4. PfSense 2.2.5 <-> Server 2008 R2 RRAS

PfSense 2.2.5 <-> Server 2008 R2 RRAS

  • B

    This is the output when attempting to connect via the demand-dial interface in RRAS. I've highlighted what seems interesting.

    (The PfSense public IP is actually it's LAN IP as it is a VM on a DMZ server).

    Dec 4 08:26:10 charon: 06[IKE] RRAS-Public-IP is initiating a Main Mode IKE_SA
    Dec 4 08:26:10 charon: 06[IKE] <27> RRAS-Public-IP is initiating a Main Mode IKE_SA
    Dec 4 08:26:10 charon: 06[ENC] generating ID_PROT response 0 [ SA V V V V V ]
    Dec 4 08:26:10 charon: 06[ENC] <27> generating ID_PROT response 0 [ SA V V V V V ]
    Dec 4 08:26:10 charon: 06[NET] sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (176 bytes)
    Dec 4 08:26:10 charon: 06[NET] <27> sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (176 bytes)
    Dec 4 08:26:10 charon: 11[NET] received packet: from RRAS-Public-IP[500] to PFSense-WAN-IP[500] (260 bytes)
    Dec 4 08:26:10 charon: 11[NET] <27> received packet: from RRAS-Public-IP[500] to PFSense-WAN-IP[500] (260 bytes)
    Dec 4 08:26:10 charon: 11[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Dec 4 08:26:10 charon: 11[ENC] <27> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Dec 4 08:26:10 charon: 11[IKE] local host is behind NAT, sending keep alives
    Dec 4 08:26:10 charon: 11[IKE] <27> local host is behind NAT, sending keep alives
    Dec 4 08:26:10 charon: 11[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Dec 4 08:26:10 charon: 11[ENC] <27> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Dec 4 08:26:10 charon: 11[NET] sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (244 bytes)
    Dec 4 08:26:10 charon: 11[NET] <27> sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (244 bytes)
    Dec 4 08:26:10 charon: 05[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (68 bytes)
    Dec 4 08:26:10 charon: 05[NET] <27> received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (68 bytes)
    Dec 4 08:26:10 charon: 05[ENC] parsed ID_PROT request 0 [ ID HASH ]
    Dec 4 08:26:10 charon: 05[ENC] <27> parsed ID_PROT request 0 [ ID HASH ]
    Dec 4 08:26:10 charon: 05[CFG] looking for pre-shared key peer configs matching PFSense-WAN-IP…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:26:10 charon: 05[CFG] <27> looking for pre-shared key peer configs matching PFSense-WAN-IP…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:26:10 charon: 05[CFG] selected peer config "con1000"
    Dec 4 08:26:10 charon: 05[CFG] <27> selected peer config "con1000"
    Dec 4 08:26:10 charon: 05[IKE] IKE_SA con1000[27] established between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:26:10 charon: 05[IKE] <con1000|27>IKE_SA con1000[27] established between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:26:10 charon: 05[IKE] DPD not supported by peer, disabled
    Dec 4 08:26:10 charon: 05[IKE] <con1000|27>DPD not supported by peer, disabled
    Dec 4 08:26:10 charon: 05[ENC] generating ID_PROT response 0 [ ID HASH ]
    Dec 4 08:26:10 charon: 05[ENC] <con1000|27>generating ID_PROT response 0 [ ID HASH ]
    Dec 4 08:26:10 charon: 05[NET] sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (68 bytes)
    Dec 4 08:26:10 charon: 05[NET] <con1000|27>sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (68 bytes)
    Dec 4 08:26:10 charon: 11[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (332 bytes)
    Dec 4 08:26:10 charon: 11[NET] <con1000|27>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (332 bytes)
    Dec 4 08:26:10 charon: 11[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    Dec 4 08:26:10 charon: 11[ENC] <con1000|27>parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    Dec 4 08:26:10 charon: 11[IKE] received 3600s lifetime, configured 0s
    Dec 4 08:26:10 charon: 11[IKE] <con1000|27>received 3600s lifetime, configured 0s
    Dec 4 08:26:10 charon: 11[IKE] received 250000000 lifebytes, configured 0
    Dec 4 08:26:10 charon: 11[IKE] <con1000|27>received 250000000 lifebytes, configured 0
    Dec 4 08:26:10 charon: 11[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    Dec 4 08:26:10 charon: 11[ENC] <con1000|27>generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    Dec 4 08:26:10 charon: 11[NET] sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (204 bytes)
    Dec 4 08:26:10 charon: 11[NET] <con1000|27>sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (204 bytes)
    Dec 4 08:26:10 charon: 05[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (60 bytes)
    Dec 4 08:26:10 charon: 05[NET] <con1000|27>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (60 bytes)
    Dec 4 08:26:10 charon: 05[ENC] parsed QUICK_MODE request 1 [ HASH ]
    Dec 4 08:26:10 charon: 05[ENC] <con1000|27>parsed QUICK_MODE request 1 [ HASH ]
    Dec 4 08:26:10 charon: 05[IKE] CHILD_SA con1000{49} established with SPIs c4459d80_i cef87508_o and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
    Dec 4 08:26:10 charon: 05[IKE] <con1000|27>CHILD_SA con1000{49} established with SPIs c4459d80_i cef87508_o and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
    Dec 4 08:27:03 charon: 09[IKE] sending keep alive to RRAS-Public-IP[4500]
    Dec 4 08:27:03 charon: 09[IKE] <con1000|28>sending keep alive to RRAS-Public-IP[4500]
    Dec 4 08:27:14 charon: 06[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (76 bytes)
    Dec 4 08:27:14 charon: 06[NET] <con1000|28>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (76 bytes)
    Dec 4 08:27:14 charon: 06[ENC] parsed INFORMATIONAL_V1 request 546022387 [ HASH D ]
    Dec 4 08:27:14 charon: 06[ENC] <con1000|28>parsed INFORMATIONAL_V1 request 546022387 [ HASH D ]
    Dec 4 08:27:14 charon: 06[IKE] received DELETE for ESP CHILD_SA with SPI 5faea607
    Dec 4 08:27:14 charon: 06[IKE] <con1000|28>received DELETE for ESP CHILD_SA with SPI 5faea607
    Dec 4 08:27:14 charon: 06[IKE] closing CHILD_SA con1000{50} with SPIs c4bb135e_i (735 bytes) 5faea607_o (0 bytes) and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
    Dec 4 08:27:14 charon: 06[IKE] <con1000|28>closing CHILD_SA con1000{50} with SPIs c4bb135e_i (735 bytes) 5faea607_o (0 bytes) and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
    Dec 4 08:27:14 charon: 09[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (84 bytes)
    Dec 4 08:27:14 charon: 09[NET] <con1000|28>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (84 bytes)
    Dec 4 08:27:14 charon: 09[ENC] parsed INFORMATIONAL_V1 request 760372694 [ HASH D ]
    Dec 4 08:27:14 charon: 09[ENC] <con1000|28>parsed INFORMATIONAL_V1 request 760372694 [ HASH D ]
    Dec 4 08:27:14 charon: 09[IKE] received DELETE for IKE_SA con1000[28]
    Dec 4 08:27:14 charon: 09[IKE] <con1000|28>received DELETE for IKE_SA con1000[28]
    Dec 4 08:27:14 charon: 09[IKE] deleting IKE_SA con1000[28] between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
    Dec 4 08:27:14 charon: 09[IKE] <con1000|28>deleting IKE_SA con1000[28] between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]</con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27>

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy