VPN 站点到站点 pfSense 到 fortigate:身份验证失败

VPN 站点到站点 pfSense 到 fortigate:身份验证失败

我无法在 Fortigate 7 和 pfSense 之间建立 VPN 连接。问题似乎出在 Fortigate 端的日志上:

ike 0:IPSec StS:276: sent IKE msg (AUTH): 10.10.1.1:4500-><IP1>:4500, len=240, vrf=0, id=407f40ef0690ff0a/7b6f6360ee2cc308:00000001
ike 0: comes <IP1>:4500->10.10.1.1:4500,ifindex=17,vrf=0....
ike 0: IKEv2 exchange=AUTH_RESPONSE id=407f40ef0690ff0a/7b6f6360ee2cc308:00000001 len=224
ike 0: in 407F40EF0690FF0A7B6F6360EE2CC3082E20232000000001000000E0240000C4655D8C2EAE4B581BA67351B090C85346E33D0EC7D0B5871252888DF9C4CB91310834577968DF715412F3CCA068364AAA57733D8365221D840BA518781B4DC8BFC45BC5C585456C04C5AC239AF66F8845E82B36A08D9B462FE32DCE2F4C7B824418B9AF39C24EE1FCC6E738171008D23EA5457B9DD2D6890E3DFE2F7D6E4B2E71F844810298617FCE8D36AFA8EF2F07DFDB49DE680F2D1C75ABAC4A2E133F20DC29C8303D521CA1B3F9ACB798BCA385B6FE80AF70889A747B3024D146AE2CE3B4
ike 0:IPSec StS:276: dec 407F40EF0690FF0A7B6F6360EE2CC3082E20232000000001000000B8240000042700000C010000009750C1BA29000028020000001A86002A5332CB855F5C928F3C4D28A6401CF9882A70B78E0C2963FB03BBBFF6210000080000400A2C00002C0000002801030403C23701D70300000C0100000C800E0080030000080300000C00000008050000002D00001801000000070000100000FFFF0A1400000A1403FF0000001801000000070000100000FFFF0A1416000A1416FF
ike 0:IPSec StS:276: initiator received AUTH msg
ike 0:IPSec StS:276: peer identifier IPV4_ADDR <IP1>
ike 0:IPSec StS:276: auth verify done
ike 0:IPSec StS:276: initiator AUTH continuation
ike 0:IPSec StS:276: authentication failed

在 pfSense 上,日志如下:

Aug 2 18:13:03  charon  94066   14[IKE] <con1|274> authentication of '10.10.1.1' with pre-shared key successful
Aug 2 18:13:03  charon  94066   14[IKE] <con1|274> authentication of '<<IP_1>>' (myself) with pre-shared key
Aug 2 18:13:03  charon  94066   14[IKE] <con1|274> successfully created shared key MAC
Aug 2 18:13:03  charon  94066   14[IKE] <con1|273> destroying duplicate IKE_SA for peer '10.10.1.1', received INITIAL_CONTACT
Aug 2 18:13:03  charon  94066   14[IKE] <con1|273> IKE_SA con1[273] state change: ESTABLISHED => DESTROYING
Aug 2 18:13:03  charon  94066   14[CHD] <con1|273> CHILD_SA con1{274} state change: INSTALLED => DESTROYING

我进行了很多调查,但似乎 fortigate 没有给出任何解释,例如“可能的预共享密钥不匹配”。

感谢帮助。

答案1

事实上,我在 pfsense 上有两个站点到站点。似乎它使用在第二个站点中预共享的第一个站点。不知道为什么,但 pb 位于

相关内容