Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Probleme mit IPSec seit Update auf 2.2.4

    Scheduled Pinned Locked Moved Deutsch
    1 Posts 1 Posters 824 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DRKViersen
      last edited by

      Hallo,

      wir haben unsere pfSense von 2.2.2 auf 2.2.4 aktualisiert und seitdem können unsere Road Warrior nicht mehr per VPN verbinden.

      Die pfSense hat eine statische IP während die Clients genattet sind und dynamische IPs nutzen.

      Die Identifier sind "My ip address" und "User distinguished name" in Form einer E-Mail-Addresse.

      Wir benutzen IKE V1 mit PSK und XAuth, aggressive mode, AES und SHA1, Group 5..

      Die Clients nutzen Shrew.

      "My identifier" manuell auf die IP zu setzen brachte nichts, "Peer Identifier" auf "any zu setzen brachte ebenfalls nichts.

      Hat jemand eine Idee oder werden mehr Informationen benötigt?

      Vielen Dank!

      Beste Grüße,

      Lars

      Log-Einträge (x.x.x.x = Ip der pfSense, y.y.y.y = Peer ip):

      
      Aug 12 12:08:33 	charon: 06[JOB] <con1|43>deleting half open IKE_SA after timeout
      Aug 12 12:08:28 	charon: 06[NET] <con1|43>sending packet: from x.x.x.x[500] to y.y.y.y[500] (496 bytes)
      Aug 12 12:08:28 	charon: 06[IKE] <con1|43>sending retransmit 3 of response message ID 0, seq 1
      Aug 12 12:08:28 	charon: 06[IKE] <con1|43>sending retransmit 3 of response message ID 0, seq 1
      Aug 12 12:08:15 	charon: 06[NET] <con1|43>sending packet: from x.x.x.x[500] to y.y.y.y[500] (496 bytes)
      Aug 12 12:08:15 	charon: 06[IKE] <con1|43>sending retransmit 2 of response message ID 0, seq 1
      Aug 12 12:08:15 	charon: 06[IKE] <con1|43>sending retransmit 2 of response message ID 0, seq 1
      Aug 12 12:08:08 	charon: 06[NET] <con1|43>sending packet: from x.x.x.x[500] to y.y.y.y[500] (496 bytes)
      Aug 12 12:08:08 	charon: 06[IKE] <con1|43>sending retransmit 1 of response message ID 0, seq 1
      Aug 12 12:08:08 	charon: 06[IKE] <con1|43>sending retransmit 1 of response message ID 0, seq 1
      Aug 12 12:08:04 	charon: 06[IKE] <con1|43>INFORMATIONAL_V1 request with message ID 1844034455 processing failed
      Aug 12 12:08:04 	charon: 06[IKE] <con1|43>INFORMATIONAL_V1 request with message ID 1844034455 processing failed
      Aug 12 12:08:04 	charon: 06[IKE] <con1|43>ignore malformed INFORMATIONAL request
      Aug 12 12:08:04 	charon: 06[IKE] <con1|43>ignore malformed INFORMATIONAL request
      Aug 12 12:08:04 	charon: 06[IKE] <con1|43>message parsing failed
      Aug 12 12:08:04 	charon: 06[IKE] <con1|43>message parsing failed
      Aug 12 12:08:04 	charon: 06[ENC] <con1|43>could not decrypt payloads
      Aug 12 12:08:04 	charon: 06[ENC] <con1|43>invalid HASH_V1 payload length, decryption failed?
      Aug 12 12:08:04 	charon: 06[NET] <con1|43>received packet: from y.y.y.y[4500] to x.x.x.x[4500] (92 bytes)
      Aug 12 12:08:04 	charon: 14[IKE] <con1|43>AGGRESSIVE request with message ID 0 processing failed
      Aug 12 12:08:04 	charon: 14[IKE] <con1|43>AGGRESSIVE request with message ID 0 processing failed
      Aug 12 12:08:04 	charon: 14[NET] <con1|43>sending packet: from x.x.x.x[500] to y.y.y.y[500] (76 bytes)
      Aug 12 12:08:04 	charon: 14[ENC] <con1|43>generating INFORMATIONAL_V1 request 768892632 [ HASH N(PLD_MAL) ]
      Aug 12 12:08:04 	charon: 14[IKE] <con1|43>message parsing failed
      Aug 12 12:08:04 	charon: 14[IKE] <con1|43>message parsing failed
      Aug 12 12:08:04 	charon: 14[ENC] <con1|43>could not decrypt payloads
      Aug 12 12:08:04 	charon: 14[ENC] <con1|43>invalid HASH_V1 payload length, decryption failed?
      Aug 12 12:08:04 	charon: 14[NET] <con1|43>received packet: from y.y.y.y[4500] to x.x.x.x[4500] (108 bytes)
      Aug 12 12:08:04 	charon: 14[NET] <con1|43>sending packet: from x.x.x.x[500] to y.y.y.y[500] (496 bytes)
      Aug 12 12:08:04 	charon: 14[ENC] <con1|43>generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ]
      Aug 12 12:08:04 	charon: 14[CFG] <43> selected peer config "con1"
      Aug 12 12:08:04 	charon: 14[CFG] <43> looking for XAuthInitPSK peer configs matching x.x.x.x...y.y.y.y[vpn@kv-viersen.drk.local]
      Aug 12 12:08:03 	charon: 14[IKE] <43> y.y.y.y is initiating a Aggressive Mode IKE_SA
      Aug 12 12:08:03 	charon: 14[IKE] <43> y.y.y.y is initiating a Aggressive Mode IKE_SA
      Aug 12 12:08:03 	charon: 14[IKE] <43> received Cisco Unity vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received Cisco Unity vendor ID
      Aug 12 12:08:03 	charon: 14[ENC] <43> received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
      Aug 12 12:08:03 	charon: 14[ENC] <43> received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
      Aug 12 12:08:03 	charon: 14[ENC] <43> received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
      Aug 12 12:08:03 	charon: 14[IKE] <43> received FRAGMENTATION vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received FRAGMENTATION vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received NAT-T (RFC 3947) vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received NAT-T (RFC 3947) vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Aug 12 12:08:03 	charon: 14[ENC] <43> received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
      Aug 12 12:08:03 	charon: 14[IKE] <43> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received XAuth vendor ID
      Aug 12 12:08:03 	charon: 14[IKE] <43> received XAuth vendor ID
      Aug 12 12:08:03 	charon: 14[ENC] <43> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V ]
      Aug 12 12:08:03 	charon: 14[NET] <43> received packet: from y.y.y.y[500] to x.x.x.x[500] (560 bytes)</con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43></con1|43> 
      

      PS.: Der Beitrag ist auch nochmal im englischen Forum, aber ich hoffe, dass um diese Tageszeit hier mehr Leute unterwegs sind. Ich hoffe, das ist soweit okay..

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.