Hi,
ivh versuche verzweifelt ein LAn zu LAN VPn zwischen FB und Astaro zu bekommen. DIe Astaro hat eine feste IP, die Fritzbox einen dyndns Eintrag. Leider finde ich keinen fehler. Anbei das log:
Live Log: IPSec VPN
ivh versuche verzweifelt ein LAn zu LAN VPn zwischen FB und Astaro zu bekommen. DIe Astaro hat eine feste IP, die Fritzbox einen dyndns Eintrag. Leider finde ich keinen fehler. Anbei das log:
Live Log: IPSec VPN
Code:
Filter:
Autoscroll
2011:11:16-19:26:39 fw pluto[18095]: | RCOOKIE: 00 00 00 00 00 00 00 00
2011:11:16-19:26:39 fw pluto[18095]: | peer: 4d 17 be f5
2011:11:16-19:26:39 fw pluto[18095]: | state hash entry 30
2011:11:16-19:26:39 fw pluto[18095]: shutting down interface lo/lo ::1
2011:11:16-19:26:39 fw pluto[18095]: shutting down interface lo/lo 127.0.0.1
2011:11:16-19:26:39 fw pluto[18095]: shutting down interface eth0/eth0 192.168.6.254
2011:11:16-19:26:39 fw pluto[18095]: shutting down interface eth0/eth0 192.168.7.254
2011:11:16-19:26:39 fw pluto[18095]: shutting down interface eth1/eth1 46.4.133.26
2011:11:16-19:26:39 fw ipsec_starter[18093]: pluto stopped after 20 ms
2011:11:16-19:26:39 fw ipsec_starter[18093]: ipsec starter stopped
2011:11:16-19:26:44 fw ipsec_starter[18306]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
2011:11:16-19:26:44 fw pluto[18314]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'curl': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'ldap': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'aes': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'des': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'blowfish': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'serpent': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'twofish': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'sha1': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'sha2': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'md5': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'random': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'x509': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'pubkey': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'pkcs1': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'pgp': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'dnskey': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'pem': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'sqlite': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'hmac': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'gmp': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'xauth': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'attr': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'attr-sql': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: | plugin 'resolve': loaded successfully
2011:11:16-19:26:44 fw pluto[18314]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
2011:11:16-19:26:44 fw pluto[18314]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
2011:11:16-19:26:44 fw pluto[18314]: including NAT-Traversal patch (Version 0.6c) [disabled]
2011:11:16-19:26:44 fw pluto[18314]: Using Linux 2.6 IPsec interface code
2011:11:16-19:26:44 fw ipsec_starter[18312]: pluto (18314) started after 20 ms
2011:11:16-19:26:44 fw pluto[18314]: loading ca certificates from '/etc/ipsec.d/cacerts'
2011:11:16-19:26:44 fw pluto[18314]: | file content is not binary ASN.1
2011:11:16-19:26:44 fw pluto[18314]: | -----BEGIN CERTIFICATE-----
2011:11:16-19:26:44 fw pluto[18314]: | -----END CERTIFICATE-----
2011:11:16-19:26:44 fw pluto[18314]: | L0 - x509:
2011:11:16-19:26:44 fw pluto[18314]: | L1 - tbsCertificate:
2011:11:16-19:26:44 fw pluto[18314]: | L2 - DEFAULT v1:
2011:11:16-19:26:44 fw pluto[18314]: | L3 - version:
2011:11:16-19:26:44 fw pluto[18314]: | X.509v3
2011:11:16-19:26:44 fw pluto[18314]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2011:11:16-19:26:44 fw pluto[18314]: | authcert inserted
2011:11:16-19:26:44 fw pluto[18314]: loading aa certificates from '/etc/ipsec.d/aacerts'
2011:11:16-19:26:44 fw pluto[18314]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2011:11:16-19:26:44 fw pluto[18314]: Changing to directory '/etc/ipsec.d/crls'
2011:11:16-19:26:44 fw pluto[18314]: loading attribute certificates from '/etc/ipsec.d/acerts'
2011:11:16-19:26:44 fw pluto[18314]: | inserting event EVENT_LOG_DAILY, timeout in 16396 seconds
2011:11:16-19:26:44 fw pluto[18314]: | next event EVENT_REINIT_SECRET in 3600 seconds
2011:11:16-19:26:44 fw pluto[18314]: |
2011:11:16-19:26:44 fw pluto[18314]: | *received whack message
2011:11:16-19:26:44 fw pluto[18314]: listening for IKE messages
2011:11:16-19:26:44 fw pluto[18314]: | found lo with address 127.0.0.1
2011:11:16-19:26:44 fw pluto[18314]: | found eth0 with address 192.168.6.254
2011:11:16-19:26:44 fw pluto[18314]: | found eth0 with address 192.168.7.254
2011:11:16-19:26:44 fw pluto[18314]: | found eth1 with address 46.4.133.26
2011:11:16-19:26:44 fw pluto[18314]: adding interface eth1/eth1 46.4.133.26:500
2011:11:16-19:26:44 fw pluto[18314]: adding interface eth0/eth0 192.168.7.254:500
2011:11:16-19:26:44 fw pluto[18314]: adding interface eth0/eth0 192.168.6.254:500
2011:11:16-19:26:44 fw pluto[18314]: adding interface lo/lo 127.0.0.1:500
2011:11:16-19:26:44 fw pluto[18314]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
2011:11:16-19:26:44 fw pluto[18314]: adding interface lo/lo ::1:500
2011:11:16-19:26:44 fw pluto[18314]: loading secrets from "/etc/ipsec.secrets"
2011:11:16-19:26:44 fw pluto[18314]: loaded PSK secret for 46.4.133.26 192.168.42.101
2011:11:16-19:26:44 fw pluto[18314]: | next event EVENT_REINIT_SECRET in 3600 seconds
2011:11:16-19:26:44 fw pluto[18314]: |
2011:11:16-19:26:44 fw pluto[18314]: | *received whack message
2011:11:16-19:26:44 fw pluto[18314]: | from whack: got --esp=3des-sha1;modp1024
2011:11:16-19:26:44 fw pluto[18314]: | esp proposal: 3DES_CBC/HMAC_SHA1, ; pfsgroup=MODP_1024;
2011:11:16-19:26:44 fw pluto[18314]: | from whack: got --ike=3des-sha-modp1024
2011:11:16-19:26:44 fw pluto[18314]: | ike proposal: 3DES_CBC/HMAC_SHA1/MODP_1024,
2011:11:16-19:26:44 fw pluto[18314]: added connection description "S_Daniel"
2011:11:16-19:26:44 fw pluto[18314]: | 192.168.7.0/24===46.4.133.26[46.4.133.26]...77.23.190.245[192.168.42.101]===192.168.42.0/24
2011:11:16-19:26:44 fw pluto[18314]: | ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+PFS
2011:11:16-19:26:44 fw pluto[18314]: | next event EVENT_REINIT_SECRET in 3600 seconds
2011:11:16-19:26:44 fw pluto[18314]: |
2011:11:16-19:26:44 fw pluto[18314]: | *received whack message
2011:11:16-19:26:44 fw pluto[18314]: | creating state object #1 at 0x8d8fb88
2011:11:16-19:26:44 fw pluto[18314]: | ICOOKIE: 4d d0 6e 3e 09 4a 19 80
2011:11:16-19:26:44 fw pluto[18314]: | RCOOKIE: 00 00 00 00 00 00 00 00
2011:11:16-19:26:44 fw pluto[18314]: | peer: 4d 17 be f5
2011:11:16-19:26:44 fw pluto[18314]: | state hash entry 6
2011:11:16-19:26:44 fw pluto[18314]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
2011:11:16-19:26:44 fw pluto[18314]: | Queuing pending Quick Mode with 77.23.190.245 "S_Daniel"
2011:11:16-19:26:44 fw pluto[18314]: "S_Daniel" #1: initiating Main Mode
2011:11:16-19:26:44 fw pluto[18314]: | **emit ISAKMP Message:
2011:11:16-19:26:44 fw pluto[18314]: | initiator cookie:
2011:11:16-19:26:44 fw pluto[18314]: | 4d d0 6e 3e 09 4a 19 80
2011:11:16-19:26:44 fw pluto[18314]: | responder cookie:
2011:11:16-19:26:44 fw pluto[18314]: | 00 00 00 00 00 00 00 00
2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_SA
2011:11:16-19:26:44 fw pluto[18314]: | ISAKMP version: ISAKMP Version 1.0
2011:11:16-19:26:44 fw pluto[18314]: | exchange type: ISAKMP_XCHG_IDPROT
2011:11:16-19:26:44 fw pluto[18314]: | flags: none
2011:11:16-19:26:44 fw pluto[18314]: | message ID: 00 00 00 00
2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Security Association Payload:
2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_VID
2011:11:16-19:26:44 fw pluto[18314]: | DOI: ISAKMP_DOI_IPSEC
2011:11:16-19:26:44 fw pluto[18314]: | ****emit IPsec DOI SIT:
2011:11:16-19:26:44 fw pluto[18314]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
2011:11:16-19:26:44 fw pluto[18314]: | ike proposal: 3DES_CBC/HMAC_SHA1/MODP_1024,
2011:11:16-19:26:44 fw pluto[18314]: | ****emit ISAKMP Proposal Payload:
2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_NONE
2011:11:16-19:26:44 fw pluto[18314]: | proposal number: 0
2011:11:16-19:26:44 fw pluto[18314]: | protocol ID: PROTO_ISAKMP
2011:11:16-19:26:44 fw pluto[18314]: | SPI size: 0
2011:11:16-19:26:44 fw pluto[18314]: | number of transforms: 1
2011:11:16-19:26:44 fw pluto[18314]: | *****emit ISAKMP Transform Payload (ISAKMP):
2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_NONE
2011:11:16-19:26:44 fw pluto[18314]: | transform number: 0
2011:11:16-19:26:44 fw pluto[18314]: | transform ID: KEY_IKE
2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_LIFE_TYPE
2011:11:16-19:26:44 fw pluto[18314]: | length/value: 1
2011:11:16-19:26:44 fw pluto[18314]: | [1 is OAKLEY_LIFE_SECONDS]
2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_LIFE_DURATION
2011:11:16-19:26:44 fw pluto[18314]: | length/value: 3600
2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2011:11:16-19:26:44 fw pluto[18314]: | length/value: 5
2011:11:16-19:26:44 fw pluto[18314]: | [5 is 3DES_CBC]
2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_HASH_ALGORITHM
2011:11:16-19:26:44 fw pluto[18314]: | length/value: 2
2011:11:16-19:26:44 fw pluto[18314]: | [2 is HMAC_SHA1]
2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2011:11:16-19:26:44 fw pluto[18314]: | length/value: 1
2011:11:16-19:26:44 fw pluto[18314]: | [1 is pre-shared key]
2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_GROUP_DESCRIPTION
2011:11:16-19:26:44 fw pluto[18314]: | length/value: 2
2011:11:16-19:26:44 fw pluto[18314]: | [2 is MODP_1024]
2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32
2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Proposal Payload: 40
2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Security Association Payload: 52
2011:11:16-19:26:44 fw pluto[18314]: | out_vendorid(): sending [strongSwan]
2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Vendor ID Payload:
2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_VID
2011:11:16-19:26:44 fw pluto[18314]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2011:11:16-19:26:44 fw pluto[18314]: | V_ID 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb
2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Vendor ID Payload: 20
2011:11:16-19:26:44 fw pluto[18314]: | out_vendorid(): sending [Cisco-Unity]
2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Vendor ID Payload:
2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_VID
2011:11:16-19:26:44 fw pluto[18314]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2011:11:16-19:26:44 fw pluto[18314]: | V_ID 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Vendor ID Payload: 20
2011:11:16-19:26:44 fw pluto[18314]: | out_vendorid(): sending [XAUTH]
2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Vendor ID Payload:
2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_VID
2011:11:16-19:26:44 fw pluto[18314]: | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
2011:11:16-19:26:44 fw pluto[18314]: | V_ID 09 00 26 89 df d6 b7 12
2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Vendor ID Payload: 12
2011:11:16-19:26:44 fw pluto[18314]: | out_vendorid(): sending [Dead Peer Detection]
2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Vendor ID Payload:
2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_NONE
2011:11:16-19:26:44 fw pluto[18314]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2011:11:16-19:26:44 fw pluto[18314]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Vendor ID Payload: 20
2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Message: 152
2011:11:16-19:26:44 fw pluto[18314]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
2011:11:16-19:26:44 fw pluto[18314]: | next event EVENT_RETRANSMIT in 10 seconds for #1
2011:11:16-19:26:54 fw pluto[18314]: |
2011:11:16-19:26:54 fw pluto[18314]: | *time to handle event
2011:11:16-19:26:54 fw pluto[18314]: | event after this is EVENT_REINIT_SECRET in 3590 seconds
2011:11:16-19:26:54 fw pluto[18314]: | handling event EVENT_RETRANSMIT for 77.23.190.245 "S_Daniel" #1
2011:11:16-19:26:54 fw pluto[18314]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
2011:11:16-19:26:54 fw pluto[18314]: | next event EVENT_RETRANSMIT in 20 seconds for #1
2011:11:16-19:26:58 fw pluto[18314]: |
2011:11:16-19:26:58 fw pluto[18314]: | *received whack message
2011:11:16-19:26:58 fw pluto[18314]: | next event EVENT_RETRANSMIT in 16 seconds for #1
Zuletzt bearbeitet von einem Moderator: