PFSense IPSec DFL800 (помогите настроить туннель)



  • Помогите настроить тоннель между PFSense 2.0 и DFL-800,
    пытался настроить по примеру тоннелей между dfl-800 и dfl-210 но как то не ладится.



  • вот что в логе ipsec:
    Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Oct 19 22:46:03 racoon: INFO: received Vendor ID: RFC 3947
    Oct 19 22:46:03 racoon: [Monolit IPsec]: [91.144.190.44] INFO: Selected NAT-T version: RFC 3947
    Oct 19 22:46:03 racoon: INFO: NAT-D payload #-1 doesn't match
    Oct 19 22:46:03 racoon: INFO: NAT-D payload #0 doesn't match
    Oct 19 22:46:03 racoon: INFO: NAT detected: ME PEER
    Oct 19 22:46:03 racoon: [Monolit IPsec]: [91.144.190.44] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
    Oct 19 22:46:03 racoon: ERROR: HASH mismatched
    Oct 19 22:46:12 racoon: [Monolit IPsec]: [91.144.190.44] WARNING: remote address mismatched. db=91.144.190.44[4500], act=91.144.190.44[500]
    Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Oct 19 22:46:12 racoon: INFO: received Vendor ID: RFC 3947
    Oct 19 22:46:12 racoon: [Monolit IPsec]: [91.144.190.44] INFO: Selected NAT-T version: RFC 3947
    Oct 19 22:46:12 racoon: INFO: NAT-D payload #-1 doesn't match
    Oct 19 22:46:12 racoon: INFO: NAT-D payload #0 doesn't match
    Oct 19 22:46:12 racoon: INFO: NAT detected: ME PEER
    Oct 19 22:46:12 racoon: [Monolit IPsec]: [91.144.190.44] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
    Oct 19 22:46:12 racoon: ERROR: HASH mismatched
    Oct 19 22:46:22 racoon: ERROR: phase1 negotiation failed due to time up. be3be6e388a83b74:869a58db862b451f
    Oct 19 22:46:22 racoon: [Monolit IPsec]: INFO: KA remove: 95.78.164.202[4500]->91.144.190.44[4500]
    Oct 19 22:46:32 racoon: [Monolit IPsec]: INFO: respond new phase 1 negotiation: 95.78.164.202[500]<=>91.144.190.44[500]
    Oct 19 22:46:32 racoon: INFO: begin Aggressive mode.
    Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Oct 19 22:46:32 racoon: INFO: received Vendor ID: RFC 3947
    Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] INFO: Selected NAT-T version: RFC 3947
    Oct 19 22:46:32 racoon: ERROR: no suitable proposal found.
    Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] ERROR: failed to get valid proposal.
    Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
    Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] ERROR: phase1 negotiation failed.



  • все разобрался, можно закрывать


Log in to reply