[RESOLU] VPN IPCop <-> pfSense

[sqlseb]

Bonjour,
fervent utilisateur d'IPCop (vpn 4 sites dans mon entrprise + quelques dizaines de Roadwarriors et de vpns clients), je dois envisager de m'en séparer sur un de mes sites pour passer à pfSense
Raison : support du failover (CARP), du multi Wan, et du load balancing.

Mon problème est que je n'arrive pas à monter un VPN entre IPCop et pfSense

Bien qu'utilisant principalement du X.509, je me suis même résolu à tester en PSK et pas moyen ...

Quelqu'un ici aurait-il déjà réussi ?

Merci par avance pour vos réponses

Sébastien

[Franck78]

Salut,

c'est les logs vpn qu'il faut. Sur l'IPCop et le pfsense si possible.

[sqlseb]

merci de ta réponse rapide

voici ce que j'ai dans IPCop (évènement le plus récent en haut) :

Code: Tout sélectionner

09:53:47 pluto[8900] "pfsenseparis" #509: initiating Main Mode
09:53:47 pluto[8900] added connection description "pfsenseparis"
09:53:47 pluto[8900] | from whack: got --ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1 536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3d es-md5-modp1024
09:53:47 pluto[8900] | from whack: got --esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
09:53:47 pluto[8900] loaded private key file '/var/ipcop/certs/hostkey.pem' (887 bytes)
09:53:47 pluto[8900] loading secrets from "/etc/ipsec.secrets"
09:53:47 pluto[8900] forgetting secrets


et pfSense :

Code: Tout sélectionner

Dec 15 10:05:32 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Dec 15 10:05:32 racoon: INFO: 192.168.0.252[500] used as isakmp port (fd=21)
Dec 15 10:05:32 racoon: INFO: fe80::211:95ff:fe25:35f5%rl0[500] used as isakmp port (fd=20)
Dec 15 10:05:32 racoon: INFO: fe80::211:95ff:fe25:35f0%rl1[500] used as isakmp port (fd=19)
Dec 15 10:05:32 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Dec 15 10:05:32 racoon: INFO: 213.215.34.xyz[500] used as isakmp port (fd=18)
Dec 15 10:05:32 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Dec 15 10:05:32 racoon: INFO: 192.168.10.253[500] used as isakmp port (fd=17)
Dec 15 10:05:32 racoon: INFO: fe80::209:5bff:fe05:9e18%sis1[500] used as isakmp port (fd=16)
Dec 15 10:05:32 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Dec 15 10:05:32 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
Dec 15 10:05:32 racoon: INFO: ::1[500] used as isakmp port (fd=14)
Dec 15 10:05:32 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
Dec 15 10:05:32 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Dec 15 10:05:32 racoon: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
Dec 15 10:05:18 racoon: INFO: racoon shutdown
Dec 15 10:05:17 racoon: INFO: caught signal 15


Merci de ton aide
sébastien

[sqlseb]

Question : est-ce que la ligne suivante ne voudrait pas par hasard dire que quelque chose est droppé sur mon ipcop ?

Code: Tout sélectionner

Dec 15 14:24:01 attinord kernel: INPUT IN=ppp0 OUT= MAC= SRC=213.215.34.xyz DST=80.65.226.xyz LEN=56 TOS=0x00 PREC=0x00 TTL=60 ID=28784 PROTO=ICMP TYPE=3 CODE=3 [SRC=80.65.226.xyz DST=213.215.34.xyz LEN=448 TOS=0x00 PREC=0x00 TTL=1 ID=1 DF FRAG:8080 PROTO=UDP ]


Merci
seb

[sqlseb]

ajout : vu sur la log ipcop ... on voit bien le "could not start" sur la 10e ligne ...

Code: Tout sélectionner

Dec 15 14:37:11 attinord pluto[23169]: "pfsenseparis" #8: max number of retransmissions (20) reached STATE_MAIN_I1.  No acceptable response to our first IKE message
Dec 15 14:37:11 attinord pluto[23169]: "pfsenseparis" #8: starting keying attempt 2 of an unlimited number, but releasing whack
Dec 15 14:37:11 attinord pluto[23169]: "pfsenseparis" #9: initiating Main Mode to replace #8
Dec 15 14:37:11 attinord ipsec__plutorun: 104 "pfsenseparis" #8: STATE_MAIN_I1: initiate
Dec 15 14:37:11 attinord ipsec__plutorun: 010 "pfsenseparis" #8: STATE_MAIN_I1: retransmission; will wait 20s for response
Dec 15 14:37:11 attinord ipsec__plutorun: 010 "pfsenseparis" #8: STATE_MAIN_I1: retransmission; will wait 40s for response
Dec 15 14:37:11 attinord last message repeated 18 times
Dec 15 14:37:11 attinord ipsec__plutorun: 031 "pfsenseparis" #8: max number of retransmissions (20) reached STATE_MAIN_I1.  No acceptable response to our first IKE message
Dec 15 14:37:11 attinord ipsec__plutorun: 000 "pfsenseparis" #8: starting keying attempt 2 of an unlimited number, but releasing whack
Dec 15 14:37:11 attinord ipsec__plutorun:...could not start conn "pfsenseparis"



[sqlseb]

mise à jour
après avoir passé mon ipcop en 1.4.11 (je voyais pas l'intérêt ... jusqu'à ce que je m'apercoive qu'il y en avait un ...), voici mes logs, pour un von lan to lan en psk :

ipcop

Code: Tout sélectionner

16:00:53 pluto[574] "pfsenseparis" #14: initiating Main Mode
16:00:53 pluto[574] added connection description "pfsenseparis"
16:00:53 pluto[574] | from whack: got --ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1 536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3d es-md5-modp1024
16:00:53 pluto[574] | from whack: got --esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
16:00:53 ipsec__plutorun ...could not start conn "pfsenseparis"
16:00:53 ipsec__plutorun 010 "pfsenseparis" #7: STATE_MAIN_I1: retransmission; will wait 40s for response
16:00:53 ipsec__plutorun 010 "pfsenseparis" #7: STATE_MAIN_I1: retransmission; will wait 20s for response
16:00:53 ipsec__plutorun 104 "pfsenseparis" #7: STATE_MAIN_I1: initiate
16:00:53 pluto[574] "pfsenseparis" #7: deleting state (STATE_MAIN_I1)
16:00:53 pluto[574] "pfsenseparis": deleting connection
16:00:53 pluto[574] loaded private key file '/var/ipcop/certs/hostkey.pem' (887 bytes)
16:00:53 pluto[574] loading secrets from "/etc/ipsec.secrets"
16:00:53 pluto[574] forgetting secrets


pfsense

Code: Tout sélectionner

Dec 15 16:04:44 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Dec 15 16:04:44 racoon: INFO: 192.168.0.252[500] used as isakmp port (fd=21)
Dec 15 16:04:44 racoon: INFO: fe80::211:95ff:fe25:35f5%rl0[500] used as isakmp port (fd=20)
Dec 15 16:04:44 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Dec 15 16:04:44 racoon: INFO: 213.215.34.XXX[500] used as isakmp port (fd=19)
Dec 15 16:04:44 racoon: INFO: fe80::211:95ff:fe25:35f0%rl1[500] used as isakmp port (fd=18)
Dec 15 16:04:44 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Dec 15 16:04:44 racoon: INFO: 192.168.10.253[500] used as isakmp port (fd=17)
Dec 15 16:04:44 racoon: INFO: fe80::209:5bff:fe05:9e18%sis1[500] used as isakmp port (fd=16)
Dec 15 16:04:44 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Dec 15 16:04:44 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
Dec 15 16:04:44 racoon: INFO: ::1[500] used as isakmp port (fd=14)
Dec 15 16:04:44 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
Dec 15 16:04:44 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Dec 15 16:04:44 racoon: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
Dec 15 16:04:37 racoon: INFO: racoon shutdown
Dec 15 16:04:36 racoon: INFO: caught signal 15


merci
seb

[Franck78]

1) il n'y a aucun début de dialogue entre tes deux machines.
2) le pfsense a l'air OPENSSL... et ipcop IPSEC?

[taxaw]

Bonsoir,
Il faudrait être plus clair concernant les paramêtres de config :
Type de VPN, version de pfsense, pour ipsec donner les paramêtres :encapsulation choisie, ...
puis donner les logs des deux sans sélectionner ce que vous pensez plus intéressant.
A+

[sqlseb]

Bonjour et merci de vos réponses.

Je vais essayer d'être plus clair.

Extrémité 1 : IPCop 1.4.11, directement sur Internet, @IP Fixe

Extrémité 2 : pfSense 1.0.1 (build 06/10/29), dernière version stable, directement sur Internet, @IP Fixe

Pour les paramètres IPSec coté IPCop, j'en suis là :

nom : pfsenseparis
coté IPCop : Left
Sous réseau local : 192.168.59.0/255.255.255.0
Sous réseau distant : 192.168.10.1/255.255.255.0
Serveur / IP DIstant : je garde ça pour moi
Action quand le pair disparaît : hold
ID Locale : rien ?
ID Distante : rien ?
PSK : je la garde pour moi
Phase 1 IPSec (IKE) : 3DES/SHA/MODP-1024/1 heure
Phase 2 IPSec (ESP) : 3DES/SHA/MODP-1024/8 heures
Agressive Mode : non
Perfect Formward secrecy : oui

Et coté pfSense :
Interface : WAN
Local subnet : network - 192.168.10.0 / 24
Remote subnet : 192.168.59.0 / 24
Remote Gateway : je garde ça pour moi
Negotiation mode : main
My identifier : IP Address - (mon @IP publique coté pfSense)
Phase 1 IPSec (Authentication) : 3DES/SHA1/type 2 (1024)/3600 secondes
Méthode : PSK
Phase 2 IPSec : ESP/3DES/SHA1/type 2 (1024)/28800 secondes

pour les logs, je vous joins les logs IPSec respectives, merci de me dire s'il faut les autres

extrait IPCop (je n'ai rien enlevé, les TN et TL concernant d'autres tunnels tout à fait opérationnels entre IPCops)

Code: Tout sélectionner

10:59:21 pluto[18343] "pfsenseparis" #4075: discarding duplicate packet; already STATE_MAIN_I3
10:59:11 pluto[18343] "pfsenseparis" #4075: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
10:59:11 pluto[18343] "pfsenseparis" #4075: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
10:59:11 pluto[18343] "pfsenseparis" #4075: received Vendor ID payload [Dead Peer Detection]
10:59:11 pluto[18343] "pfsenseparis" #4075: initiating Main Mode to replace #4071
10:59:11 pluto[18343] "pfsenseparis" #4071: starting keying attempt 975 of an unlimited number
10:59:11 pluto[18343] "pfsenseparis" #4071: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted m essage
10:58:51 pluto[18343] "pfsenseparis" #4071: discarding duplicate packet; already STATE_MAIN_I3
10:58:50 pluto[18343] "TN" #4057: received and ignored informational message
10:58:50 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:58:49 pluto[18343] "TN" #4057: received and ignored informational message
10:58:49 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:58:49 pluto[18343] "TL" #4063: received and ignored informational message
10:58:49 pluto[18343] "TL" #4063: ignoring informational payload, type INVALID_MESSAGE_ID
10:58:41 pluto[18343] "pfsenseparis" #4071: discarding duplicate packet; already STATE_MAIN_I3
10:58:31 pluto[18343] "pfsenseparis" #4071: discarding duplicate packet; already STATE_MAIN_I3
10:58:30 pluto[18343] "TN" #4057: received and ignored informational message
10:58:30 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:58:29 pluto[18343] "TL" #4063: received and ignored informational message
10:58:29 pluto[18343] "TL" #4063: ignoring informational payload, type INVALID_MESSAGE_ID
10:58:29 pluto[18343] "TN" #4057: received and ignored informational message
10:58:29 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:58:21 pluto[18343] "pfsenseparis" #4071: discarding duplicate packet; already STATE_MAIN_I3
10:58:20 pluto[18343] "TN" #4057: received and ignored informational message
10:58:20 pluto[18343] "TN" #4057: ignoring informational payload, type NO_PROPOSAL_CHOSEN
10:58:20 pluto[18343] "TN" #4074: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #4070
10:58:20 pluto[18343] "TN" #4070: starting keying attempt 980 of an unlimited number
10:58:20 pluto[18343] "TN" #4070: max number of retransmissions (2) reached STATE_QUICK_I1
10:58:19 pluto[18343] "TN" #4057: received and ignored informational message
10:58:19 pluto[18343] "TN" #4057: ignoring informational payload, type NO_PROPOSAL_CHOSEN
10:58:19 pluto[18343] "TL" #4063: received and ignored informational message
10:58:19 pluto[18343] "TL" #4063: ignoring informational payload, type NO_PROPOSAL_CHOSEN
10:58:19 pluto[18343] "TN" #4073: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #4068
10:58:19 pluto[18343] "TN" #4068: starting keying attempt 979 of an unlimited number
10:58:19 pluto[18343] "TN" #4068: max number of retransmissions (2) reached STATE_QUICK_I1
10:58:19 pluto[18343] "TL" #4072: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #4069
10:58:19 pluto[18343] "TL" #4069: starting keying attempt 980 of an unlimited number
10:58:19 pluto[18343] "TL" #4069: max number of retransmissions (2) reached STATE_QUICK_I1
10:58:11 pluto[18343] "pfsenseparis" #4071: discarding duplicate packet; already STATE_MAIN_I3
10:58:01 pluto[18343] "pfsenseparis" #4071: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
10:58:01 pluto[18343] "pfsenseparis" #4071: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
10:58:01 pluto[18343] "pfsenseparis" #4071: received Vendor ID payload [Dead Peer Detection]
10:58:01 pluto[18343] "pfsenseparis" #4071: initiating Main Mode to replace #4067
10:58:01 pluto[18343] "pfsenseparis" #4067: starting keying attempt 974 of an unlimited number
10:58:01 pluto[18343] "pfsenseparis" #4067: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted m essage
10:57:42 pluto[18343] "pfsenseparis" #4067: discarding duplicate packet; already STATE_MAIN_I3
10:57:40 pluto[18343] "TN" #4057: received and ignored informational message
10:57:40 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:57:39 pluto[18343] "TL" #4063: received and ignored informational message
10:57:39 pluto[18343] "TL" #4063: ignoring informational payload, type INVALID_MESSAGE_ID
10:57:39 pluto[18343] "TN" #4057: received and ignored informational message
10:57:39 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:57:32 pluto[18343] "pfsenseparis" #4067: discarding duplicate packet; already STATE_MAIN_I3
10:57:22 pluto[18343] "pfsenseparis" #4067: discarding duplicate packet; already STATE_MAIN_I3
10:57:21 pluto[18343] "TN" #4057: received and ignored informational message
10:57:21 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:57:19 pluto[18343] "TL" #4063: received and ignored informational message
10:57:19 pluto[18343] "TL" #4063: ignoring informational payload, type INVALID_MESSAGE_ID
10:57:19 pluto[18343] "TN" #4057: received and ignored informational message
10:57:19 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:57:11 pluto[18343] "pfsenseparis" #4067: discarding duplicate packet; already STATE_MAIN_I3
10:57:10 pluto[18343] "TN" #4057: received and ignored informational message
10:57:10 pluto[18343] "TN" #4057: ignoring informational payload, type NO_PROPOSAL_CHOSEN
10:57:10 pluto[18343] "TN" #4070: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #4066
10:57:10 pluto[18343] "TN" #4066: starting keying attempt 979 of an unlimited number
10:57:10 pluto[18343] "TN" #4066: max number of retransmissions (2) reached STATE_QUICK_I1
10:57:09 pluto[18343] "TL" #4063: received and ignored informational message
10:57:09 pluto[18343] "TL" #4063: ignoring informational payload, type NO_PROPOSAL_CHOSEN
10:57:09 pluto[18343] "TN" #4057: received and ignored informational message
10:57:09 pluto[18343] "TN" #4057: ignoring informational payload, type NO_PROPOSAL_CHOSEN
10:57:09 pluto[18343] "TL" #4069: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #4064
10:57:09 pluto[18343] "TL" #4064: starting keying attempt 979 of an unlimited number
10:57:09 pluto[18343] "TL" #4064: max number of retransmissions (2) reached STATE_QUICK_I1
10:57:09 pluto[18343] "TN" #4068: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #4065
10:57:09 pluto[18343] "TN" #4065: starting keying attempt 978 of an unlimited number
10:57:09 pluto[18343] "TN" #4065: max number of retransmissions (2) reached STATE_QUICK_I1
10:57:01 pluto[18343] "pfsenseparis" #4067: discarding duplicate packet; already STATE_MAIN_I3
10:56:51 pluto[18343] "pfsenseparis" #4067: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
10:56:51 pluto[18343] "pfsenseparis" #4067: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
10:56:51 pluto[18343] "pfsenseparis" #4067: received Vendor ID payload [Dead Peer Detection]
10:56:51 pluto[18343] "pfsenseparis" #4067: initiating Main Mode to replace #4062
10:56:51 pluto[18343] "pfsenseparis" #4062: starting keying attempt 973 of an unlimited number
10:56:51 pluto[18343] "pfsenseparis" #4062: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted m essage
10:56:31 pluto[18343] "pfsenseparis" #4062: discarding duplicate packet; already STATE_MAIN_I3
10:56:30 pluto[18343] "TN" #4057: received and ignored informational message
10:56:30 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:56:29 pluto[18343] "TN" #4057: received and ignored informational message
10:56:29 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:56:29 pluto[18343] "TL" #4063: received and ignored informational message
10:56:29 pluto[18343] "TL" #4063: ignoring informational payload, type INVALID_MESSAGE_ID
10:56:21 pluto[18343] "pfsenseparis" #4062: discarding duplicate packet; already STATE_MAIN_I3
10:56:11 pluto[18343] "pfsenseparis" #4062: discarding duplicate packet; already STATE_MAIN_I3
10:56:10 pluto[18343] "TN" #4057: received and ignored informational message
10:56:10 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:56:09 pluto[18343] "TL" #4063: received and ignored informational message
10:56:09 pluto[18343] "TL" #4063: ignoring informational payload, type INVALID_MESSAGE_ID
10:56:09 pluto[18343] "TN" #4057: received and ignored informational message
10:56:09 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:56:01 pluto[18343] "pfsenseparis" #4062: discarding duplicate packet; already STATE_MAIN_I3
10:56:01 pluto[18343] "TN" #4057: received and ignored informational message
10:56:01 pluto[18343] "TN" #4057: ignoring informational payload, type NO_PROPOSAL_CHOSEN
10:56:00 pluto[18343] "TN" #4066: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #4061
10:56:00 pluto[18343] "TN" #4061: starting keying attempt 978 of an unlimited number
10:56:00 pluto[18343] "TN" #4061: max number of retransmissions (2) reached STATE_QUICK_I1
10:55:59 pluto[18343] "TN" #4057: received and ignored informational message
10:55:59 pluto[18343] "TN" #4057: ignoring informational payload, type NO_PROPOSAL_CHOSEN
10:55:59 pluto[18343] "TL" #4063: received and ignored informational message
10:55:59 pluto[18343] "TL" #4063: ignoring informational payload, type NO_PROPOSAL_CHOSEN
10:55:59 pluto[18343] "TN" #4065: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #4059
10:55:59 pluto[18343] "TN" #4059: starting keying attempt 977 of an unlimited number
10:55:59 pluto[18343] "TN" #4059: max number of retransmissions (2) reached STATE_QUICK_I1
10:55:59 pluto[18343] "TL" #4064: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #4060
10:55:59 pluto[18343] "TL" #4060: starting keying attempt 978 of an unlimited number
10:55:59 pluto[18343] "TL" #4060: max number of retransmissions (2) reached STATE_QUICK_I1
10:55:52 pluto[18343] "TL" #4063: ISAKMP SA established
10:55:52 pluto[18343] "TL" #4063: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
10:55:52 pluto[18343] "TL" #4063: Issuer CRL not found
10:55:52 pluto[18343] "TL" #4063: Issuer CRL not found
10:55:52 pluto[18343] "TL" #4063: Main mode peer ID is ID_DER_ASN1_DN: 'C=FX, O=ATTI69, CN=attira.net2 .nerim.net'
10:55:52 pluto[18343] "TL" #4063: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
10:55:52 pluto[18343] "TL" #4063: NAT-Traversal: Result using RFC 3947: no NAT detected
10:55:52 pluto[18343] "TL" #4063: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
10:55:52 pluto[18343] "TL" #4063: received Vendor ID payload [Dead Peer Detection]
10:55:52 pluto[18343] "TL" #4063: received Vendor ID payload [RFC 3947]
10:55:52 pluto[18343] "TL" #4063: initiating Main Mode to replace #3886
10:55:51 pluto[18343] "pfsenseparis" #4062: discarding duplicate packet; already STATE_MAIN_I3
10:55:41 pluto[18343] "pfsenseparis" #4062: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
10:55:40 pluto[18343] "pfsenseparis" #4062: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
10:55:40 pluto[18343] "pfsenseparis" #4062: received Vendor ID payload [Dead Peer Detection]
10:55:40 pluto[18343] "pfsenseparis" #4062: initiating Main Mode to replace #4058
10:55:40 pluto[18343] "pfsenseparis" #4058: starting keying attempt 972 of an unlimited number
10:55:40 pluto[18343] "pfsenseparis" #4058: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted m essage
10:55:20 pluto[18343] "pfsenseparis" #4058: discarding duplicate packet; already STATE_MAIN_I3
10:55:20 pluto[18343] "TN" #4057: received and ignored informational message
10:55:20 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:55:20 pluto[18343] "TL" #3886: received and ignored informational message
10:55:20 pluto[18343] "TL" #3886: ignoring informational payload, type INVALID_MESSAGE_ID
10:55:20 pluto[18343] "TN" #4057: received and ignored informational message
10:55:20 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:55:10 pluto[18343] "pfsenseparis" #4058: discarding duplicate packet; already STATE_MAIN_I3
10:55:00 pluto[18343] "TN" #4057: received and ignored informational message
10:55:00 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:55:00 pluto[18343] "pfsenseparis" #4058: discarding duplicate packet; already STATE_MAIN_I3
10:54:59 pluto[18343] "TN" #4057: received and ignored informational message
10:54:59 pluto[18343] "TN" #4057: ignoring informational payload, type INVALID_MESSAGE_ID
10:54:59 pluto[18343] "TL" #3886: received and ignored informational message
10:54:59 pluto[18343] "TL" #3886: ignoring informational payload, type INVALID_MESSAGE_ID
10:54:50 pluto[18343] "pfsenseparis" #4058: discarding duplicate packet; already STATE_MAIN_I3
10:54:50 pluto[18343] "TN" #4057: received and ignored informational message
10:54:50 pluto[18343] "TN" #4057: ignoring informational payload, type NO_PROPOSAL_CHOSEN


et pfSense (je me suis juste permis de masquer une partie des adresses publiques):
(le pfsense est en 213.215.x.x et l'IPCop en 80.65.xx.xx)

Code: Tout sélectionner

Dec 18 11:01:33 racoon: INFO: received Vendor ID: DPD
Dec 18 11:01:33 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 11:01:33 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 11:01:33 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 11:01:33 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 11:01:33 racoon: INFO: begin Identity Protection mode.
Dec 18 11:01:33 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 11:01:23 racoon: ERROR: phase1 negotiation failed due to time up. 881c5ce1d3ba8194:c5df404519de1265
Dec 18 11:00:22 racoon: INFO: received Vendor ID: DPD
Dec 18 11:00:22 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 11:00:22 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 11:00:22 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 11:00:22 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 11:00:22 racoon: INFO: begin Identity Protection mode.
Dec 18 11:00:22 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 11:00:13 racoon: ERROR: phase1 negotiation failed due to time up. 2341589dafba2e7e:0780bcf08c32b96a
Dec 18 10:59:13 racoon: INFO: received Vendor ID: DPD
Dec 18 10:59:13 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:59:13 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:59:13 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:59:13 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:59:13 racoon: INFO: begin Identity Protection mode.
Dec 18 10:59:13 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:59:02 racoon: ERROR: phase1 negotiation failed due to time up. 6871287212846d36:04d949dea6956906
Dec 18 10:58:02 racoon: INFO: received Vendor ID: DPD
Dec 18 10:58:02 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:58:02 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:58:02 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:58:02 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:58:02 racoon: INFO: begin Identity Protection mode.
Dec 18 10:58:02 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:57:53 racoon: ERROR: phase1 negotiation failed due to time up. fe0dc5cb7aef6d9a:ccce96eff79e8319
Dec 18 10:56:52 racoon: INFO: received Vendor ID: DPD
Dec 18 10:56:52 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:56:52 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:56:52 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:56:52 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:56:52 racoon: INFO: begin Identity Protection mode.
Dec 18 10:56:52 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:56:42 racoon: ERROR: phase1 negotiation failed due to time up. fd8539437dde1c72:ed83ec1e065e305b
Dec 18 10:55:42 racoon: INFO: received Vendor ID: DPD
Dec 18 10:55:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:55:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:55:42 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:55:42 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:55:42 racoon: INFO: begin Identity Protection mode.
Dec 18 10:55:42 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:55:32 racoon: ERROR: phase1 negotiation failed due to time up. ef1379a0a12de7a5:917d19df0699ea34
Dec 18 10:54:32 racoon: INFO: received Vendor ID: DPD
Dec 18 10:54:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:54:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:54:32 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:54:32 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:54:32 racoon: INFO: begin Identity Protection mode.
Dec 18 10:54:32 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:54:21 racoon: ERROR: phase1 negotiation failed due to time up. 4f513c67ecc88a00:67c2053b7b85fde6
Dec 18 10:53:21 racoon: INFO: received Vendor ID: DPD
Dec 18 10:53:21 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:53:21 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:53:21 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:53:21 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:53:21 racoon: INFO: begin Identity Protection mode.
Dec 18 10:53:21 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:53:10 racoon: ERROR: phase1 negotiation failed due to time up. 3d1154220272119e:ec8fc342023a1ea5
Dec 18 10:52:10 racoon: INFO: received Vendor ID: DPD
Dec 18 10:52:10 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:52:10 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:52:10 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:52:10 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:52:10 racoon: INFO: begin Identity Protection mode.
Dec 18 10:52:10 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:51:59 racoon: ERROR: phase1 negotiation failed due to time up. dcb36e8f62ce01de:4231d5544d6e5e21
Dec 18 10:50:59 racoon: INFO: received Vendor ID: DPD
Dec 18 10:50:59 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:50:59 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:50:59 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:50:59 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:50:59 racoon: INFO: begin Identity Protection mode.
Dec 18 10:50:59 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:50:50 racoon: ERROR: phase1 negotiation failed due to time up. 6d437dc1f920b86f:f92955a9dc8f9177
Dec 18 10:49:50 racoon: INFO: received Vendor ID: DPD
Dec 18 10:49:50 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:49:50 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:49:50 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:49:50 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:49:50 racoon: INFO: begin Identity Protection mode.
Dec 18 10:49:50 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:49:39 racoon: ERROR: phase1 negotiation failed due to time up. 92c6ee830120ec4e:6937b1f000d883c1
Dec 18 10:48:39 racoon: INFO: received Vendor ID: DPD
Dec 18 10:48:39 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:48:39 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:48:39 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:48:39 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:48:39 racoon: INFO: begin Identity Protection mode.
Dec 18 10:48:39 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:48:28 racoon: ERROR: phase1 negotiation failed due to time up. 0d9deb600a7be87e:d6a8a480fb542ea0
Dec 18 10:47:28 racoon: INFO: received Vendor ID: DPD
Dec 18 10:47:28 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:47:28 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:47:28 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:47:28 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:47:28 racoon: INFO: begin Identity Protection mode.
Dec 18 10:47:28 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:47:19 racoon: ERROR: phase1 negotiation failed due to time up. 2580ee16b3ca695a:fb8e5d33c0a99ee8
Dec 18 10:46:19 racoon: INFO: received Vendor ID: DPD
Dec 18 10:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:46:19 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:46:19 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:46:19 racoon: INFO: begin Identity Protection mode.
Dec 18 10:46:19 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:46:08 racoon: ERROR: phase1 negotiation failed due to time up. 92b9c607930e08ca:cd88c4e7f72fb4bc
Dec 18 10:45:08 racoon: INFO: received Vendor ID: DPD
Dec 18 10:45:08 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:45:08 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:45:08 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:45:08 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:45:08 racoon: INFO: begin Identity Protection mode.
Dec 18 10:45:08 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:44:58 racoon: ERROR: phase1 negotiation failed due to time up. 00da00966725bff9:1cb3e343e0db9a3a
Dec 18 10:43:58 racoon: INFO: received Vendor ID: DPD
Dec 18 10:43:58 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:43:58 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:43:58 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:43:58 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:43:58 racoon: INFO: begin Identity Protection mode.
Dec 18 10:43:58 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xxx.xxx[500]
Dec 18 10:43:48 racoon: ERROR: phase1 negotiation failed due to time up. bc2b7d59e8686428:d133054d0c252633
Dec 18 10:42:48 racoon: INFO: received Vendor ID: DPD
Dec 18 10:42:48 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:42:48 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:42:48 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:42:48 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:42:48 racoon: INFO: begin Identity Protection mode.
Dec 18 10:42:48 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:42:38 racoon: ERROR: phase1 negotiation failed due to time up. 22c2fff3fd287394:04ba5484b8f35eb1
Dec 18 10:41:38 racoon: INFO: received Vendor ID: DPD
Dec 18 10:41:38 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:41:38 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:41:38 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:41:38 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:41:38 racoon: INFO: begin Identity Protection mode.
Dec 18 10:41:38 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:41:28 racoon: ERROR: phase1 negotiation failed due to time up. 7367c3c895c3dd69:44eb4dc86a2d1e5e
Dec 18 10:40:28 racoon: INFO: received Vendor ID: DPD
Dec 18 10:40:28 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:40:28 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:40:28 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:40:28 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:40:28 racoon: INFO: begin Identity Protection mode.
Dec 18 10:40:28 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:40:18 racoon: ERROR: phase1 negotiation failed due to time up. ddc527eddf6741ed:6f31cb85f8cae252
Dec 18 10:39:18 racoon: INFO: received Vendor ID: DPD
Dec 18 10:39:18 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:39:18 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:39:18 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:39:18 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:39:18 racoon: INFO: begin Identity Protection mode.
Dec 18 10:39:18 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]
Dec 18 10:39:07 racoon: ERROR: phase1 negotiation failed due to time up. ae065b553487860b:4e5e7b4c74e8923d
Dec 18 10:38:07 racoon: INFO: received Vendor ID: DPD
Dec 18 10:38:07 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 10:38:07 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 10:38:07 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 18 10:38:07 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 10:38:07 racoon: INFO: begin Identity Protection mode.
Dec 18 10:38:07 racoon: INFO: respond new phase 1 negotiation: 213.215.xx.xxx[500]<=>80.65.xx.xxx[500]


s'il manque quoi que ce soit, merci de le préciser
merci encore pour votre aide

Seb

[Franck78]

The racoon.conf file is ???

Il n' a pas de routeur (nat) entre l'IPCop et le pfsense? L'IP publique est bien géré par chacun des appareils?


Peché sur internet:
Michael Richardson wrote:
> I can’t connect Shrew to pfSense. I’m confident that all packets are
> making it in both directions. The errors at each end don’t seem to
> correspond with each other. Ideas?
>

Did you upgrade racoon to a newer version? Pfsense bundles a version of
racoon that is very old.

[sqlseb]

Bonjour et merci de ta réponse.
Je n'ai pu répondre plus tôt pour cause de formation, et je m'en excuse.

Pour les infos concernant les routeurs et autres NAT, j'ai voulu avoir l'esprit clair.
Par conséquent j'ai remonté en lieu et place du pfsense un ipcop, paramétré un vpn psk, et au bout de 10 secondes ... ça marche, bien évidemment.
Il s'agit donc bien d'un problème relatif à ma configuration pfSense.

Concernant la version de racoon et sa conf, je vous les envoie en fin de matinée, dès que j'aurai remonté le pfSense

Merci à tous de votre aide, et pour votre excellent site
Sébastien

[sqlseb]

La version de racoon (ipsec-tools ?) semble etre 0.6.6
quant au fichier de conf ... je le cherche toujours ...

[sqlseb]

ayé, trouvé (/var/etc/racoon.conf)

le voici (amputé des adresses publiques):

# cd /var/etc
# more racoon.conf
path pre_shared_key "/var/etc/psk.txt";

path certificate "/var/etc";

remote adresse publique ipcop {
exchange_mode main;
my_identifier address "adresse publique pfsense";

peers_identifier address adresse publique ipcop;
initial_contact on;
support_proxy on;
proposal_check obey;

proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}

sainfo address 192.168.0.0/24 any address 192.168.59.0/24 any {
encryption_algorithm 3des,blowfish,cast128,rijndael,rijndael 256;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
pfs_group 2;
}

[sqlseb]

Post Résolu !

J'ai trouvé la solution et franchement ...

La PSK que j'utilisais contenait un "é" qui n'est vraisemblablement pas géré de la même manière sur les deux plateformes.

En espérant que ce post n'aura pas pollué le forum, et que ça servira un jour a quelqu'un,
merci de votre aide

Sébastien