Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense 2.2.5 <-> Server 2008 R2 RRAS

    IPsec
    1
    1
    815
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      benign last edited by

      This is the output when attempting to connect via the demand-dial interface in RRAS. I've highlighted what seems interesting.

      (The PfSense public IP is actually it's LAN IP as it is a VM on a DMZ server).

      Dec 4 08:26:10 charon: 06[IKE] RRAS-Public-IP is initiating a Main Mode IKE_SA
      Dec 4 08:26:10 charon: 06[IKE] <27> RRAS-Public-IP is initiating a Main Mode IKE_SA
      Dec 4 08:26:10 charon: 06[ENC] generating ID_PROT response 0 [ SA V V V V V ]
      Dec 4 08:26:10 charon: 06[ENC] <27> generating ID_PROT response 0 [ SA V V V V V ]
      Dec 4 08:26:10 charon: 06[NET] sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (176 bytes)
      Dec 4 08:26:10 charon: 06[NET] <27> sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (176 bytes)
      Dec 4 08:26:10 charon: 11[NET] received packet: from RRAS-Public-IP[500] to PFSense-WAN-IP[500] (260 bytes)
      Dec 4 08:26:10 charon: 11[NET] <27> received packet: from RRAS-Public-IP[500] to PFSense-WAN-IP[500] (260 bytes)
      Dec 4 08:26:10 charon: 11[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
      Dec 4 08:26:10 charon: 11[ENC] <27> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
      Dec 4 08:26:10 charon: 11[IKE] local host is behind NAT, sending keep alives
      Dec 4 08:26:10 charon: 11[IKE] <27> local host is behind NAT, sending keep alives
      Dec 4 08:26:10 charon: 11[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
      Dec 4 08:26:10 charon: 11[ENC] <27> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
      Dec 4 08:26:10 charon: 11[NET] sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (244 bytes)
      Dec 4 08:26:10 charon: 11[NET] <27> sending packet: from PFSense-WAN-IP[500] to RRAS-Public-IP[500] (244 bytes)
      Dec 4 08:26:10 charon: 05[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (68 bytes)
      Dec 4 08:26:10 charon: 05[NET] <27> received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (68 bytes)
      Dec 4 08:26:10 charon: 05[ENC] parsed ID_PROT request 0 [ ID HASH ]
      Dec 4 08:26:10 charon: 05[ENC] <27> parsed ID_PROT request 0 [ ID HASH ]
      Dec 4 08:26:10 charon: 05[CFG] looking for pre-shared key peer configs matching PFSense-WAN-IP…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:26:10 charon: 05[CFG] <27> looking for pre-shared key peer configs matching PFSense-WAN-IP…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:26:10 charon: 05[CFG] selected peer config "con1000"
      Dec 4 08:26:10 charon: 05[CFG] <27> selected peer config "con1000"
      Dec 4 08:26:10 charon: 05[IKE] IKE_SA con1000[27] established between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:26:10 charon: 05[IKE] <con1000|27>IKE_SA con1000[27] established between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:26:10 charon: 05[IKE] DPD not supported by peer, disabled
      Dec 4 08:26:10 charon: 05[IKE] <con1000|27>DPD not supported by peer, disabled
      Dec 4 08:26:10 charon: 05[ENC] generating ID_PROT response 0 [ ID HASH ]
      Dec 4 08:26:10 charon: 05[ENC] <con1000|27>generating ID_PROT response 0 [ ID HASH ]
      Dec 4 08:26:10 charon: 05[NET] sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (68 bytes)
      Dec 4 08:26:10 charon: 05[NET] <con1000|27>sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (68 bytes)
      Dec 4 08:26:10 charon: 11[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (332 bytes)
      Dec 4 08:26:10 charon: 11[NET] <con1000|27>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (332 bytes)
      Dec 4 08:26:10 charon: 11[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
      Dec 4 08:26:10 charon: 11[ENC] <con1000|27>parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
      Dec 4 08:26:10 charon: 11[IKE] received 3600s lifetime, configured 0s
      Dec 4 08:26:10 charon: 11[IKE] <con1000|27>received 3600s lifetime, configured 0s
      Dec 4 08:26:10 charon: 11[IKE] received 250000000 lifebytes, configured 0
      Dec 4 08:26:10 charon: 11[IKE] <con1000|27>received 250000000 lifebytes, configured 0
      Dec 4 08:26:10 charon: 11[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
      Dec 4 08:26:10 charon: 11[ENC] <con1000|27>generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
      Dec 4 08:26:10 charon: 11[NET] sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (204 bytes)
      Dec 4 08:26:10 charon: 11[NET] <con1000|27>sending packet: from PFSense-WAN-IP[4500] to RRAS-Public-IP[4500] (204 bytes)
      Dec 4 08:26:10 charon: 05[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (60 bytes)
      Dec 4 08:26:10 charon: 05[NET] <con1000|27>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (60 bytes)
      Dec 4 08:26:10 charon: 05[ENC] parsed QUICK_MODE request 1 [ HASH ]
      Dec 4 08:26:10 charon: 05[ENC] <con1000|27>parsed QUICK_MODE request 1 [ HASH ]
      Dec 4 08:26:10 charon: 05[IKE] CHILD_SA con1000{49} established with SPIs c4459d80_i cef87508_o and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
      Dec 4 08:26:10 charon: 05[IKE] <con1000|27>CHILD_SA con1000{49} established with SPIs c4459d80_i cef87508_o and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
      Dec 4 08:27:03 charon: 09[IKE] sending keep alive to RRAS-Public-IP[4500]
      Dec 4 08:27:03 charon: 09[IKE] <con1000|28>sending keep alive to RRAS-Public-IP[4500]
      Dec 4 08:27:14 charon: 06[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (76 bytes)
      Dec 4 08:27:14 charon: 06[NET] <con1000|28>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (76 bytes)
      Dec 4 08:27:14 charon: 06[ENC] parsed INFORMATIONAL_V1 request 546022387 [ HASH D ]
      Dec 4 08:27:14 charon: 06[ENC] <con1000|28>parsed INFORMATIONAL_V1 request 546022387 [ HASH D ]
      Dec 4 08:27:14 charon: 06[IKE] received DELETE for ESP CHILD_SA with SPI 5faea607
      Dec 4 08:27:14 charon: 06[IKE] <con1000|28>received DELETE for ESP CHILD_SA with SPI 5faea607
      Dec 4 08:27:14 charon: 06[IKE] closing CHILD_SA con1000{50} with SPIs c4bb135e_i (735 bytes) 5faea607_o (0 bytes) and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
      Dec 4 08:27:14 charon: 06[IKE] <con1000|28>closing CHILD_SA con1000{50} with SPIs c4bb135e_i (735 bytes) 5faea607_o (0 bytes) and TS PFSense-WAN-IP/32|/0[udp/l2f] === RRAS-Public-IP/32|/0[udp/l2f]
      Dec 4 08:27:14 charon: 09[NET] received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (84 bytes)
      Dec 4 08:27:14 charon: 09[NET] <con1000|28>received packet: from RRAS-Public-IP[4500] to PFSense-WAN-IP[4500] (84 bytes)
      Dec 4 08:27:14 charon: 09[ENC] parsed INFORMATIONAL_V1 request 760372694 [ HASH D ]
      Dec 4 08:27:14 charon: 09[ENC] <con1000|28>parsed INFORMATIONAL_V1 request 760372694 [ HASH D ]
      Dec 4 08:27:14 charon: 09[IKE] received DELETE for IKE_SA con1000[28]
      Dec 4 08:27:14 charon: 09[IKE] <con1000|28>received DELETE for IKE_SA con1000[28]
      Dec 4 08:27:14 charon: 09[IKE] deleting IKE_SA con1000[28] between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]
      Dec 4 08:27:14 charon: 09[IKE] <con1000|28>deleting IKE_SA con1000[28] between PFSense-WAN-IP[PFSense-WAN-IP]…RRAS-Public-IP[RRAS-Public-IP]</con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|28></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27></con1000|27>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy