<![CDATA[PFSense IPSec DFL800 (помогите настроить туннель)]]>Помогите настроить тоннель между PFSense 2.0 и DFL-800,
пытался настроить по примеру тоннелей между dfl-800 и dfl-210 но как то не ладится.

]]>https://forum.netgate.com/topic/49586/pfsense-ipsec-dfl800-помогите-настроить-туннельRSS for NodeMon, 13 Apr 2026 02:19:25 GMTFri, 19 Oct 2012 16:13:30 GMT60<![CDATA[Reply to PFSense IPSec DFL800 (помогите настроить туннель) on Sat, 20 Oct 2012 16:20:46 GMT]]>все разобрался, можно закрывать

]]>https://forum.netgate.com/post/360832https://forum.netgate.com/post/360832Sat, 20 Oct 2012 16:20:46 GMT<![CDATA[Reply to PFSense IPSec DFL800 (помогите настроить туннель) on Fri, 19 Oct 2012 16:50:50 GMT]]>вот что в логе ipsec:
Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Oct 19 22:46:03 racoon: INFO: received Vendor ID: RFC 3947
Oct 19 22:46:03 racoon: [Monolit IPsec]: [91.144.190.44] INFO: Selected NAT-T version: RFC 3947
Oct 19 22:46:03 racoon: INFO: NAT-D payload #-1 doesn't match
Oct 19 22:46:03 racoon: INFO: NAT-D payload #0 doesn't match
Oct 19 22:46:03 racoon: INFO: NAT detected: ME PEER
Oct 19 22:46:03 racoon: [Monolit IPsec]: [91.144.190.44] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Oct 19 22:46:03 racoon: ERROR: HASH mismatched
Oct 19 22:46:12 racoon: [Monolit IPsec]: [91.144.190.44] WARNING: remote address mismatched. db=91.144.190.44[4500], act=91.144.190.44[500]
Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Oct 19 22:46:12 racoon: INFO: received Vendor ID: RFC 3947
Oct 19 22:46:12 racoon: [Monolit IPsec]: [91.144.190.44] INFO: Selected NAT-T version: RFC 3947
Oct 19 22:46:12 racoon: INFO: NAT-D payload #-1 doesn't match
Oct 19 22:46:12 racoon: INFO: NAT-D payload #0 doesn't match
Oct 19 22:46:12 racoon: INFO: NAT detected: ME PEER
Oct 19 22:46:12 racoon: [Monolit IPsec]: [91.144.190.44] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Oct 19 22:46:12 racoon: ERROR: HASH mismatched
Oct 19 22:46:22 racoon: ERROR: phase1 negotiation failed due to time up. be3be6e388a83b74:869a58db862b451f
Oct 19 22:46:22 racoon: [Monolit IPsec]: INFO: KA remove: 95.78.164.202[4500]->91.144.190.44[4500]
Oct 19 22:46:32 racoon: [Monolit IPsec]: INFO: respond new phase 1 negotiation: 95.78.164.202[500]<=>91.144.190.44[500]
Oct 19 22:46:32 racoon: INFO: begin Aggressive mode.
Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Oct 19 22:46:32 racoon: INFO: received Vendor ID: RFC 3947
Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] INFO: Selected NAT-T version: RFC 3947
Oct 19 22:46:32 racoon: ERROR: no suitable proposal found.
Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] ERROR: failed to get valid proposal.
Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] ERROR: phase1 negotiation failed.

]]>https://forum.netgate.com/post/360712https://forum.netgate.com/post/360712Fri, 19 Oct 2012 16:50:50 GMT