve a funcionar durante un tiempo.
Pfsense 2.2.2


May 21 19:43:36	charon: 06[IKE] <59759> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:43:36	charon: 06[IKE] <59759> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:43:36	charon: 06[ENC] <59759> generating ID_PROT response 0 [ SA V V V V ]
May 21 19:43:36	charon: 06[NET] <59759> sending packet: from 192.168.150.1[500] to 195.xx.xx.xx[500] (152 bytes)
May 21 19:43:41	charon: 06[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:43:41	charon: 06[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:44:02	charon: 16[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:44:02	charon: 16[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:44:06	charon: 16[JOB] <59759> deleting half open IKE_SA after timeout
May 21 19:44:16	charon: 16[NET] <59760> received packet: from 195.xx.xx.xx[500] to 192.168.150.1[500] (216 bytes)
May 21 19:44:16	charon: 16[ENC] <59760> parsed ID_PROT request 0 [ SA V V V V V V V ]
May 21 19:44:16	charon: 16[ENC] <59760> received unknown vendor ID: 4f:45:51:7b:4f:7f:6e:65:7a:7b:43:51
May 21 19:44:16	charon: 16[IKE] <59760> received DPD vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received DPD vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received NAT-T (RFC 3947) vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received NAT-T (RFC 3947) vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:44:16	charon: 16[IKE] <59760> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:44:16	charon: 16[IKE] <59760> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:44:16	charon: 16[ENC] <59760> generating ID_PROT response 0 [ SA V V V V ]
May 21 19:44:16	charon: 16[NET] <59760> sending packet: from 192.168.150.1[500] to 195.xx.xx.xx[500] (152 bytes)
May 21 19:44:22	charon: 16[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:44:22	charon: 16[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:44:42	charon: 16[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:44:42	charon: 16[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:44:46	charon: 16[JOB] <59760> deleting half open IKE_SA after timeout
May 21 19:44:56	charon: 16[NET] <59761> received packet: from 195.xx.xx.xx[500] to 192.168.150.1[500] (216 bytes)
May 21 19:44:56	charon: 16[ENC] <59761> parsed ID_PROT request 0 [ SA V V V V V V V ]
May 21 19:44:56	charon: 16[ENC] <59761> received unknown vendor ID: 4f:45:51:7b:4f:7f:6e:65:7a:7b:43:51
May 21 19:44:56	charon: 16[IKE] <59761> received DPD vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received DPD vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received NAT-T (RFC 3947) vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received NAT-T (RFC 3947) vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:44:56	charon: 16[IKE] <59761> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:44:56	charon: 16[IKE] <59761> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:44:56	charon: 16[ENC] <59761> generating ID_PROT response 0 [ SA V V V V ]
May 21 19:44:56	charon: 16[NET] <59761> sending packet: from 192.168.150.1[500] to 195.xx.xx.xx[500] (152 bytes)
May 21 19:44:59	charon: 11[KNL] <con1000|59586>unable to query SAD entry with SPI ca1cb129: No such file or directory (2)
May 21 19:44:59	charon: 11[KNL] <con1000|59586>unable to query SAD entry with SPI 8ef432ca: No such file or directory (2)
May 21 19:45:00	charon: 11[KNL] <con1000|59586>unable to query SAD entry with SPI ca1cb129: No such file or directory (2)
May 21 19:45:00	charon: 11[KNL] <con1000|59586>unable to query SAD entry with SPI 8ef432ca: No such file or directory (2)
May 21 19:45:02	charon: 11[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:45:02	charon: 11[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:45:22	charon: 11[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:45:22	charon: 11[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:45:26	charon: 11[JOB] <59761> deleting half open IKE_SA after timeout
May 21 19:45:36	charon: 11[NET] <59762> received packet: from 195.xx.xx.xx[500] to 192.168.150.1[500] (216 bytes)
May 21 19:45:36	charon: 11[ENC] <59762> parsed ID_PROT request 0 [ SA V V V V V V V ]
May 21 19:45:36	charon: 11[ENC] <59762> received unknown vendor ID: 4f:45:51:7b:4f:7f:6e:65:7a:7b:43:51
May 21 19:45:36	charon: 11[IKE] <59762> received DPD vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received DPD vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received NAT-T (RFC 3947) vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received NAT-T (RFC 3947) vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:45:36	charon: 11[IKE] <59762> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:45:36	charon: 11[IKE] <59762> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:45:36	charon: 11[ENC] <59762> generating ID_PROT response 0 [ SA V V V V ]
May 21 19:45:36	charon: 11[NET] <59762> sending packet: from 192.168.150.1[500] to 195.xx.xx.xx[500] (152 bytes)
May 21 19:45:42	charon: 11[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:45:42	charon: 11[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:45:47	charon: 11[NET] <59762> received packet: from 195.xx.xx.xx[500] to 192.168.150.1[500] (216 bytes)
May 21 19:45:47	charon: 11[IKE] <59762> received retransmit of request with ID 0, retransmitting response
May 21 19:45:47	charon: 11[IKE] <59762> received retransmit of request with ID 0, retransmitting response
May 21 19:45:47	charon: 11[NET] <59762> sending packet: from 192.168.150.1[500] to 195.xx.xx.xx[500] (152 bytes)
May 21 19:46:02	charon: 11[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:46:02	charon: 11[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:46:02	charon: 11[KNL] <con1000|59586>unable to query SAD entry with SPI ca1cb129: No such file or directory (2)
May 21 19:46:02	charon: 11[KNL] <con1000|59586>unable to query SAD entry with SPI 8ef432ca: No such file or directory (2)
May 21 19:46:03	charon: 11[KNL] <con1000|59586>unable to query SAD entry with SPI ca1cb129: No such file or directory (2)
May 21 19:46:03	charon: 11[KNL] <con1000|59586>unable to query SAD entry with SPI 8ef432ca: No such file or directory (2)
May 21 19:46:05	charon: 07[KNL] <con1000|59586>unable to query SAD entry with SPI ca1cb129: No such file or directory (2)
May 21 19:46:05	charon: 07[KNL] <con1000|59586>unable to query SAD entry with SPI 8ef432ca: No such file or directory (2)
May 21 19:46:06	charon: 07[NET] <59762> received packet: from 195.xx.xx.xx[500] to 192.168.150.1[500] (216 bytes)
May 21 19:46:06	charon: 07[IKE] <59762> received retransmit of request with ID 0, retransmitting response
May 21 19:46:06	charon: 07[IKE] <59762> received retransmit of request with ID 0, retransmitting response
May 21 19:46:06	charon: 07[NET] <59762> sending packet: from 192.168.150.1[500] to 195.xx.xx.xx[500] (152 bytes)
May 21 19:46:06	charon: 07[JOB] <59762> deleting half open IKE_SA after timeout
May 21 19:46:22	charon: 07[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:46:22	charon: 07[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:46:42	charon: 07[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:46:42	charon: 07[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:46:46	charon: 07[NET] <59763> received packet: from 195.xx.xx.xx[500] to 192.168.150.1[500] (216 bytes)
May 21 19:46:46	charon: 07[ENC] <59763> parsed ID_PROT request 0 [ SA V V V V V V V ]
May 21 19:46:46	charon: 07[ENC] <59763> received unknown vendor ID: 4f:45:51:7b:4f:7f:6e:65:7a:7b:43:51
May 21 19:46:46	charon: 07[IKE] <59763> received DPD vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received DPD vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received NAT-T (RFC 3947) vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received NAT-T (RFC 3947) vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:46:46	charon: 07[IKE] <59763> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:46:46	charon: 07[IKE] <59763> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:46:46	charon: 07[ENC] <59763> generating ID_PROT response 0 [ SA V V V V ]
May 21 19:46:46	charon: 07[NET] <59763> sending packet: from 192.168.150.1[500] to 195.xx.xx.xx[500] (152 bytes)
May 21 19:47:02	charon: 07[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:47:02	charon: 07[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:47:16	charon: 07[JOB] <59763> deleting half open IKE_SA after timeout
May 21 19:47:22	charon: 07[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:47:22	charon: 07[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:47:24	charon: 07[KNL] <con1000|59586>unable to query SAD entry with SPI ca1cb129: No such file or directory (2)
May 21 19:47:24	charon: 07[KNL] <con1000|59586>unable to query SAD entry with SPI 8ef432ca: No such file or directory (2)
May 21 19:47:26	charon: 12[NET] <59764> received packet: from 195.xx.xx.xx[500] to 192.168.150.1[500] (216 bytes)
May 21 19:47:26	charon: 12[ENC] <59764> parsed ID_PROT request 0 [ SA V V V V V V V ]
May 21 19:47:26	charon: 12[ENC] <59764> received unknown vendor ID: 4f:45:51:7b:4f:7f:6e:65:7a:7b:43:51
May 21 19:47:26	charon: 12[IKE] <59764> received DPD vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received DPD vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received NAT-T (RFC 3947) vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received NAT-T (RFC 3947) vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
May 21 19:47:26	charon: 12[IKE] <59764> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:47:26	charon: 12[IKE] <59764> 195.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 19:47:26	charon: 12[ENC] <59764> generating ID_PROT response 0 [ SA V V V V ]
May 21 19:47:26	charon: 12[NET] <59764> sending packet: from 192.168.150.1[500] to 195.xx.xx.xx[500] (152 bytes)
May 21 19:47:42	charon: 12[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]
May 21 19:47:42	charon: 12[IKE] <con1000|59586>sending keep alive to 194.xx.xx.xa[4500]</con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586></con1000|59586>

conexiones.png_thumb

conexiones1.png_thumb

conexiones2Phase1.png_thumb

conexiones3Phase2.png_thumb