OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • International Forums »
  • German - Deutsch »
  • [solved]IPSEC Routing
« previous next »
  • Print
Pages: [1]

Author Topic: [solved]IPSEC Routing  (Read 3431 times)

Sven-J

  • Newbie
  • *
  • Posts: 47
  • Karma: 1
    • View Profile
[solved]IPSEC Routing
« on: August 28, 2019, 05:21:24 pm »
Moin zusammen!

System:

OPNsense 19.7.2-amd64
FreeBSD 11.2-RELEASE-p12-HBSD
OpenSSL 1.0.2s 28 May 2019

System beim Kunden:

Cisco ASA 5520

Ich habe folgendes Problem: ipsec ist eingerichtet

Code: [Select]
root@DEHAM01-FW01:# ipsec status
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
Routed Connections:
    con1-009{39}:  CREATED, TUNNEL, reqid 29
    con1-009{39}:   172.21.106.0/24 === 10.164.141.10/32
    con1-008{38}:  CREATED, TUNNEL, reqid 28
    con1-008{38}:   172.21.106.0/24 === 10.164.255.17/32
    con1-007{37}:  CREATED, TUNNEL, reqid 27
    con1-007{37}:   172.21.106.0/24 === 10.164.140.34/32
    con1-006{36}:  CREATED, TUNNEL, reqid 26
    con1-006{36}:   172.21.106.0/24 === 172.22.112.0/24
    con1-005{35}:  CREATED, TUNNEL, reqid 25
    con1-005{35}:   172.21.106.0/24 === 172.22.126.0/24
    con1-004{34}:  CREATED, TUNNEL, reqid 24
    con1-004{34}:   172.21.106.0/24 === 172.22.121.0/24
    con1-003{33}:  CREATED, TUNNEL, reqid 23
    con1-003{33}:   172.21.106.0/24 === 10.164.254.160/27
    con1-002{32}:  CREATED, TUNNEL, reqid 22
    con1-002{32}:   172.21.106.0/24 === 10.164.254.128/27
    con1-001{31}:  CREATED, TUNNEL, reqid 21
    con1-001{31}:   172.21.106.0/24 === 10.164.254.64/26
    con1-000{30}:  CREATED, TUNNEL, reqid 2
    con1-000{30}:   172.21.106.0/24 === 10.164.254.32/27
Security Associations (1 up, 0 connecting):
    con1-000[5]: ESTABLISHED 22 seconds ago, 149.XXX.XXX.XXX[149.XXX.XXX.XXX]...194.XXX.XXX.XXX[194.XXX.XXX.XXX]
    con1-000{40}:  INSTALLED, TUNNEL, reqid 2, ESP SPIs: c6f0bf35_i 0678ef9d_o
    con1-000{40}:   172.21.106.0/24 === 10.164.254.32/27
    con1-001{41}:  INSTALLED, TUNNEL, reqid 21, ESP SPIs: ce913538_i 43cf35fc_o
    con1-001{41}:   172.21.106.0/24 === 10.164.254.64/26
    con1-002{42}:  INSTALLED, TUNNEL, reqid 22, ESP SPIs: ca16100e_i dfdf4782_o
    con1-002{42}:   172.21.106.0/24 === 10.164.254.128/27
    con1-003{43}:  INSTALLED, TUNNEL, reqid 23, ESP SPIs: c28ac187_i 00ce068a_o
    con1-003{43}:   172.21.106.0/24 === 10.164.254.160/27
    con1-004{44}:  INSTALLED, TUNNEL, reqid 24, ESP SPIs: cd6d51b0_i 79565116_o
    con1-004{44}:   172.21.106.0/24 === 172.22.121.0/24
    con1-005{45}:  INSTALLED, TUNNEL, reqid 25, ESP SPIs: cf4293ed_i 1171cabd_o
    con1-005{45}:   172.21.106.0/24 === 172.22.126.0/24
    con1-006{46}:  INSTALLED, TUNNEL, reqid 26, ESP SPIs: cdf727dd_i 389b4373_o
    con1-006{46}:   172.21.106.0/24 === 172.22.112.0/24
    con1-007{47}:  INSTALLED, TUNNEL, reqid 27, ESP SPIs: cfb1c13c_i fe8c444f_o
    con1-007{47}:   172.21.106.0/24 === 10.164.140.34/32
    con1-008{48}:  INSTALLED, TUNNEL, reqid 28, ESP SPIs: cf11def8_i 6a75d7b8_o
    con1-008{48}:   172.21.106.0/24 === 10.164.255.17/32
    con1-009{49}:  INSTALLED, TUNNEL, reqid 29, ESP SPIs: c6208dcf_i 9d008adf_o
    con1-009{49}:   172.21.106.0/24 === 10.164.141.10/32

Nur irgendwie geht da nix durch den Tunnel :! Einer eine Idee?


Tunnel gelöscht und neuangelegt dann ging es ...

« Last Edit: August 29, 2019, 05:33:06 pm by Sven-J »
Logged

Sven-J

  • Newbie
  • *
  • Posts: 47
  • Karma: 1
    • View Profile
Re: IPSEC Routing
« Reply #1 on: August 28, 2019, 05:46:22 pm »
Anbei Screen 1
Logged

Sven-J

  • Newbie
  • *
  • Posts: 47
  • Karma: 1
    • View Profile
Re: IPSEC Routing
« Reply #2 on: August 28, 2019, 05:46:39 pm »
Anbei Screen2
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6766
  • Karma: 494
    • View Profile
Re: IPSEC Routing
« Reply #3 on: August 28, 2019, 06:52:58 pm »
Firewall alles erlaubt?
Logged
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

Sven-J

  • Newbie
  • *
  • Posts: 47
  • Karma: 1
    • View Profile
Re: IPSEC Routing
« Reply #4 on: August 28, 2019, 06:55:57 pm »
Quote from: mimugmail on August 28, 2019, 06:52:58 pm
Firewall alles erlaubt?

Also die Logs source 172.21.106.0 dest: 10.164.254. port 22 sagen alles grün.

Nur wenn ich ein traceroute mache, will der ins internet....

Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6766
  • Karma: 494
    • View Profile
Re: IPSEC Routing
« Reply #5 on: August 28, 2019, 07:50:40 pm »
Ach, du verwendest Multiwan und hast eine Gateway rule aktiv. Da brauchst du davor ein accept ohne Gateway
Logged
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

Sven-J

  • Newbie
  • *
  • Posts: 47
  • Karma: 1
    • View Profile
Re: IPSEC Routing
« Reply #6 on: August 28, 2019, 08:24:52 pm »
Quote from: mimugmail on August 28, 2019, 07:50:40 pm
Ach, du verwendest Multiwan und hast eine Gateway rule aktiv. Da brauchst du davor ein accept ohne Gateway

Moin!

Ne Multiwan habe ich nicht, ich habe halt 2 Nodes:

149.XXX.XXX.178 – deham01-fw CARP
149.XXX.XXX.179 - deham01-fw01
149.XXX.XXX.180 - deham01-fw02


Logged

Sven-J

  • Newbie
  • *
  • Posts: 47
  • Karma: 1
    • View Profile
Re: IPSEC Routing
« Reply #7 on: August 28, 2019, 09:34:13 pm »
Quote from: Sven-J on August 28, 2019, 08:24:52 pm
Quote from: mimugmail on August 28, 2019, 07:50:40 pm
Ach, du verwendest Multiwan und hast eine Gateway rule aktiv. Da brauchst du davor ein accept ohne Gateway

Moin!

Ne Multiwan habe ich nicht, ich habe halt 2 Nodes:

149.XXX.XXX.178 – deham01-fw CARP
149.XXX.XXX.179 - deham01-fw01
149.XXX.XXX.180 - deham01-fw02

Aug 28 21:33:17   charon: 11[ENC] <con1-000|7> parsed INFORMATIONAL_V1 request 3770589584 [ HASH N(DPD_ACK) ]
Aug 28 21:33:17   charon: 11[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (92 bytes)
Aug 28 21:33:17   charon: 11[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (92 bytes)
Aug 28 21:33:17   charon: 11[ENC] <con1-000|7> generating INFORMATIONAL_V1 request 1471798028 [ HASH N(DPD) ]
Aug 28 21:33:17   charon: 11[IKE] <con1-000|7> sending DPD request
Aug 28 21:31:30   charon: 07[KNL] <con1-000|7> querying policy 10.164.255.17/32 === 172.21.106.0/24 in failed, not found
Aug 28 21:31:30   charon: 07[KNL] <con1-000|7> querying policy 10.164.140.34/32 === 172.21.106.0/24 in failed, not found
Aug 28 21:31:30   charon: 07[KNL] <con1-000|7> querying policy 172.22.112.0/24 === 172.21.106.0/24 in failed, not found
Aug 28 21:31:30   charon: 07[KNL] <con1-000|7> querying policy 172.22.126.0/24 === 172.21.106.0/24 in failed, not found
Aug 28 21:31:30   charon: 07[KNL] <con1-000|7> querying policy 172.22.121.0/24 === 172.21.106.0/24 in failed, not found
Aug 28 21:31:30   charon: 07[KNL] <con1-000|7> querying policy 10.164.254.160/27 === 172.21.106.0/24 in failed, not found
Aug 28 21:31:30   charon: 07[KNL] <con1-000|7> querying policy 10.164.254.128/27 === 172.21.106.0/24 in failed, not found
Aug 28 21:31:30   charon: 07[KNL] <con1-000|7> querying policy 10.164.254.64/26 === 172.21.106.0/24 in failed, not found
Aug 28 21:31:30   charon: 07[KNL] <con1-000|7> querying policy 10.164.254.32/27 === 172.21.106.0/24 in failed, not found
Aug 28 21:31:30   charon: 07[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (60 bytes)
Aug 28 21:31:30   charon: 07[ENC] <con1-000|7> generating QUICK_MODE request 2166131354 [ HASH ]
Aug 28 21:31:30   charon: 07[IKE] <con1-000|7> CHILD_SA con1-008{68} established with SPIs cd07a10d_i c8207bfe_o and TS 172.21.106.0/24 === 10.164.255.17/32
Aug 28 21:31:30   charon: 07[CFG] <con1-000|7> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 28 21:31:30   charon: 07[ENC] <con1-000|7> parsed QUICK_MODE response 2166131354 [ HASH SA No ID ID N((24576)) ]
Aug 28 21:31:30   charon: 07[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (188 bytes)
Aug 28 21:31:30   charon: 07[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (1180 bytes)
Aug 28 21:31:30   charon: 07[ENC] <con1-000|7> generating QUICK_MODE request 2166131354 [ HASH SA No ID ID ]
Aug 28 21:31:30   charon: 12[CFG] received stroke: initiate 'con1-008'
Aug 28 21:31:29   charon: 09[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (60 bytes)
Aug 28 21:31:29   charon: 09[ENC] <con1-000|7> generating QUICK_MODE request 3112779887 [ HASH ]
Aug 28 21:31:29   charon: 09[IKE] <con1-000|7> CHILD_SA con1-007{67} established with SPIs c2783f4b_i 204ca29c_o and TS 172.21.106.0/24 === 10.164.140.34/32
Aug 28 21:31:29   charon: 09[CFG] <con1-000|7> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 28 21:31:29   charon: 09[ENC] <con1-000|7> parsed QUICK_MODE response 3112779887 [ HASH SA No ID ID N((24576)) ]
Aug 28 21:31:29   charon: 09[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (188 bytes)
Aug 28 21:31:29   charon: 09[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (1180 bytes)
Aug 28 21:31:29   charon: 09[ENC] <con1-000|7> generating QUICK_MODE request 3112779887 [ HASH SA No ID ID ]
Aug 28 21:31:29   charon: 07[CFG] received stroke: initiate 'con1-007'
Aug 28 21:31:28   charon: 09[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (60 bytes)
Aug 28 21:31:28   charon: 09[ENC] <con1-000|7> generating QUICK_MODE request 2634036184 [ HASH ]
Aug 28 21:31:28   charon: 09[IKE] <con1-000|7> CHILD_SA con1-006{66} established with SPIs c8897faa_i 9090c4b0_o and TS 172.21.106.0/24 === 172.22.112.0/24
Aug 28 21:31:28   charon: 09[CFG] <con1-000|7> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 28 21:31:28   charon: 09[ENC] <con1-000|7> parsed QUICK_MODE response 2634036184 [ HASH SA No ID ID N((24576)) ]
Aug 28 21:31:28   charon: 09[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (188 bytes)
Aug 28 21:31:28   charon: 09[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (1180 bytes)
Aug 28 21:31:28   charon: 09[ENC] <con1-000|7> generating QUICK_MODE request 2634036184 [ HASH SA No ID ID ]
Aug 28 21:31:28   charon: 07[CFG] received stroke: initiate 'con1-006'
Aug 28 21:31:27   charon: 16[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (60 bytes)
Aug 28 21:31:27   charon: 16[ENC] <con1-000|7> generating QUICK_MODE request 4116558150 [ HASH ]
Aug 28 21:31:27   charon: 16[IKE] <con1-000|7> CHILD_SA con1-005{65} established with SPIs cca56f10_i b0be49c6_o and TS 172.21.106.0/24 === 172.22.126.0/24
Aug 28 21:31:27   charon: 16[CFG] <con1-000|7> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 28 21:31:27   charon: 16[ENC] <con1-000|7> parsed QUICK_MODE response 4116558150 [ HASH SA No ID ID N((24576)) ]
Aug 28 21:31:27   charon: 16[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (188 bytes)
Aug 28 21:31:27   charon: 16[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (1180 bytes)
Aug 28 21:31:27   charon: 16[ENC] <con1-000|7> generating QUICK_MODE request 4116558150 [ HASH SA No ID ID ]
Aug 28 21:31:27   charon: 09[CFG] received stroke: initiate 'con1-005'
Aug 28 21:31:25   charon: 16[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (60 bytes)
Aug 28 21:31:25   charon: 16[ENC] <con1-000|7> generating QUICK_MODE request 1754381864 [ HASH ]
Aug 28 21:31:25   charon: 16[IKE] <con1-000|7> CHILD_SA con1-004{64} established with SPIs c5ad7751_i c2248fed_o and TS 172.21.106.0/24 === 172.22.121.0/24
Aug 28 21:31:25   charon: 16[CFG] <con1-000|7> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 28 21:31:25   charon: 16[ENC] <con1-000|7> parsed QUICK_MODE response 1754381864 [ HASH SA No ID ID N((24576)) ]
Aug 28 21:31:25   charon: 16[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (188 bytes)
Aug 28 21:31:25   charon: 16[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (1180 bytes)
Aug 28 21:31:25   charon: 16[ENC] <con1-000|7> generating QUICK_MODE request 1754381864 [ HASH SA No ID ID ]
Aug 28 21:31:25   charon: 09[CFG] received stroke: initiate 'con1-004'
Aug 28 21:31:24   charon: 06[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (60 bytes)
Aug 28 21:31:24   charon: 06[ENC] <con1-000|7> generating QUICK_MODE request 4002842253 [ HASH ]
Aug 28 21:31:24   charon: 06[IKE] <con1-000|7> CHILD_SA con1-003{63} established with SPIs cdc797d1_i e4d0d0f7_o and TS 172.21.106.0/24 === 10.164.254.160/27
Aug 28 21:31:24   charon: 06[CFG] <con1-000|7> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 28 21:31:24   charon: 06[ENC] <con1-000|7> parsed QUICK_MODE response 4002842253 [ HASH SA No ID ID N((24576)) ]
Aug 28 21:31:24   charon: 06[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (188 bytes)
Aug 28 21:31:24   charon: 06[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (1180 bytes)
Aug 28 21:31:24   charon: 06[ENC] <con1-000|7> generating QUICK_MODE request 4002842253 [ HASH SA No ID ID ]
Aug 28 21:31:24   charon: 05[CFG] received stroke: initiate 'con1-003'
Aug 28 21:31:23   charon: 06[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (60 bytes)
Aug 28 21:31:23   charon: 06[ENC] <con1-000|7> generating QUICK_MODE request 916152515 [ HASH ]
Aug 28 21:31:23   charon: 06[IKE] <con1-000|7> CHILD_SA con1-002{62} established with SPIs cb7ca3f9_i 99a14889_o and TS 172.21.106.0/24 === 10.164.254.128/27
Aug 28 21:31:23   charon: 06[CFG] <con1-000|7> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 28 21:31:23   charon: 06[ENC] <con1-000|7> parsed QUICK_MODE response 916152515 [ HASH SA No ID ID N((24576)) ]
Aug 28 21:31:23   charon: 06[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (188 bytes)
Aug 28 21:31:23   charon: 06[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (1180 bytes)
Aug 28 21:31:23   charon: 06[ENC] <con1-000|7> generating QUICK_MODE request 916152515 [ HASH SA No ID ID ]
Aug 28 21:31:23   charon: 05[CFG] received stroke: initiate 'con1-002'
Aug 28 21:31:22   charon: 06[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (60 bytes)
Aug 28 21:31:22   charon: 06[ENC] <con1-000|7> generating QUICK_MODE request 4277161391 [ HASH ]
Aug 28 21:31:22   charon: 06[IKE] <con1-000|7> CHILD_SA con1-001{61} established with SPIs c9e22597_i f3498b93_o and TS 172.21.106.0/24 === 10.164.254.64/26
Aug 28 21:31:22   charon: 06[CFG] <con1-000|7> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 28 21:31:22   charon: 06[ENC] <con1-000|7> parsed QUICK_MODE response 4277161391 [ HASH SA No ID ID N((24576)) ]
Aug 28 21:31:22   charon: 06[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (188 bytes)
Aug 28 21:31:22   charon: 06[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (1180 bytes)
Aug 28 21:31:22   charon: 06[ENC] <con1-000|7> generating QUICK_MODE request 4277161391 [ HASH SA No ID ID ]
Aug 28 21:31:22   charon: 05[CFG] received stroke: initiate 'con1-001'
Aug 28 21:31:20   charon: 05[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (60 bytes)
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> generating QUICK_MODE request 1401173596 [ HASH ]
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> CHILD_SA con1-000{60} established with SPIs c37da27b_i b3e0a0f0_o and TS 172.21.106.0/24 === 10.164.254.32/27
Aug 28 21:31:20   charon: 05[CFG] <con1-000|7> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> parsed QUICK_MODE response 1401173596 [ HASH SA No ID ID N((24576)) ]
Aug 28 21:31:20   charon: 05[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (188 bytes)
Aug 28 21:31:20   charon: 05[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (1180 bytes)
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> generating QUICK_MODE request 1401173596 [ HASH SA No ID ID ]
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> maximum IKE_SA lifetime 28370s
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> scheduling reauthentication in 27830s
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> IKE_SA con1-000[7] established between 149.XXX.XXX.178[149.XXX.XXX.178]...194.XXX.XXX.240[194.XXX.XXX.240]
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> received DPD vendor ID
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> parsed ID_PROT response 0 [ ID HASH V ]
Aug 28 21:31:20   charon: 05[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (92 bytes)
Aug 28 21:31:20   charon: 05[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (108 bytes)
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> received unknown vendor ID: 36:f7:df:61:25:50:6c:8d:2d:62:e4:16:96:34:0e:e4
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> received XAuth vendor ID
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> received Cisco Unity vendor ID
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
Aug 28 21:31:20   charon: 05[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (304 bytes)
Aug 28 21:31:20   charon: 05[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (244 bytes)
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug 28 21:31:20   charon: 05[CFG] <con1-000|7> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> received FRAGMENTATION vendor ID
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> received NAT-T (RFC 3947) vendor ID
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> parsed ID_PROT response 0 [ SA V V ]
Aug 28 21:31:20   charon: 05[NET] <con1-000|7> received packet: from 194.XXX.XXX.240[500] to 149.XXX.XXX.178[500] (128 bytes)
Aug 28 21:31:20   charon: 05[NET] <con1-000|7> sending packet: from 149.XXX.XXX.178[500] to 194.XXX.XXX.240[500] (288 bytes)
Aug 28 21:31:20   charon: 05[ENC] <con1-000|7> generating ID_PROT request 0 [ SA V V V V V ]
Aug 28 21:31:20   charon: 05[IKE] <con1-000|7> initiating Main Mode IKE_SA con1-000[7] to 194.XXX.XXX.240
Aug 28 21:31:20   charon: 06[CFG] received stroke: initiate 'con1-000'

Hier noch mal die Logs von eben
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • International Forums »
  • German - Deutsch »
  • [solved]IPSEC Routing
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2