Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problème pour monter un VPN IPSEC

    Scheduled Pinned Locked Moved Français
    4 Posts 3 Posters 691 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mehrunes
      last edited by

      Bonjour,

      J'ai un soucis pour monter un VPN IPSEC entre deux routeurs pfsense via internet.
      Je pense que ma config est bonne, mais je n'arrive pas à comprendre dans les logs si le soucis se pose en phase1 ou en phase 2

      Mar 14 10:47:15 charon 05[CFG] vici client 10 connected
      Mar 14 10:47:15 charon 10[CFG] vici client 10 registered for: list-sa
      Mar 14 10:47:15 charon 05[CFG] vici client 10 requests: list-sas
      Mar 14 10:47:15 charon 10[CFG] vici client 10 disconnected
      Mar 14 10:47:17 charon 15[CFG] received stroke: terminate 'con1'
      Mar 14 10:47:17 charon 15[CFG] no IKE_SA named 'con1' found
      Mar 14 10:47:17 charon 10[CFG] received stroke: initiate 'con1'
      Mar 14 10:47:17 charon 15[IKE] <con1|4>queueing IKE_VENDOR task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>queueing IKE_INIT task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>queueing IKE_NATD task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>queueing IKE_CERT_PRE task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>queueing IKE_AUTH task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>queueing IKE_CERT_POST task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>queueing IKE_CONFIG task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>queueing IKE_AUTH_LIFETIME task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>queueing CHILD_CREATE task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating new tasks
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating IKE_VENDOR task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating IKE_INIT task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating IKE_NATD task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating IKE_CERT_PRE task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating IKE_AUTH task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating IKE_CERT_POST task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating IKE_CONFIG task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating CHILD_CREATE task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>activating IKE_AUTH_LIFETIME task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>initiating IKE_SA con1[4] to 46.185.129.207
      Mar 14 10:47:17 charon 15[IKE] <con1|4>IKE_SA con1[4] state change: CREATED => CONNECTING
      Mar 14 10:47:17 charon 15[CFG] <con1|4>configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Mar 14 10:47:17 charon 15[CFG] <con1|4>sending supported signature hash algorithms: sha1 sha256 sha384 sha512 identity
      Mar 14 10:47:17 charon 15[ENC] <con1|4>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
      Mar 14 10:47:17 charon 15[NET] <con1|4>sending packet: from 192.168.1.179[500] to 47.195.129.207[500] (338 bytes)
      Mar 14 10:47:17 charon 15[NET] <con1|4>received packet: from 47.195.129.207[500] to 192.168.1.179[500] (338 bytes)
      Mar 14 10:47:17 charon 15[ENC] <con1|4>parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
      Mar 14 10:47:17 charon 15[IKE] <con1|4>received FRAGMENTATION_SUPPORTED notify
      Mar 14 10:47:17 charon 15[IKE] <con1|4>received SIGNATURE_HASH_ALGORITHMS notify
      Mar 14 10:47:17 charon 15[CFG] <con1|4>selecting proposal:
      Mar 14 10:47:17 charon 15[CFG] <con1|4>proposal matches
      Mar 14 10:47:17 charon 15[CFG] <con1|4>received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Mar 14 10:47:17 charon 15[CFG] <con1|4>configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Mar 14 10:47:17 charon 15[CFG] <con1|4>selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Mar 14 10:47:17 charon 15[CFG] <con1|4>received supported signature hash algorithms: sha1 sha256 sha384 sha512 identity
      Mar 14 10:47:17 charon 15[IKE] <con1|4>local host is behind NAT, sending keep alives
      Mar 14 10:47:17 charon 15[IKE] <con1|4>remote host is behind NAT
      Mar 14 10:47:17 charon 15[IKE] <con1|4>reinitiating already active tasks
      Mar 14 10:47:17 charon 15[IKE] <con1|4>IKE_CERT_PRE task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>IKE_AUTH task
      Mar 14 10:47:17 charon 15[IKE] <con1|4>authentication of '192.168.1.179' (myself) with pre-shared key
      Mar 14 10:47:17 charon 15[IKE] <con1|4>successfully created shared key MAC
      Mar 14 10:47:17 charon 15[CFG] <con1|4>proposing traffic selectors for us:
      Mar 14 10:47:17 charon 15[CFG] <con1|4>172.16.1.0/24|/0
      Mar 14 10:47:17 charon 15[CFG] <con1|4>proposing traffic selectors for other:
      Mar 14 10:47:17 charon 15[CFG] <con1|4>172.16.20.0/24|/0
      Mar 14 10:47:17 charon 15[CFG] <con1|4>configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
      Mar 14 10:47:17 charon 15[IKE] <con1|4>establishing CHILD_SA con1{5}
      Mar 14 10:47:17 charon 15[ENC] <con1|4>generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
      Mar 14 10:47:17 charon 15[NET] <con1|4>sending packet: from 192.168.1.179[4500] to 47.195.129.207[4500] (332 bytes)
      Mar 14 10:47:17 charon 14[CFG] vici client 11 connected
      Mar 14 10:47:17 charon 14[CFG] vici client 11 registered for: list-sa
      Mar 14 10:47:17 charon 06[CFG] vici client 11 requests: list-sas
      Mar 14 10:47:17 charon 15[CFG] vici client 11 disconnected
      Mar 14 10:47:17 charon 15[NET] <con1|4>received packet: from 47.195.129.207[4500] to 192.168.1.179[4500] (76 bytes)
      Mar 14 10:47:17 charon 15[ENC] <con1|4>parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
      Mar 14 10:47:17 charon 15[IKE] <con1|4>received AUTHENTICATION_FAILED notify error
      Mar 14 10:47:17 charon 15[CHD] <con1|4>CHILD_SA con1{5} state change: CREATED => DESTROYING
      Mar 14 10:47:17 charon 15[IKE] <con1|4>IKE_SA con1[4] state change: CONNECTING => DESTROYING
      Mar 14 10:47:22 charon 10[CFG] vici client 12 connected
      Mar 14 10:47:22 charon 14[CFG] vici client 12 registered for: list-sa
      Mar 14 10:47:22 charon 10[CFG] vici client 12 requests: list-sas
      Mar 14 10:47:22 charon 15[CFG] vici client 12 disconnected

      Pouvez-vous m'éclairer?

      merci par avance</con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4></con1|4>

      1 Reply Last reply Reply Quote 0
      • C Offline
        chris4916
        last edited by

        @mehrunes:

        Mar 14 10:47:17 charon 15[NET] <con1|4>received packet: from 47.195.129.207[4500] to 192.168.1.179[4500] (76 bytes)
        Mar 14 10:47:17 charon 15[ENC] <con1|4>parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
        Mar 14 10:47:17 charon 15[IKE] <con1|4>received AUTHENTICATION_FAILED notify error</con1|4></con1|4></con1|4>

        Es-tu certains que tes configurations sont bien alignées, en particulier au niveau de ESP ?

        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

        1 Reply Last reply Reply Quote 0
        • M Offline
          mehrunes
          last edited by

          Oui, je viens de vérifier et elles sont identiques.

          D'ailleurs je n'ai pas modifié grand chose à la configuration par défaut. Simplement les IP.

          1 Reply Last reply Reply Quote 0
          • J Offline
            Juve
            last edited by

            Mar 14 10:47:17    charon      15[ENC] <con1|4>parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
            Mar 14 10:47:17    charon      15[IKE] <con1|4>received AUTHENTICATION_FAILED notify error
            Mar 14 10:47:17    charon      15[CHD] <con1|4>CHILD_SA con1{5} state change: CREATED => DESTROYING
            Mar 14 10:47:17    charon      15[IKE] <con1|4>IKE_SA con1[4] state change: CONNECTING => DESTROYING

            La phase 1 est en erreur.</con1|4></con1|4></con1|4></con1|4>

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.