<![CDATA[Tunnel IPsec comprendre les logs debug]]>Bonjour,
Je dois faire un Tunnel IPsec avec un fournisseur en acces distant j'ai suivis la procedure qu'une équipe du forum a partagé dans un dossier PDF.
Cependant je n'arrive pas a comprendre les logs.

Jun 10 19:15:21 	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
Jun 10 19:15:21 	racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
Jun 10 19:15:21 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Jun 10 19:15:21 	racoon: DEBUG: call pfkey_send_register for AH
Jun 10 19:15:21 	racoon: DEBUG: call pfkey_send_register for ESP
Jun 10 19:15:21 	racoon: DEBUG: call pfkey_send_register for IPCOMP
Jun 10 19:15:21 	racoon: DEBUG: reading config file /var/etc/racoon.conf
Jun 10 19:15:21 	racoon: DEBUG: no check of compression algorithm; not supported in sadb message.
Jun 10 19:15:21 	racoon: DEBUG: getsainfo params: loc='172.24.64.136/29' rmt='172.24.192.136/29' peer='NULL' client='NULL' id=1
Jun 10 19:15:21 	racoon: DEBUG: open /var/db/racoon/racoon.sock as racoon management.
Jun 10 19:15:21 	racoon: [Self]: INFO: 94.103.130.125[4500] used for NAT-T
Jun 10 19:15:21 	racoon: [Self]: INFO: 94.103.130.125[4500] used as isakmp port (fd=16)
Jun 10 19:15:21 	racoon: [Self]: INFO: 94.103.130.125[500] used for NAT-T
Jun 10 19:15:21 	racoon: [Self]: INFO: 94.103.130.125[500] used as isakmp port (fd=17)
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:21 	racoon: DEBUG: pfkey X_SPDDUMP failed: No such file or directory
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey REGISTER message
Jun 10 19:15:21 	racoon: INFO: unsupported PF_KEY message REGISTER
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDADD message
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDADD message
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548148: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDADD message
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548148: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548288: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:21 	racoon: DEBUG: got pfkey X_SPDADD message
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548148: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: db :0x28548288: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: sub:0xbfbfe754: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:21 	racoon: DEBUG: db :0x285483c8: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548148: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548148: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548288: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey X_SPDDUMP message
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548148: 10.0.0.0/8[0] 10.0.0.252/32[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548288: 172.24.192.136/29[0] 172.24.64.136/29[0] proto=any dir=in
Jun 10 19:15:32 	racoon: DEBUG: sub:0xbfbfe734: 172.24.64.136/29[0] 172.24.192.136/29[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: db :0x28548508: 10.0.0.252/32[0] 10.0.0.0/8[0] proto=any dir=out
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[1] recv()
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[2] recv()
Jun 10 19:15:32 	racoon: DEBUG: reading config file /var/etc/racoon.conf
Jun 10 19:15:32 	racoon: DEBUG: no check of compression algorithm; not supported in sadb message.
Jun 10 19:15:32 	racoon: DEBUG: getsainfo params: loc='172.24.64.136/29' rmt='172.24.192.136/29' peer='NULL' client='NULL' id=1
Jun 10 19:15:32 	racoon: DEBUG: pk_recv: retry[0] recv()
Jun 10 19:15:32 	racoon: DEBUG: got pfkey REGISTER message
Jun 10 19:15:32 	racoon: INFO: unsupported PF_KEY message REGISTER

Déjà qu'est-ce que racoon ?
Puis comment teste que mon tunnel est bien fonctionnel ?
Est-ce qu'en mettant l'adresse ip du tunnel a une machine virtuelle et en essayant de me connecter via telnet cela fonctionne ? Car je me vois mal téléphoner a mon fournisseur pour lui demande d'effectuer des tests a chaque changement de configuration dans la configuration du parefeu .

En vous remerciant .
Oni'

]]>https://forum.netgate.com/topic/34560/tunnel-ipsec-comprendre-les-logs-debugRSS for NodeFri, 13 Mar 2026 11:28:51 GMTWed, 15 Jun 2011 16:22:57 GMT60<![CDATA[Reply to Tunnel IPsec comprendre les logs debug on Wed, 22 Jun 2011 07:44:51 GMT]]>Oui je suis en train de rédiger quelque chose de plus ou moins correct .

]]>https://forum.netgate.com/post/284035https://forum.netgate.com/post/284035Wed, 22 Jun 2011 07:44:51 GMT<![CDATA[Reply to Tunnel IPsec comprendre les logs debug on Tue, 21 Jun 2011 21:18:59 GMT]]>Une explication pour ceux qui auraient un pb similaire ?

]]>https://forum.netgate.com/post/283986https://forum.netgate.com/post/283986Tue, 21 Jun 2011 21:18:59 GMT<![CDATA[Reply to Tunnel IPsec comprendre les logs debug on Tue, 21 Jun 2011 07:25:03 GMT]]>Merci le soucis est résolu :]

]]>https://forum.netgate.com/post/283905https://forum.netgate.com/post/283905Tue, 21 Jun 2011 07:25:03 GMT<![CDATA[Reply to Tunnel IPsec comprendre les logs debug on Mon, 20 Jun 2011 15:20:34 GMT]]>http://doc.pfsense.org/index.php/IPsec_Troubleshooting

]]>https://forum.netgate.com/post/283836https://forum.netgate.com/post/283836Mon, 20 Jun 2011 15:20:34 GMT<![CDATA[Reply to Tunnel IPsec comprendre les logs debug on Tue, 21 Jun 2011 07:24:53 GMT]]>Resolu

]]>https://forum.netgate.com/post/283817https://forum.netgate.com/post/283817Tue, 21 Jun 2011 07:24:53 GMT<![CDATA[Reply to Tunnel IPsec comprendre les logs debug on Mon, 20 Jun 2011 09:54:04 GMT]]>@Onitsha:

Puis comment teste que mon tunnel est bien fonctionnel ?

ping ? :D

]]>https://forum.netgate.com/post/283791https://forum.netgate.com/post/283791Mon, 20 Jun 2011 09:54:04 GMT<![CDATA[Reply to Tunnel IPsec comprendre les logs debug on Fri, 17 Jun 2011 21:22:48 GMT]]>@Onitsha:

Déjà qu'est-ce que racoon ?

"service" qui gère le cryptage Ipsec sur freebsd

@Onitsha:

Puis comment teste que mon tunnel est bien fonctionnel ?

Pour commencer, il faudrait savoir à quoi va servir le tunnel ?

]]>https://forum.netgate.com/post/283595https://forum.netgate.com/post/283595Fri, 17 Jun 2011 21:22:48 GMT<![CDATA[Reply to Tunnel IPsec comprendre les logs debug on Wed, 15 Jun 2011 17:34:41 GMT]]>Les liens utiles :

  • http://fr.wikipedia.org/wiki/IPsec (assez général mais les bonnes rfc)
  • http://www.frameip.com/ipsec/ (pédagogique, attention chaque mot compte !)

Il est notable que, pour Ipsec, il est important de bien regarder la connexion entre les 2 points Ipsec : présence ou non de routeurs NAT !

Attention : la virtualisation complique la perception des réalités réseaux !!

]]>https://forum.netgate.com/post/283296https://forum.netgate.com/post/283296Wed, 15 Jun 2011 17:34:41 GMT