IP Sec Meldung

Started by superwinni2, January 21, 2022, 04:37:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 21, 2022, 04:37:05 PM
Hallo zusammen


ich bekomme im 10 Sekunden Takt immer folgende Meldungen in die IPSec Log.
Kann mir jemand sagen warum?

Die Verbindung funktioniert meines Wissens nach durchgehend stabil.
Es beklagt sich zumindest niemand über Verbindungsabbrüche...  ;D


Leider habe ich keine Ahnung was auf der gegenüberliegenden Seite für eine FW im Einsatz ist. Ebensowenig weiß die Person auf der anderen Seite was genau sie macht. Ich möchte gerne ausschließen, dass ich der schuldige bin.


Damit man nicht so viel scrollen muss habe ich vorne Datum, Uhrzeit hostname und prozess sowie ProzessID entfernt.
Dafür schreibe ich es einfach mal hier hinein:
Code Select
Jan 21 16:24:30 fw1 charon[37304]:
Code Select
12[IKE] <con1|46555> deleting IKE_SA con1[46555] between 1.2.3.4[1.2.3.4]...9.8.7.6[9.8.7.6]
12[IKE] <con1|46555> sending DELETE for IKE_SA con1[46555]
12[ENC] <con1|46555> generating INFORMATIONAL request 0 [ D ]
12[NET] <con1|46555> sending packet: from 1.2.3.4[4500] to 9.8.7.6[4500] (80 bytes)
12[NET] <46557> received packet: from 9.8.7.6[500] to 1.2.3.4[500] (1100 bytes)
12[ENC] <46557> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
12[IKE] <46557> 9.8.7.6 is initiating an IKE_SA
12[CFG] <46557> selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
04[NET] <con1|46555> received packet: from 9.8.7.6[4500] to 1.2.3.4[4500] (80 bytes)
04[ENC] <con1|46555> parsed INFORMATIONAL response 0 [ ]
04[IKE] <con1|46555> IKE_SA deleted
12[IKE] <46557> sending cert request for "DC=int, DC=aaa, DC=emea, CN=aaaEMEA-CA"
12[IKE] <46557> sending cert request for "C=DE, ST=Bundesland, L=Ortschaft, O=aaa, E=edv@aaa.de, CN=aaaMobile"
12[IKE] <46557> sending cert request for "C=DE, ST=Bundesland, L=Ortschaft, O=aaa, E=edv@aaa.de, CN=aaaFirewall-CA"
12[IKE] <46557> sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
12[IKE] <46557> sending cert request for "C=US, O=Let's Encrypt, CN=R3"
12[IKE] <46557> sending cert request for "C=DE, ST=B-W, L=Ortschaft, O= Aluminium-Werke Wut??schingen AG and Co.KG, E=edv@aaa.de, CN=aaaFW-Squid"
12[IKE] <46557> sending cert request for "C=US, O=(STAGING) Let's Encrypt, CN=(STAGING) Artificial Apricot R3"
12[ENC] <46557> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
12[NET] <46557> sending packet: from 1.2.3.4[500] to 9.8.7.6[500] (617 bytes)
12[NET] <46557> received packet: from 9.8.7.6[4500] to 1.2.3.4[4500] (688 bytes)
12[ENC] <46557> parsed IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
12[IKE] <46557> received cert request for "C=DE, ST=Bundesland, L=Ortschaft, O=aaa, E=edv@aaa.de, CN=aaaFirewall-CA"
12[IKE] <46557> received 1 cert requests for an unknown ca
12[CFG] <46557> looking for peer configs matching 1.2.3.4[1.2.3.4]...9.8.7.6[9.8.7.6]
12[CFG] <con1|46557> selected peer config 'con1'
12[IKE] <con1|46557> authentication of '9.8.7.6' with pre-shared key successful
12[IKE] <con1|46557> peer supports MOBIKE
12[IKE] <con1|46557> authentication of '1.2.3.4' (myself) with pre-shared key
12[IKE] <con1|46556> schedule delete of duplicate IKE_SA for peer '9.8.7.6' due to uniqueness policy and suspected reauthentication
12[IKE] <con1|46557> IKE_SA con1[46557] established between 1.2.3.4[1.2.3.4]...9.8.7.6[9.8.7.6]
12[IKE] <con1|46557> scheduling reauthentication in 2635s
12[IKE] <con1|46557> maximum IKE_SA lifetime 3175s
12[CFG] <con1|46557> selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
12[IKE] <con1|46557> CHILD_SA con1{46733} established with SPIs c542ab3c_i c7765dd3_o and TS 172.16.20.232/29 === 192.168.190.0/24
12[ENC] <con1|46557> generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
12[NET] <con1|46557> sending packet: from 1.2.3.4[4500] to 9.8.7.6[4500] (336 bytes)


Danke und viele Grüße
Proxmox VE
i3-4030U | 16 GB RAM | 512 GB SSD | 500 GB HDD
i3-2350M | 16 GB RAM | 120 GB SSD | 500 GB HDD

FW VMs:
2 Cores | 1 GB RAM | 20 GB SSD
Print
Go Up Pages1
User actions