我面临的问题是在pfSense(2.0.1版)和SonicWall Pro2040增强版(固件版本:SonicOS增强版4.2.1.4-7e)之间build立站点到站点VPN。 所有的configuration都正确完成,我仍然在sonicwall中出现以下错误 –
“有效负载处理失败”
阶段1和2正常通过,但与“有效负载处理”的问题,我发现它可能是共享密钥不匹配,但我仔细检查,没有与两个防火墙共享密钥不匹配。 它也在sonicwall中显示隧道是活跃的
pfSense的日志低于 –
这是我的sonicwall和pfsense的设置:
Sonicwall上的常规选项卡:
Authentication Method: IKE using Pre shared Secret Name: pfSense Site-to-Site PN IPsec Primary Gateway Name or Address: 1.1.1.1 | IP for pfSense IPsec Secondary Gateway Name or Address: 0.0.0.0 Shared Secret: Shared secret for this connection Local IKE ID: 2.2.2.2 | Select 'IP Address' from the drop down menu and then type WAN IP of Sonicwall Network tab on Sonicwall: Local Networks Choose local network from list: 192.168.21.0 | Create an address object for the network or you can use the built in one 'LAN Subnets' Destination Networks Choose destination network from list: 192.168.65.0 | Create an address object for the remote LAN network Proposals Tab: IKE (Phase 1) Proposal By default pfSense supports 'Main Mode' and 'Aggressive'. Exchange: Aggressive DH Group: Group 2 Encryption: 3DES Authentication: SHA1 Life Time (seconds): 28800 Ipsec (Phase 2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 Enable Perfect Forward Secrecy: Checked Life Time: 86400 Advanced Tab: Check 'Enable Keep Alive' 对应的pfSense设置:
Phase 1: Authentication method: Mutual PSK Negotiation Mode: Aggressive My identifier: 1.1.1.1 (IP Address of pfSense WAN) Peer identifier: 2.2.2.2 (IP Address of Sonicwall) Pre Shared Key: Your pre share key Policy Generation: Default Proposal Checking: Obey Encryption Algorithm: 3DES Hash algorithm: SHA1 DH key group: 2 Lifetime: 28800 Advanced options Nat Traversal: Enable Dead Peer Detection: Check Enable DPD Phase 2: Mode: Tunnel Local Network: 192.168.65.0/24 Remote Network: 192.168.21.0/24 Protocol: ESP Encryption algorithms: 3DES Hash algorithms: SHA1 PFS key group: 2 Lifetime: 84600
请参阅我的文章如何使用pfsenseconfigurationsonicwall。