L2TP +IPSec VPN - Проблема
-
2.4.4
Делал все по инструкции:https://knasys.ru/4-настройка-l2tp-в-pfsense/
логи такие:
Oct 18 10:23:36 charon: 10[IKE] <44> IKE_SA (unnamed)[44] state change: CONNECTING => DESTROYING
Oct 18 10:23:36 charon: 10[NET] <44> sending packet: from Server-ip[500] to Client-ip[500] (56 bytes)
Oct 18 10:23:36 charon: 10[ENC] <44> generating INFORMATIONAL_V1 request 3604237970 [ N(INVAL_KE) ]
Oct 18 10:23:36 charon: 10[IKE] <44> activating INFORMATIONAL task
Oct 18 10:23:36 charon: 10[IKE] <44> activating new tasks
Oct 18 10:23:36 charon: 10[IKE] <44> queueing INFORMATIONAL task
Oct 18 10:23:36 charon: 10[IKE] <44> no shared key found for Server-ip - Client-ip
Oct 18 10:23:36 charon: 10[IKE] <44> no shared key found for 'Server-ip'[Server-ip] - '%any'[Client-ip]
Oct 18 10:23:36 charon: 10[CFG] <44> candidate "con-mobile", match: 1/1/28 (me/other/ike)
Oct 18 10:23:36 charon: 10[CFG] <44> candidate "bypasslan", match: 1/1/24 (me/other/ike)
Oct 18 10:23:36 charon: 10[IKE] <44> remote host is behind NAT
Oct 18 10:23:36 charon: 10[ENC] <44> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Oct 18 10:23:36 charon: 10[NET] <44> received packet: from Client-ip[500] to Server-ip[500] (388 bytes)
Oct 18 10:23:36 charon: 10[NET] <44> sending packet: from Server-ip[500] to Client-ip[500] (160 bytes)
Oct 18 10:23:36 charon: 10[ENC] <44> generating ID_PROT response 0 [ SA V V V V ]
Oct 18 10:23:36 charon: 10[IKE] <44> sending NAT-T (RFC 3947) vendor ID
Oct 18 10:23:36 charon: 10[IKE] <44> sending FRAGMENTATION vendor ID
Oct 18 10:23:36 charon: 10[IKE] <44> sending DPD vendor ID
Oct 18 10:23:36 charon: 10[IKE] <44> sending XAuth vendor ID
Oct 18 10:23:36 charon: 10[CFG] <44> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Oct 18 10:23:36 charon: 10[CFG] <44> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Oct 18 10:23:36 charon: 10[CFG] <44> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Oct 18 10:23:36 charon: 10[CFG] <44> proposal matches
Oct 18 10:23:36 charon: 10[CFG] <44> selecting proposal:
Oct 18 10:23:36 charon: 10[CFG] <44> no acceptable ENCRYPTION_ALGORITHM found
Oct 18 10:23:36 charon: 10[CFG] <44> selecting proposal:
Oct 18 10:23:36 charon: 10[CFG] <44> no acceptable DIFFIE_HELLMAN_GROUP found
Oct 18 10:23:36 charon: 10[CFG] <44> selecting proposal:
Oct 18 10:23:36 charon: 10[IKE] <44> IKE_SA (unnamed)[44] state change: CREATED => CONNECTING
Oct 18 10:23:36 charon: 10[IKE] <44> Client-ip is initiating a Main Mode IKE_SA
Oct 18 10:23:36 charon: 10[ENC] <44> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Oct 18 10:23:36 charon: 10[ENC] <44> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Oct 18 10:23:36 charon: 10[ENC] <44> received unknown vendor ID: fb:1d:e3f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Oct 18 10:23:36 charon: 10[IKE] <44> received FRAGMENTATION vendor ID
Oct 18 10:23:36 charon: 10[IKE] <44> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Oct 18 10:23:36 charon: 10[IKE] <44> received NAT-T (RFC 3947) vendor ID
Oct 18 10:23:36 charon: 10[IKE] <44> received MS NT5 ISAKMPOAKLEY vendor ID
Oct 18 10:23:36 charon: 10[ENC] <44> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
Oct 18 10:23:36 charon: 10[CFG] <44> found matching ike config: %any...%any with prio 28
Oct 18 10:23:36 charon: 10[CFG] <44> c -
Доброго.
Почему ipsec?
Если оба конца поддерживают openvpn - пользуйте его. Он гибче, удобнее в настройках и управлении. -
@werter Пока не ясно ,в чем проблема ))) Виден только кусок лога 1 фазы
и задача , стоящая перед ТС , тоже не понятнаP.S.
для ТС
попробуйте настроить вот по этой инструкции
https://www.netgate.com/docs/pfsense/vpn/ipsec/l2tp-ipsec.htmlи обратите внимание про текст для клиентов Windows за NAT . Возможно , это Ваш случай