Помогите настроить L2TP/IPsec VPN на pfSense 2.3.2

itsale · 2016-09-30 23:22:01

Здравствуйте!

Помогите настроить L2TP/IPsec VPN на pfSense.

Есть свежеустановленная тестовая машина с pfSense:

2.3.2-RELEASE (i386)

built on Tue Jul 19 13:09:39 CDT 2016

FreeBSD 10.3-RELEASE-p5

WAN IP:

62.216.xx.xx

LAN IP (DHCP - disabled):

192.168.1.5

Настраивал по мануалу

Логи pfsense:

Oct 1 02:03:13  charon   10[NET] <13> received packet: from 89.252.xx.xx[500] to 62.216.xx.xx[500] (408 bytes)  
Oct 1 02:03:13  charon   10[ENC] <13> parsed ID_PROT request 0 [ SA V V V V V V V V ]  
Oct 1 02:03:13  charon   10[ENC] <13> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01  
Oct 1 02:03:13  charon   10[IKE] <13> received MS NT5 ISAKMPOAKLEY vendor ID  
Oct 1 02:03:13  charon   10[IKE] <13> received NAT-T (RFC 3947) vendor ID  
Oct 1 02:03:13  charon   10[IKE] <13> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID  
Oct 1 02:03:13  charon   10[IKE] <13> received FRAGMENTATION vendor ID  
Oct 1 02:03:13  charon   10[ENC] <13> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20  
Oct 1 02:03:13  charon   10[ENC] <13> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19  
Oct 1 02:03:13  charon   10[ENC] <13> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52  
Oct 1 02:03:13  charon   10[IKE] <13> 89.252.xx.xx is initiating a Main Mode IKE_SA  
Oct 1 02:03:13  charon   10[ENC] <13> generating ID_PROT response 0 [ SA V V V V ]  
Oct 1 02:03:13  charon   10[NET] <13> sending packet: from 62.216.xx.xx[500] to 89.252.xx.xx[500] (160 bytes)  
Oct 1 02:03:13  charon   10[NET] <13> received packet: from 89.252.xx.xx[500] to 62.216.xx.xx[500] (388 bytes)  
Oct 1 02:03:13  charon   10[ENC] <13> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]  
Oct 1 02:03:13  charon   10[IKE] <13> remote host is behind NAT  
Oct 1 02:03:13  charon   10[ENC] <13> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]  
Oct 1 02:03:13  charon   10[NET] <13> sending packet: from 62.216.xx.xx[500] to 89.252.xx.xx[500] (372 bytes)  
Oct 1 02:03:13  charon   10[NET] <13> received packet: from 89.252.xx.xx[4500] to 62.216.xx.xx[4500] (76 bytes)  
Oct 1 02:03:13  charon   10[ENC] <13> parsed ID_PROT request 0 [ ID HASH ]  
Oct 1 02:03:13  charon   10[CFG] <13> looking for pre-shared key peer configs matching 62.216.xx.xx...89.252.xx.xx[192.168.5.104]  
Oct 1 02:03:13  charon   10[CFG] <13> selected peer config "con1"  
Oct 1 02:03:13  charon   10[IKE] <con1|13> IKE_SA con1[13] established between 62.216.xx.xx[62.216.xx.xx]...89.252.xx.xx[192.168.5.104]  
Oct 1 02:03:13  charon   10[IKE] <con1|13> scheduling reauthentication in 28143s  
Oct 1 02:03:13  charon   10[IKE] <con1|13> maximum IKE_SA lifetime 28683s  
Oct 1 02:03:13  charon   10[IKE] <con1|13> DPD not supported by peer, disabled  
Oct 1 02:03:13  charon   10[ENC] <con1|13> generating ID_PROT response 0 [ ID HASH ]  
Oct 1 02:03:13  charon   10[NET] <con1|13> sending packet: from 62.216.xx.xx[4500] to 89.252.xx.xx[4500] (76 bytes)  
Oct 1 02:03:13  charon   15[NET] <con1|13> received packet: from 89.252.xx.xx[4500] to 62.216.xx.xx[4500] (332 bytes)  
Oct 1 02:03:13  charon   15[ENC] <con1|13> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]  
Oct 1 02:03:13  charon   15[IKE] <con1|13> received 250000000 lifebytes, configured 0  
Oct 1 02:03:13  charon   15[ENC] <con1|13> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]  
Oct 1 02:03:13  charon   15[NET] <con1|13> sending packet: from 62.216.xx.xx[4500] to 89.252.xx.xx[4500] (204 bytes)  
Oct 1 02:03:13  charon   15[NET] <con1|13> received packet: from 89.252.xx.xx[4500] to 62.216.xx.xx[4500] (60 bytes)  
Oct 1 02:03:13  charon   15[ENC] <con1|13> parsed QUICK_MODE request 1 [ HASH ]  
Oct 1 02:03:13  charon   15[IKE] <con1|13> CHILD_SA con1{6} established with SPIs c1421d55_i a0ce5dca_o and TS 62.216.xx.xx/32|/0[udp/l2f] === 89.252.xx.xx/32|/0[udp/l2f]  
Oct 1 02:03:48  charon   15[NET] <con1|13> received packet: from 89.252.xx.xx[4500] to 62.216.xx.xx[4500] (76 bytes)  
Oct 1 02:03:48  charon   15[ENC] <con1|13> parsed INFORMATIONAL_V1 request 4256905100 [ HASH D ]  
Oct 1 02:03:48  charon   15[IKE] <con1|13> received DELETE for ESP CHILD_SA with SPI a0ce5dca  
Oct 1 02:03:48  charon   15[IKE] <con1|13> closing CHILD_SA con1{6} with SPIs c1421d55_i (756 bytes) a0ce5dca_o (0 bytes) and TS 62.216.xx.xx/32|/0[udp/l2f] === 89.252.xx.xx/32|/0[udp/l2f]  
Oct 1 02:03:48  charon   05[NET] <con1|13> received packet: from 89.252.xx.xx[4500] to 62.216.xx.xx[4500] (92 bytes)  
Oct 1 02:03:48  charon   05[ENC] <con1|13> parsed INFORMATIONAL_V1 request 3672929147 [ HASH D ]  
Oct 1 02:03:48  charon   05[IKE] <con1|13> received DELETE for IKE_SA con1[13]  
Oct 1 02:03:48  charon   05[IKE] <con1|13> deleting IKE_SA con1[13] between 62.216.xx.xx[62.216.xx.xx]...89.252.xx.xx[192.168.5.104]

В винде при подключении ошибка:

Не удалось установить связь по сети между компьютером и ВПН-сервером, 
так как удаленный сервер не отвечает. Возможная причина: одно из сетевых устройств не настроено для 
разрешения ВПН подключений...

Роутер перед клиентским ноутбуком 100% пропускает ВПН трафик, так как успешно подключается к другому L2TP/IPsec VPN-серверу.

Подскажите в чем может быть проблема?

Увійти

Помогите настроить L2TP/IPsec VPN на pfSense 2.3.2

Рекомендованные сообщения

itsale 0

Ссылка на сообщение

Поделиться на других сайтах

Создайте аккаунт или войдите в него для комментирования

Создать аккаунт

Вхід

Зараз на сторінці 0 користувачів

Схожий контент

Спільнота

Активність