4. [RESOLU]pfSense 2.0RC1 ipsec/mobile client avec shrew

[RESOLU]pfSense 2.0RC1 ipsec/mobile client avec shrew

  • G

    Bonjour à tous,

    je rencontre des soucis avec ipsec. Le tunnel ne se monte pas (echec phase 1). J'ai suivi le même type de configuration que ce tuto : http://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

    J'ai testé avec openvpn et le tunnel se monte sans probleme.
    Quelqu'un aurait-il réussi ? Si oui je suis preneur.

    client mobile –----->>>WAN (modem @ip public fixe) pfsense ------>>>> LAN

    Dans les règles du pare-feu j'ai ouvert le port 500(ISAKMP) sur la parti ipsec et le port 500(ISAKMP) et 4500(IPsec NAT-T) sur le WAN.

    Et voici un extrait de mes logs :```
    Last 50 IPsec log entries
    Apr 5 13:49:48 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Apr 5 13:49:48 racoon: INFO: received Vendor ID: DPD
    Apr 5 13:49:48 racoon: INFO: received Vendor ID: CISCO-UNITY
    Apr 5 13:49:48 racoon: [62.X.X.X] INFO: Selected NAT-T version: RFC 3947
    Apr 5 13:49:48 racoon: INFO: Adding remote and local NAT-D payloads.
    Apr 5 13:49:48 racoon: [62.X.X.X] INFO: Hashing 62.X.X.X[59816] with algo #2
    Apr 5 13:49:48 racoon: [109.X.X.X] INFO: Hashing 109.X.X.X[500] with algo #2
    Apr 5 13:49:48 racoon: ERROR: sendto (No buffer space available)
    Apr 5 13:49:48 racoon: ERROR: sendfromto failed
    Apr 5 13:49:48 racoon: ERROR: phase1 negotiation failed due to send error. 6b495174c8bb56aa:f15bd98cdab648c6
    Apr 5 13:49:48 racoon: [62.X.X.X] ERROR: failed to process ph1 packet (side: 1, status: 2).
    Apr 5 13:49:48 racoon: [62.X.X.X] ERROR: phase1 negotiation failed.
    Apr 5 13:49:53 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: 109.X.X.X[500]<=>62.X.X.X[59816]
    Apr 5 13:49:53 racoon: INFO: begin Aggressive mode.
    Apr 5 13:49:53 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Apr 5 13:49:53 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
    Apr 5 13:49:53 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Apr 5 13:49:53 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Apr 5 13:49:53 racoon: INFO: received Vendor ID: RFC 3947
    Apr 5 13:49:53 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Apr 5 13:49:53 racoon: INFO: received Vendor ID: DPD
    Apr 5 13:49:53 racoon: INFO: received Vendor ID: CISCO-UNITY
    Apr 5 13:49:53 racoon: [62.X.X.X] INFO: Selected NAT-T version: RFC 3947
    Apr 5 13:49:53 racoon: INFO: Adding remote and local NAT-D payloads.
    Apr 5 13:49:53 racoon: [62.X.X.X] INFO: Hashing 62.X.X.X[59816] with algo #2
    Apr 5 13:49:53 racoon: [109.X.X.X] INFO: Hashing 109.X.X.X[500] with algo #2
    Apr 5 13:49:53 racoon: ERROR: sendto (No buffer space available)
    Apr 5 13:49:53 racoon: ERROR: sendfromto failed
    Apr 5 13:49:53 racoon: ERROR: phase1 negotiation failed due to send error. 6b495174c8bb56aa:f9f40775eb1a471d
    Apr 5 13:49:53 racoon: [62.X.X.X] ERROR: failed to process ph1 packet (side: 1, status: 2).
    Apr 5 13:49:53 racoon: [62.X.X.X] ERROR: phase1 negotiation failed.
    Apr 5 13:49:58 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: 109.X.X.X[500]<=>62.X.X.X[59816]
    Apr 5 13:49:58 racoon: INFO: begin Aggressive mode.
    Apr 5 13:49:58 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Apr 5 13:49:58 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
    Apr 5 13:49:58 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Apr 5 13:49:58 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Apr 5 13:49:58 racoon: INFO: received Vendor ID: RFC 3947
    Apr 5 13:49:58 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Apr 5 13:49:58 racoon: INFO: received Vendor ID: DPD
    Apr 5 13:49:58 racoon: INFO: received Vendor ID: CISCO-UNITY
    Apr 5 13:49:58 racoon: [62.X.X.X] INFO: Selected NAT-T version: RFC 3947
    Apr 5 13:49:58 racoon: INFO: Adding remote and local NAT-D payloads.
    Apr 5 13:49:58 racoon: [62.X.X.X] INFO: Hashing 62.X.X.X[59816] with algo #2
    Apr 5 13:49:58 racoon: [109.X.X.X] INFO: Hashing 109.X.X.X[500] with algo #2
    Apr 5 13:49:58 racoon: ERROR: sendto (No buffer space available)
    Apr 5 13:49:58 racoon: ERROR: sendfromto failed
    Apr 5 13:49:58 racoon: ERROR: phase1 negotiation failed due to send error. 6b495174c8bb56aa:513bac151d520047
    Apr 5 13:49:58 racoon: [62.X.X.X] ERROR: failed to process ph1 packet (side: 1, status: 2).
    Apr 5 13:49:58 racoon: [62.X.X.X] ERROR: phase1 negotiation failed

    
Merci pour votre aide.
    0
  • G

    problème résolu.

    La réponse était dans les logs….

    Unknown Gateway/Dynamic. Et comme j'ai 2 liens WAN dont la passerelle par défaut était la WAN1 que j'ai coupé pour effectuer mes test. J'ai donc mis WAN2 comme passerelle par défaut dans system->routing.

    0
  • C

    Commençons par les vérifications de base :
    Vous utilisez une PSK ou des certificats ?
    Y a t il des erreurs sur l'interface Wan ?
    Les logs de Pfsense permettent ils de vous voir arriver sur l'interface wan ?

    Edit : message posté sans avoir vu le précédent.

    0
  • G

    J'utilise PSK.
    Je ne pense qu'il y est d'erreur sur l'interface WAN…
    Et en regardant mes logs on voir bien que du trafic arrive sur le WAN.

    Mais c'est bon, maintenant sa fonctionne. L’erreur se situé par rapport à ma passerelle par défaut.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy