Приветствую. настраиваю ipsec между FreeBSD и Juniper
конфиги

FreeBSD

racoon.conf
remote 212.***.***.*** {
exchange_mode aggressive;
my_identifier address 212.***.***.***;
peers_identifier address 212.***.***.***;
initial_contact on;
dpd_delay 120;
ike_frag on;
support_proxy on;
proposal_check obey;
proposal
{ encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
lifetime time 86400 secs;
} sainfo address 192.168.200.0/24 any address 192.168.148.0/24 any
{ encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 2;
lifetime time 86400 secs; }

ipsec.conf
spdadd 192.168.200.0/24 192.168.148.0/24 any -P out ipsec esp/tunnel/212.***.***.***-212.***.***.***/require;
spdadd 192.168.148.0/24 192.168.200.0/24 any -P in ipsec esp/tunnel/212.***.***.***-212.***.***.***/require;

Juniper

security {
ike {
proposal ipsec {
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm 3des-cbc;
lifetime-seconds 86400;
}
policy ipsec {
mode aggressive;
proposals ipsec;
pre-shared-key ascii-text
«$9$j7kqfn6A1Ih9CBEyrLXbs2gUjqmfn6A»;
}
gateway inteks {
ike-policy ipsec;
address 212.***.***.***;
local-identity inet 212.***.***.***;
external-interface fe-0/0/0;
}
}
ipsec {
proposal ipsec {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm 3des-cbc;
lifetime-seconds 86400;
}
policy ipsec_vpn {
perfect-forward-secrecy {
keys group2;
}
proposals ipsec;
}
vpn inteks {
ike {
gateway inteks;
ipsec-policy ipsec_vpn;
}
establish-tunnels immediately;
}
}

Устанавливаеться первая фаза и в логах на FreeBSD выходит

2017-04-12 13:53:08: INFO: respond new phase 2 negotiation: 212.***.***.***[500]<=>212.***.***.***[500]
2017-04-12 13:53:08: ERROR: failed to get sainfo.
2017-04-12 13:53:08: ERROR: failed to get sainfo.
2017-04-12 13:53:08: [212.***.***.***] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
2017-04-12 13:53:21: ERROR: phase1 negotiation failed due to time up. 24bccd55a58f9146:0000000000000000
2017-04-12 13:53:22: ERROR: phase1 negotiation failed due to time up. c20f5d2e0c741243:0000000000000000

Ну и естественно вторая фаза не устанавливаеться. Подскажите куда смотреть?

День добрый! Настраиваю OSPF поверх OpenVPN.
Основной шлюз на FreeBSD;
есть два провайдера, на каждом поднято по OpenVPN'у;
настроена Quagga, конфиг

hostname Server
password zebra
enable password zebra
log file /var/log/ospfd.log
!
!
router ospf
ospf router-id 192.168.77.1
network 10.0.0.0/30 area 0.0.0.0
network 10.10.0.0/30 area 0.0.0.0
!
!
interface tun1
ip ospf cost 10
!
!
interface tun0
ip ospf cost 20
!
!
!
ip prefix-list Local_Network seq 10 permit 192.168.77.0/24
ip prefix-list Local_Network seq 100 deny any
!
route-map Local_Network permit 10
match ip address prefix-list Local_Network
!
line vty
!

На CentOS тоже два провайдера и два OpenVPN клиента;
Настроена Quagga, конфиг

hostname gate
password zebra
log file /var/log/quagga/ospfd.log
!
interface tun0
ip ospf cost 20
!
interface tun1
ip ospf cost 10
!
router ospf
ospf router-id 192.168.76.1
redistribute connected route-map Local_Network
network 10.0.0.0/30 area 0.0.0.0
network 10.10.0.0/30 area 0.0.0.0
!
ip prefix-list Local_Network seq 10 permit 192.168.76.0/24
ip prefix-list Local_Network seq 100 deny any
!
route-map Local_Network permit 10
match ip address prefix-list Local_Network
!
line vty
!

OpenVPN'ы подключаются, OSPF ноходит «соседей» со стороны FreeBSD строится таблица и подымаются роутинги, а со
стороны CentOS находятся соседи и всё ни таблица ни роутинги ни подымаются. В логах ошибка

OSPF: ospf_nexthop_calculation(): could not determine nexthop for link