IPSec между dlink dfl-860e и StrongSwan в pfSense 2.2

zhhh

Началось все с перехода на новую версию pfsense 2.2. В старой версии 2.1 был racoon и стабильно работал. В pfSense 2.2 установлен StrongSwan, тунель подвисает через n-часов работы.
На шлюзах белые IP одного провайдера в разных частях города, получаются по PPPoE. Reauth ipsec проходит нормально каждые 7 часов, наблюдал в течении дня.
Пробовал различные варианты шифрования. Все равно прихожу на следующий день - статус IPSec - Disconected. Отключаю службу ipsec на минуту и стартую - работает в течении рабочего дня.
Что можно сделать, чтоб не отваливался тунель?

вот лог :

в 07:49:24 нажал connect тунеля

в 08:02:26 сделал рестарт службы

Feb 19 08:03:59	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (92 bytes)
Feb 19 08:03:59	charon: 13[ENC] generating INFORMATIONAL_V1 request 897668763 [ HASH N(DPD_ACK) ]
Feb 19 08:03:59	charon: 13[ENC] parsed INFORMATIONAL_V1 request 3123146777 [ HASH N(DPD) ]
Feb 19 08:03:59	charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (92 bytes)
Feb 19 08:03:29	charon: 11[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (92 bytes)
Feb 19 08:03:29	charon: 11[ENC] generating INFORMATIONAL_V1 request 3676726118 [ HASH N(DPD_ACK) ]
Feb 19 08:03:29	charon: 11[ENC] parsed INFORMATIONAL_V1 request 4025495893 [ HASH N(DPD) ]
Feb 19 08:03:29	charon: 11[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (92 bytes)
Feb 19 08:02:48	charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (60 bytes)
Feb 19 08:02:48	charon: 10[ENC] generating QUICK_MODE request 1402268389 [ HASH ]
Feb 19 08:02:48	charon: 10[IKE] CHILD_SA con1000{1} established with SPIs c0cd1952_i 9e69bc78_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> CHILD_SA con1000{1} established with SPIs c0cd1952_i 9e69bc78_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
Feb 19 08:02:48	charon: 10[ENC] parsed QUICK_MODE response 1402268389 [ HASH SA No KE ID ID ]
Feb 19 08:02:48	charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (268 bytes)
Feb 19 08:02:48	charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (284 bytes)
Feb 19 08:02:48	charon: 10[ENC] generating QUICK_MODE request 1402268389 [ HASH SA No KE ID ID ]
Feb 19 08:02:48	charon: 10[IKE] maximum IKE_SA lifetime 28599s
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> maximum IKE_SA lifetime 28599s
Feb 19 08:02:48	charon: 10[IKE] scheduling reauthentication in 28059s
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> scheduling reauthentication in 28059s
Feb 19 08:02:48	charon: 10[IKE] IKE_SA con1000[2] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> IKE_SA con1000[2] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
Feb 19 08:02:48	charon: 10[ENC] parsed ID_PROT response 0 [ ID HASH ]
Feb 19 08:02:48	charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (60 bytes)
Feb 19 08:02:48	charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (76 bytes)
Feb 19 08:02:48	charon: 10[ENC] generating ID_PROT request 0 [ ID HASH ]
Feb 19 08:02:48	charon: 10[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 19 08:02:48	charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (188 bytes)
Feb 19 08:02:48	charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (204 bytes)
Feb 19 08:02:48	charon: 10[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 19 08:02:48	charon: 10[ENC] received unknown vendor ID: 12:f5:f2:8c:45:71:68:a9:70:2d:9f:e2:74:cc
Feb 19 08:02:48	charon: 10[IKE] received DPD vendor ID
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received DPD vendor ID
Feb 19 08:02:48	charon: 10[IKE] received XAuth vendor ID
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received XAuth vendor ID
Feb 19 08:02:48	charon: 10[IKE] received NAT-T (RFC 3947) vendor ID
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received NAT-T (RFC 3947) vendor ID
Feb 19 08:02:48	charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 19 08:02:48	charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 19 08:02:48	charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Feb 19 08:02:48	charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Feb 19 08:02:48	charon: 10[IKE] received draft-stenberg-ipsec-nat-traversal-02 vendor ID
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-stenberg-ipsec-nat-traversal-02 vendor ID
Feb 19 08:02:48	charon: 10[IKE] received draft-stenberg-ipsec-nat-traversal-01 vendor ID
Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-stenberg-ipsec-nat-traversal-01 vendor ID
Feb 19 08:02:48	charon: 10[ENC] received unknown vendor ID: 8f:9c:c9:4e:01:24:8e:cd:f1:47:59:4c:28:4b:21:3b
Feb 19 08:02:48	charon: 10[ENC] parsed ID_PROT response 0 [ SA V V V V V V V V V V V ]
Feb 19 08:02:48	charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (294 bytes)
Feb 19 08:02:48	charon: 12[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
Feb 19 08:02:48	charon: 12[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
Feb 19 08:02:48	charon: 12[IKE] initiating Main Mode IKE_SA con1000[2] to (IP DFL-860E) XX.XX.XX.XX
Feb 19 08:02:48	charon: 12[IKE] <con1000|2> initiating Main Mode IKE_SA con1000[2] to (IP DFL-860E) XX.XX.XX.XX
Feb 19 08:02:48	charon: 13[CFG] received stroke: initiate 'con1000'
Feb 19 08:02:48	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (92 bytes)
Feb 19 08:02:48	charon: 13[ENC] generating INFORMATIONAL_V1 request 2256457257 [ HASH D ]
Feb 19 08:02:48	charon: 13[IKE] sending DELETE for IKE_SA con1000[1]
Feb 19 08:02:48	charon: 13[IKE] <con1000|1> sending DELETE for IKE_SA con1000[1]
Feb 19 08:02:48	charon: 13[IKE] deleting IKE_SA con1000[1] between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
Feb 19 08:02:48	charon: 13[IKE] <con1000|1> deleting IKE_SA con1000[1] between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
Feb 19 08:02:48	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (76 bytes)
Feb 19 08:02:48	charon: 13[ENC] generating INFORMATIONAL_V1 request 984300203 [ HASH D ]
Feb 19 08:02:48	charon: 13[IKE] sending DELETE for ESP CHILD_SA with SPI cf629bd6
Feb 19 08:02:48	charon: 13[IKE] <con1000|1> sending DELETE for ESP CHILD_SA with SPI cf629bd6
Feb 19 08:02:48	charon: 13[IKE] closing CHILD_SA con1000{1} with SPIs cf629bd6_i (0 bytes) 2e302337_o (0 bytes) and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
Feb 19 08:02:48	charon: 13[IKE] <con1000|1> closing CHILD_SA con1000{1} with SPIs cf629bd6_i (0 bytes) 2e302337_o (0 bytes) and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
Feb 19 08:02:48	charon: 15[CFG] received stroke: terminate 'con1000'
Feb 19 08:02:46	charon: 15[IKE] CHILD_SA con1000{1} established with SPIs cf629bd6_i 2e302337_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
Feb 19 08:02:46	charon: 15[IKE] <con1000|1> CHILD_SA con1000{1} established with SPIs cf629bd6_i 2e302337_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
Feb 19 08:02:46	charon: 15[ENC] parsed QUICK_MODE request 828592377 [ HASH ]
Feb 19 08:02:46	charon: 15[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (60 bytes)
Feb 19 08:02:46	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (284 bytes)
Feb 19 08:02:46	charon: 15[ENC] generating QUICK_MODE response 828592377 [ HASH SA No KE ID ID ]
Feb 19 08:02:46	charon: 15[ENC] parsed QUICK_MODE request 828592377 [ HASH SA No KE ID ID ]
Feb 19 08:02:46	charon: 15[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (268 bytes)
Feb 19 08:02:46	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (76 bytes)
Feb 19 08:02:46	charon: 13[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 19 08:02:46	charon: 13[IKE] maximum IKE_SA lifetime 28715s
Feb 19 08:02:46	charon: 13[IKE] <con1000|1> maximum IKE_SA lifetime 28715s
Feb 19 08:02:46	charon: 13[IKE] scheduling reauthentication in 28175s
Feb 19 08:02:46	charon: 13[IKE] <con1000|1> scheduling reauthentication in 28175s
Feb 19 08:02:46	charon: 13[IKE] IKE_SA con1000[1] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
Feb 19 08:02:46	charon: 13[IKE] <con1000|1> IKE_SA con1000[1] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
Feb 19 08:02:46	charon: 13[CFG] selected peer config "con1000"
Feb 19 08:02:46	charon: 13[CFG] looking for pre-shared key peer configs matching (IP pfSense) XX.XX.XX.XX...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
Feb 19 08:02:46	charon: 13[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Feb 19 08:02:46	charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (76 bytes)
Feb 19 08:02:46	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (204 bytes)
Feb 19 08:02:46	charon: 13[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 19 08:02:46	charon: 13[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 19 08:02:46	charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (188 bytes)
Feb 19 08:02:46	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (156 bytes)
Feb 19 08:02:46	charon: 13[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 19 08:02:46	charon: 13[IKE] (IP DFL-860E) XX.XX.XX.XX is initiating a Main Mode IKE_SA
Feb 19 08:02:46	charon: 13[IKE] <1> (IP DFL-860E) XX.XX.XX.XX is initiating a Main Mode IKE_SA
Feb 19 08:02:46	charon: 13[IKE] received DPD vendor ID
Feb 19 08:02:46	charon: 13[IKE] <1> received DPD vendor ID
Feb 19 08:02:46	charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
Feb 19 08:02:46	charon: 13[IKE] <1> received NAT-T (RFC 3947) vendor ID
Feb 19 08:02:46	charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 19 08:02:46	charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 19 08:02:46	charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 19 08:02:46	charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 19 08:02:46	charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Feb 19 08:02:46	charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Feb 19 08:02:46	charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Feb 19 08:02:46	charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Feb 19 08:02:46	charon: 13[IKE] received draft-stenberg-ipsec-nat-traversal-02 vendor ID
Feb 19 08:02:46	charon: 13[IKE] <1> received draft-stenberg-ipsec-nat-traversal-02 vendor ID
Feb 19 08:02:46	charon: 13[IKE] received draft-stenberg-ipsec-nat-traversal-01 vendor ID
Feb 19 08:02:46	charon: 13[IKE] <1> received draft-stenberg-ipsec-nat-traversal-01 vendor ID
Feb 19 08:02:46	charon: 13[ENC] received unknown vendor ID: 8f:9c:c9:4e:01:24:8e:cd:f1:47:59:4c:28:4b:21:3b
Feb 19 08:02:46	charon: 13[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ]
Feb 19 08:02:46	charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (264 bytes)
Feb 19 08:02:26	ipsec_starter[64483]:
Feb 19 08:02:26	ipsec_starter[64483]: 'con1000' routed
Feb 19 08:02:26	charon: 15[CFG] received stroke: route 'con1000'
Feb 19 08:02:26	charon: 14[CFG] added configuration 'con1000'
Feb 19 08:02:26	charon: 14[CFG] received stroke: add connection 'con1000'
Feb 19 08:02:26	ipsec_starter[64483]: charon (64678) started after 120 ms
Feb 19 08:02:26	charon: 00[JOB] spawning 16 worker threads
Feb 19 08:02:26	charon: 00[LIB] unable to load 6 plugin features (5 due to unmet dependencies)
Feb 19 08:02:26	charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf gmp xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke smp updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock unity
Feb 19 08:02:26	charon: 00[CFG] loaded 0 RADIUS server configurations
Feb 19 08:02:26	charon: 00[CFG] opening triplet file /var/etc/ipsec/ipsec.d/triplets.dat failed: No such file or directory
Feb 19 08:02:26	charon: 00[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 08:02:26	charon: 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 08:02:26	charon: 00[CFG] loading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 08:02:26	charon: 00[CFG] loading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 08:02:26	charon: 00[CFG] loading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 08:02:26	charon: 00[CFG] loading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 08:02:26	charon: 00[CFG] loading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 08:02:26	charon: 00[CFG] ipseckey plugin is disabled
Feb 19 08:02:26	charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Feb 19 08:02:26	charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
Feb 19 08:02:26	charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, FreeBSD 10.1-RELEASE-p4, i386)
Feb 19 08:02:26	ipsec_starter[64035]: no known IPsec stack detected, ignoring!
Feb 19 08:02:26	ipsec_starter[64035]: no KLIPS IPsec stack detected
Feb 19 08:02:26	ipsec_starter[64035]: no netkey IPsec stack detected
Feb 19 08:02:26	ipsec_starter[64035]: Starting strongSwan 5.2.1 IPsec [starter]...
Feb 19 07:58:56	ipsec_starter[37946]: ipsec starter stopped
Feb 19 07:58:56	ipsec_starter[37946]: charon stopped after 200 ms
Feb 19 07:58:56	charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Feb 19 07:58:56	charon: 00[IKE] <con1000|5> destroying IKE_SA in state CONNECTING without notification
Feb 19 07:58:56	charon: 00[DMN] signal of type SIGINT received. Shutting down
Feb 19 07:58:46	charon: 15[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:58:46	charon: 15[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:58:46	charon: 15[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:58:46	charon: 15[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:58:46	charon: 15[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:58:46	charon: 15[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:58:46	charon: 15[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:58:46	charon: 15[CFG] rereading secrets
Feb 19 07:58:30	charon: 04[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
Feb 19 07:58:30	charon: 04[IKE] sending retransmit 5 of request message ID 0, seq 1
Feb 19 07:58:30	charon: 04[IKE] <con1000|5> sending retransmit 5 of request message ID 0, seq 1
Feb 19 07:57:52	charon: 04[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:57:52	charon: 04[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:57:52	charon: 04[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:57:52	charon: 04[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:57:52	charon: 04[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:57:52	charon: 04[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:57:52	charon: 04[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:57:52	charon: 04[CFG] rereading secrets
Feb 19 07:57:48	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
Feb 19 07:57:48	charon: 15[IKE] sending retransmit 4 of request message ID 0, seq 1
Feb 19 07:57:48	charon: 15[IKE] <con1000|5> sending retransmit 4 of request message ID 0, seq 1
Feb 19 07:57:25	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
Feb 19 07:57:25	charon: 15[IKE] sending retransmit 3 of request message ID 0, seq 1
Feb 19 07:57:25	charon: 15[IKE] <con1000|5> sending retransmit 3 of request message ID 0, seq 1
Feb 19 07:57:12	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
Feb 19 07:57:12	charon: 15[IKE] sending retransmit 2 of request message ID 0, seq 1
Feb 19 07:57:12	charon: 15[IKE] <con1000|5> sending retransmit 2 of request message ID 0, seq 1
Feb 19 07:57:04	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
Feb 19 07:57:04	charon: 15[IKE] sending retransmit 1 of request message ID 0, seq 1
Feb 19 07:57:04	charon: 15[IKE] <con1000|5> sending retransmit 1 of request message ID 0, seq 1
Feb 19 07:57:00	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
Feb 19 07:57:00	charon: 15[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
Feb 19 07:57:00	charon: 15[IKE] initiating Main Mode IKE_SA con1000[5] to (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:57:00	charon: 15[IKE] <con1000|5> initiating Main Mode IKE_SA con1000[5] to (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:57:00	charon: 16[CFG] received stroke: initiate 'con1000'
Feb 19 07:57:00	charon: 13[CFG] no IKE_SA named 'con1000' found
Feb 19 07:57:00	charon: 13[CFG] received stroke: terminate 'con1000'
Feb 19 07:56:09	charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:56:09	charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:56:09	charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:56:09	charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:56:09	charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:56:09	charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:56:09	charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:56:09	charon: 16[CFG] rereading secrets
Feb 19 07:55:21	charon: 13[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:55:21	charon: 13[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:55:21	charon: 13[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:55:21	charon: 13[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:55:21	charon: 13[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:55:21	charon: 13[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:55:21	charon: 13[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:55:21	charon: 13[CFG] rereading secrets
Feb 19 07:50:10	charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:50:10	charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:50:10	charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:50:10	charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:50:10	charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:50:10	charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:50:10	charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:50:10	charon: 16[CFG] rereading secrets
Feb 19 07:49:24	charon: 13[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:49:24	charon: 13[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:49:24	charon: 13[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:49:24	charon: 13[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:49:24	charon: 13[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:49:24	charon: 13[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:49:24	charon: 13[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:49:24	charon: 13[CFG] rereading secrets
Feb 19 07:26:14	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:26:14	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:26:14	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:26:14	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:26:14	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:26:14	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:26:14	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:26:14	charon: 11[CFG] rereading secrets
Feb 19 07:26:04	charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:26:04	charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:26:04	charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:26:04	charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:26:04	charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:26:04	charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:26:04	charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:26:04	charon: 16[CFG] rereading secrets
Feb 19 07:25:42	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:25:42	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:25:42	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:25:42	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:25:42	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:25:42	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:25:42	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:25:42	charon: 11[CFG] rereading secrets
Feb 19 07:25:41	charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:25:41	charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:25:41	charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:25:41	charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:25:41	charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:25:41	charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:25:41	charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:25:41	charon: 16[CFG] rereading secrets
Feb 19 07:17:06	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:17:06	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:17:06	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:17:06	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:17:06	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:17:06	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:17:06	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:17:06	charon: 11[CFG] rereading secrets
Feb 19 07:16:09	charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:16:09	charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:16:09	charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:16:09	charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:16:09	charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:16:09	charon: 12[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:16:09	charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:16:09	charon: 12[CFG] rereading secrets
Feb 19 07:10:35	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:10:35	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:10:35	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:10:35	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:10:35	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:10:35	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:10:35	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:10:35	charon: 11[CFG] rereading secrets
Feb 19 07:09:44	charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:09:44	charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:09:44	charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:09:44	charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:09:44	charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:09:44	charon: 12[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:09:44	charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:09:44	charon: 12[CFG] rereading secrets
Feb 19 07:08:37	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:08:37	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:08:37	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:08:37	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:08:37	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:08:37	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:08:37	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:08:37	charon: 11[CFG] rereading secrets
Feb 19 07:07:47	charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 07:07:47	charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 07:07:47	charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 07:07:47	charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 07:07:47	charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 07:07:47	charon: 12[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 07:07:47	charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 07:07:47	charon: 12[CFG] rereading secrets
Feb 19 06:58:30	charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 06:58:30	charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 06:58:30	charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 06:58:30	charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 06:58:30	charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 06:58:30	charon: 07[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 06:58:30	charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 06:58:30	charon: 07[CFG] rereading secrets
Feb 19 06:57:44	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 06:57:44	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 06:57:44	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 06:57:44	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 06:57:44	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 06:57:44	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 06:57:44	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 06:57:44	charon: 11[CFG] rereading secrets
Feb 19 06:53:53	charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 06:53:53	charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 06:53:53	charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 06:53:53	charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 06:53:53	charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 06:53:53	charon: 07[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 06:53:53	charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 06:53:53	charon: 07[CFG] rereading secrets
Feb 19 06:53:10	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 06:53:10	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 06:53:10	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 06:53:10	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 06:53:10	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 06:53:10	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 06:53:10	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 06:53:10	charon: 11[CFG] rereading secrets
Feb 19 06:50:46	charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 06:50:46	charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 06:50:46	charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 06:50:46	charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 06:50:46	charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 06:50:46	charon: 07[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 06:50:46	charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 06:50:46	charon: 07[CFG] rereading secrets
Feb 19 06:48:59	charon: 10[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 06:48:59	charon: 10[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 06:48:59	charon: 10[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 06:48:59	charon: 10[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 06:48:59	charon: 10[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 06:48:59	charon: 10[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 06:48:59	charon: 10[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 06:48:59	charon: 10[CFG] rereading secrets
Feb 19 06:45:20	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 06:45:20	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 06:45:20	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 06:45:20	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 06:45:20	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 06:45:20	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 06:45:20	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 06:45:20	charon: 11[CFG] rereading secrets
Feb 19 06:44:21	charon: 10[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 06:44:21	charon: 10[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 06:44:21	charon: 10[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
Feb 19 06:44:21	charon: 10[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
Feb 19 06:44:21	charon: 10[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
Feb 19 06:44:21	charon: 10[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
Feb 19 06:44:21	charon: 10[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Feb 19 06:44:21	charon: 10[CFG] rereading secrets
Feb 19 06:43:38	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
Feb 19 06:43:38	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
Feb 19 06:43:38	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'</con1000|5></con1000|5></con1000|5></con1000|5></con1000|5></con1000|5></con1000|5></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2>
```![01.jpg](/public/_imported_attachments_/1/01.jpg)
![02.jpg](/public/_imported_attachments_/1/02.jpg)
![01.jpg_thumb](/public/_imported_attachments_/1/01.jpg_thumb)
![02.jpg_thumb](/public/_imported_attachments_/1/02.jpg_thumb)

ABBaz

Похоже что это проблемы StrongSwan в pfSense 2.2
https://forum.pfsense.org/index.php?topic=88080.0
"2.2 is just IPSEC nightmare."

zhhh

на pfsense 2.2 можно racoon поставить, а strongSwan отключить?

werter

1. Обновить прошивку dlink dfl-860e до самой последней.
2. http://www.dlink.ru/ru/faq/92/927.html

После применения настроек нажмите кнопку Back, затем кнопку IPSec Proposal.
Заполните следующие поля в указанном ниже порядке.

Шаг 1: В поле Proposal Name укажите ipsec_3des_md5
Шаг 2: В поле DH Group выберите Group 2
Шаг 3: В поле Encrypt algorithm укажите 3DES
Шаг 4: В поле Auth algorithm укажите MD5
Шаг 5: В поле Life Time укажите 3600
Шаг 6: В поле Proposal ID выберите 1.
Шаг 7: Нажмите кнопку Add to.
Шаг 8: Нажмите кнопку Apply.

Пробуйте с такими типами шифрования , авторизации etc. У вас на скринах - другие.

zhhh

@werter:

1. Обновить прошивку dlink dfl-860e до самой последней.
2. http://www.dlink.ru/ru/faq/92/927.html

После применения настроек нажмите кнопку Back, затем кнопку IPSec Proposal.
Заполните следующие поля в указанном ниже порядке.

Шаг 1: В поле Proposal Name укажите ipsec_3des_md5
Шаг 2: В поле DH Group выберите Group 2
Шаг 3: В поле Encrypt algorithm укажите 3DES
Шаг 4: В поле Auth algorithm укажите MD5
Шаг 5: В поле Life Time укажите 3600
Шаг 6: В поле Proposal ID выберите 1.
Шаг 7: Нажмите кнопку Add to.
Шаг 8: Нажмите кнопку Apply.

Пробуйте с такими типами шифрования , авторизации etc. У вас на скринах - другие.

Прошивка 860 тут не причем, стоит свежее и стабильнее, чем на оффе.

Для теста настроил такой же тунель на pfSense 2.1 (racoon) - не отваливается (открываю номально web-морды, звоню по VoIP, работаю по RDP).

На 2.2 запускаю такой же тунель - пинг идет стабильно, стоит только попытаться открыть web-морду pfSense с удаленной тачки за 860м, пинг отрубается, pfSense минуту не открывается, потом все же открывается и показывает crash-рапорт.

Я накатывал 2.2 автоматическим обновлением, может быть в этом дело и поставить его начисто.

zhhh

сегодня еще улыбнуло, на pfSense 2.2 удалил все IPSec настройки и отключил службу, но он все равно упорно устанавливает соединения с 860, первую фазу :o :o :o
седня снесу нафик и поставлю чистую 2.1 ;D

werter

@zhhh:

сегодня еще улыбнуло, на pfSense 2.2 удалил все IPSec настройки и отключил службу, но он все равно упорно устанавливает соединения с 860, первую фазу :o :o :o
седня снесу нафик и поставлю чистую 2.1 ;D

Попробуйте чистый 2.2

zhhh

@werter:

Попробуйте чистый 2.2

Восстановил 2.1, вернулась стабильность ;D

Чистую 2.2 я конечно же потестю, но не на рабочих шлюзах. На следующей неделе соберу из старого железа шлюзик, из дома попробую пробросить тунели и к d link 860 и к cisco 1921. О результатах отпишу тут.

werter

На следующей неделе соберу из старого железа шлюзик

"Вы всё ещё ~~кипятите~~ не виртуализированы ? Тогда мы идем к Вам" (с) ;D

zhhh

свежая pfsense 2.2.2 (strongswan на борту) в связке с dlink dfl 860e
Phase 1
Negotiation mode - main
Encryption algorithm - 3des
Hash algorithm - md5
DH key group - 2
Phase 2
Protocol - ESP
Encryption algorithms - 3des
Hash algorithms - md5
PFS key group - 2

моментально устанавливает связь, идут пинги с обоих сторон, стоит попытаться залогиниться на вебморду или ssh pfsense через тунель - pfsense уходит в даун… после ребута выдает crash -рапорт

Fatal double fault:
eip = 0xc12b5a90
esp = 0xdefd5ff4
ebp = 0xdefd605c
cpuid = 0; apic id = 00
panic: double fault
cpuid = 0
KDB: enter: panic

:o :o :o выше я описывал схожие симптомы при обновлении с 2.1
почему так легко положить pfsense стандартными настройками???

rubic

https://forum.pfsense.org/index.php?topic=94929.msg527954#msg527954

zhhh

@rubic:

https://forum.pfsense.org/index.php?topic=94929.msg527954#msg527954

Спасибо, заработало! :D
Оказывается у кого стоит версия i386, при обращении к pfsense через ipsec-тунель, чтобы не крашилась система, нужно добавить настройку:
System->Advanced->System Tunables, жмем "+"
Tunable - net.inet.ipsec.directdispatch
Value - 0

IPSec между dlink dfl-860e и StrongSwan в pfSense 2.2

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter