Show Posts

French - Français / Clients nomade IPsec sur windows 10

« on: November 21, 2019, 02:11:39 pm »

Bonjour à tous,

J'ai configuré VPN IPsec sur mon OPN Sense.
Avec le client VPN natif de Mac, je peux me connecter sans aucun problème.
Cependant, avec le client natif de Windows 10, je n'arrive pas à me connecter, c'est à dire que le tunnel n'arrive pas à monter.
Voici la configuration que j'ai mise en place.

Clients mobiles :

Phase 1 :

Phase 2 :

Et voici le Fichier journal :
IP publique du client : A.B.C.D
IP publique de l'OPN Sense : W.X.Y.Z

Nov 21 13:38:41   charon: 14[JOB] <con1|3> deleting half open IKE_SA with A.B.C.D after timeout
Nov 21 13:38:12   charon: 14[NET] <con1|3> sending packet: from W.X.Y.Z[4500] to A.B.C.D[43703] (900 bytes)
Nov 21 13:38:12   charon: 14[NET] <con1|3> sending packet: from W.X.Y.Z[4500] to A.B.C.D[43703] (1236 bytes)
Nov 21 13:38:12   charon: 14[ENC] <con1|3> generating IKE_AUTH response 1 [ EF(2/2) ]
Nov 21 13:38:12   charon: 14[ENC] <con1|3> generating IKE_AUTH response 1 [ EF(1/2) ]
Nov 21 13:38:12   charon: 14[ENC] <con1|3> splitting IKE message (2064 bytes) into 2 fragments
Nov 21 13:38:12   charon: 14[ENC] <con1|3> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Nov 21 13:38:12   charon: 14[IKE] <con1|3> sending end entity cert "C=FR, ST=Nomade, L=Caen, O=site nomade, E=admin.caen@nomade-ipsec.fr, CN=VPN-IPSEC, subjectAltName=DNS:vpn.nomade-ipsec.fr"
Nov 21 13:38:12   charon: 14[IKE] <con1|3> authentication of 'vpn.nomade-ipsec.fr' (myself) with RSA signature successful
Nov 21 13:38:12   charon: 14[IKE] <con1|3> initiating EAP_IDENTITY method (id 0x00)
Nov 21 13:38:12   charon: 14[CFG] <con1|3> selected peer config 'con1'
Nov 21 13:38:12   charon: 14[CFG] <3> looking for peer configs matching W.X.Y.Z[%any]...A.B.C.D[10.249.10.49]
Nov 21 13:38:12   charon: 14[IKE] <3> received 38 cert requests for an unknown ca
Nov 21 13:38:12   charon: 14[IKE] <3> received cert request for "C=FR, ST=nomade, L=Caen, O=site nomade, E=admin.caen@nomade-ipsec.fr, CN=internal-sslvpn-ca"
Nov 21 13:38:12   charon: 14[ENC] <3> parsed IKE_AUTH request 1 [ IDi CERTREQ CPRQ(ADDR DNS NBNS SRV) SA TSi TSr ]
Nov 21 13:38:12   charon: 14[ENC] <3> received fragment #2 of 3, reassembled fragmented IKE message (1104 bytes)
Nov 21 13:38:12   charon: 14[ENC] <3> parsed IKE_AUTH request 1 [ EF(2/3) ]
Nov 21 13:38:12   charon: 14[NET] <3> received packet: from A.B.C.D[43703] to W.X.Y.Z[4500] (580 bytes)
Nov 21 13:38:12   charon: 10[ENC] <3> received fragment #3 of 3, waiting for complete IKE message
Nov 21 13:38:12   charon: 10[ENC] <3> parsed IKE_AUTH request 1 [ EF(3/3) ]
Nov 21 13:38:12   charon: 10[NET] <3> received packet: from A.B.C.D[43703] to W.X.Y.Z[4500] (116 bytes)
Nov 21 13:38:12   charon: 05[ENC] <3> received fragment #1 of 3, waiting for complete IKE message
Nov 21 13:38:12   charon: 05[ENC] <3> parsed IKE_AUTH request 1 [ EF(1/3) ]
Nov 21 13:38:12   charon: 05[NET] <3> received packet: from A.B.C.D[43703] to W.X.Y.Z[4500] (580 bytes)
Nov 21 13:38:11   charon: 05[NET] <3> sending packet: from W.X.Y.Z[500] to A.B.C.D[34864] (481 bytes)
Nov 21 13:38:11   charon: 05[ENC] <3> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
Nov 21 13:38:11   charon: 05[IKE] <3> sending cert request for "C=FR, ST=nomade, L=Caen, O=site nomade, E=admin.caen@nomade-ipsec.fr, CN=internal-sslvpn-ca"
Nov 21 13:38:11   charon: 05[IKE] <3> remote host is behind NAT
Nov 21 13:38:11   charon: 05[CFG] <3> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Nov 21 13:38:11   charon: 05[IKE] <3> A.B.C.D is initiating an IKE_SA
Nov 21 13:38:11   charon: 05[ENC] <3> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Nov 21 13:38:11   charon: 05[IKE] <3> received Vid-Initial-Contact vendor ID
Nov 21 13:38:11   charon: 05[IKE] <3> received MS-Negotiation Discovery Capable vendor ID
Nov 21 13:38:11   charon: 05[IKE] <3> received MS NT5 ISAKMPOAKLEY v9 vendor ID
Nov 21 13:38:11   charon: 05[ENC] <3> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Nov 21 13:38:11   charon: 05[NET] <3> received packet: from A.B.C.D[34864] to W.X.Y.Z[500] (632 bytes)
Nov 21 13:37:09   charon: 05[JOB] <con1|2> deleting half open IKE_SA with A.B.C.D after timeout
Nov 21 13:36:39   charon: 05[NET] <con1|2> sending packet: from W.X.Y.Z[4500] to A.B.C.D[43703] (900 bytes)
Nov 21 13:36:39   charon: 05[NET] <con1|2> sending packet: from W.X.Y.Z[4500] to A.B.C.D[43703] (1236 bytes)
Nov 21 13:36:39   charon: 05[ENC] <con1|2> generating IKE_AUTH response 1 [ EF(2/2) ]
Nov 21 13:36:39   charon: 05[ENC] <con1|2> generating IKE_AUTH response 1 [ EF(1/2) ]
Nov 21 13:36:39   charon: 05[ENC] <con1|2> splitting IKE message (2064 bytes) into 2 fragments
Nov 21 13:36:39   charon: 05[ENC] <con1|2> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Nov 21 13:36:39   charon: 05[IKE] <con1|2> sending end entity cert "C=FR, ST=nomade, L=Caen, O=site nomade, E=admin.caen@vpn.nomade-ipsec.fr, CN=VPN-IPSEC, subjectAltName=DNS:vpn.nomade-ipsec.fr"
Nov 21 13:36:39   charon: 05[IKE] <con1|2> authentication of 'vpn.nomade-ipsec.fr' (myself) with RSA signature successful
Nov 21 13:36:39   charon: 05[IKE] <con1|2> initiating EAP_IDENTITY method (id 0x00)
Nov 21 13:36:39   charon: 05[CFG] <con1|2> selected peer config 'con1'
Nov 21 13:36:39   charon: 05[CFG] <2> looking for peer configs matching W.X.Y.Z[%any]...A.B.C.D[10.249.10.49]
Nov 21 13:36:39   charon: 05[IKE] <2> received 38 cert requests for an unknown ca
Nov 21 13:36:39   charon: 05[IKE] <2> received cert request for "C=FR, ST=nomade, L=Caen, O=site nomade, E=admin.caen@nomade-ipsec.fr, CN=internal-sslvpn-ca"

Merci d'avance pour vos réponses.

Messages - vahatry

French - Français / Clients nomade IPsec sur windows 10