안녕하세요?
pfSense 를 이용해서 VPN 서버를 구축하고 싶은데요.
아래 링크를 통해서 설정을 했는데 접속이 되지 않네요.
https://doc.pfsense.org/index.php/L2TP/IPsec
공장초기화 상태에서 따라 했는데 접속을 할 수 가 없습니다.
Status/ IPsec/ Overview
에서 확인해 보면
203.225.X.X NAT-T IKEv1 responder 28127 seconds (07:48:47) AES_CBC HMAC_SHA1_96 PRF_HMAC_SHA1 MODP_2048 ESTABLISHED 31 seconds (00:00:31) ago
되는 거를 보면 접속은 되는거 같은데 어느 단계서 진행이 되지 않는 것 같습니다.
pfSense 에서 L2TP VPN 설정 방법이 잘 설명된 사이트나 방법을 알려 주실 수 있나요??
.
ÁøÇàÀÌ ¾ÈµÇ´Â ºÎºÐÀÌ ¹«¾ùÀÎÁö¿ä?
Jul 14 03:18:50 charon 11[IKE] <con1|16> IKE_SA con1[16] state change: CONNECTING => ESTABLISHED
Jul 14 03:18:50 charon 11[IKE] <con1|16> scheduling reauthentication in 27846s
Jul 14 03:18:50 charon 11[IKE] <con1|16> maximum IKE_SA lifetime 28386s
Jul 14 03:18:50 charon 11[IKE] <con1|16> DPD not supported by peer, disabled
Jul 14 03:18:50 charon 11[ENC] <con1|16> generating ID_PROT response 0 [ ID HASH ]
Jul 14 03:18:50 charon 11[NET] <con1|16> sending packet: from 121.159.x.x[4500] to 203.225.x.x[45428] (76 bytes)
Jul 14 03:18:50 charon 08[NET] <con1|16> received packet: from 203.225.x.x[45428] to 121.159.x.x[4500] (444 bytes)
Jul 14 03:18:50 charon 08[ENC] <con1|16> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Jul 14 03:18:50 charon 08[IKE] <con1|16> changing received traffic selectors 172.20.107.154/32|/0[udp/l2f]=== 121.159.x.x/32|/0[udp/l2f] due to NAT
Jul 14 03:18:50 charon 08[CFG] <con1|16> looking for a child config for 121.159.x.x/32|/0[udp/l2f] === 203.225.x.x/32|/0[udp/l2f]
Jul 14 03:18:50 charon 08[CFG] <con1|16> proposing traffic selectors for us:
Jul 14 03:18:50 charon 08[CFG] <con1|16> 121.159.x.x/32|/0
Jul 14 03:18:50 charon 08[CFG] <con1|16> proposing traffic selectors for other:
Jul 14 03:18:50 charon 08[CFG] <con1|16> 203.225.x.x/32|/0
Jul 14 03:18:50 charon 08[CFG] <con1|16> candidate "con1" with prio 1+1
Jul 14 03:18:50 charon 08[CFG] <con1|16> found matching child config "con1" with prio 2
Jul 14 03:18:50 charon 08[CFG] <con1|16> selecting traffic selectors for other:
Jul 14 03:18:50 charon 08[CFG] <con1|16> config: 203.225.x.x/32|/0, received: 203.225.x.x/32|/0[udp/l2f] => match: 203.225.x.x/32|/0[udp/l2f]
Jul 14 03:18:50 charon 08[CFG] <con1|16> selecting traffic selectors for us:
Jul 14 03:18:50 charon 08[CFG] <con1|16> config: 121.159.x.x/32|/0, received: 121.159.x.x/32|/0[udp/l2f] => match: 121.159.x.x/32|/0[udp/l2f]
Jul 14 03:18:50 charon 08[CFG] <con1|16> selecting proposal:
Jul 14 03:18:50 charon 08[CFG] <con1|16> no acceptable ENCRYPTION_ALGORITHM found
Jul 14 03:18:50 charon 08[CFG] <con1|16> selecting proposal:
Jul 14 03:18:50 charon 08[CFG] <con1|16> proposal matches
Jul 14 03:18:50 charon 08[CFG] <con1|16> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ
Jul 14 03:18:50 charon 08[CFG] <con1|16> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Jul 14 03:18:50 charon 08[CFG] <con1|16> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Jul 14 03:18:50 charon 08[IKE] <con1|16> received 250000000 lifebytes, configured 0
Jul 14 03:18:50 charon 08[ENC] <con1|16> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Jul 14 03:18:50 charon 08[NET] <con1|16> sending packet: from 121.159.x.x[4500] to 203.225.x.x[45428] (204 bytes)
Jul 14 03:18:50 charon 08[NET] <con1|16> received packet: from 203.225.x.x[45428] to 121.159.x.x[4500] (60 bytes)
Jul 14 03:18:50 charon 08[ENC] <con1|16> parsed QUICK_MODE request 1 [ HASH ]
Jul 14 03:18:50 charon 08[CHD] <con1|16> using AES_CBC for encryption
Jul 14 03:18:50 charon 08[CHD] <con1|16> using HMAC_SHA1_96 for integrity
Jul 14 03:18:50 charon 08[CHD] <con1|16> adding inbound ESP SA
Jul 14 03:18:50 charon 08[CHD] <con1|16> SPI 0xc23fd4c7, src 203.225.x.x dst 121.159.x.x
Jul 14 03:18:50 charon 08[CHD] <con1|16> adding outbound ESP SA
Jul 14 03:18:50 charon 08[CHD] <con1|16> SPI 0x9307bfee, src 121.159.x.x dst 203.225.x.x
Jul 14 03:18:50 charon 08[IKE] <con1|16> CHILD_SA con1{9} established with SPIs c23fd4c7_i 9307bfee_o and TS 121.159.x.x/32|/0[udp/l2f] === 203.225.x.x/32|/0[udp/l2f]
Jul 14 03:19:26 charon 08[NET] <con1|16> received packet: from 203.225.x.x[45428] to 121.159.x.x[4500] (76 bytes)
Jul 14 03:19:26 charon 08[ENC] <con1|16> parsed INFORMATIONAL_V1 request 3477500816 [ HASH D ]
Jul 14 03:19:26 charon 08[IKE] <con1|16> received DELETE for ESP CHILD_SA with SPI 9307bfee
Jul 14 03:19:26 charon 08[IKE] <con1|16> closing CHILD_SA con1{9} with SPIs c23fd4c7_i (792 bytes) 9307bfee_o (0 bytes) and TS 121.159.x.x/32|/0[udp/l2f] === 203.225.x.x/32|/0[udp/l2f]
Jul 14 03:19:26 charon 08[NET] <con1|16> received packet: from 203.225.x.x[45428] to 121.159.x.x[4500] (92 bytes)
Jul 14 03:19:26 charon 08[ENC] <con1|16> parsed INFORMATIONAL_V1 request 2348248911 [ HASH D ]
Jul 14 03:19:26 charon 08[IKE] <con1|16> received DELETE for IKE_SA con1[16]
Jul 14 03:19:26 charon 08[IKE] <con1|16> deleting IKE_SA con1[16] between 121.159.x.x[121.159.x.x]...203.225.x.x[172.20.107.154]
Jul 14 03:19:26 charon 08[IKE] <con1|16> IKE_SA con1[16] state change: ESTABLISHED => DELETING
Jul 14 03:19:26 charon 08[IKE] <con1|16> IKE_SA con1[16] state change: DELETING => DELETING
[https://postimg.org/image/ecxgiidph/]
2.dynamic À¸·Î º¯°æ Çß½À´Ï´Ù.
¿ª½Ã ¾ÈµË´Ï´Ù ¤Ð¤Ð
ÂÊÁö·Î À̾߱â Çصµ µÉ±î¿ä??