PFSense IPSec DFL800 (помогите настроить туннель)
-
Помогите настроить тоннель между PFSense 2.0 и DFL-800,
пытался настроить по примеру тоннелей между dfl-800 и dfl-210 но как то не ладится.
-
вот что в логе ipsec:
Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Oct 19 22:46:03 racoon: INFO: received Vendor ID: RFC 3947
Oct 19 22:46:03 racoon: [Monolit IPsec]: [91.144.190.44] INFO: Selected NAT-T version: RFC 3947
Oct 19 22:46:03 racoon: INFO: NAT-D payload #-1 doesn't match
Oct 19 22:46:03 racoon: INFO: NAT-D payload #0 doesn't match
Oct 19 22:46:03 racoon: INFO: NAT detected: ME PEER
Oct 19 22:46:03 racoon: [Monolit IPsec]: [91.144.190.44] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Oct 19 22:46:03 racoon: ERROR: HASH mismatched
Oct 19 22:46:12 racoon: [Monolit IPsec]: [91.144.190.44] WARNING: remote address mismatched. db=91.144.190.44[4500], act=91.144.190.44[500]
Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:12 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Oct 19 22:46:12 racoon: INFO: received Vendor ID: RFC 3947
Oct 19 22:46:12 racoon: [Monolit IPsec]: [91.144.190.44] INFO: Selected NAT-T version: RFC 3947
Oct 19 22:46:12 racoon: INFO: NAT-D payload #-1 doesn't match
Oct 19 22:46:12 racoon: INFO: NAT-D payload #0 doesn't match
Oct 19 22:46:12 racoon: INFO: NAT detected: ME PEER
Oct 19 22:46:12 racoon: [Monolit IPsec]: [91.144.190.44] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Oct 19 22:46:12 racoon: ERROR: HASH mismatched
Oct 19 22:46:22 racoon: ERROR: phase1 negotiation failed due to time up. be3be6e388a83b74:869a58db862b451f
Oct 19 22:46:22 racoon: [Monolit IPsec]: INFO: KA remove: 95.78.164.202[4500]->91.144.190.44[4500]
Oct 19 22:46:32 racoon: [Monolit IPsec]: INFO: respond new phase 1 negotiation: 95.78.164.202[500]<=>91.144.190.44[500]
Oct 19 22:46:32 racoon: INFO: begin Aggressive mode.
Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Oct 19 22:46:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Oct 19 22:46:32 racoon: INFO: received Vendor ID: RFC 3947
Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] INFO: Selected NAT-T version: RFC 3947
Oct 19 22:46:32 racoon: ERROR: no suitable proposal found.
Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] ERROR: failed to get valid proposal.
Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] ERROR: failed to pre-process ph1 packet [Check Phase 1 settings, lifetime, algorithm] (side: 1, status 1).
Oct 19 22:46:32 racoon: [Monolit IPsec]: [91.144.190.44] ERROR: phase1 negotiation failed.
-
все разобрался, можно закрывать