taxaw a écrit:Bonjour trax2539
Moi je l'ai déjà fait fonctionné avec ipcop 1.4.2.
Bon depuis je n'y ai plus touché car je préfére du openvpn en roadwarior, moins cher.
Essai d'etre plus explicite sur les logs des deux côtés .
A +.
tu pourrais m'en dire plus sur ta conf avec greenbow?
nous avons déjà les licences greenbow.. il serait malvenu de ne plus les utiliser :s
pour les logs :
sur greenbow (mode90)
- Code: Tout sélectionner
193324 SA 90 sa_find: no SA matched query
193324 SA 90 sa_find: no SA matched query
193326 SA 90 sa_find: no SA matched query
193326 SA 90 sa_find: no SA matched query
193326 SA 90 sa_find: no SA matched query
193326 Sdep 70 sysdep_connection_check: SA for CnxVpn1-CnxVpn1-P2 missing
193326 SA 90 sa_find: no SA matched query
193326 Sdep 10 remote gateway is 192.168.1.250
193326 Trpt 70 transport_add: adding 00EB2F48
193326 Timr 80 timer_add_event: add exchange_free_aux (004054C9) with arg 00EB2B10 expiration 1152466486
193326 Timr 10 timer_add_event: event exchange_free_aux(00EB2B10) added last, expiration in 80s
193326 Cryp 60 hash_get: requested algorithm 1
193326 Exch 10 exchange_establish_p1: 00EB2B10 CnxVpn1-P1 CnxVpn1-aggressive-mode policy initiator phase 1 doi 1 exchange 4 step 0
193326 Exch 10 exchange_establish_p1: icookie d9a9057d6588d229 rcookie 0000000000000000
193326 Exch 10 exchange_establish_p1: msgid 00000000
193326 Mesg 90 message_alloc: allocated 00EB2C60
193326 SA 80 sa_reference: SA 00EB2D30 now has 1 references
193326 SA 70 sa_enter: SA 00EB2D30 added to SA list
193326 SA 80 sa_reference: SA 00EB2D30 now has 2 references
193326 SA 60 sa_create: sa 00EB2D30 phase 1 added to exchange 00EB2B10 (CnxVpn1-P1)
193326 SA 80 sa_reference: SA 00EB2D30 now has 3 references
193326 SA 90 sa_find: no SA matched query
193326 Misc 70 attribute_set_constant: no PRF in the 3DES-SHA-GRP2 section
193326 Cryp 60 hash_get: requested algorithm 1
193326 Misc 70 group_get: returning 00EC3960 of group 2
193326 Misc 80 ipsec_g_x: g^xi:
193326 Misc 80 2c5acc8d 271baa8e 988cdcb7 170833b4 e62a67a5 84e6f1b0 0b5310ab c9f9f48f
193326 Misc 80 38aa2ada 317aacee b6286175 074fd328 305cfa89 2cdccb2c bd59172a 8e85fb0c
193326 Misc 80 e628fee0 16721ba0 5468f3e5 64eb47a9 36b42319 5b65b5f8 f69fd47e 20f25f4e
193326 Misc 80 f193e869 a290cfd0 3871fed7 e5957520 7b0b527a 26aedd82 5394a026 fc902ef4
193326 Exch 80 exchange_nonce: NONCE_i:
193326 Exch 80 f34d026b af3d1c84 eafe7e88 9a39f1c0
193326 Negt 40 ike_phase_1_send_ID: IPV4_ADDR:
193326 Negt 40 00000000
193326 Exch 90 exchange_validate: checking for required SA
193326 Exch 90 exchange_validate: checking for required KEY_EXCH
193326 Exch 90 exchange_validate: checking for required NONCE
193326 Exch 90 exchange_validate: checking for required ID
193326 Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID]
193326 Mesg 70 message_send: message 00EB2C60
193326 Mesg 70 ICOOKIE: 0xd9a9057d6588d2
193326 Mesg 70 RCOOKIE: 0x00000000000000
193326 Mesg 70 NEXT_PAYLOAD: SA
193326 Mesg 70 VERSION: 16
193326 Mesg 70 EXCH_TYPE: AGGRESSIVE
193326 Mesg 70 FLAGS: [ ]
193326 Mesg 70 MESSAGE_ID: 0x000000
193326 Mesg 70 LENGTH: 324
193326 Mesg 70 message_send: d9a9057d 6588d229 00000000 00000000 01100400 00000000 00000144 0d000034
193326 Mesg 70 message_send: 00000001 00000001 00000028 01010001 00000020 00010000 80010005 80020002
193326 Mesg 70 message_send: 80030001 80040002 800b0001 800c0708 0d000014 4485152d 18b6bbcd 0be8a846
193326 Mesg 70 message_send: 9579ddcc 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 7d9419a6
193326 Mesg 70 message_send: 5310ca6f 2c179d92 15529d56 04000014 afcad713 68a1f1c9 6b8696fc 77570100
193326 Mesg 70 message_send: 0a000084 2c5acc8d 271baa8e 988cdcb7 170833b4 e62a67a5 84e6f1b0 0b5310ab
193326 Mesg 70 message_send: c9f9f48f 38aa2ada 317aacee b6286175 074fd328 305cfa89 2cdccb2c bd59172a
193326 Mesg 70 message_send: 8e85fb0c e628fee0 16721ba0 5468f3e5 64eb47a9 36b42319 5b65b5f8 f69fd47e
193326 Mesg 70 message_send: 20f25f4e f193e869 a290cfd0 3871fed7 e5957520 7b0b527a 26aedd82 5394a026
193326 Mesg 70 message_send: fc902ef4 05000014 f34d026b af3d1c84 eafe7e88 9a39f1c0 0000000c 01000000
193326 Mesg 70 message_send: 00000000
193326 Exch 40 exchange_run: exchange 00EB2B10 finished step 0, advancing...
193326 Exch 90 exchange_lookup_by_name: CnxVpn1-P1 == CnxVpn1-P1 && 1 == 1?
193326 Trpt 30 transport_send_messages: message 00EB2C60 scheduled for retransmission 1 in 7 secs
193326 Timr 80 timer_add_event: add message_send_expire (0041BDA1) with arg 00EB2C60 expiration 1152466413
193326 Timr 10 timer_add_event: event message_send_expire(00EB2C60) added before exchange_free_aux(00EB2B10), expiration in 7s
... très bavard mais pas très clair
pour préciser, j'avais commencé par mettre des certificats, mais comme ca ne fonctionnait pas, je suis passé en pré shared