Home
Help
Search
Login
Register
OPNsense Forum
»
International Forums
»
German - Deutsch
»
IPSEC-Tunnel Verbindungsabbrüche
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC-Tunnel Verbindungsabbrüche (Read 3150 times)
orgdv
Newbie
Posts: 10
Karma: 0
IPSEC-Tunnel Verbindungsabbrüche
«
on:
August 26, 2019, 01:27:53 pm »
Hallo OPNsense-Community,
leider habe ich folgendes Problem:
Ich würde gerne zwei bzw. mehrere route-based IPSec-Tunnel in unser Rechenzentrum aufbauen. Leider bricht aber die Verbindung sporadisch ab sobald ich mehr als einen Tunnel (Phase1) laufen lasse.
Die Konfiguration der Phasen ist bis auf den PSK und VTI-IPs identisch. Wenn ihr weitere Informationen braucht füge ich diese gerne hinzu. Ich bin neu im Bereich IPsec unter opnsense, von daher bin ich für eure Hilfe sehrdankbar!
LG
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSEC-Tunnel Verbindungsabbrüche
«
Reply #1 on:
August 26, 2019, 02:18:22 pm »
Logs wären interessant
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
orgdv
Newbie
Posts: 10
Karma: 0
Re: IPSEC-Tunnel Verbindungsabbrüche
«
Reply #2 on:
August 26, 2019, 04:25:13 pm »
Wenn es nochmal auftritt stelle ich es rein! Danke schonmal...
Logged
orgdv
Newbie
Posts: 10
Karma: 0
Re: IPSEC-Tunnel Verbindungsabbrüche
«
Reply #3 on:
August 26, 2019, 04:54:28 pm »
Aug 26 16:53:18 charon: 06[CFG] trap not found, unable to acquire reqid 0
Aug 26 16:53:18 charon: 11[KNL] creating acquire job for policy 213.202.237.174/32 === 78.94.254.119/32 with reqid {0}
Aug 26 16:53:18 charon: 11[KNL] received an SADB_ACQUIRE with policy id 2 but no matching policy found
Aug 26 16:53:14 charon: 11[NET] <con1|4> sending packet: from 213.202.237.174[4500] to 78.94.254.119[4500] (65 bytes)
Aug 26 16:53:14 charon: 11[ENC] <con1|4> generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
Aug 26 16:53:14 charon: 11[IKE] <con1|4> tried 1 shared key for '213.202.237.174' - '78.94.254.119', but MAC mismatched
Aug 26 16:53:14 charon: 11[ENC] <con1|4> parsed IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
Aug 26 16:53:14 charon: 11[NET] <con1|4> received packet: from 78.94.254.119[4500] to 213.202.237.174[4500] (349 bytes)
Aug 26 16:53:14 charon: 11[NET] <con1|4> sending packet: from 213.202.237.174[4500] to 78.94.254.119[4500] (446 bytes)
Aug 26 16:53:14 charon: 11[ENC] <con1|4> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Aug 26 16:53:14 charon: 11[IKE] <con1|4> establishing CHILD_SA con1{2}
Aug 26 16:53:14 charon: 11[IKE] <con1|4> authentication of '213.202.237.174' (myself) with pre-shared key
Aug 26 16:53:14 charon: 11[IKE] <con1|4> sending cert request for "C=DE, ST=Nordrhein-Westfahlen, L=D??ren, O=DI-Gruppe, E=orgdv@di-gruppe.de, CN=opnsense-proxy-ssl-ca"
Aug 26 16:53:14 charon: 11[IKE] <con1|4> sending cert request for "C=DE, ST=Nordrhein-Westfahlen, L=D??ren, O=DI Management, E=orgdv@di-gruppe.de, CN=OPENVPN_CA_IT_ROADWARRIOR"
Aug 26 16:53:14 charon: 11[IKE] <con1|4> sending cert request for "C=DE, ST=NRW, L=Dueren, O=JFG, E=orgdv@jagdfeld-gruppe.de, CN=jfg-rz001-fw001.jfg.one"
Aug 26 16:53:14 charon: 11[IKE] <con1|4> received cert request for "C=DE, ST=NRW, L=Dueren, O=JFG, E=orgdv@jagdfeld-gruppe.de, CN=jfg-rz001-fw001.jfg.one"
Aug 26 16:53:14 charon: 11[CFG] <con1|4> selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_512/MODP_2048
Aug 26 16:53:14 charon: 11[ENC] <con1|4> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Aug 26 16:53:14 charon: 11[NET] <con1|4> received packet: from 78.94.254.119[500] to 213.202.237.174[500] (489 bytes)
Aug 26 16:53:14 charon: 11[NET] <con1|4> sending packet: from 213.202.237.174[500] to 78.94.254.119[500] (456 bytes)
Aug 26 16:53:14 charon: 11[ENC] <con1|4> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 26 16:53:14 charon: 11[IKE] <con1|4> initiating IKE_SA con1[4] to 78.94.254.119
Aug 26 16:53:14 charon: 13[CFG] received stroke: initiate 'con1'
Aug 26 16:53:07 charon: 13[CFG] trap not found, unable to acquire reqid 0
Aug 26 16:53:07 charon: 14[KNL] creating acquire job for policy 213.202.237.174/32 === 176.94.251.183/32 with reqid {0}
Aug 26 16:53:07 charon: 14[KNL] received an SADB_ACQUIRE with policy id 6 but no matching policy found
Aug 26 16:53:05 charon: 14[CFG] trap not found, unable to acquire reqid 0
Aug 26 16:53:05 charon: 13[KNL] creating acquire job for policy 213.202.237.174/32 === 78.94.254.119/32 with reqid {0}
Aug 26 16:53:05 charon: 13[KNL] received an SADB_ACQUIRE with policy id 2 but no matching policy found
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSEC-Tunnel Verbindungsabbrüche
«
Reply #4 on:
August 29, 2019, 02:07:12 pm »
Aug 26 16:53:14 charon: 11[IKE] <con1|4> tried 1 shared key for '213.202.237.174' - '78.94.254.119', but MAC mismatched
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
orgdv
Newbie
Posts: 10
Karma: 0
Re: IPSEC-Tunnel Verbindungsabbrüche
«
Reply #5 on:
September 02, 2019, 12:59:08 pm »
Jetzt bekomme ich folgende Meldungen... sobald ich den Tunnel nach einem Verbindungsabbruch wieder aufbauen will...
Aug 30 08:42:00 charon: 10[KNL] <con5|8> querying policy 0.0.0.0/0 === 0.0.0.0/0 in failed, not found
Aug 30 08:41:59 charon: 12[CFG] trap not found, unable to acquire reqid 0
Aug 30 08:41:59 charon: 12[KNL] creating acquire job for policy 78.94.254.119/32 === 213.202.237.174/32 with reqid {0}
Aug 30 08:41:59 charon: 12[KNL] received an SADB_ACQUIRE with policy id 2 but no matching policy found
Aug 30 08:41:58 charon: 12[CFG] trap not found, unable to acquire reqid 0
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSEC-Tunnel Verbindungsabbrüche
«
Reply #6 on:
September 02, 2019, 01:13:06 pm »
Screenshots von P1 und P2 bitte ...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
International Forums
»
German - Deutsch
»
IPSEC-Tunnel Verbindungsabbrüche