Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP Sec vpn pfSense -> Zyxel ZyWall 35

    Scheduled Pinned Locked Moved Russian
    2 Posts 1 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AsaD
      last edited by

      Возникла следующая проблема:
      раньше все работало нормально, а теперь VPN туннель падает с периодичностью ровно в 60 секунд

      Лог pfsense

      
Feb 29 17:08:01 	racoon: INFO: caught signal 15
Feb 29 17:08:01 	racoon: [ServerOK]: INFO: initiate new phase 2 negotiation: aaa.aaa.aaa.aaa[0]<=>bbb.bbb.bbb.bbb[0]
Feb 29 17:08:06 	racoon: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net)
Feb 29 17:08:06 	racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
Feb 29 17:08:06 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Feb 29 17:08:06 	racoon: [Self]: INFO: aaa.aaa.aaa.aaa [500] used as isakmp port (fd=18)
Feb 29 17:08:06 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
Feb 29 17:08:06 	racoon: [Self]: INFO: 192.168.137.1[500] used as isakmp port (fd=20)
Feb 29 17:08:06 	racoon: INFO: unsupported PF_KEY message REGISTER
Feb 29 17:08:06 	racoon: ERROR: such policy already exists. anyway replace it: 192.168.137.0/24[0] 192.168.137.1/32[0] proto=any dir=in
Feb 29 17:08:06 	racoon: ERROR: such policy already exists. anyway replace it: 192.168.137.1/32[0] 192.168.137.0/24[0] proto=any dir=out
Feb 29 17:08:06 	racoon: ERROR: such policy already exists. anyway replace it: 192.168.137.0/24[0] 192.168.147.0/24[0] proto=any dir=out
Feb 29 17:08:06 	racoon: ERROR: such policy already exists. anyway replace it: 192.168.147.0/24[0] 192.168.137.0/24[0] proto=any dir=in
Feb 29 17:08:06 	racoon: [Self]: INFO: aaa.aaa.aaa.aaa[500] used as isakmp port (fd=18)
Feb 29 17:08:06 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
Feb 29 17:08:06 	racoon: [Self]: INFO: 192.168.137.1[500] used as isakmp port (fd=20)
Feb 29 17:08:06 	racoon: [ServerOK]: INFO: IPsec-SA request for bbb.bbb.bbb.bbbqueued due to no phase1 found.
Feb 29 17:08:06 	racoon: [ServerOK]: INFO: initiate new phase 1 negotiation: aaa.aaa.aaa.aaa[500]<=>bbb.bbb.bbb.bbb[500]
Feb 29 17:08:06 	racoon: INFO: begin Identity Protection mode.
Feb 29 17:08:06 	racoon: INFO: received Vendor ID: DPD
Feb 29 17:08:06 	racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
Feb 29 17:08:06 	racoon: [ServerOK]: INFO: ISAKMP-SA established aaa.aaa.aaa.aaa[500]-bbb.bbb.bbb.bbb[500] spi:dbb121f78fcbe351:06ee714f435562b4
Feb 29 17:08:07 	racoon: [ServerOK]: INFO: initiate new phase 2 negotiation: aaa.aaa.aaa.aaa[500]<=>bbb.bbb.bbb.bbb[500]
Feb 29 17:08:07 	racoon: WARNING: attribute has been modified.
Feb 29 17:08:07 	racoon: [ServerOK]: INFO: IPsec-SA established: ESP bbb.bbb.bbb.bbb[0]->aaa.aaa.aaa.aaa[0] spi=214188897(0xcc44361)
Feb 29 17:08:07 	racoon: [ServerOK]: INFO: IPsec-SA established: ESP aaa.aaa.aaa.aaa[0]->bbb.bbb.bbb.bbb[0] spi=1679825823(0x64201b9f)
Feb 29 17:08:13 	racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 1a36f06b8e37ffa4:e62ce7ec3fec3511:0000bdc1
Feb 29 17:08:13 	racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, a06b45cae1d3a3ba:0b3b85f84cd3f252:0000853c
Feb 29 17:08:29 	racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, 1a36f06b8e37ffa4:e62ce7ec3fec3511:0000bdc1
Feb 29 17:08:29 	racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, a06b45cae1d3a3ba:0b3b85f84cd3f252:0000853c
Feb 29 17:09:00 	racoon: INFO: caught signal 15
Feb 29 17:09:00 	racoon: [ServerOK]: INFO: initiate new phase 2 negotiation: aaa.aaa.aaa.aaa[0]<=>bbb.bbb.bbb.bbb[0]
Feb 29 17:09:05 	racoon: INFO: @(#)ipsec-tools 0.7.2 (http://ipsec-tools.sourceforge.net)
Feb 29 17:09:05 	racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
Feb 29 17:09:05 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Feb 29 17:09:05 	racoon: [Self]: INFO:aaa.aaa.aaa.aaa1[500] used as isakmp port (fd=18)
Feb 29 17:09:05 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
Feb 29 17:09:05 	racoon: [Self]: INFO: 192.168.137.1[500] used as isakmp port (fd=20)
Feb 29 17:09:05 	racoon: INFO: unsupported PF_KEY message REGISTER
Feb 29 17:09:05 	racoon: ERROR: such policy already exists. anyway replace it: 192.168.137.0/24[0] 192.168.137.1/32[0] proto=any dir=in
Feb 29 17:09:05 	racoon: ERROR: such policy already exists. anyway replace it: 192.168.137.1/32[0] 192.168.137.0/24[0] proto=any dir=out
Feb 29 17:09:05 	racoon: ERROR: such policy already exists. anyway replace it: 192.168.137.0/24[0] 192.168.147.0/24[0] proto=any dir=out
Feb 29 17:09:05 	racoon: ERROR: such policy already exists. anyway replace it: 192.168.147.0/24[0] 192.168.137.0/24[0] proto=any dir=in
Feb 29 17:09:05 	racoon: [Self]: INFO: aaa.aaa.aaa.aaa[500] used as isakmp port (fd=18)
Feb 29 17:09:05 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=19)
Feb 29 17:09:05 	racoon: [Self]: INFO: 192.168.137.1[500] used as isakmp port (fd=20)
Feb 29 17:09:05 	racoon: [ServerOK]: INFO: IPsec-SA request for bbb.bbb.bbb.bbbqueued due to no phase1 found.
Feb 29 17:09:05 	racoon: [ServerOK]: INFO: initiate new phase 1 negotiation: aaa.aaa.aaa.aaa[500]<=>bbb.bbb.bbb.bbb[500]
Feb 29 17:09:05 	racoon: INFO: begin Identity Protection mode.
Feb 29 17:09:06 	racoon: INFO: received Vendor ID: DPD
Feb 29 17:09:06 	racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
Feb 29 17:09:06 	racoon: [ServerOK]: INFO: ISAKMP-SA established aaa.aaa.aaa.aaa[500]-bbb.bbb.bbb.bbb[500] spi:a0e693f588fbee45:ad60bfe62cbde305
Feb 29 17:09:06 	racoon: [ServerOK]: INFO: phase2 sa expired aaa.aaa.aaa.aaa-bbb.bbb.bbb.bbb
Feb 29 17:09:06 	racoon: [ServerOK]: INFO: initiate new phase 2 negotiation: aaa.aaa.aaa.aaa[0]<=>bbb.bbb.bbb.bbb[0]
Feb 29 17:09:06 	racoon: WARNING: attribute has been modified.
Feb 29 17:09:06 	racoon: [ServerOK]: INFO: IPsec-SA established: ESP bbb.bbb.bbb.bbb[0]->aaa.aaa.aaa.aaa[0] spi=62816176(0x3be7fb0)
Feb 29 17:09:06 	racoon: [ServerOK]: INFO: IPsec-SA established: ESP aaa.aaa.aaa.aaa[0]->bbb.bbb.bbb.bbb[0] spi=2464398657(0x92e3bd41)
Feb 29 17:09:07 	racoon: [ServerOK]: INFO: initiate new phase 2 negotiation: aaa.aaa.aaa.aaa[500]<=>bbb.bbb.bbb.bbb[500]
Feb 29 17:09:07 	racoon: [ServerOK]: INFO: phase2 sa deleted aaa.aaa.aaa.aaa-bbb.bbb.bbb.bbb
Feb 29 17:09:07 	racoon: ERROR: status mismatch (db:9 msg:3)
Feb 29 17:09:13 	racoon: [ServerOK]: INFO: respond new phase 1 negotiation: aaa.aaa.aaa.aaa[500]<=>bbb.bbb.bbb.bbb[500]
Feb 29 17:09:13 	racoon: INFO: begin Identity Protection mode.
Feb 29 17:09:13 	racoon: INFO: received Vendor ID: DPD
Feb 29 17:09:13 	racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
Feb 29 17:09:13 	racoon: [ServerOK]: INFO: ISAKMP-SA established aaa.aaa.aaa.aaa[500]-bbb.bbb.bbb.bbb[500] spi:2098d5bc47b7f88a:ec1f4b8fee0a5df7
Feb 29 17:09:13 	racoon: [ServerOK]: INFO: respond new phase 2 negotiation: aaa.aaa.aaa.aaa[0]<=>bbb.bbb.bbb.bbb[0]
Feb 29 17:09:13 	racoon: [ServerOK]: INFO: IPsec-SA established: ESP bbb.bbb.bbb.bbb[0]->aaa.aaa.aaa.aaa[0] spi=154089652(0x92f38b4)
Feb 29 17:09:13 	racoon: [ServerOK]: INFO: IPsec-SA established: ESP aaa.aaa.aaa.aaa[0]->bbb.bbb.bbb.bbb[0] spi=1452173945(0x568e6a79)

      zyxel zywall log

      
39
	2012-02-29 17:12:37	Send:[HASH][NOTFY:R_U_THERE_ACK]	bbb.bbb.bbb.bbb	aaa.aaa.aaa.aaa	IKE
40
	2012-02-29 17:12:30	IKE Packet Retransmit	bbb.bbb.bbb.bbb	aaa.aaa.aaa.aaa	IKE
41
	2012-02-29 17:12:30	The cookie pair is : 0xC54AFD2569A9A56C / 0x2F7C495394915DB8	bbb.bbb.bbb.bbb	aaa.aaa.aaa.aaa	IKE
42
	2012-02-29 17:12:30	IKE Packet Retransmit	bbb.bbb.bbb.bbb	aaa.aaa.aaa.aaa	IKE
43
	2012-02-29 17:12:30	The cookie pair is : 0x5103E25BC2BA4F06 / 0x996400B086691105	bbb.bbb.bbb.bbb	aaa.aaa.aaa.aaa	IKE
44
	2012-02-29 17:12:37	The cookie pair is : 0x968C0C57180634C5 / 0x556B69DB20E83E32	bbb.bbb.bbb.bbb	aaa.aaa.aaa.aaa	IKE
47
	2012-02-29 17:12:42 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14997 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
48
	2012-02-29 17:12:42 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14996 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
49
	2012-02-29 17:12:41 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14995 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
50
	2012-02-29 17:12:41 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14994 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
51
	2012-02-29 17:12:41 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14993 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
52
	2012-02-29 17:12:38 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14985 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
53
	2012-02-29 17:12:38 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14984 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
54
	2012-02-29 17:12:38 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14982 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
55
	2012-02-29 17:12:37 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14981 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
56
	2012-02-29 17:12:37 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14980 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
57
	2012-02-29 17:12:37 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14979 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
58
	2012-02-29 17:12:37 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14978 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
59
	2012-02-29 17:12:37 	Firewall default policy: TCP (W1 to W1/ZW) 	aaa.aaa.aaa.aaa:14976 	bbb.bbb.bbb.bbb:80 	ACCESS PERMITTED
60
	2012-02-29 17:12:37 	Successful HTTP login 	aaa.aaa.aaa.aaa:14963 	bbb.bbb.bbb.bbb:80 	User:admin
61
	2012-02-29 17:12:33 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
62
	2012-02-29 17:12:37 	Recv:[HASH][NOTFY:R_U_THERE] 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	IKE
63
	2012-02-29 17:12:37 	The cookie pair is : 0x968C0C57180634C5 / 0x556B69DB20E83E32 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	IKE
64
	2012-02-29 17:12:38 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
65
	2012-02-29 17:12:46 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
66
	2012-02-29 17:12:40 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
67
	2012-02-29 17:12:44 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
68
	2012-02-29 17:12:32 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
69
	2012-02-29 17:12:36 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
70
	2012-02-29 17:12:45 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
71
	2012-02-29 17:12:31 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
72
	2012-02-29 17:12:35 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
73
	2012-02-29 17:12:30 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
74
	2012-02-29 17:12:43 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
75
	2012-02-29 17:12:34 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
76
	2012-02-29 17:12:41 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
77
	2012-02-29 17:12:47 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
78
	2012-02-29 17:12:37 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
79
	2012-02-29 17:12:29 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
80
	2012-02-29 17:12:39 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
81
	2012-02-29 17:12:28 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED
82
	2012-02-29 17:12:42 	Firewall default policy: ICMP (W1 to W1/ZW, Echo) 	aaa.aaa.aaa.aaa	bbb.bbb.bbb.bbb	ACCESS PERMITTED

      пересоздал туннель, переустанавливал прошивку зухеля - не помогло, перезапуск racoon не помог, помогите плиз разобратся в чём дело

      1 Reply Last reply Reply Quote 0
      • A
        AsaD
        last edited by

        Всё спасибо, переустановил пфсенс теперь работает как надо, причину проблемы не нашёл….

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.