PfSense 2.2.5 <-> Server 2008 R2 RRAS



  • This is the output when attempting to connect via the demand-dial interface in RRAS. I've highlighted what seems interesting.

    (The PfSense public IP is actually it's LAN IP as it is a VM on a DMZ server).

    Dec 4 08:26:10 charon: 06[IKE] RRAS-Public-IP is initiating a Main Mode IKE_SA
    Dec 4 08:26:10 charon: 06[IKE] <27> RRAS-Public-IP is initiating a Main Mode IKE_SA
    Dec 4 08:26:10 charon: 06[ENC] generating ID_PROT response 0 [ SA V V V V V ]
    Dec 4 08:26:10 charon: 06[ENC] <27> generating ID_PROT response 0 [ SA V V V V V ]
    Dec 4 08:26:10 charon: 06[NET] sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (176 bytes)
    Dec 4 08:26:10 charon: 06[NET] <27> sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (176 bytes)
    Dec 4 08:26:10 charon: 11[NET] received packet: from RRAS-Public-IP[500] to PFSense-WAN-IP[500] (260 bytes)
    Dec 4 08:26:10 charon: 11[NET] <27> received packet: from RRAS-Public-IP[500] to PFSense-WAN-IP[500] (260 bytes)
    Dec 4 08:26:10 charon: 11[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Dec 4 08:26:10 charon: 11[ENC] <27> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Dec 4 08:26:10 charon: 11[IKE] local host is behind NAT, sending keep alives
    Dec 4 08:26:10 charon: 11[IKE] <27> local host is behind NAT, sending keep alives
    Dec 4 08:26:10 charon: 11[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Dec 4 08:26:10 charon: 11[ENC] <27> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Dec 4 08:26:10 charon: 11[NET] sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (244 bytes)
    Dec 4 08:26:10 charon: 11[NET] <27> sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (244 bytes)
    Dec 4 08:26:10 charon: 05[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (68 bytes)
    Dec 4 08:26:10 charon: 05[NET] <27> received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (68 bytes)
    Dec 4 08:26:10 charon: 05[ENC] parsed ID_PROT request 0 [ ID HASH ]
    Dec 4 08:26:10 charon: 05[ENC] <27> parsed ID_PROT request 0 [ ID HASH ]
    Dec 4 08:26:10 charon: 05[CFG] looking for pre-shared key peer configs matching PFSense-WAN-IP…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:26:10 charon: 05[CFG] <27> looking for pre-shared key peer configs matching PFSense-WAN-IP…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:26:10 charon: 05[CFG] selected peer config "con1000"
    Dec 4 08:26:10 charon: 05[CFG] <27> selected peer config "con1000"
    Dec 4 08:26:10 charon: 05[IKE] IKE_SA con1000[27] established between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:26:10 charon: 05[IKE] <con1000|27>IKE_SA con1000[27] established between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:26:10 charon: 05[IKE] DPD not supported by peer, disabled
    Dec 4 08:26:10 charon: 05[IKE] <con1000|27>DPD not supported by peer, disabled
    Dec 4 08:26:10 charon: 05[ENC] generating ID_PROT response 0 [ ID HASH ]
    Dec 4 08:26:10 charon: 05[ENC] <con1000|27>generating ID_PROT response 0 [ ID HASH ]
    Dec 4 08:26:10 charon: 05[NET] sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (68 bytes)
    Dec 4 08:26:10 charon: 05[NET] <con1000|27>sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (68 bytes)
    Dec 4 08:26:10 charon: 11[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (332 bytes)
    Dec 4 08:26:10 charon: 11[NET] <con1000|27>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (332 bytes)
    Dec 4 08:26:10 charon: 11[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    Dec 4 08:26:10 charon: 11[ENC] <con1000|27>parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    Dec 4 08:26:10 charon: 11[IKE] received 3600s lifetime, configured 0s
    Dec 4 08:26:10 charon: 11[IKE] <con1000|27>received 3600s lifetime, configured 0s
    Dec 4 08:26:10 charon: 11[IKE] received 250000000 lifebytes, configured 0
    Dec 4 08:26:10 charon: 11[IKE] <con1000|27>received 250000000 lifebytes, configured 0
    Dec 4 08:26:10 charon: 11[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    Dec 4 08:26:10 charon: 11[ENC] <con1000|27>generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    Dec 4 08:26:10 charon: 11[NET] sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (204 bytes)
    Dec 4 08:26:10 charon: 11[NET] <con1000|27>sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (204 bytes)
    Dec 4 08:26:10 charon: 05[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (60 bytes)
    Dec 4 08:26:10 charon: 05[NET] <con1000|27>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (60 bytes)
    Dec 4 08:26:10 charon: 05[ENC] parsed QUICK_MODE request 1 [ HASH ]
    Dec 4 08:26:10 charon: 05[ENC] <con1000|27>parsed QUICK_MODE request 1 [ HASH ]
    Dec 4 08:26:10 charon: 05[IKE] CHILD_SA con1000{49} established with SPIs c4459d80_i cef87508_o and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
    Dec 4 08:26:10 charon: 05[IKE] <con1000|27>CHILD_SA con1000{49} established with SPIs c4459d80_i cef87508_o and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
    Dec 4 08:27:03 charon: 09[IKE] sending keep alive to RRAS-Public-IP[4500]
    Dec 4 08:27:03 charon: 09[IKE] <con1000|28>sending keep alive to RRAS-Public-IP[4500]
    Dec 4 08:27:14 charon: 06[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (76 bytes)
    Dec 4 08:27:14 charon: 06[NET] <con1000|28>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (76 bytes)
    Dec 4 08:27:14 charon: 06[ENC] parsed INFORMATIONAL_V1 request 546022387 [ HASH D ]
    Dec 4 08:27:14 charon: 06[ENC] <con1000|28>parsed INFORMATIONAL_V1 request 546022387 [ HASH D ]
    Dec 4 08:27:14 charon: 06[IKE] received DELETE for ESP CHILD_SA with SPI 5faea607
    Dec 4 08:27:14 charon: 06[IKE] <con1000|28>received DELETE for ESP CHILD_SA with SPI 5faea607
    Dec 4 08:27:14 charon: 06[IKE] closing CHILD_SA con1000{50} with SPIs c4bb135e_i (735 bytes) 5faea607_o (0 bytes) and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
    Dec 4 08:27:14 charon: 06[IKE] <con1000|28>closing CHILD_SA con1000{50} with SPIs c4bb135e_i (735 bytes) 5faea607_o (0 bytes) and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
    Dec 4 08:27:14 charon: 09[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (84 bytes)
    Dec 4 08:27:14 charon: 09[NET] <con1000|28>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (84 bytes)
    Dec 4 08:27:14 charon: 09[ENC] parsed INFORMATIONAL_V1 request 760372694 [ HASH D ]
    Dec 4 08:27:14 charon: 09[ENC] <con1000|28>parsed INFORMATIONAL_V1 request 760372694 [ HASH D ]
    Dec 4 08:27:14 charon: 09[IKE] received DELETE for IKE_SA con1000[28]
    Dec 4 08:27:14 charon: 09[IKE] <con1000|28>received DELETE for IKE_SA con1000[28]
    Dec 4 08:27:14 charon: 09[IKE] deleting IKE_SA con1000[28] between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:27:14 charon: 09[IKE] <con1000|28>deleting IKE_SA con1000[28] between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]</con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27>


Log in to reply