Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.2.5 <-> Server 2008 R2 RRAS

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 995 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      benign
      last edited by

      This is the output when attempting to connect via the demand-dial interface in RRAS. I've highlighted what seems interesting.

      (The PfSense public IP is actually it's LAN IP as it is a VM on a DMZ server).

      Dec 4 08:26:10 charon: 06[IKE] RRAS-Public-IP is initiating a Main Mode IKE_SA
      Dec 4 08:26:10 charon: 06[IKE] <27> RRAS-Public-IP is initiating a Main Mode IKE_SA
      Dec 4 08:26:10 charon: 06[ENC] generating ID_PROT response 0 [ SA V V V V V ]
      Dec 4 08:26:10 charon: 06[ENC] <27> generating ID_PROT response 0 [ SA V V V V V ]
      Dec 4 08:26:10 charon: 06[NET] sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (176 bytes)
      Dec 4 08:26:10 charon: 06[NET] <27> sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (176 bytes)
      Dec 4 08:26:10 charon: 11[NET] received packet: from RRAS-Public-IP[500] to PFSense-WAN-IP[500] (260 bytes)
      Dec 4 08:26:10 charon: 11[NET] <27> received packet: from RRAS-Public-IP[500] to PFSense-WAN-IP[500] (260 bytes)
      Dec 4 08:26:10 charon: 11[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
      Dec 4 08:26:10 charon: 11[ENC] <27> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
      Dec 4 08:26:10 charon: 11[IKE] local host is behind NAT, sending keep alives
      Dec 4 08:26:10 charon: 11[IKE] <27> local host is behind NAT, sending keep alives
      Dec 4 08:26:10 charon: 11[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
      Dec 4 08:26:10 charon: 11[ENC] <27> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
      Dec 4 08:26:10 charon: 11[NET] sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (244 bytes)
      Dec 4 08:26:10 charon: 11[NET] <27> sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (244 bytes)
      Dec 4 08:26:10 charon: 05[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (68 bytes)
      Dec 4 08:26:10 charon: 05[NET] <27> received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (68 bytes)
      Dec 4 08:26:10 charon: 05[ENC] parsed ID_PROT request 0 [ ID HASH ]
      Dec 4 08:26:10 charon: 05[ENC] <27> parsed ID_PROT request 0 [ ID HASH ]
      Dec 4 08:26:10 charon: 05[CFG] looking for pre-shared key peer configs matching PFSense-WAN-IP…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:26:10 charon: 05[CFG] <27> looking for pre-shared key peer configs matching PFSense-WAN-IP…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:26:10 charon: 05[CFG] selected peer config "con1000"
      Dec 4 08:26:10 charon: 05[CFG] <27> selected peer config "con1000"
      Dec 4 08:26:10 charon: 05[IKE] IKE_SA con1000[27] established between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:26:10 charon: 05[IKE] <con1000|27>IKE_SA con1000[27] established between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:26:10 charon: 05[IKE] DPD not supported by peer, disabled
      Dec 4 08:26:10 charon: 05[IKE] <con1000|27>DPD not supported by peer, disabled
      Dec 4 08:26:10 charon: 05[ENC] generating ID_PROT response 0 [ ID HASH ]
      Dec 4 08:26:10 charon: 05[ENC] <con1000|27>generating ID_PROT response 0 [ ID HASH ]
      Dec 4 08:26:10 charon: 05[NET] sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (68 bytes)
      Dec 4 08:26:10 charon: 05[NET] <con1000|27>sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (68 bytes)
      Dec 4 08:26:10 charon: 11[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (332 bytes)
      Dec 4 08:26:10 charon: 11[NET] <con1000|27>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (332 bytes)
      Dec 4 08:26:10 charon: 11[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
      Dec 4 08:26:10 charon: 11[ENC] <con1000|27>parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
      Dec 4 08:26:10 charon: 11[IKE] received 3600s lifetime, configured 0s
      Dec 4 08:26:10 charon: 11[IKE] <con1000|27>received 3600s lifetime, configured 0s
      Dec 4 08:26:10 charon: 11[IKE] received 250000000 lifebytes, configured 0
      Dec 4 08:26:10 charon: 11[IKE] <con1000|27>received 250000000 lifebytes, configured 0
      Dec 4 08:26:10 charon: 11[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
      Dec 4 08:26:10 charon: 11[ENC] <con1000|27>generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
      Dec 4 08:26:10 charon: 11[NET] sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (204 bytes)
      Dec 4 08:26:10 charon: 11[NET] <con1000|27>sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (204 bytes)
      Dec 4 08:26:10 charon: 05[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (60 bytes)
      Dec 4 08:26:10 charon: 05[NET] <con1000|27>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (60 bytes)
      Dec 4 08:26:10 charon: 05[ENC] parsed QUICK_MODE request 1 [ HASH ]
      Dec 4 08:26:10 charon: 05[ENC] <con1000|27>parsed QUICK_MODE request 1 [ HASH ]
      Dec 4 08:26:10 charon: 05[IKE] CHILD_SA con1000{49} established with SPIs c4459d80_i cef87508_o and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
      Dec 4 08:26:10 charon: 05[IKE] <con1000|27>CHILD_SA con1000{49} established with SPIs c4459d80_i cef87508_o and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
      Dec 4 08:27:03 charon: 09[IKE] sending keep alive to RRAS-Public-IP[4500]
      Dec 4 08:27:03 charon: 09[IKE] <con1000|28>sending keep alive to RRAS-Public-IP[4500]
      Dec 4 08:27:14 charon: 06[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (76 bytes)
      Dec 4 08:27:14 charon: 06[NET] <con1000|28>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (76 bytes)
      Dec 4 08:27:14 charon: 06[ENC] parsed INFORMATIONAL_V1 request 546022387 [ HASH D ]
      Dec 4 08:27:14 charon: 06[ENC] <con1000|28>parsed INFORMATIONAL_V1 request 546022387 [ HASH D ]
      Dec 4 08:27:14 charon: 06[IKE] received DELETE for ESP CHILD_SA with SPI 5faea607
      Dec 4 08:27:14 charon: 06[IKE] <con1000|28>received DELETE for ESP CHILD_SA with SPI 5faea607
      Dec 4 08:27:14 charon: 06[IKE] closing CHILD_SA con1000{50} with SPIs c4bb135e_i (735 bytes) 5faea607_o (0 bytes) and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
      Dec 4 08:27:14 charon: 06[IKE] <con1000|28>closing CHILD_SA con1000{50} with SPIs c4bb135e_i (735 bytes) 5faea607_o (0 bytes) and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
      Dec 4 08:27:14 charon: 09[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (84 bytes)
      Dec 4 08:27:14 charon: 09[NET] <con1000|28>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (84 bytes)
      Dec 4 08:27:14 charon: 09[ENC] parsed INFORMATIONAL_V1 request 760372694 [ HASH D ]
      Dec 4 08:27:14 charon: 09[ENC] <con1000|28>parsed INFORMATIONAL_V1 request 760372694 [ HASH D ]
      Dec 4 08:27:14 charon: 09[IKE] received DELETE for IKE_SA con1000[28]
      Dec 4 08:27:14 charon: 09[IKE] <con1000|28>received DELETE for IKE_SA con1000[28]
      Dec 4 08:27:14 charon: 09[IKE] deleting IKE_SA con1000[28] between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:27:14 charon: 09[IKE] <con1000|28>deleting IKE_SA con1000[28] between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]</con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.