Home › Comunidade Brasileira Endian Firewall › Endian Firewall › Endian Firewall – Suporte › VPN IPSec Endian X Check Point Gaia 77.10
- Este tópico contém 0 resposta, 1 voz e foi atualizado pela última vez 8 anos, 11 meses atrás por Rafael Faria.
-
AutorPosts
-
-
maio 29, 2015 às 3:00 pm #20186Rafael FariaParticipante
Bom dia Pessoal,
Estou com o seguinte cenário, em minha rede possuo Endian e necessito fechar um tunel VPN com um cliente que possui o Check point Gaia como o Gaia não suporta OpenVPN estamos utilizando IPSec embora o Endian me de status de conectado não consigo pingar nem acessar a rede do cliente, segue abaixo escopo atual e logs:
Rede Verde: 192.169.X.X/24
Sub-rede IPSec: 192.168.191.0/29
Redes Cliente: 10.101.X.X/22, 172.25.X.X/22, 172.25.X.X/24Logs Sistema IPSEC:
####################################
IPSEC
########################################################################
IPSEC
####################################Sistema 2015-05-29 14:52:54 ipsec: 00[LIB] plugin “ha” failed to load – ha_plugin_create returned NULL
Sistema 2015-05-29 14:52:54 ipsec: 00[NET] could not open socket Address family not supported by protocol
Sistema 2015-05-29 14:52:54 ipsec 00[NET] could not open IPv6 socket, IPv6 disabled
Sistema 2015-05-29 14:52:54 ipsec: 00[KNL] received netlink error Address family not supported by protocol (97)
Sistema 2015-05-29 14:52:54 ipsec 00[KNL] unable to create IPv6 routing table rule
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading ca certificates from “/etc/ipsec/ipsec.d/cacerts”
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded ca certificate “C=IT, O=efw, CN=efw CA” from “/etc/ipsec/ipsec.d/cacerts/cacert.pem”
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading aa certificates from “/etc/ipsec/ipsec.d/aacerts”
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading ocsp signer certificates from “/etc/ipsec/ipsec.d/ocspcerts”
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading attribute certificates from “/etc/ipsec/ipsec.d/acerts”
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading crls from “/etc/ipsec/ipsec.d/crls”
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded crl from “/etc/ipsec/ipsec.d/crls/ca.crl”
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loading secrets from “/etc/ipsec/ipsec.secrets”
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded RSA private key from “/etc/ipsec/ipsec.d/certs/200.150.96.251key.pem”
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded IKE secret for 200.150.X.X 200.250.X.X
Sistema 2015-05-29 14:52:54 ipsec: 00[CFG] opening triplet file /etc/ipsec/ipsec.d/triplets.dat failed No such file or directory
Sistema 2015-05-29 14:52:54 ipsec 00[CFG] loaded 0 RADIUS server configurations
Sistema 2015-05-29 14:52:54 ipsec: 00[LIB] loaded plugins charon curl ldap aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp agent xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-radius xauth-generic xauth-pam dhcp lookip addrblock
Sistema 2015-05-29 14:52:54 ipsec 00[LIB] unable to load 16 plugin features (15 due to unmet dependencies)
Sistema 2015-05-29 14:52:54 ipsec 00[LIB] dropped capabilities, running as uid 0, gid 0
Sistema 2015-05-29 14:52:54 ipsec 00[JOB] spawning 16 worker threads
Sistema 2015-05-29 14:52:54 ipsec_starter (15591) charon (15592) started after 40 ms
Sistema 2015-05-29 14:52:54 ipsec: 05[CFG] received stroke add connection “Nome Cliente”
Sistema 2015-05-29 14:52:54 ipsec 05[CFG] added configuration “Nome Cliente”
Sistema 2015-05-29 14:52:54 ipsec: 08[CFG] received stroke initiate “Nome Cliente”
Sistema 2015-05-29 14:52:54 Nome Cliente (1) 08[IKE] initiating Main Mode IKE_SA NOME Cliente[1] to 200.250.X.X
Sistema 2015-05-29 14:52:54 ipsec 08[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Sistema 2015-05-29 14:52:54 ipsec: 08[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (208 bytes)
Sistema 2015-05-29 14:52:54 ipsec: 09[NET] received packet from 200.250.X.X[500] to 200.150.X.X[500] (104 bytes)
Sistema 2015-05-29 14:52:54 ipsec 09[ENC] parsed ID_PROT response 0 [ SA V ]
Sistema 2015-05-29 14:52:54 ipsec: 09[ENC] received unknown vendor ID 40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3
Sistema 2015-05-29 14:52:54 ipsec 09[ENC] generating ID_PROT request 0 [ KE No ]
Sistema 2015-05-29 14:52:54 ipsec: 09[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (196 bytes)
Sistema 2015-05-29 14:52:54 ipsec: 10[NET] received packet from 200.250.X.X[500] to 200.150.X.X[500] (184 bytes)
Sistema 2015-05-29 14:52:54 ipsec 10[ENC] parsed ID_PROT response 0 [ KE No ]
Sistema 2015-05-29 14:52:54 ipsec 10[ENC] generating ID_PROT request 0 [ ID HASH ]
Sistema 2015-05-29 14:52:54 ipsec: 10[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (76 bytes)
Sistema 2015-05-29 14:52:54 ipsec: 11[NET] received packet from 200.250.X.X[500] to 200.150.X.X[500] (76 bytes)
Sistema 2015-05-29 14:52:54 ipsec 11[ENC] parsed ID_PROT response 0 [ ID HASH ]
Sistema 2015-05-29 14:52:54 Nome Cliente (1) 11[IKE] IKE_SA Nome Cliente[1] established between 200.150.X.X[200.150.X.X]…200.250.X.X[200.250.X .X]
Sistema 2015-05-29 14:52:54 ipsec 11[IKE] scheduling reauthentication in 28161s
Sistema 2015-05-29 14:52:54 ipsec 11[IKE] maximum IKE_SA lifetime 28701s
Sistema 2015-05-29 14:52:54 ipsec 11[IKE] DPD not supported by peer, disabled
Sistema 2015-05-29 14:52:54 ipsec 11[ENC] generating QUICK_MODE request 486530385 [ HASH SA No ID ID ]
Sistema 2015-05-29 14:52:54 ipsec: 11[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (204 bytes)
Sistema 2015-05-29 14:52:54 ipsec: 12[NET] received packet from 200.250.X.X[500] to 200.150.X.X[500] (172 bytes)
Sistema 2015-05-29 14:52:54 ipsec 12[ENC] parsed QUICK_MODE response 486530385 [ HASH SA No ID ID ]
Sistema 2015-05-29 14:52:54 ipsec 12[IKE] CHILD_SA Nome Cliente{1} established with SPIs ce042964_i 583cdeb6_o and TS 192.168.X.X/29 === 172.25.X.X/22
Sistema 2015-05-29 14:52:54 ipsec 12[ENC] generating QUICK_MODE request 486530385 [ HASH ]
Sistema 2015-05-29 14:52:54 ipsec: 12[NET] sending packet from 200.150.X.X[500] to 200.250.X.X[500] (60 bytes)Wireguard_webadmin
Sistema gratuito (Open Source) para gestão de VPN's WireGuard com uma Web interface intuitiva e fácil de usar.
Principais funcionalidades:
- Sistema de Firewall completo e flexível.
- Encaminhamento de portas
- Suporte a multi usuário com níveis diferentes de acesso
- Múltiplas instâncias do Wireguard
- Crypto key routing para configuração de VPN site-to-site
O projeto é Open Source, fácil de instalar e está disponível em wireguard_webadmin
-
-
AutorPosts
- O tópico ‘VPN IPSec Endian X Check Point Gaia 77.10’ está fechado para novas respostas.