Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Загадочное поведение Ipsec Pre-Shared Key.

    Scheduled Pinned Locked Moved Russian
    28 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Konstanti @JonnyDy
      last edited by

      @JonnyDy
      Здр
      PFSense сам создает конфиги для IPSEC соединения . Чтобы посмотреть что у Вас получается в результате работы PF , откройте файл
      /var/etc/ipsec/ipsec.secrets

      так Вы сможете узнать , какие PSK должны быть использованы Strongswan-ом .

      1 Reply Last reply Reply Quote 0
      • J
        JonnyDy
        last edited by

        Они в зашифровоном виде? С Pre-Shared Key не совпадают. Но по ним подключится тоже не могу.

        K 1 Reply Last reply Reply Quote 0
        • K
          Konstanti @JonnyDy
          last edited by Konstanti

          @JonnyDy
          Нет
          они должны полностью совпадать с теми PSK , которые Вам сгенерировал PF при настройке IPSEC

          p.s. Сорри - отличаются ( похоже, что PF использует кодировку Base64 от реального PSK)

          J 1 Reply Last reply Reply Quote 0
          • J
            JonnyDy @Konstanti
            last edited by

            @Konstanti На хэш-сумму не похоже.

            K 1 Reply Last reply Reply Quote 0
            • K
              Konstanti @JonnyDy
              last edited by

              @JonnyDy
              Base64 , скорее всего

              J 1 Reply Last reply Reply Quote 0
              • J
                JonnyDy @Konstanti
                last edited by

                @Konstanti said in Загадочное поведение Ipsec Pre-Shared Key.:

                Base64

                Подходит, только в начале стоит 0s Тогда пароли совпадают.

                K 1 Reply Last reply Reply Quote 0
                • K
                  Konstanti @JonnyDy
                  last edited by

                  @JonnyDy

                  Alternatively, preshared secrets can be represented as hexadecimal or Base64 encoded binary values. A character sequence beginning with 0x is interpreted as sequence hexadecimal digits. Similarly, a character sequence beginning with 0s is interpreted as Base64 encoded binary data.

                  Тогда надо логи смотреть , что не нравится Strongswan-у

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    JonnyDy @Konstanti
                    last edited by JonnyDy

                    @Konstanti /var/log/ipsec.log

                    Jan 22 18:08:16 pf charon: 14[ENC] <90> received unknown vendor ID: 01:52:8b:bb:9a:1c:5b:2a:51:00:00:00:01
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> received MS NT5 ISAKMPOAKLEY vendor ID
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> received NAT-T (RFC 3947) vendor ID
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> received FRAGMENTATION vendor ID
                    Jan 22 18:08:16 pf charon: 14[ENC] <90> received unknown vendor ID: fb:1d:e3💿e5:be:08:55:f1:20
                    Jan 22 18:08:16 pf charon: 14[ENC] <90> received unknown vendor ID: 26:24:4d:38:2a:36:e3:d0:cf:b8:19
                    Jan 22 18:08:16 pf charon: 14[ENC] <90> received unknown vendor ID: e3:a5:96:6a:82:31:e5:ce:86:52
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> KLIENT is initiating a Main Mode IKE_SA
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> IKE_SA (unnamed)[90] state change: CREATED => CONNECTING
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> selecting proposal:
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> no acceptable ENCRYPTION_ALGORITHM found
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> selecting proposal:
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> no acceptable ENCRYPTION_ALGORITHM found
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> selecting proposal:
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> no acceptable ENCRYPTION_ALGORITHM found
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> selecting proposal:
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> no acceptable DIFFIE_HELLMAN_GROUP found
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> selecting proposal:
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> proposal matches
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> sending XAuth vendor ID
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> sending DPD vendor ID
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> sending FRAGMENTATION vendor ID
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> sending NAT-T (RFC 3947) vendor ID
                    Jan 22 18:08:16 pf charon: 14[ENC] <90> generating ID_PROT response 0 [ SA V V V V ]
                    Jan 22 18:08:16 pf charon: 14[NET] <90> sending packet: from Server[500] to KLIENT[500] (156 bytes)
                    Jan 22 18:08:16 pf charon: 14[NET] <90> received packet: from KLIENT500] to Server[500] (260 bytes)
                    Jan 22 18:08:16 pf charon: 14[ENC] <90> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> remote host is behind NAT
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> candidate "bypasslan", match: 1/1/24 (me/other/ike)
                    Jan 22 18:08:16 pf charon: 14[CFG] <90> candidate "con-mobile", match: 1/1/28 (me/other/ike)
                    Jan 22 18:08:16 pf charon: 14[ENC] <90> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
                    Jan 22 18:08:16 pf charon: 14[NET] <90> sending packet: from Server[500] to KLIENT[500] (244 bytes)
                    Jan 22 18:08:16 pf charon: 14[NET] <90> received packet: from KLIENT[4500] to Server[4500] (68 bytes)
                    Jan 22 18:08:16 pf charon: 14[ENC] <90> invalid ID_V1 payload length, decryption failed?
                    Jan 22 18:08:16 pf charon: 14[ENC] <90> could not decrypt payloads
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> message parsing failed
                    Jan 22 18:08:16 pf charon: 14[ENC] <90> generating INFORMATIONAL_V1 request 1325909676 [ HASH N(PLD_MAL) ]
                    Jan 22 18:08:16 pf charon: 14[NET] <90> sending packet: from Server[500] to KLIENT[500] (68 bytes)
                    Jan 22 18:08:16 pf charon: 14[IKE] <90> ID_PROT request with message ID 0 processing failed
                    Jan 22 18:08:17 pf charon: 14[NET] <90> received packet: from 1 KLIENT[4500] to Server[4500] (68 bytes)
                    Jan 22 18:08:17 pf charon: 14[ENC] <90> invalid ID_V1 payload length, decryption failed?
                    Jan 22 18:08:17 pf charon: 14[ENC] <90> could not decrypt payloads
                    Jan 22 18:08:17 pf charon: 14[IKE] <90> message parsing failed
                    Jan 22 18:08:17 pf charon: 14[ENC] <90> generating INFORMATIONAL_V1 request 4289034320 [ HASH N(PLD_MAL) ]
                    Jan 22 18:08:17 pf charon: 14[NET] <90> sending packet: from Server[500] to KLIENT[500] (68 bytes)
                    Jan 22 18:08:17 pf charon: 14[IKE] <90> ID_PROT request with message ID 0 processing failed
                    Jan 22 18:08:18 pf charon: 16[NET] <90> received packet: from KLIENT[4500] to Server[4500] (68 bytes)
                    Jan 22 18:08:18 pf charon: 16[ENC] <90> invalid ID_V1 payload length, decryption failed?
                    Jan 22 18:08:18 pf charon: 16[ENC] <90> could not decrypt payloads
                    Jan 22 18:08:18 pf charon: 16[IKE] <90> message parsing failed
                    Jan 22 18:08:18 pf charon: 16[ENC] <90> generating INFORMATIONAL_V1 request 3361913591 [ HASH N(PLD_MAL) ]
                    Jan 22 18:08:18 pf charon: 16[NET] <90> sending packet: from Server[500] to KLIENT[500] (68 bytes)
                    Jan 22 18:08:18 pf charon: 16[IKE] <90> ID_PROT request with message ID 0 processing failed
                    Jan 22 18:08:19 pf charon: 16[CFG] vici client 2381 connected
                    Jan 22 18:08:19 pf charon: 10[CFG] vici client 2381 registered for: list-sa
                    Jan 22 18:08:19 pf charon: 16[CFG] vici client 2381 requests: list-sas
                    Jan 22 18:08:19 pf charon: 16[CFG] vici client 2381 disconnected
                    Jan 22 18:08:21 pf charon: 16[NET] <90> received packet: from KLIENT[4500] to Server[4500] (68 bytes)
                    Jan 22 18:08:21 pf charon: 16[ENC] <90> invalid ID_V1 payload length, decryption failed?
                    Jan 22 18:08:21 pf charon: 16[ENC] <90> could not decrypt payloads
                    Jan 22 18:08:21 pf charon: 16[IKE] <90> message parsing failed
                    Jan 22 18:08:21 pf charon: 16[ENC] <90> generating INFORMATIONAL_V1 request 4089164931 [ HASH N(PLD_MAL) ]
                    Jan 22 18:08:21 pf charon: 16[NET] <90> sending packet: from Server[500] to KLIENT[500] (68 bytes)
                    Jan 22 18:08:21 pf charon: 16[IKE] <90> ID_PROT request with message ID 0 processing failed
                    Jan 22 18:08:24 pf charon: 16[NET] <90> received packet: from KLIENT[4500] to Server[4500] (68 bytes)
                    Jan 22 18:08:24 pf charon: 16[ENC] <90> invalid ID_V1 payload length, decryption failed?
                    Jan 22 18:08:24 pf charon: 16[ENC] <90> could not decrypt payloads
                    Jan 22 18:08:24 pf charon: 16[IKE] <90> message parsing failed
                    Jan 22 18:08:24 pf charon: 16[ENC] <90> generating INFORMATIONAL_V1 request 4075989469 [ HASH N(PLD_MAL) ]
                    Jan 22 18:08:24 pf charon: 16[NET] <90> sending packet: from Server[500] to KLIENT[500] (68 bytes)
                    Jan 22 18:08:24 pf charon: 16[IKE] <90> ID_PROT request with message ID 0 processing failed
                    Jan 22 18:08:27 pf charon: 16[NET] <90> received packet: from KLIENT[4500] to Server[4500] (68 bytes)
                    Jan 22 18:08:27 pf charon: 16[ENC] <90> invalid ID_V1 payload length, decryption failed?
                    Jan 22 18:08:27 pf charon: 16[ENC] <90> could not decrypt payloads
                    Jan 22 18:08:27 pf charon: 16[IKE] <90> message parsing failed
                    Jan 22 18:08:27 pf charon: 16[ENC] <90> generating INFORMATIONAL_V1 request 1570864920 [ HASH N(PLD_MAL) ]
                    Jan 22 18:08:27 pf charon: 16[NET] <90> sending packet: from Server[500] to KLIENT[500] (68 bytes)
                    Jan 22 18:08:27 pf charon: 16[IKE] <90> ID_PROT request with message ID 0 processing failed
                    Jan 22 18:08:30 pf charon: 16[NET] <90> received packet: from KLIENT[4500] to Server[4500] (68 bytes)
                    Jan 22 18:08:30 pf charon: 16[ENC] <90> invalid ID_V1 payload length, decryption failed?
                    Jan 22 18:08:30 pf charon: 16[ENC] <90> could not decrypt payloads
                    Jan 22 18:08:30 pf charon: 16[IKE] <90> message parsing failed
                    Jan 22 18:08:30 pf charon: 16[ENC] <90> generating INFORMATIONAL_V1 request 4140701050 [ HASH N(PLD_MAL) ]
                    Jan 22 18:08:30 pf charon: 16[NET] <90> sending packet: from Server[500] to KLIENT[500] (68 bytes)
                    Jan 22 18:08:30 pf charon: 16[IKE] <90> ID_PROT request with message ID 0 processing failed
                    Jan 22 18:08:33 pf charon: 05[CFG] vici client 2382 connected
                    Jan 22 18:08:33 pf charon: 12[CFG] vici client 2382 registered for: list-sa
                    Jan 22 18:08:33 pf charon: 12[CFG] vici client 2382 requests: list-sas
                    Jan 22 18:08:33 pf charon: 12[CFG] vici client 2382 disconnected
                    Jan 22 18:08:33 pf charon: 13[NET] <90> received packet: from KLIENT[4500] to Server[4500] (68 bytes)
                    Jan 22 18:08:33 pf charon: 13[ENC] <90> invalid ID_V1 payload length, decryption failed?
                    Jan 22 18:08:33 pf charon: 13[ENC] <90> could not decrypt payloads
                    Jan 22 18:08:33 pf charon: 13[IKE] <90> message parsing failed
                    Jan 22 18:08:33 pf charon: 13[ENC] <90> generating INFORMATIONAL_V1 request 1943284029 [ HASH N(PLD_MAL) ]
                    Jan 22 18:08:33 pf charon: 13[NET] <90> sending packet: from Server[500] to KLIENT[500] (68 bytes)
                    Jan 22 18:08:33 pf charon: 13[IKE] <90> ID_PROT request with message ID 0 processing failed
                    Jan 22 18:08:46 pf charon: 13[JOB] <90> deleting half open IKE_SA with KLIENT after timeout
                    Jan 22 18:08:46 pf charon: 13[IKE] <90> IKE_SA (unnamed)[90] state change: CONNECTING => DESTROYING
                    Jan 22 18:08:48 pf charon: 13[CFG] vici client 2383 connected
                    Jan 22 18:08:48 pf charon: 15[CFG] vici client 2383 registered for: list-sa
                    Jan 22 18:08:48 pf charon: 05[CFG] vici client 2383 requests: list-sas
                    Jan 22 18:08:48 pf charon: 05[CFG] vici client 2383 disconnected
                    Jan 22 18:09:02 pf charon: 06[CFG] vici client 2384 connected
                    Jan 22 18:09:02 pf charon: 11[CFG] vici client 2384 registered for: list-sa
                    Jan 22 18:09:02 pf charon: 06[CFG] vici client 2384 requests: list-sas
                    Jan 22 18:09:02 pf charon: 01[CFG] vici client 2384 disconnected
                    Jan 22 18:09:17 pf charon: 01[CFG] vici client 2385 connected
                    Jan 22 18:09:17 pf charon: 15[CFG] vici client 2385 registered for: list-sa
                    Jan 22 18:09:17 pf charon: 15[CFG] vici client 2385 requests: list-sas
                    Jan 22 18:09:17 pf charon: 15[CFG] vici client 2385 disconnected
                    Jan 22 18:09:33 pf charon: 09[CFG] vici client 2386 connected
                    Jan 22 18:09:33 pf charon: 09[CFG] vici client 2386 registered for: list-sa
                    Jan 22 18:09:33 pf charon: 08[CFG] vici client 2386 requests: list-sas
                    Jan 22 18:09:33 pf charon: 08[CFG] vici client 2386 disconnected
                    Jan 22 18:09:47 pf charon: 01[CFG] vici client 2387 connected
                    Jan 22 18:09:47 pf charon: 14[CFG] vici client 2387 registered for: list-sa
                    Jan 22 18:09:47 pf charon: 14[CFG] vici client 2387 requests: list-sas
                    Jan 22 18:09:47 pf charon: 14[CFG] vici client 2387 disconnected
                    Jan 22 18:10:01 pf charon: 01[CFG] vici client 2388 connected
                    Jan 22 18:10:01 pf charon: 16[CFG] vici client 2388 registered for: list-sa
                    Jan 22 18:10:01 pf charon: 16[CFG] vici client 2388 requests: list-sas
                    Jan 22 18:10:01 pf charon: 16[CFG] vici client 2388 disconnected
                    Jan 22 18:10:15 pf charon: 10[CFG] vici client 2389 connected
                    Jan 22 18:10:15 pf charon: 12[CFG] vici client 2389 registered for: list-sa
                    Jan 22 18:10:15 pf charon: 12[CFG] vici client 2389 requests: list-sas
                    Jan 22 18:10:15 pf charon: 12[CFG] vici client 2389 disconnected
                    d not decrypt payloads

                    K 1 Reply Last reply Reply Quote 0
                    • K
                      Konstanti @JonnyDy
                      last edited by

                      @JonnyDy
                      Попробуйте , ради интереса , упростить PSK
                      Например , убрать специальные символы , оставив только буквы и цифры

                      J 1 Reply Last reply Reply Quote 0
                      • J
                        JonnyDy @Konstanti
                        last edited by

                        @Konstanti Делал 123456789. Не помогло. И что они по очереди работают необъяснимо.

                        1 Reply Last reply Reply Quote 0
                        • werterW
                          werter
                          last edited by

                          Добрый.
                          @JonnyDy
                          Если тут https://redmine.pfsense.org/projects/pfsense/roadmap по слову "ipsec" вашей проблемы нет, то:

                          1. Это новый баг.
                          2. Это неверные настройки.

                          Версия пф?

                          K J 2 Replies Last reply Reply Quote 0
                          • K
                            Konstanti @werter
                            last edited by

                            @JonnyDy
                            Такое впечатление , что загружается только один из 2-х PSK.
                            Вам надо посмотреть логи при старте IPSEC , не ругается ли Strongswan на что-нибудь

                            Я бы тут рекомендовал вручную перезапустить Strongswan и глянуть логи инициализации.
                            Такое ощущение , что он по какой-то причине только 1 PSK из 2-х использует.

                            J 1 Reply Last reply Reply Quote 0
                            • J
                              JonnyDy @Konstanti
                              last edited by

                              @Konstanti Лог с низу в верх - перезапуск службы, удачное подключение с 1м ключем, неудачное со 2м.

                              Jan 23 18:58:04 charon 10[IKE] <97> ID_PROT request with message ID 0 processing failed
                              Jan 23 18:58:04 charon 10[NET] <97> sending packet: from Server[500] to Client[26012] (68 bytes)
                              Jan 23 18:58:04 charon 10[ENC] <97> generating INFORMATIONAL_V1 request 2924403268 [ HASH N(PLD_MAL) ]
                              Jan 23 18:58:04 charon 10[IKE] <97> message parsing failed
                              Jan 23 18:58:04 charon 10[ENC] <97> could not decrypt payloads
                              Jan 23 18:58:04 charon 10[ENC] <97> invalid ID_V1 payload length, decryption failed?
                              Jan 23 18:58:04 charon 10[NET] <97> received packet: from Client[26014] to Server[4500] (68 bytes)
                              Jan 23 18:58:01 charon 10[IKE] <97> ID_PROT request with message ID 0 processing failed
                              Jan 23 18:58:01 charon 10[NET] <97> sending packet: from Server[500] to Client[26012] (68 bytes)
                              Jan 23 18:58:01 charon 10[ENC] <97> generating INFORMATIONAL_V1 request 2724655533 [ HASH N(PLD_MAL) ]
                              Jan 23 18:58:01 charon 10[IKE] <97> message parsing failed
                              Jan 23 18:58:01 charon 10[ENC] <97> could not decrypt payloads
                              Jan 23 18:58:01 charon 10[ENC] <97> invalid ID_V1 payload length, decryption failed?
                              Jan 23 18:58:01 charon 10[NET] <97> received packet: from Client[26014] to Server[4500] (68 bytes)
                              Jan 23 18:57:58 charon 10[IKE] <97> ID_PROT request with message ID 0 processing failed
                              Jan 23 18:57:58 charon 10[NET] <97> sending packet: from Server[500] to Client[26012] (68 bytes)
                              Jan 23 18:57:58 charon 10[ENC] <97> generating INFORMATIONAL_V1 request 3647127006 [ HASH N(PLD_MAL) ]
                              Jan 23 18:57:58 charon 10[IKE] <97> message parsing failed
                              Jan 23 18:57:58 charon 10[ENC] <97> could not decrypt payloads
                              Jan 23 18:57:58 charon 10[ENC] <97> invalid ID_V1 payload length, decryption failed?
                              Jan 23 18:57:58 charon 10[NET] <97> received packet: from Client[26014] to Server[4500] (68 bytes)
                              Jan 23 18:57:57 charon 10[IKE] <97> ID_PROT request with message ID 0 processing failed
                              Jan 23 18:57:57 charon 10[NET] <97> sending packet: from Server[500] to Client[26012] (68 bytes)
                              Jan 23 18:57:57 charon 10[ENC] <97> generating INFORMATIONAL_V1 request 2049160632 [ HASH N(PLD_MAL) ]
                              Jan 23 18:57:57 charon 10[IKE] <97> message parsing failed
                              Jan 23 18:57:57 charon 10[ENC] <97> could not decrypt payloads
                              Jan 23 18:57:57 charon 10[ENC] <97> invalid ID_V1 payload length, decryption failed?
                              Jan 23 18:57:57 charon 10[NET] <97> received packet: from Client[26014] to Server[4500] (68 bytes)
                              Jan 23 18:57:56 charon 10[IKE] <97> ID_PROT request with message ID 0 processing failed
                              Jan 23 18:57:56 charon 10[NET] <97> sending packet: from Server[500] to Client[26012] (68 bytes)
                              Jan 23 18:57:56 charon 10[ENC] <97> generating INFORMATIONAL_V1 request 2904458322 [ HASH N(PLD_MAL) ]
                              Jan 23 18:57:56 charon 10[IKE] <97> message parsing failed
                              Jan 23 18:57:56 charon 10[ENC] <97> could not decrypt payloads
                              Jan 23 18:57:56 charon 10[ENC] <97> invalid ID_V1 payload length, decryption failed?
                              Jan 23 18:57:56 charon 10[NET] <97> received packet: from Client[26014] to Server[4500] (68 bytes)
                              Jan 23 18:57:56 charon 10[NET] <97> sending packet: from Server[500] to Client[26012] (244 bytes)
                              Jan 23 18:57:56 charon 10[ENC] <97> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
                              Jan 23 18:57:56 charon 10[CFG] <97> candidate "con-mobile", match: 1/1/28 (me/other/ike)
                              Jan 23 18:57:56 charon 10[CFG] <97> candidate "bypasslan", match: 1/1/24 (me/other/ike)
                              Jan 23 18:57:56 charon 10[IKE] <97> remote host is behind NAT
                              Jan 23 18:57:56 charon 10[ENC] <97> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
                              Jan 23 18:57:56 charon 10[NET] <97> received packet: from Client[26012] to Server[500] (260 bytes)
                              Jan 23 18:57:55 charon 10[NET] <97> sending packet: from Server[500] to Client[26012] (156 bytes)
                              Jan 23 18:57:55 charon 10[ENC] <97> generating ID_PROT response 0 [ SA V V V V ]
                              Jan 23 18:57:55 charon 10[IKE] <97> sending NAT-T (RFC 3947) vendor ID
                              Jan 23 18:57:55 charon 10[IKE] <97> sending FRAGMENTATION vendor ID
                              Jan 23 18:57:55 charon 10[IKE] <97> sending DPD vendor ID
                              Jan 23 18:57:55 charon 10[IKE] <97> sending XAuth vendor ID
                              Jan 23 18:57:55 charon 10[CFG] <97> selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                              Jan 23 18:57:55 charon 10[CFG] <97> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                              Jan 23 18:57:55 charon 10[CFG] <97> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                              Jan 23 18:57:55 charon 10[CFG] <97> proposal matches
                              Jan 23 18:57:55 charon 10[CFG] <97> selecting proposal:
                              Jan 23 18:57:55 charon 10[CFG] <97> no acceptable DIFFIE_HELLMAN_GROUP found
                              Jan 23 18:57:55 charon 10[CFG] <97> selecting proposal:
                              Jan 23 18:57:55 charon 10[CFG] <97> no acceptable ENCRYPTION_ALGORITHM found
                              Jan 23 18:57:55 charon 10[CFG] <97> selecting proposal:
                              Jan 23 18:57:55 charon 10[CFG] <97> no acceptable ENCRYPTION_ALGORITHM found
                              Jan 23 18:57:55 charon 10[CFG] <97> selecting proposal:
                              Jan 23 18:57:55 charon 10[CFG] <97> no acceptable ENCRYPTION_ALGORITHM found
                              Jan 23 18:57:55 charon 10[CFG] <97> selecting proposal:
                              Jan 23 18:57:55 charon 10[IKE] <97> IKE_SA (unnamed)[97] state change: CREATED => CONNECTING
                              Jan 23 18:57:55 charon 10[IKE] <97> Client is initiating a Main Mode IKE_SA
                              Jan 23 18:57:55 charon 10[ENC] <97> received unknown vendor ID: e3:a5:96:6a:76:1:e5:ce:86:52
                              Jan 23 18:57:55 charon 10[ENC] <97> received unknown vendor ID: 26:24:4d:38:ed:d:e3:d0:cf:b8:19
                              Jan 23 18:57:55 charon 10[ENC] <97> received unknown vendor ID: fb:1d:e3💿f3:4e5:be:08:55:f1:20
                              Jan 23 18:57:55 charon 10[IKE] <97> received FRAGMENTATION vendor ID
                              Jan 23 18:57:55 charon 10[IKE] <97> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
                              Jan 23 18:57:55 charon 10[IKE] <97> received NAT-T (RFC 3947) vendor ID
                              Jan 23 18:57:55 charon 10[IKE] <97> received MS NT5 ISAKMPOAKLEY vendor ID
                              Jan 23 18:57:55 charon 10[ENC] <97> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
                              Jan 23 18:57:55 charon 10[CFG] <97> found matching ike config: %any...%any with prio 28
                              Jan 23 18:57:55 charon 10[CFG] <97> candidate: %any...%any, prio 28
                              Jan 23 18:57:55 charon 10[CFG] <97> candidate: %any...%any, prio 24
                              Jan 23 18:57:55 charon 10[CFG] <97> looking for an IKEv1 config for Server...Client
                              Jan 23 18:57:55 charon 10[ENC] <97> parsed ID_PROT request 0 [ SA V V V V V V V V ]
                              Jan 23 18:57:55 charon 10[NET] <97> received packet: from Client[26012] to Server[500] (408 bytes)
                              Jan 23 18:56:57 charon 08[IKE] <con-mobile|96> IKE_SA con-mobile[96] state change: DELETING => DESTROYING
                              Jan 23 18:56:57 charon 08[IKE] <con-mobile|96> IKE_SA con-mobile[96] state change: DELETING => DELETING
                              Jan 23 18:56:57 charon 08[IKE] <con-mobile|96> IKE_SA con-mobile[96] state change: ESTABLISHED => DELETING
                              Jan 23 18:56:57 charon 08[IKE] <con-mobile|96> deleting IKE_SA con-mobile[96] between Server[Server]...Client[10.0.1.2]
                              Jan 23 18:56:57 charon 08[IKE] <con-mobile|96> received DELETE for IKE_SA con-mobile[96]
                              Jan 23 18:56:57 charon 08[ENC] <con-mobile|96> parsed INFORMATIONAL_V1 request 1852228707 [ HASH D ]
                              Jan 23 18:56:57 charon 08[NET] <con-mobile|96> received packet: from Client[26014] to Server[4500] (84 bytes)
                              Jan 23 18:56:57 charon 10[CHD] <con-mobile|96> CHILD_SA con-mobile{53} state change: DELETED => DESTROYING
                              Jan 23 18:56:57 charon 10[CHD] <con-mobile|96> CHILD_SA con-mobile{53} state change: DELETING => DELETED
                              Jan 23 18:56:57 charon 10[IKE] <con-mobile|96> closing CHILD_SA con-mobile{53} with SPIs c7c2ff98_i (15216 bytes) d7287faa_o (2416 bytes) and TS Server/32|/0[udp/l2f] === Client/32|/0[udp/l2f]
                              Jan 23 18:56:57 charon 10[CHD] <con-mobile|96> CHILD_SA con-mobile{53} state change: INSTALLED => DELETING
                              Jan 23 18:56:57 charon 10[IKE] <con-mobile|96> received DELETE for ESP CHILD_SA with SPI d7287faa
                              Jan 23 18:56:57 charon 10[ENC] <con-mobile|96> parsed INFORMATIONAL_V1 request 38628092 [ HASH D ]
                              Jan 23 18:56:57 charon 10[NET] <con-mobile|96> received packet: from Client[26014] to Server[4500] (76 bytes)
                              Jan 23 18:56:53 charon 05[KNL] interface l2tp1 disappeared
                              Jan 23 18:56:53 charon 05[KNL] interface l2tp1 deactivated
                              Jan 23 18:56:53 charon 05[KNL] LANdisappeared from l2tp1
                              Jan 23 18:56:53 charon 15[KNL] interface l2tp1 appeared
                              Jan 23 18:56:48 charon 15[KNL] interface ng0 disappeared
                              Jan 23 18:56:48 charon 15[KNL] fe80::250:56ff:fe00:a908 appeared on ng0
                              Jan 23 18:56:48 charon 11[KNL] LANappeared on ng0
                              Jan 23 18:56:48 charon 11[KNL] interface ng0 appeared
                              Jan 23 18:56:48 charon 11[CHD] <con-mobile|96> CHILD_SA con-mobile{53} state change: INSTALLING => INSTALLED
                              Jan 23 18:56:48 charon 11[IKE] <con-mobile|96> CHILD_SA con-mobile{53} established with SPIs c7c2ff98_i d7287faa_o and TS Server/32|/0[udp/l2f] === Client/32|/0[udp/l2f]
                              Jan 23 18:56:48 charon 11[CHD] <con-mobile|96> SPI 0xd7287faa, src Server dst Client
                              Jan 23 18:56:48 charon 11[CHD] <con-mobile|96> adding outbound ESP SA
                              Jan 23 18:56:48 charon 11[CHD] <con-mobile|96> SPI 0xc7c2ff98, src Client dst Server
                              Jan 23 18:56:48 charon 11[CHD] <con-mobile|96> adding inbound ESP SA
                              Jan 23 18:56:48 charon 11[CHD] <con-mobile|96> using HMAC_SHA1_96 for integrity
                              Jan 23 18:56:48 charon 11[CHD] <con-mobile|96> using AES_CBC for encryption
                              Jan 23 18:56:48 charon 11[CHD] <con-mobile|96> CHILD_SA con-mobile{53} state change: CREATED => INSTALLING
                              Jan 23 18:56:48 charon 11[ENC] <con-mobile|96> parsed QUICK_MODE request 1 [ HASH ]
                              Jan 23 18:56:48 charon 11[NET] <con-mobile|96> received packet: from Client[26014] to Server[4500] (60 bytes)
                              Jan 23 18:56:48 charon 11[NET] <con-mobile|96> sending packet: from Server[4500] to Client[26014] (204 bytes)
                              Jan 23 18:56:48 charon 11[ENC] <con-mobile|96> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
                              Jan 23 18:56:48 charon 11[IKE] <con-mobile|96> received 250000000 lifebytes, configured 0
                              Jan 23 18:56:48 charon 11[IKE] <con-mobile|96> received 3600s lifetime, configured 28800s
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> proposal matches
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> selecting proposal:
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> config: Server/32|/0, received: Server/32|/0[udp/l2f] => match: Server/32|/0[udp/l2f]
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> selecting traffic selectors for us:
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> config: Client/32|/0, received: Client/32|/0[udp/l2f] => match: Client/32|/0[udp/l2f]
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> selecting traffic selectors for other:
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> found matching child config "con-mobile" with prio 2
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> candidate "con-mobile" with prio 1+1
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> Client/32|/0
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> proposing traffic selectors for other:
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> Server/32|/0
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> proposing traffic selectors for us:
                              Jan 23 18:56:48 charon 11[CFG] <con-mobile|96> looking for a child config for Server/32|/0[udp/l2f] === Client/32|/0[udp/l2f]
                              Jan 23 18:56:48 charon 11[IKE] <con-mobile|96> changing received traffic selectors 192.168.1.2/32|/0[udp/l2f]=== Server/32|/0[udp/l2f] due to NAT
                              Jan 23 18:56:48 charon 11[ENC] <con-mobile|96> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
                              Jan 23 18:56:48 charon 11[NET] <con-mobile|96> received packet: from Client[26014] to Server[4500] (436 bytes)
                              Jan 23 18:56:48 charon 01[NET] <con-mobile|96> sending packet: from Server[4500] to Client[26014] (68 bytes)
                              Jan 23 18:56:48 charon 01[ENC] <con-mobile|96> generating ID_PROT response 0 [ ID HASH ]
                              Jan 23 18:56:48 charon 01[IKE] <con-mobile|96> DPD not supported by peer, disabled
                              Jan 23 18:56:48 charon 01[IKE] <con-mobile|96> maximum IKE_SA lifetime 86034s
                              Jan 23 18:56:48 charon 01[IKE] <con-mobile|96> scheduling reauthentication in 85494s
                              Jan 23 18:56:48 charon 01[IKE] <con-mobile|96> IKE_SA con-mobile[96] state change: CONNECTING => ESTABLISHED
                              Jan 23 18:56:48 charon 01[IKE] <con-mobile|96> IKE_SA con-mobile[96] established between Server[Server]...Client[10.0.1.2]
                              Jan 23 18:56:48 charon 01[CFG] <96> selected peer config "con-mobile"
                              Jan 23 18:56:48 charon 01[CFG] <96> candidate "con-mobile", match: 1/1/28 (me/other/ike)
                              Jan 23 18:56:48 charon 01[CFG] <96> candidate "bypasslan", match: 1/1/24 (me/other/ike)
                              Jan 23 18:56:48 charon 01[CFG] <96> looking for pre-shared key peer configs matching Server...Client[10.0.1.2]
                              Jan 23 18:56:48 charon 01[ENC] <96> parsed ID_PROT request 0 [ ID HASH ]
                              Jan 23 18:56:48 charon 01[NET] <96> received packet: from Client[26014] to Server[4500] (68 bytes)
                              Jan 23 18:56:48 charon 01[NET] <96> sending packet: from Server[500] to Client[26012] (244 bytes)
                              Jan 23 18:56:48 charon 01[ENC] <96> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
                              Jan 23 18:56:48 charon 01[CFG] <96> candidate "con-mobile", match: 1/1/28 (me/other/ike)
                              Jan 23 18:56:48 charon 01[CFG] <96> candidate "bypasslan", match: 1/1/24 (me/other/ike)
                              Jan 23 18:56:48 charon 01[IKE] <96> remote host is behind NAT
                              Jan 23 18:56:48 charon 01[ENC] <96> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
                              Jan 23 18:56:48 charon 01[NET] <96> received packet: from Client[26012] to Server[500] (260 bytes)
                              Jan 23 18:56:48 charon 01[NET] <96> sending packet: from Server[500] to Client[26012] (156 bytes)
                              Jan 23 18:56:48 charon 01[ENC] <96> generating ID_PROT response 0 [ SA V V V V ]
                              Jan 23 18:56:48 charon 01[IKE] <96> sending NAT-T (RFC 3947) vendor ID
                              Jan 23 18:56:48 charon 01[IKE] <96> sending FRAGMENTATION vendor ID
                              Jan 23 18:56:48 charon 01[IKE] <96> sending DPD vendor ID
                              Jan 23 18:56:48 charon 01[IKE] <96> sending XAuth vendor ID
                              Jan 23 18:56:48 charon 01[CFG] <96> selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                              Jan 23 18:56:48 charon 01[CFG] <96> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                              Jan 23 18:56:48 charon 01[CFG] <96> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                              Jan 23 18:56:48 charon 01[CFG] <96> proposal matches
                              Jan 23 18:56:48 charon 01[CFG] <96> selecting proposal:
                              Jan 23 18:56:48 charon 01[CFG] <96> no acceptable DIFFIE_HELLMAN_GROUP found
                              Jan 23 18:56:48 charon 01[CFG] <96> selecting proposal:
                              Jan 23 18:56:48 charon 01[CFG] <96> no acceptable ENCRYPTION_ALGORITHM found
                              Jan 23 18:56:48 charon 01[CFG] <96> selecting proposal:
                              Jan 23 18:56:48 charon 01[CFG] <96> no acceptable ENCRYPTION_ALGORITHM found
                              Jan 23 18:56:48 charon 01[CFG] <96> selecting proposal:
                              Jan 23 18:56:48 charon 01[CFG] <96> no acceptable ENCRYPTION_ALGORITHM found
                              Jan 23 18:56:48 charon 01[CFG] <96> selecting proposal:
                              Jan 23 18:56:48 charon 01[IKE] <96> IKE_SA (unnamed)[96] state change: CREATED => CONNECTING
                              Jan 23 18:56:48 charon 01[IKE] <96> Client is initiating a Main Mode IKE_SA
                              Jan 23 18:56:48 charon 01[ENC] <96> received unknown vendor ID: e3:a5:96:69f:e7:0:31:e5:ce:86:52
                              Jan 23 18:56:48 charon 01[ENC] <96> received unknown vendor ID: 26:24:4d:38:61:b6:e3:d0:cf:b8:19
                              Jan 23 18:56:48 charon 01[ENC] <96> received unknown vendor ID: fb:1d:e3:c:be:08:55:f1:20
                              Jan 23 18:56:48 charon 01[IKE] <96> received FRAGMENTATION vendor ID
                              Jan 23 18:56:48 charon 01[IKE] <96> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
                              Jan 23 18:56:48 charon 01[IKE] <96> received NAT-T (RFC 3947) vendor ID
                              Jan 23 18:56:48 charon 01[IKE] <96> received MS NT5 ISAKMPOAKLEY vendor ID
                              Jan 23 18:56:48 charon 01[ENC] <96> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
                              Jan 23 18:56:48 charon 01[CFG] <96> found matching ike config: %any...%any with prio 28
                              Jan 23 18:56:48 charon 01[CFG] <96> candidate: %any...%any, prio 28
                              Jan 23 18:56:48 charon 01[CFG] <96> candidate: %any...%any, prio 24
                              Jan 23 18:56:48 charon 01[CFG] <96> looking for an IKEv1 config for Server...Client
                              Jan 23 18:56:48 charon 01[ENC] <96> parsed ID_PROT request 0 [ SA V V V V V V V V ]
                              Jan 23 18:56:48 charon 01[NET] <96> received packet: from Client[26012] to Server[500] (408 bytes)
                              Jan 23 18:56:04 charon 13[CFG] added configuration 'con-mobile'
                              Jan 23 18:56:04 charon 13[CFG] keyexchange=ikev1
                              Jan 23 18:56:04 charon 13[CFG] mediation=no
                              Jan 23 18:56:04 charon 13[CFG] sha256_96=no
                              Jan 23 18:56:04 charon 13[CFG] dpdaction=1
                              Jan 23 18:56:04 charon 13[CFG] dpdtimeout=60
                              Jan 23 18:56:04 charon 13[CFG] dpddelay=10
                              Jan 23 18:56:04 charon 13[CFG] esp=aes256-sha1,3des-sha1!
                              Jan 23 18:56:04 charon 13[CFG] ike=3des-sha1-modp1024,aes256-sha1-modp1024!
                              Jan 23 18:56:04 charon 13[CFG] rightauth=psk
                              Jan 23 18:56:04 charon 13[CFG] rightdns=
                              Jan 23 18:56:04 charon 13[CFG] right=%any
                              Jan 23 18:56:04 charon 13[CFG] leftid=Server
                              Jan 23 18:56:04 charon 13[CFG] leftauth=psk
                              Jan 23 18:56:04 charon 13[CFG] left=%any
                              Jan 23 18:56:04 charon 13[CFG] conn con-mobile
                              Jan 23 18:56:04 charon 13[CFG] received stroke: add connection 'con-mobile'
                              Jan 23 18:56:04 ipsec_starter 50390 'bypasslan' shunt PASS policy installed
                              Jan 23 18:56:04 charon 12[CFG] received stroke: route 'bypasslan'
                              Jan 23 18:56:04 charon 13[CFG] added configuration 'bypasslan'
                              Jan 23 18:56:04 charon 13[CFG] mediation=no
                              Jan 23 18:56:04 charon 13[CFG] sha256_96=no
                              Jan 23 18:56:04 charon 13[CFG] dpdtimeout=150
                              Jan 23 18:56:04 charon 13[CFG] dpddelay=30
                              Jan 23 18:56:04 charon 13[CFG] rightsubnet=LAN
                              Jan 23 18:56:04 charon 13[CFG] right=%any
                              Jan 23 18:56:04 charon 13[CFG] leftsubnet=LAN
                              Jan 23 18:56:04 charon 13[CFG] left=%any
                              Jan 23 18:56:04 charon 13[CFG] conn bypasslan
                              Jan 23 18:56:04 charon 13[CFG] received stroke: add connection 'bypasslan'
                              Jan 23 18:56:04 charon 12[CFG] deleted connection 'con-mobile'
                              Jan 23 18:56:04 charon 12[CFG] received stroke: delete connection 'con-mobile'
                              Jan 23 18:56:04 charon 14[CFG] deleted connection 'bypasslan'
                              Jan 23 18:56:04 charon 14[CFG] received stroke: delete connection 'bypasslan'
                              Jan 23 18:56:04 ipsec_starter 50390 shunt policy 'bypasslan' uninstalled
                              Jan 23 18:56:04 charon 13[CFG] received stroke: unroute 'bypasslan'
                              Jan 23 18:56:04 charon 14[CFG] rereading crls from '/usr/local/etc/ipsec.d/crls'
                              Jan 23 18:56:04 charon 14[CFG] rereading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
                              Jan 23 18:56:04 charon 14[CFG] rereading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
                              Jan 23 18:56:04 charon 14[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
                              Jan 23 18:56:04 charon 14[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
                              Jan 23 18:56:04 charon 14[CFG] loaded IKE secret for Server user2
                              Jan 23 18:56:04 charon 14[CFG] loaded IKE secret for Server user1
                              Jan 23 18:56:04 charon 14[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
                              Jan 23 18:56:04 charon 14[CFG] rereading secrets

                              K 1 Reply Last reply Reply Quote 0
                              • J
                                JonnyDy @werter
                                last edited by

                                @werter
                                2.4.4-RELEASE-p3 (amd64)
                                built on Wed May 15 18:53:44 EDT 2019
                                FreeBSD 11.2-RELEASE-p10

                                Обновлялся сразу после выхода релиза, но проблема с ключами возникла в этом году.

                                1 Reply Last reply Reply Quote 0
                                • werterW
                                  werter
                                  last edited by

                                  @JonnyDy
                                  Пересоздайте ipsec-подключения.

                                  J 2 Replies Last reply Reply Quote 0
                                  • K
                                    Konstanti @JonnyDy
                                    last edited by

                                    @JonnyDy
                                    Покажите пожалуйста содержимое файла
                                    /var/etc/ipsec/ipsec.conf

                                    J 1 Reply Last reply Reply Quote 0
                                    • J
                                      JonnyDy @Konstanti
                                      last edited by

                                      @Konstanti said in Загадочное поведение Ipsec Pre-Shared Key.:

                                      /var/etc/ipsec/ipsec.conf

                                      This file is automatically generated. Do not edit

                                      config setup
                                      uniqueids = yes

                                      conn bypasslan
                                      leftsubnet = LAN/24
                                      rightsubnet = LAN/24
                                      authby = never
                                      type = passthrough
                                      auto = route

                                      conn con-mobile
                                      fragmentation = yes
                                      keyexchange = ikev1
                                      reauth = yes
                                      forceencaps = no
                                      mobike = no

                                      rekey = yes
installpolicy = yes
type = transport
dpdaction = clear
dpddelay = 10s
dpdtimeout = 60s
auto = add
left = %any
right = %any
leftid = WAN
ikelifetime = 86400s
lifetime = 28800s
rightdns = DNS1,DNS2
ike = 3des-sha1-modp1024,aes256-sha1-modp1024!
esp = aes256-sha1,3des-sha1!
leftauth = psk
rightauth = psk
aggressive = no
                                      K 1 Reply Last reply Reply Quote 0
                                      • K
                                        Konstanti @JonnyDy
                                        last edited by Konstanti

                                        This post is deleted!
                                        1 Reply Last reply Reply Quote 0
                                        • J
                                          JonnyDy @werter
                                          last edited by

                                          @werter Сделаю и в понедельник отпишу.

                                          K 1 Reply Last reply Reply Quote 0
                                          • K
                                            Konstanti @JonnyDy
                                            last edited by Konstanti

                                            @JonnyDy
                                            Попробуйте сделать вот по этой инструкции

                                            https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/l2tp-ipsec.html

                                            J 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.