VPN IPSec Problem



  • Hallo zusammen,

    versuche schon seit zwei tagen eine "Eigenbau Firewall" aus vergangen Zeiten mit PfSense über IpSec 2.0 zu verbinden.
    Getestet hab ich es schon mit der Version 1.2.2 sowie 1.2.3 RC.
    Ipsec.conf sowie ipsec.secret file hab ich angepasst siehe unten. Funktioniert auch mit dieser Konfiguration zwischen IpCop und pfSense aber auf dieser Firewall nicht. NAT-T ist auch aktiviert.
    Weiß leider nicht mehr weiter… bin für jeden Ratschlag dankbar!
    Danke!

    Das log sagt folgendes:
    Dec 8 17:14:29 racoon: ERROR: invalid ID payload.
    Dec 8 17:14:29 racoon: ERROR: Expecting IP address type in main mode, but DER_ASN1_DN.
    Dec 8 17:14:19 racoon: ERROR: invalid ID payload.
    Dec 8 17:14:19 racoon: ERROR: Expecting IP address type in main mode, but DER_ASN1_DN.

    Dec 8 17:14:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Dec 8 17:14:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Dec 8 17:14:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Dec 8 17:14:19 racoon: INFO: received Vendor ID: RFC 3947
    Dec 8 17:14:19 racoon: INFO: received Vendor ID: DPD
    Dec 8 17:14:19 racoon: INFO: begin Identity Protection mode.

    ipsec.conf file der Eigenbau Firewal:

    
    version 2.0
    
    config setup
       # THIS SETTING MUST BE CORRECT or almost nothing will work;
       # %defaultroute is okay for most simple cases.
       interfaces="ipsec0=eth1 ipsec1=eth5"
       # Debug-logging controls:  "none" for (almost) none, "all" for lots.
       klipsdebug=none
       plutodebug=none
       # Use auto= parameters in conn descriptions to control startup actions.
       #plutoload=%search
       #plutostart=%search
       # Close down old connection when new one using same ID shows up.
       uniqueids=yes
       hidetos=no
       nat_traversal=yes
    
    # defaults for subsequent connection descriptions
    # (mostly to fix internal defaults which, in retrospect, were badly chosen)
    conn %default
       keyingtries=1
       authby=rsasig
       rightrsasigkey=%cert
       left=******
       leftnexthop=*****
       leftsubnet=10.73.**.**/*1
       leftcert=*****pem
       auto=add
       pfs=yes
    
    conn OEself
       auto=ignore
    
    conn clear
       auto=ignore
    
    conn clear-or-private
       auto=ignore
    
    conn private-or-clear
       auto=ignore
    
    conn private
       auto=ignore
    
    conn block
       auto=ignore
    
    conn packetdefault
       auto=ignore
    
    conn test
            dpdaction=hold
            dpddelay=30
            dpdtimeout=120
            disablearrivalcheck=no
            left=*****
            leftnexthop=****
            leftsubnet=10.73.*.*/*1
            right=******
            rightsubnet=172.16.**.**/*6
            rightnexthop=******
            authby=secret
            pfs=yes
            pfsgroup=modp1024
            ikelifetime=1h
            keylife=8h
            auto=start
            ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
           esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
    
    


  • Zwei dynamische Endpunkte?


Log in to reply