Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec между dlink dfl-860e и StrongSwan в pfSense 2.2

    Scheduled Pinned Locked Moved Russian
    12 Posts 4 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zhhh
      last edited by

      Началось все с перехода на новую версию pfsense 2.2. В старой версии 2.1 был racoon и стабильно работал. В pfSense 2.2 установлен StrongSwan, тунель подвисает через n-часов работы.
      На шлюзах белые IP одного провайдера в разных частях города, получаются по PPPoE. Reauth ipsec проходит нормально каждые 7 часов, наблюдал в течении дня.
      Пробовал различные варианты шифрования. Все равно прихожу на следующий день - статус IPSec - Disconected. Отключаю службу ipsec на минуту и стартую - работает в течении рабочего дня.
      Что можно сделать, чтоб не отваливался тунель?

      вот лог :

      в  07:49:24 нажал connect тунеля

      в  08:02:26 сделал рестарт службы

      Feb 19 08:03:59	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (92 bytes)
      Feb 19 08:03:59	charon: 13[ENC] generating INFORMATIONAL_V1 request 897668763 [ HASH N(DPD_ACK) ]
      Feb 19 08:03:59	charon: 13[ENC] parsed INFORMATIONAL_V1 request 3123146777 [ HASH N(DPD) ]
      Feb 19 08:03:59	charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (92 bytes)
      Feb 19 08:03:29	charon: 11[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (92 bytes)
      Feb 19 08:03:29	charon: 11[ENC] generating INFORMATIONAL_V1 request 3676726118 [ HASH N(DPD_ACK) ]
      Feb 19 08:03:29	charon: 11[ENC] parsed INFORMATIONAL_V1 request 4025495893 [ HASH N(DPD) ]
      Feb 19 08:03:29	charon: 11[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (92 bytes)
      Feb 19 08:02:48	charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (60 bytes)
      Feb 19 08:02:48	charon: 10[ENC] generating QUICK_MODE request 1402268389 [ HASH ]
      Feb 19 08:02:48	charon: 10[IKE] CHILD_SA con1000{1} established with SPIs c0cd1952_i 9e69bc78_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> CHILD_SA con1000{1} established with SPIs c0cd1952_i 9e69bc78_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
      Feb 19 08:02:48	charon: 10[ENC] parsed QUICK_MODE response 1402268389 [ HASH SA No KE ID ID ]
      Feb 19 08:02:48	charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (268 bytes)
      Feb 19 08:02:48	charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (284 bytes)
      Feb 19 08:02:48	charon: 10[ENC] generating QUICK_MODE request 1402268389 [ HASH SA No KE ID ID ]
      Feb 19 08:02:48	charon: 10[IKE] maximum IKE_SA lifetime 28599s
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> maximum IKE_SA lifetime 28599s
      Feb 19 08:02:48	charon: 10[IKE] scheduling reauthentication in 28059s
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> scheduling reauthentication in 28059s
      Feb 19 08:02:48	charon: 10[IKE] IKE_SA con1000[2] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> IKE_SA con1000[2] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
      Feb 19 08:02:48	charon: 10[ENC] parsed ID_PROT response 0 [ ID HASH ]
      Feb 19 08:02:48	charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (60 bytes)
      Feb 19 08:02:48	charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (76 bytes)
      Feb 19 08:02:48	charon: 10[ENC] generating ID_PROT request 0 [ ID HASH ]
      Feb 19 08:02:48	charon: 10[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
      Feb 19 08:02:48	charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (188 bytes)
      Feb 19 08:02:48	charon: 10[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (204 bytes)
      Feb 19 08:02:48	charon: 10[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
      Feb 19 08:02:48	charon: 10[ENC] received unknown vendor ID: 12:f5:f2:8c:45:71:68:a9:70:2d:9f:e2:74:cc
      Feb 19 08:02:48	charon: 10[IKE] received DPD vendor ID
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received DPD vendor ID
      Feb 19 08:02:48	charon: 10[IKE] received XAuth vendor ID
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received XAuth vendor ID
      Feb 19 08:02:48	charon: 10[IKE] received NAT-T (RFC 3947) vendor ID
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received NAT-T (RFC 3947) vendor ID
      Feb 19 08:02:48	charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Feb 19 08:02:48	charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Feb 19 08:02:48	charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Feb 19 08:02:48	charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
      Feb 19 08:02:48	charon: 10[IKE] received draft-stenberg-ipsec-nat-traversal-02 vendor ID
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-stenberg-ipsec-nat-traversal-02 vendor ID
      Feb 19 08:02:48	charon: 10[IKE] received draft-stenberg-ipsec-nat-traversal-01 vendor ID
      Feb 19 08:02:48	charon: 10[IKE] <con1000|2> received draft-stenberg-ipsec-nat-traversal-01 vendor ID
      Feb 19 08:02:48	charon: 10[ENC] received unknown vendor ID: 8f:9c:c9:4e:01:24:8e:cd:f1:47:59:4c:28:4b:21:3b
      Feb 19 08:02:48	charon: 10[ENC] parsed ID_PROT response 0 [ SA V V V V V V V V V V V ]
      Feb 19 08:02:48	charon: 10[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (294 bytes)
      Feb 19 08:02:48	charon: 12[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
      Feb 19 08:02:48	charon: 12[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
      Feb 19 08:02:48	charon: 12[IKE] initiating Main Mode IKE_SA con1000[2] to (IP DFL-860E) XX.XX.XX.XX
      Feb 19 08:02:48	charon: 12[IKE] <con1000|2> initiating Main Mode IKE_SA con1000[2] to (IP DFL-860E) XX.XX.XX.XX
      Feb 19 08:02:48	charon: 13[CFG] received stroke: initiate 'con1000'
      Feb 19 08:02:48	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (92 bytes)
      Feb 19 08:02:48	charon: 13[ENC] generating INFORMATIONAL_V1 request 2256457257 [ HASH D ]
      Feb 19 08:02:48	charon: 13[IKE] sending DELETE for IKE_SA con1000[1]
      Feb 19 08:02:48	charon: 13[IKE] <con1000|1> sending DELETE for IKE_SA con1000[1]
      Feb 19 08:02:48	charon: 13[IKE] deleting IKE_SA con1000[1] between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
      Feb 19 08:02:48	charon: 13[IKE] <con1000|1> deleting IKE_SA con1000[1] between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
      Feb 19 08:02:48	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (76 bytes)
      Feb 19 08:02:48	charon: 13[ENC] generating INFORMATIONAL_V1 request 984300203 [ HASH D ]
      Feb 19 08:02:48	charon: 13[IKE] sending DELETE for ESP CHILD_SA with SPI cf629bd6
      Feb 19 08:02:48	charon: 13[IKE] <con1000|1> sending DELETE for ESP CHILD_SA with SPI cf629bd6
      Feb 19 08:02:48	charon: 13[IKE] closing CHILD_SA con1000{1} with SPIs cf629bd6_i (0 bytes) 2e302337_o (0 bytes) and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
      Feb 19 08:02:48	charon: 13[IKE] <con1000|1> closing CHILD_SA con1000{1} with SPIs cf629bd6_i (0 bytes) 2e302337_o (0 bytes) and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
      Feb 19 08:02:48	charon: 15[CFG] received stroke: terminate 'con1000'
      Feb 19 08:02:46	charon: 15[IKE] CHILD_SA con1000{1} established with SPIs cf629bd6_i 2e302337_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
      Feb 19 08:02:46	charon: 15[IKE] <con1000|1> CHILD_SA con1000{1} established with SPIs cf629bd6_i 2e302337_o and TS 192.168.2.0/24|/0 === 192.168.31.0/24|/0
      Feb 19 08:02:46	charon: 15[ENC] parsed QUICK_MODE request 828592377 [ HASH ]
      Feb 19 08:02:46	charon: 15[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (60 bytes)
      Feb 19 08:02:46	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (284 bytes)
      Feb 19 08:02:46	charon: 15[ENC] generating QUICK_MODE response 828592377 [ HASH SA No KE ID ID ]
      Feb 19 08:02:46	charon: 15[ENC] parsed QUICK_MODE request 828592377 [ HASH SA No KE ID ID ]
      Feb 19 08:02:46	charon: 15[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (268 bytes)
      Feb 19 08:02:46	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (76 bytes)
      Feb 19 08:02:46	charon: 13[ENC] generating ID_PROT response 0 [ ID HASH ]
      Feb 19 08:02:46	charon: 13[IKE] maximum IKE_SA lifetime 28715s
      Feb 19 08:02:46	charon: 13[IKE] <con1000|1> maximum IKE_SA lifetime 28715s
      Feb 19 08:02:46	charon: 13[IKE] scheduling reauthentication in 28175s
      Feb 19 08:02:46	charon: 13[IKE] <con1000|1> scheduling reauthentication in 28175s
      Feb 19 08:02:46	charon: 13[IKE] IKE_SA con1000[1] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
      Feb 19 08:02:46	charon: 13[IKE] <con1000|1> IKE_SA con1000[1] established between (IP pfSense) XX.XX.XX.XX[(IP pfSense) XX.XX.XX.XX]...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
      Feb 19 08:02:46	charon: 13[CFG] selected peer config "con1000"
      Feb 19 08:02:46	charon: 13[CFG] looking for pre-shared key peer configs matching (IP pfSense) XX.XX.XX.XX...(IP DFL-860E) XX.XX.XX.XX[(IP DFL-860E) XX.XX.XX.XX]
      Feb 19 08:02:46	charon: 13[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
      Feb 19 08:02:46	charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (76 bytes)
      Feb 19 08:02:46	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (204 bytes)
      Feb 19 08:02:46	charon: 13[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
      Feb 19 08:02:46	charon: 13[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
      Feb 19 08:02:46	charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (188 bytes)
      Feb 19 08:02:46	charon: 13[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (156 bytes)
      Feb 19 08:02:46	charon: 13[ENC] generating ID_PROT response 0 [ SA V V V V ]
      Feb 19 08:02:46	charon: 13[IKE] (IP DFL-860E) XX.XX.XX.XX is initiating a Main Mode IKE_SA
      Feb 19 08:02:46	charon: 13[IKE] <1> (IP DFL-860E) XX.XX.XX.XX is initiating a Main Mode IKE_SA
      Feb 19 08:02:46	charon: 13[IKE] received DPD vendor ID
      Feb 19 08:02:46	charon: 13[IKE] <1> received DPD vendor ID
      Feb 19 08:02:46	charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
      Feb 19 08:02:46	charon: 13[IKE] <1> received NAT-T (RFC 3947) vendor ID
      Feb 19 08:02:46	charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Feb 19 08:02:46	charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Feb 19 08:02:46	charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Feb 19 08:02:46	charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Feb 19 08:02:46	charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Feb 19 08:02:46	charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Feb 19 08:02:46	charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
      Feb 19 08:02:46	charon: 13[IKE] <1> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
      Feb 19 08:02:46	charon: 13[IKE] received draft-stenberg-ipsec-nat-traversal-02 vendor ID
      Feb 19 08:02:46	charon: 13[IKE] <1> received draft-stenberg-ipsec-nat-traversal-02 vendor ID
      Feb 19 08:02:46	charon: 13[IKE] received draft-stenberg-ipsec-nat-traversal-01 vendor ID
      Feb 19 08:02:46	charon: 13[IKE] <1> received draft-stenberg-ipsec-nat-traversal-01 vendor ID
      Feb 19 08:02:46	charon: 13[ENC] received unknown vendor ID: 8f:9c:c9:4e:01:24:8e:cd:f1:47:59:4c:28:4b:21:3b
      Feb 19 08:02:46	charon: 13[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ]
      Feb 19 08:02:46	charon: 13[NET] received packet: from (IP DFL-860E) XX.XX.XX.XX[500] to (IP pfSense) XX.XX.XX.XX[500] (264 bytes)
      Feb 19 08:02:26	ipsec_starter[64483]:
      Feb 19 08:02:26	ipsec_starter[64483]: 'con1000' routed
      Feb 19 08:02:26	charon: 15[CFG] received stroke: route 'con1000'
      Feb 19 08:02:26	charon: 14[CFG] added configuration 'con1000'
      Feb 19 08:02:26	charon: 14[CFG] received stroke: add connection 'con1000'
      Feb 19 08:02:26	ipsec_starter[64483]: charon (64678) started after 120 ms
      Feb 19 08:02:26	charon: 00[JOB] spawning 16 worker threads
      Feb 19 08:02:26	charon: 00[LIB] unable to load 6 plugin features (5 due to unmet dependencies)
      Feb 19 08:02:26	charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf gmp xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke smp updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock unity
      Feb 19 08:02:26	charon: 00[CFG] loaded 0 RADIUS server configurations
      Feb 19 08:02:26	charon: 00[CFG] opening triplet file /var/etc/ipsec/ipsec.d/triplets.dat failed: No such file or directory
      Feb 19 08:02:26	charon: 00[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 08:02:26	charon: 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 08:02:26	charon: 00[CFG] loading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 08:02:26	charon: 00[CFG] loading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 08:02:26	charon: 00[CFG] loading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 08:02:26	charon: 00[CFG] loading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 08:02:26	charon: 00[CFG] loading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 08:02:26	charon: 00[CFG] ipseckey plugin is disabled
      Feb 19 08:02:26	charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
      Feb 19 08:02:26	charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
      Feb 19 08:02:26	charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, FreeBSD 10.1-RELEASE-p4, i386)
      Feb 19 08:02:26	ipsec_starter[64035]: no known IPsec stack detected, ignoring!
      Feb 19 08:02:26	ipsec_starter[64035]: no KLIPS IPsec stack detected
      Feb 19 08:02:26	ipsec_starter[64035]: no netkey IPsec stack detected
      Feb 19 08:02:26	ipsec_starter[64035]: Starting strongSwan 5.2.1 IPsec [starter]...
      Feb 19 07:58:56	ipsec_starter[37946]: ipsec starter stopped
      Feb 19 07:58:56	ipsec_starter[37946]: charon stopped after 200 ms
      Feb 19 07:58:56	charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
      Feb 19 07:58:56	charon: 00[IKE] <con1000|5> destroying IKE_SA in state CONNECTING without notification
      Feb 19 07:58:56	charon: 00[DMN] signal of type SIGINT received. Shutting down
      Feb 19 07:58:46	charon: 15[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:58:46	charon: 15[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:58:46	charon: 15[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:58:46	charon: 15[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:58:46	charon: 15[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:58:46	charon: 15[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:58:46	charon: 15[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:58:46	charon: 15[CFG] rereading secrets
      Feb 19 07:58:30	charon: 04[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
      Feb 19 07:58:30	charon: 04[IKE] sending retransmit 5 of request message ID 0, seq 1
      Feb 19 07:58:30	charon: 04[IKE] <con1000|5> sending retransmit 5 of request message ID 0, seq 1
      Feb 19 07:57:52	charon: 04[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:57:52	charon: 04[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:57:52	charon: 04[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:57:52	charon: 04[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:57:52	charon: 04[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:57:52	charon: 04[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:57:52	charon: 04[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:57:52	charon: 04[CFG] rereading secrets
      Feb 19 07:57:48	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
      Feb 19 07:57:48	charon: 15[IKE] sending retransmit 4 of request message ID 0, seq 1
      Feb 19 07:57:48	charon: 15[IKE] <con1000|5> sending retransmit 4 of request message ID 0, seq 1
      Feb 19 07:57:25	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
      Feb 19 07:57:25	charon: 15[IKE] sending retransmit 3 of request message ID 0, seq 1
      Feb 19 07:57:25	charon: 15[IKE] <con1000|5> sending retransmit 3 of request message ID 0, seq 1
      Feb 19 07:57:12	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
      Feb 19 07:57:12	charon: 15[IKE] sending retransmit 2 of request message ID 0, seq 1
      Feb 19 07:57:12	charon: 15[IKE] <con1000|5> sending retransmit 2 of request message ID 0, seq 1
      Feb 19 07:57:04	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
      Feb 19 07:57:04	charon: 15[IKE] sending retransmit 1 of request message ID 0, seq 1
      Feb 19 07:57:04	charon: 15[IKE] <con1000|5> sending retransmit 1 of request message ID 0, seq 1
      Feb 19 07:57:00	charon: 15[NET] sending packet: from (IP pfSense) XX.XX.XX.XX[500] to (IP DFL-860E) XX.XX.XX.XX[500] (200 bytes)
      Feb 19 07:57:00	charon: 15[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
      Feb 19 07:57:00	charon: 15[IKE] initiating Main Mode IKE_SA con1000[5] to (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:57:00	charon: 15[IKE] <con1000|5> initiating Main Mode IKE_SA con1000[5] to (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:57:00	charon: 16[CFG] received stroke: initiate 'con1000'
      Feb 19 07:57:00	charon: 13[CFG] no IKE_SA named 'con1000' found
      Feb 19 07:57:00	charon: 13[CFG] received stroke: terminate 'con1000'
      Feb 19 07:56:09	charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:56:09	charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:56:09	charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:56:09	charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:56:09	charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:56:09	charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:56:09	charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:56:09	charon: 16[CFG] rereading secrets
      Feb 19 07:55:21	charon: 13[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:55:21	charon: 13[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:55:21	charon: 13[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:55:21	charon: 13[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:55:21	charon: 13[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:55:21	charon: 13[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:55:21	charon: 13[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:55:21	charon: 13[CFG] rereading secrets
      Feb 19 07:50:10	charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:50:10	charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:50:10	charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:50:10	charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:50:10	charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:50:10	charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:50:10	charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:50:10	charon: 16[CFG] rereading secrets
      Feb 19 07:49:24	charon: 13[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:49:24	charon: 13[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:49:24	charon: 13[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:49:24	charon: 13[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:49:24	charon: 13[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:49:24	charon: 13[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:49:24	charon: 13[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:49:24	charon: 13[CFG] rereading secrets
      Feb 19 07:26:14	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:26:14	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:26:14	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:26:14	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:26:14	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:26:14	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:26:14	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:26:14	charon: 11[CFG] rereading secrets
      Feb 19 07:26:04	charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:26:04	charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:26:04	charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:26:04	charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:26:04	charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:26:04	charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:26:04	charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:26:04	charon: 16[CFG] rereading secrets
      Feb 19 07:25:42	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:25:42	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:25:42	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:25:42	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:25:42	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:25:42	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:25:42	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:25:42	charon: 11[CFG] rereading secrets
      Feb 19 07:25:41	charon: 16[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:25:41	charon: 16[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:25:41	charon: 16[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:25:41	charon: 16[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:25:41	charon: 16[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:25:41	charon: 16[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:25:41	charon: 16[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:25:41	charon: 16[CFG] rereading secrets
      Feb 19 07:17:06	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:17:06	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:17:06	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:17:06	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:17:06	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:17:06	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:17:06	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:17:06	charon: 11[CFG] rereading secrets
      Feb 19 07:16:09	charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:16:09	charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:16:09	charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:16:09	charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:16:09	charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:16:09	charon: 12[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:16:09	charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:16:09	charon: 12[CFG] rereading secrets
      Feb 19 07:10:35	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:10:35	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:10:35	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:10:35	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:10:35	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:10:35	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:10:35	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:10:35	charon: 11[CFG] rereading secrets
      Feb 19 07:09:44	charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:09:44	charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:09:44	charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:09:44	charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:09:44	charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:09:44	charon: 12[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:09:44	charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:09:44	charon: 12[CFG] rereading secrets
      Feb 19 07:08:37	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:08:37	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:08:37	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:08:37	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:08:37	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:08:37	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:08:37	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:08:37	charon: 11[CFG] rereading secrets
      Feb 19 07:07:47	charon: 12[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 07:07:47	charon: 12[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 07:07:47	charon: 12[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 07:07:47	charon: 12[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 07:07:47	charon: 12[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 07:07:47	charon: 12[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 07:07:47	charon: 12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 07:07:47	charon: 12[CFG] rereading secrets
      Feb 19 06:58:30	charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 06:58:30	charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 06:58:30	charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 06:58:30	charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 06:58:30	charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 06:58:30	charon: 07[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 06:58:30	charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 06:58:30	charon: 07[CFG] rereading secrets
      Feb 19 06:57:44	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 06:57:44	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 06:57:44	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 06:57:44	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 06:57:44	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 06:57:44	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 06:57:44	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 06:57:44	charon: 11[CFG] rereading secrets
      Feb 19 06:53:53	charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 06:53:53	charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 06:53:53	charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 06:53:53	charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 06:53:53	charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 06:53:53	charon: 07[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 06:53:53	charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 06:53:53	charon: 07[CFG] rereading secrets
      Feb 19 06:53:10	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 06:53:10	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 06:53:10	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 06:53:10	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 06:53:10	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 06:53:10	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 06:53:10	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 06:53:10	charon: 11[CFG] rereading secrets
      Feb 19 06:50:46	charon: 07[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 06:50:46	charon: 07[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 06:50:46	charon: 07[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 06:50:46	charon: 07[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 06:50:46	charon: 07[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 06:50:46	charon: 07[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 06:50:46	charon: 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 06:50:46	charon: 07[CFG] rereading secrets
      Feb 19 06:48:59	charon: 10[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 06:48:59	charon: 10[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 06:48:59	charon: 10[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 06:48:59	charon: 10[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 06:48:59	charon: 10[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 06:48:59	charon: 10[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 06:48:59	charon: 10[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 06:48:59	charon: 10[CFG] rereading secrets
      Feb 19 06:45:20	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 06:45:20	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 06:45:20	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 06:45:20	charon: 11[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 06:45:20	charon: 11[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 06:45:20	charon: 11[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 06:45:20	charon: 11[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 06:45:20	charon: 11[CFG] rereading secrets
      Feb 19 06:44:21	charon: 10[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 06:44:21	charon: 10[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 06:44:21	charon: 10[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'
      Feb 19 06:44:21	charon: 10[CFG] rereading ocsp signer certificates from '/var/etc/ipsec/ipsec.d/ocspcerts'
      Feb 19 06:44:21	charon: 10[CFG] rereading ca certificates from '/var/etc/ipsec/ipsec.d/cacerts'
      Feb 19 06:44:21	charon: 10[CFG] loaded IKE secret for %any (IP DFL-860E) XX.XX.XX.XX
      Feb 19 06:44:21	charon: 10[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Feb 19 06:44:21	charon: 10[CFG] rereading secrets
      Feb 19 06:43:38	charon: 11[CFG] rereading crls from '/var/etc/ipsec/ipsec.d/crls'
      Feb 19 06:43:38	charon: 11[CFG] rereading attribute certificates from '/var/etc/ipsec/ipsec.d/acerts'
      Feb 19 06:43:38	charon: 11[CFG] rereading aa certificates from '/var/etc/ipsec/ipsec.d/aacerts'</con1000|5></con1000|5></con1000|5></con1000|5></con1000|5></con1000|5></con1000|5></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|1></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2>
      ```![01.jpg](/public/_imported_attachments_/1/01.jpg)
      ![02.jpg](/public/_imported_attachments_/1/02.jpg)
      ![01.jpg_thumb](/public/_imported_attachments_/1/01.jpg_thumb)
      ![02.jpg_thumb](/public/_imported_attachments_/1/02.jpg_thumb)
      1 Reply Last reply Reply Quote 0
      • A
        ABBaz
        last edited by

        Похоже что это проблемы StrongSwan в pfSense 2.2
        https://forum.pfsense.org/index.php?topic=88080.0
        "2.2 is just IPSEC nightmare."

        1 Reply Last reply Reply Quote 0
        • Z
          zhhh
          last edited by

          на pfsense 2.2 можно racoon поставить, а strongSwan отключить?

          1 Reply Last reply Reply Quote 0
          • werterW
            werter
            last edited by

            1. Обновить прошивку dlink dfl-860e до самой последней.
            2. http://www.dlink.ru/ru/faq/92/927.html

            После применения настроек нажмите кнопку Back, затем кнопку IPSec Proposal.
            Заполните следующие поля в указанном ниже порядке.

            Шаг 1: В поле Proposal Name  укажите ipsec_3des_md5
            Шаг 2: В поле DH Group выберите Group 2
            Шаг 3: В поле Encrypt algorithm укажите 3DES
            Шаг 4: В поле Auth  algorithm укажите MD5
            Шаг 5: В поле Life Time укажите 3600
            Шаг 6: В поле Proposal ID выберите 1.
            Шаг 7: Нажмите кнопку Add to.
            Шаг 8: Нажмите кнопку Apply.

            Пробуйте с такими типами шифрования , авторизации etc. У вас на скринах - другие.

            1 Reply Last reply Reply Quote 0
            • Z
              zhhh
              last edited by

              @werter:

              1. Обновить прошивку dlink dfl-860e до самой последней.
              2. http://www.dlink.ru/ru/faq/92/927.html

              После применения настроек нажмите кнопку Back, затем кнопку IPSec Proposal.
              Заполните следующие поля в указанном ниже порядке.

              Шаг 1: В поле Proposal Name  укажите ipsec_3des_md5
              Шаг 2: В поле DH Group выберите Group 2
              Шаг 3: В поле Encrypt algorithm укажите 3DES
              Шаг 4: В поле Auth  algorithm укажите MD5
              Шаг 5: В поле Life Time укажите 3600
              Шаг 6: В поле Proposal ID выберите 1.
              Шаг 7: Нажмите кнопку Add to.
              Шаг 8: Нажмите кнопку Apply.

              Пробуйте с такими типами шифрования , авторизации etc. У вас на скринах - другие.

              Прошивка 860 тут не причем, стоит свежее и стабильнее, чем на оффе.

              Для теста настроил такой же тунель на pfSense 2.1 (racoon) - не отваливается (открываю номально web-морды, звоню по VoIP, работаю по RDP).

              На 2.2 запускаю такой же тунель - пинг идет стабильно, стоит только попытаться открыть web-морду pfSense с удаленной тачки за 860м, пинг отрубается, pfSense минуту не открывается, потом все же открывается и показывает crash-рапорт.

              Я накатывал 2.2 автоматическим обновлением, может быть в этом дело и поставить его начисто.

              dfl860e.png
              dfl860e.png_thumb

              1 Reply Last reply Reply Quote 0
              • Z
                zhhh
                last edited by

                сегодня еще улыбнуло, на pfSense 2.2 удалил все IPSec настройки и отключил службу, но он все равно упорно устанавливает соединения с 860, первую фазу  :o  :o  :o
                седня снесу нафик и поставлю чистую 2.1  ;D

                1 Reply Last reply Reply Quote 0
                • werterW
                  werter
                  last edited by

                  @zhhh:

                  сегодня еще улыбнуло, на pfSense 2.2 удалил все IPSec настройки и отключил службу, но он все равно упорно устанавливает соединения с 860, первую фазу  :o  :o  :o
                  седня снесу нафик и поставлю чистую 2.1  ;D

                  Попробуйте чистый 2.2

                  1 Reply Last reply Reply Quote 0
                  • Z
                    zhhh
                    last edited by

                    @werter:

                    Попробуйте чистый 2.2

                    Восстановил 2.1, вернулась стабильность  ;D

                    Чистую 2.2 я конечно же потестю, но не на рабочих шлюзах. На следующей неделе соберу из старого железа шлюзик, из дома попробую пробросить тунели и к d link 860 и к cisco 1921. О результатах отпишу тут.

                    1 Reply Last reply Reply Quote 0
                    • werterW
                      werter
                      last edited by

                      На следующей неделе соберу из старого железа шлюзик

                      "Вы всё ещё кипятите не виртуализированы ? Тогда мы идем к Вам" (с)  ;D

                      1 Reply Last reply Reply Quote 0
                      • Z
                        zhhh
                        last edited by

                        свежая pfsense 2.2.2 (strongswan на борту) в связке с dlink dfl 860e
                        Phase 1
                        Negotiation mode - main
                        Encryption algorithm - 3des
                        Hash algorithm - md5
                        DH key group - 2
                        Phase 2
                        Protocol - ESP
                        Encryption algorithms - 3des
                        Hash algorithms - md5
                        PFS key group - 2

                        моментально устанавливает связь, идут пинги с обоих сторон, стоит попытаться залогиниться на вебморду или ssh pfsense через тунель - pfsense уходит в даун… после ребута выдает crash -рапорт

                        Fatal double fault:
                        eip = 0xc12b5a90
                        esp = 0xdefd5ff4
                        ebp = 0xdefd605c
                        cpuid = 0; apic id = 00
                        panic: double fault
                        cpuid = 0
                        KDB: enter: panic

                        :o :o :o выше я описывал схожие симптомы при обновлении с 2.1
                        почему так легко положить pfsense стандартными настройками???

                        1 Reply Last reply Reply Quote 0
                        • R
                          rubic
                          last edited by

                          https://forum.pfsense.org/index.php?topic=94929.msg527954#msg527954

                          1 Reply Last reply Reply Quote 0
                          • Z
                            zhhh
                            last edited by

                            @rubic:

                            https://forum.pfsense.org/index.php?topic=94929.msg527954#msg527954

                            Спасибо, заработало!  :D
                            Оказывается у кого стоит версия i386, при обращении к pfsense через ipsec-тунель, чтобы не крашилась система, нужно добавить настройку:
                            System->Advanced->System Tunables, жмем "+"
                            Tunable - net.inet.ipsec.directdispatch
                            Value - 0

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.