Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VPN IPSec Problem

    Deutsch
    2
    2
    2602
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      weigi last edited by

      Hallo zusammen,

      versuche schon seit zwei tagen eine "Eigenbau Firewall" aus vergangen Zeiten mit PfSense über IpSec 2.0 zu verbinden.
      Getestet hab ich es schon mit der Version 1.2.2 sowie 1.2.3 RC.
      Ipsec.conf sowie ipsec.secret file hab ich angepasst siehe unten. Funktioniert auch mit dieser Konfiguration zwischen IpCop und pfSense aber auf dieser Firewall nicht. NAT-T ist auch aktiviert.
      Weiß leider nicht mehr weiter… bin für jeden Ratschlag dankbar!
      Danke!

      Das log sagt folgendes:
      Dec 8 17:14:29 racoon: ERROR: invalid ID payload.
      Dec 8 17:14:29 racoon: ERROR: Expecting IP address type in main mode, but DER_ASN1_DN.
      Dec 8 17:14:19 racoon: ERROR: invalid ID payload.
      Dec 8 17:14:19 racoon: ERROR: Expecting IP address type in main mode, but DER_ASN1_DN.
      Dec 8 17:14:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
      Dec 8 17:14:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
      Dec 8 17:14:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
      Dec 8 17:14:19 racoon: INFO: received Vendor ID: RFC 3947
      Dec 8 17:14:19 racoon: INFO: received Vendor ID: DPD
      Dec 8 17:14:19 racoon: INFO: begin Identity Protection mode.

      ipsec.conf file der Eigenbau Firewal:

      
version 2.0

config setup
   # THIS SETTING MUST BE CORRECT or almost nothing will work;
   # %defaultroute is okay for most simple cases.
   interfaces="ipsec0=eth1 ipsec1=eth5"
   # Debug-logging controls:  "none" for (almost) none, "all" for lots.
   klipsdebug=none
   plutodebug=none
   # Use auto= parameters in conn descriptions to control startup actions.
   #plutoload=%search
   #plutostart=%search
   # Close down old connection when new one using same ID shows up.
   uniqueids=yes
   hidetos=no
   nat_traversal=yes

# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
   keyingtries=1
   authby=rsasig
   rightrsasigkey=%cert
   left=******
   leftnexthop=*****
   leftsubnet=10.73.**.**/*1
   leftcert=*****pem
   auto=add
   pfs=yes

conn OEself
   auto=ignore

conn clear
   auto=ignore

conn clear-or-private
   auto=ignore

conn private-or-clear
   auto=ignore

conn private
   auto=ignore

conn block
   auto=ignore

conn packetdefault
   auto=ignore

conn test
        dpdaction=hold
        dpddelay=30
        dpdtimeout=120
        disablearrivalcheck=no
        left=*****
        leftnexthop=****
        leftsubnet=10.73.*.*/*1
        right=******
        rightsubnet=172.16.**.**/*6
        rightnexthop=******
        authby=secret
        pfs=yes
        pfsgroup=modp1024
        ikelifetime=1h
        keylife=8h
        auto=start
        ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
       esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
      1 Reply Last reply Reply Quote 0
      • H
        heiko last edited by

        Zwei dynamische Endpunkte?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post