VPN IPSec Endian X Check Point Gaia 77.10 -

Marcado: Check Point; Gaia 77.10;IPSEC;Endian X Gaia;Endian X Checkpoint

Este tópico contém 0 resposta, 1 voz e foi atualizado pela última vez 8 anos, 11 meses atrás por Rafael Faria.

Visualizando 0 resposta da discussão

Autor

Posts
- maio 29, 2015 às 3:00 pm #20186
  
  Rafael Faria
  Participante
  
  Bom dia Pessoal,
  
  Estou com o seguinte cenário, em minha rede possuo Endian e necessito fechar um tunel VPN com um cliente que possui o Check point Gaia como o Gaia não suporta OpenVPN estamos utilizando IPSec embora o Endian me de status de conectado não consigo pingar nem acessar a rede do cliente, segue abaixo escopo atual e logs:
  
  Rede Verde: 192.169.X.X/24
  Sub-rede IPSec: 192.168.191.0/29
  Redes Cliente: 10.101.X.X/22, 172.25.X.X/22, 172.25.X.X/24
  
  Logs Sistema IPSEC:
  
  ####################################
  IPSEC
  ####################################
  
  ####################################
  IPSEC
  ####################################
  
  Sistema 2015-05-29 14:52:54 ipsec: 00[LIB] plugin “ha” failed to load – ha_plugin_create returned NULL
  Sistema 2015-05-29 14:52:54 ipsec: 00[NET] could not open socket Address family not supported by protocol
  Sistema 2015-05-29 14:52:54 ipsec 00[NET] could not open IPv6 socket, IPv6 disabled
  Sistema 2015-05-29 14:52:54 ipsec: 00[KNL] received netlink error Address family not supported by protocol (97)
  Sistema 2015-05-29 14:52:54 ipsec 00[KNL] unable to create IPv6 routing table rule
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading ca certificates from “/etc/ipsec/ipsec.d/cacerts”
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded ca certificate “C=IT, O=efw, CN=efw CA” from “/etc/ipsec/ipsec.d/cacerts/cacert.pem”
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading aa certificates from “/etc/ipsec/ipsec.d/aacerts”
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading ocsp signer certificates from “/etc/ipsec/ipsec.d/ocspcerts”
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading attribute certificates from “/etc/ipsec/ipsec.d/acerts”
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading crls from “/etc/ipsec/ipsec.d/crls”
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded crl from “/etc/ipsec/ipsec.d/crls/ca.crl”
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading secrets from “/etc/ipsec/ipsec.secrets”
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded RSA private key from “/etc/ipsec/ipsec.d/certs/200.150.96.251key.pem”
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded IKE secret for 200.150.X.X 200.250.X.X
  Sistema 2015-05-29 14:52:54 ipsec: 00[CFG] opening triplet file /etc/ipsec/ipsec.d/triplets.dat failed No such file or directory
  Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded 0 RADIUS server configurations
  Sistema 2015-05-29 14:52:54 ipsec: 00[LIB] loaded plugins charon curl ldap aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp agent xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-radius xauth-generic xauth-pam dhcp lookip addrblock
  Sistema 2015-05-29 14:52:54 ipsec 00[LIB] unable to load 16 plugin features (15 due to unmet dependencies)
  Sistema 2015-05-29 14:52:54 ipsec 00[LIB] dropped capabilities, running as uid 0, gid 0
  Sistema 2015-05-29 14:52:54 ipsec 00[JOB] spawning 16 worker threads
  Sistema 2015-05-29 14:52:54 ipsec_starter (15591) charon (15592) started after 40 ms
  Sistema 2015-05-29 14:52:54 ipsec: 05[CFG] received stroke add connection “Nome Cliente”
  Sistema 2015-05-29 14:52:54 ipsec 05[CFG] added configuration “Nome Cliente”
  Sistema 2015-05-29 14:52:54 ipsec: 08[CFG] received stroke initiate “Nome Cliente”
  Sistema 2015-05-29 14:52:54 Nome Cliente (1) 08[IKE] initiating Main Mode IKE_SA NOME Cliente[1] to 200.250.X.X
  Sistema 2015-05-29 14:52:54 ipsec 08[ENC] generating ID_PROT request 0 [ SA V V V V V ]
  Sistema 2015-05-29 14:52:54 ipsec: 08[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (208 bytes)
  Sistema 2015-05-29 14:52:54 ipsec: 09[NET] received packet from 200.250.X.X[500] to 200.150.X.X[500] (104 bytes)
  Sistema 2015-05-29 14:52:54 ipsec 09[ENC] parsed ID_PROT response 0 [ SA V ]
  Sistema 2015-05-29 14:52:54 ipsec: 09[ENC] received unknown vendor ID 40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3
  Sistema 2015-05-29 14:52:54 ipsec 09[ENC] generating ID_PROT request 0 [ KE No ]
  Sistema 2015-05-29 14:52:54 ipsec: 09[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (196 bytes)
  Sistema 2015-05-29 14:52:54 ipsec: 10[NET] received packet from 200.250.X.X[500] to 200.150.X.X[500] (184 bytes)
  Sistema 2015-05-29 14:52:54 ipsec 10[ENC] parsed ID_PROT response 0 [ KE No ]
  Sistema 2015-05-29 14:52:54 ipsec 10[ENC] generating ID_PROT request 0 [ ID HASH ]
  Sistema 2015-05-29 14:52:54 ipsec: 10[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (76 bytes)
  Sistema 2015-05-29 14:52:54 ipsec: 11[NET] received packet from 200.250.X.X[500] to 200.150.X.X[500] (76 bytes)
  Sistema 2015-05-29 14:52:54 ipsec 11[ENC] parsed ID_PROT response 0 [ ID HASH ]
  Sistema 2015-05-29 14:52:54 Nome Cliente (1) 11[IKE] IKE_SA Nome Cliente[1] established between 200.150.X.X[200.150.X.X]…200.250.X.X[200.250.X .X]
  Sistema 2015-05-29 14:52:54 ipsec 11[IKE] scheduling reauthentication in 28161s
  Sistema 2015-05-29 14:52:54 ipsec 11[IKE] maximum IKE_SA lifetime 28701s
  Sistema 2015-05-29 14:52:54 ipsec 11[IKE] DPD not supported by peer, disabled
  Sistema 2015-05-29 14:52:54 ipsec 11[ENC] generating QUICK_MODE request 486530385 [ HASH SA No ID ID ]
  Sistema 2015-05-29 14:52:54 ipsec: 11[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (204 bytes)
  Sistema 2015-05-29 14:52:54 ipsec: 12[NET] received packet from 200.250.X.X[500] to 200.150.X.X[500] (172 bytes)
  Sistema 2015-05-29 14:52:54 ipsec 12[ENC] parsed QUICK_MODE response 486530385 [ HASH SA No ID ID ]
  Sistema 2015-05-29 14:52:54 ipsec 12[IKE] CHILD_SA Nome Cliente{1} established with SPIs ce042964_i 583cdeb6_o and TS 192.168.X.X/29 === 172.25.X.X/22
  Sistema 2015-05-29 14:52:54 ipsec 12[ENC] generating QUICK_MODE request 486530385 [ HASH ]
  Sistema 2015-05-29 14:52:54 ipsec: 12[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (60 bytes)
  
  Wireguard_webadmin
  
  Sistema gratuito (Open Source) para gestão de VPN's WireGuard com uma Web interface intuitiva e fácil de usar.
  
  Principais funcionalidades:
  - Sistema de Firewall completo e flexível.
  - Encaminhamento de portas
  - Suporte a multi usuário com níveis diferentes de acesso
  - Múltiplas instâncias do Wireguard
  - Crypto key routing para configuração de VPN site-to-site
  
  O projeto é Open Source, fácil de instalar e está disponível em wireguard_webadmin
Autor

Posts

Visualizando 0 resposta da discussão

O tópico ‘VPN IPSec Endian X Check Point Gaia 77.10’ está fechado para novas respostas.

VPN IPSec Endian X Check Point Gaia 77.10

Wireguard_webadmin