Problema com VPN IPSEC conecta apenas em uma maquina
-
Boa Tarde Pessoal, estou com um problema que nao consigo entende o que pode estar errado, tenho configurado VPN IPsec para conexoes externas de funcionarios geralmente no MacBook, tenho os usuarios cadastrados no L2TP para acessos, tudo funcionava normalmente porem agora apenas uma maquina especifica conesegeu conectar as outras nao
Alguem sabe o que poderia ser
https://imgur.com/a/isnlXut
-
@willfranco alguem conseguiria me ajudar?
-
Percebi que refazendo toda a configuração a primeira maquina que conecta na vpn fica sempre funcionando todas as demais não conecta, Exemplo maquina A é a primeira conectar depois da configuração dos túneis vai de boa a Maquina B e C nao conecta, se eu desfazer os túneis e a primeira maquina a se conectar for a B ela vai de boa e as outras não
-
log da maquina que nao conecta, alguém me da uma luz!!!!
Aug 10 17:40:51 charon 11[IKE] <13> IKE_SA (unnamed)[13] state change: CONNECTING => DESTROYING Aug 10 17:40:51 charon 11[JOB] <13> deleting half open IKE_SA with 177.58.239.34 after timeout Aug 10 17:40:44 charon 11[IKE] <13> ID_PROT request with message ID 0 processing failed Aug 10 17:40:44 charon 11[NET] <13> sending packet: from 177.68.148.144[500] to 177.58.239.34[29556] (76 bytes) Aug 10 17:40:44 charon 11[ENC] <13> generating INFORMATIONAL_V1 request 3798514334 [ HASH N(PLD_MAL) ] Aug 10 17:40:44 charon 11[IKE] <13> message parsing failed Aug 10 17:40:44 charon 11[ENC] <13> could not decrypt payloads Aug 10 17:40:44 charon 11[ENC] <13> invalid ID_V1 payload length, decryption failed? Aug 10 17:40:44 charon 11[NET] <13> received packet: from 177.58.239.34[29524] to 177.68.148.144[4500] (108 bytes) Aug 10 17:40:31 charon 11[IKE] <13> ID_PROT request with message ID 0 processing failed Aug 10 17:40:31 charon 11[NET] <13> sending packet: from 177.68.148.144[500] to 177.58.239.34[29556] (76 bytes) Aug 10 17:40:31 charon 11[ENC] <13> generating INFORMATIONAL_V1 request 2917947375 [ HASH N(PLD_MAL) ] Aug 10 17:40:31 charon 11[IKE] <13> message parsing failed Aug 10 17:40:31 charon 11[ENC] <13> could not decrypt payloads Aug 10 17:40:31 charon 11[ENC] <13> invalid ID_V1 payload length, decryption failed? Aug 10 17:40:31 charon 11[NET] <13> received packet: from 177.58.239.34[29524] to 177.68.148.144[4500] (108 bytes) Aug 10 17:40:28 charon 11[IKE] <13> ID_PROT request with message ID 0 processing failed Aug 10 17:40:28 charon 11[NET] <13> sending packet: from 177.68.148.144[500] to 177.58.239.34[29556] (76 bytes) Aug 10 17:40:28 charon 11[ENC] <13> generating INFORMATIONAL_V1 request 3688728202 [ HASH N(PLD_MAL) ] Aug 10 17:40:28 charon 11[IKE] <13> message parsing failed Aug 10 17:40:28 charon 11[ENC] <13> could not decrypt payloads Aug 10 17:40:28 charon 11[ENC] <13> invalid ID_V1 payload length, decryption failed? Aug 10 17:40:28 charon 11[NET] <13> received packet: from 177.58.239.34[29524] to 177.68.148.144[4500] (108 bytes) Aug 10 17:40:25 charon 11[IKE] <13> ID_PROT request with message ID 0 processing failed Aug 10 17:40:25 charon 11[NET] <13> sending packet: from 177.68.148.144[500] to 177.58.239.34[29556] (76 bytes) Aug 10 17:40:25 charon 11[ENC] <13> generating INFORMATIONAL_V1 request 1505104153 [ HASH N(PLD_MAL) ] Aug 10 17:40:25 charon 11[IKE] <13> message parsing failed Aug 10 17:40:25 charon 11[ENC] <13> could not decrypt payloads Aug 10 17:40:25 charon 11[ENC] <13> invalid ID_V1 payload length, decryption failed? Aug 10 17:40:25 charon 11[NET] <13> received packet: from 177.58.239.34[29524] to 177.68.148.144[4500] (108 bytes) Aug 10 17:40:22 charon 11[IKE] <13> ID_PROT request with message ID 0 processing failed Aug 10 17:40:22 charon 11[NET] <13> sending packet: from 177.68.148.144[500] to 177.58.239.34[29556] (76 bytes) Aug 10 17:40:22 charon 11[ENC] <13> generating INFORMATIONAL_V1 request 540116142 [ HASH N(PLD_MAL) ] Aug 10 17:40:22 charon 11[IKE] <13> message parsing failed Aug 10 17:40:22 charon 11[ENC] <13> could not decrypt payloads Aug 10 17:40:22 charon 11[ENC] <13> invalid ID_V1 payload length, decryption failed? Aug 10 17:40:22 charon 11[NET] <13> received packet: from 177.58.239.34[29524] to 177.68.148.144[4500] (108 bytes) Aug 10 17:40:21 charon 11[NET] <13> sending packet: from 177.68.148.144[500] to 177.58.239.34[29556] (244 bytes) Aug 10 17:40:21 charon 11[ENC] <13> generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Aug 10 17:40:21 charon 11[CFG] <13> candidate "con1", match: 1/1/28 (me/other/ike) Aug 10 17:40:21 charon 11[CFG] <13> candidate "bypasslan", match: 1/1/24 (me/other/ike) Aug 10 17:40:21 charon 11[IKE] <13> remote host is behind NAT Aug 10 17:40:21 charon 11[ENC] <13> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Aug 10 17:40:21 charon 11[NET] <13> received packet: from 177.58.239.34[29556] to 177.68.148.144[500] (228 bytes) Aug 10 17:40:21 charon 11[NET] <13> sending packet: from 177.68.148.144[500] to 177.58.239.34[29556] (160 bytes) Aug 10 17:40:21 charon 11[ENC] <13> generating ID_PROT response 0 [ SA V V V V ] Aug 10 17:40:21 charon 11[IKE] <13> sending NAT-T (RFC 3947) vendor ID Aug 10 17:40:21 charon 11[IKE] <13> sending FRAGMENTATION vendor ID Aug 10 17:40:21 charon 11[IKE] <13> sending DPD vendor ID Aug 10 17:40:21 charon 11[IKE] <13> sending XAuth vendor ID Aug 10 17:40:21 charon 11[CFG] <13> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Aug 10 17:40:21 charon 11[CFG] <13> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Aug 10 17:40:21 charon 11[CFG] <13> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024 Aug 10 17:40:21 charon 11[CFG] <13> proposal matches Aug 10 17:40:21 charon 11[CFG] <13> selecting proposal: Aug 10 17:40:21 charon 11[CFG] <13> no acceptable PSEUDO_RANDOM_FUNCTION found Aug 10 17:40:21 charon 11[CFG] <13> selecting proposal: Aug 10 17:40:21 charon 11[CFG] <13> no acceptable PSEUDO_RANDOM_FUNCTION found Aug 10 17:40:21 charon 11[CFG] <13> selecting proposal: Aug 10 17:40:21 charon 11[CFG] <13> no acceptable DIFFIE_HELLMAN_GROUP found Aug 10 17:40:21 charon 11[CFG] <13> selecting proposal: Aug 10 17:40:21 charon 11[CFG] <13> no acceptable PSEUDO_RANDOM_FUNCTION found Aug 10 17:40:21 charon 11[CFG] <13> selecting proposal: Aug 10 17:40:21 charon 11[CFG] <13> no acceptable PSEUDO_RANDOM_FUNCTION found Aug 10 17:40:21 charon 11[CFG] <13> selecting proposal: Aug 10 17:40:21 charon 11[CFG] <13> no acceptable PSEUDO_RANDOM_FUNCTION found Aug 10 17:40:21 charon 11[CFG] <13> selecting proposal: Aug 10 17:40:21 charon 11[CFG] <13> no acceptable DIFFIE_HELLMAN_GROUP found Aug 10 17:40:21 charon 11[CFG] <13> selecting proposal: Aug 10 17:40:21 charon 11[CFG] <13> no acceptable PSEUDO_RANDOM_FUNCTION found Aug 10 17:40:21 charon 11[CFG] <13> selecting proposal: Aug 10 17:40:21 charon 11[IKE] <13> IKE_SA (unnamed)[13] state change: CREATED => CONNECTING Aug 10 17:40:21 charon 11[IKE] <13> 177.58.239.34 is initiating a Main Mode IKE_SA Aug 10 17:40:21 charon 11[IKE] <13> received DPD vendor ID Aug 10 17:40:21 charon 11[IKE] <13> received FRAGMENTATION vendor ID Aug 10 17:40:21 charon 11[IKE] <13> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Aug 10 17:40:21 charon 11[IKE] <13> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Aug 10 17:40:21 charon 11[IKE] <13> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Aug 10 17:40:21 charon 11[IKE] <13> received draft-ietf-ipsec-nat-t-ike-04 vendor ID Aug 10 17:40:21 charon 11[IKE] <13> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
-
@willfranco
Boa Tarde @marcelloc consegue me auxiliar nesse quesito? -
A mensagem está cheia de erros de IPSEC.
Confere as chaves e identificadores definidos em cada um dos lados.