Site-to-Site Verbindung mit Pfsense 2.3.2 auf APU Board

Hallo Val ich habe nun beide Seiten mal angepasst auf deine Werte. Hab auch beide Seiten nebeneinander um Fehler auszuschliessen. Ich bekomme auf der einen Seite nun:

Aug 24 10:04:48 charon 08[CFG] received stroke: terminate 'con1'
Aug 24 10:04:48 charon 08[CFG] no IKE_SA named 'con1' found
Aug 24 10:04:48 charon 14[CFG] received stroke: initiate 'con1'
Aug 24 10:04:48 charon 08[IKE] <con1|5> initiating IKE_SA con1[5] to 213.200.xxx.xxx
Aug 24 10:04:48 charon 08[ENC] <con1|5> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 24 10:04:48 charon 08[NET] <con1|5> sending packet: from 172.31.xxx.xxx[500] to 213.200.xxx.xxx[500] (464 bytes)
Aug 24 10:04:49 charon 08[NET] <con1|5> received packet: from 213.200.xxx.xxx[500] to 172.31.xxx.xxx[500] (464 bytes)
Aug 24 10:04:49 charon 08[ENC] <con1|5> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Aug 24 10:04:49 charon 08[IKE] <con1|5> local host is behind NAT, sending keep alives
Aug 24 10:04:49 charon 08[IKE] <con1|5> remote host is behind NAT
Aug 24 10:04:49 charon 08[IKE] <con1|5> authentication of '172.31.xxx.xxx' (myself) with pre-shared key
Aug 24 10:04:49 charon 08[IKE] <con1|5> establishing CHILD_SA con1
Aug 24 10:04:49 charon 08[ENC] <con1|5> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
Aug 24 10:04:49 charon 08[NET] <con1|5> sending packet: from 172.31.xxx.xxx[4500] to 213.200.xxx.xxx[4500] (256 bytes)
Aug 24 10:04:49 charon 08[NET] <con1|5> received packet: from 213.200.xxx.xxx[4500] to 172.31.xxx.xxx[4500] (80 bytes)
Aug 24 10:04:49 charon 08[ENC] <con1|5> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Aug 24 10:04:49 charon 08[IKE] <con1|5> received AUTHENTICATION_FAILED notify error

und die andere Seite sagt mir:

Aug 24 10:04:48 charon 06[NET] <5> received packet: from 213.200.229.167[500] to 172.31.xxx.xxx[500] (464 bytes)
Aug 24 10:04:48 charon 06[ENC] <5> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 24 10:04:48 charon 06[IKE] <5> 213.200.229.167 is initiating an IKE_SA
Aug 24 10:04:49 charon 06[IKE] <5> local host is behind NAT, sending keep alives
Aug 24 10:04:49 charon 06[IKE] <5> remote host is behind NAT
Aug 24 10:04:49 charon 06[ENC] <5> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Aug 24 10:04:49 charon 06[NET] <5> sending packet: from 172.31.xxx.xxx[500] to 213.200.229.167[500] (464 bytes)
Aug 24 10:04:49 charon 06[NET] <5> received packet: from 213.200.229.167[4500] to 172.31.xxx.xxx[4500] (256 bytes)
Aug 24 10:04:49 charon 06[ENC] <5> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
Aug 24 10:04:49 charon 06[CFG] <5> looking for peer configs matching 172.31.xxx.xxx[213.200.xxx.xxx]...213.200.229.167[172.31.xxx.xxx]
Aug 24 10:04:49 charon 06[CFG] <bypasslan|5> selected peer config 'bypasslan'
Aug 24 10:04:49 charon 06[IKE] <bypasslan|5> no shared key found for '213.200.xxx.xxx' - '172.31.xxx.xxx'
Aug 24 10:04:49 charon 06[IKE] <bypasslan|5> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Aug 24 10:04:49 charon 06[ENC] <bypasslan|5> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Aug 24 10:04:49 charon 06[NET] <bypasslan|5> sending packet: from 172.31.xxx.xxx[4500] to 213.200.229.167[4500] (80 bytes)

Fehler gefunden. My identifier musste ich auf IP ändern und die public IP eingeben.

Wirklich stress hat sie nicht mit:

• CPU: AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache.
• DRAM: 4 GB DDR3-1333 DRAM

Jup läuft noch super :D mit ner 16 GB SSD :D