Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Site-to-site: túnel caindo aleatoriamente (pfSense 2.3.3-p1)

    Scheduled Pinned Locked Moved Portuguese
    1 Posts 1 Posters 399 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      avmagrini
      last edited by

      Bom dia, colegas!
      Meus túneis de VPN IPSec Site-to-Site estão caindo aleatoriamente. Funcionam bem a maior parte do tempo, porém, se desconectam do nada sem nenhuma causa aparente. Seguem os registros do log durante o problema:

      
Apr 24 11:33:09	charon		04[IKE] <con1|78>QUICK_MODE response with message ID 1729169611 processing failed
Apr 24 11:33:09	charon		04[NET] <con1|78>sending packet: from LOCAL_IP[500] to REMOTE_IP[500] (76 bytes)
Apr 24 11:33:09	charon		04[ENC] <con1|78>generating INFORMATIONAL_V1 request 2645727190 [ HASH N(PLD_MAL) ]
Apr 24 11:33:09	charon		04[IKE] <con1|78>message parsing failed
Apr 24 11:33:09	charon		04[ENC] <con1|78>could not decrypt payloads
Apr 24 11:33:09	charon		04[ENC] <con1|78>invalid HASH_V1 payload length, decryption failed?
Apr 24 11:33:09	charon		04[NET] <con1|78>received packet: from REMOTE_IP[500] to LOCAL_IP[500] (364 bytes)
Apr 24 11:33:08	charon		15[IKE] <con2|77>QUICK_MODE response with message ID 3788287187 processing failed
Apr 24 11:33:08	charon		15[NET] <con2|77>sending packet: from LOCAL_IP[500] to REMOTE_IP[500] (76 bytes)
Apr 24 11:33:08	charon		15[ENC] <con2|77>generating INFORMATIONAL_V1 request 3938840325 [ HASH N(PLD_MAL) ]
Apr 24 11:33:08	charon		15[IKE] <con2|77>message parsing failed
Apr 24 11:33:08	charon		15[ENC] <con2|77>could not decrypt payloads
Apr 24 11:33:08	charon		15[ENC] <con2|77>invalid HASH_V1 payload length, decryption failed?
Apr 24 11:33:08	charon		15[NET] <con2|77>received packet: from REMOTE_IP[500] to LOCAL_IP[500] (364 bytes)</con2|77></con2|77></con2|77></con2|77></con2|77></con2|77></con2|77></con1|78></con1|78></con1|78></con1|78></con1|78></con1|78></con1|78>

      Quando acontece o problema, basta ir no status do IPSec e reconectar os túneis e os mesmos sobem na hora. Depois de reconectados, vejo os seguintes registros no log:

      
Apr 24 11:59:41	charon		10[KNL] <con1|80>unable to query SAD entry with SPI 1a5ebbe4: No such file or directory (2)
Apr 24 11:59:41	charon		10[KNL] <con2|79>unable to query SAD entry with SPI a15086fd: No such file or directory (2)</con2|79></con1|80>

      Alguém já passou por isso e pode me dar uma ajuda, por favor?
      Obrigado!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.