.titleBar { margin-bottom: 5px!important; }

[Frage] FB 7270 und Astaro v8

Dieses Thema im Forum "FRITZ!Box Fon: DSL, Internet und Netzwerk" wurde erstellt von proetel, 16 Nov. 2011.

  1. proetel

    proetel Neuer User

    Registriert seit:
    25 Nov. 2005
    Beiträge:
    7
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    #1 proetel, 16 Nov. 2011
    Zuletzt von einem Moderator bearbeitet: 18 Nov. 2011
    Hi,
    ivh versuche verzweifelt ein LAn zu LAN VPn zwischen FB und Astaro zu bekommen. DIe Astaro hat eine feste IP, die Fritzbox einen dyndns Eintrag. Leider finde ich keinen fehler. Anbei das log:
    Live Log: IPSec VPN
    Code:
    Filter:    
        Autoscroll
    2011:11:16-19:26:39 fw pluto[18095]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2011:11:16-19:26:39 fw pluto[18095]: | peer: 4d 17 be f5
    2011:11:16-19:26:39 fw pluto[18095]: | state hash entry 30
    2011:11:16-19:26:39 fw pluto[18095]: shutting down interface lo/lo ::1
    2011:11:16-19:26:39 fw pluto[18095]: shutting down interface lo/lo 127.0.0.1
    2011:11:16-19:26:39 fw pluto[18095]: shutting down interface eth0/eth0 192.168.6.254
    2011:11:16-19:26:39 fw pluto[18095]: shutting down interface eth0/eth0 192.168.7.254
    2011:11:16-19:26:39 fw pluto[18095]: shutting down interface eth1/eth1 46.4.133.26
    2011:11:16-19:26:39 fw ipsec_starter[18093]: pluto stopped after 20 ms
    2011:11:16-19:26:39 fw ipsec_starter[18093]: ipsec starter stopped
    2011:11:16-19:26:44 fw ipsec_starter[18306]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
    2011:11:16-19:26:44 fw pluto[18314]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'curl': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'ldap': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'aes': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'des': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'blowfish': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'serpent': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'twofish': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'sha1': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'sha2': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'md5': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'random': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'x509': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'pubkey': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'pkcs1': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'pgp': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'dnskey': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'pem': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'sqlite': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'hmac': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'gmp': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'xauth': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'attr': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'attr-sql': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: | plugin 'resolve': loaded successfully
    2011:11:16-19:26:44 fw pluto[18314]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
    2011:11:16-19:26:44 fw pluto[18314]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
    2011:11:16-19:26:44 fw pluto[18314]: including NAT-Traversal patch (Version 0.6c) [disabled]
    2011:11:16-19:26:44 fw pluto[18314]: Using Linux 2.6 IPsec interface code
    2011:11:16-19:26:44 fw ipsec_starter[18312]: pluto (18314) started after 20 ms
    2011:11:16-19:26:44 fw pluto[18314]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2011:11:16-19:26:44 fw pluto[18314]: | file content is not binary ASN.1
    2011:11:16-19:26:44 fw pluto[18314]: | -----BEGIN CERTIFICATE-----
    2011:11:16-19:26:44 fw pluto[18314]: | -----END CERTIFICATE-----
    2011:11:16-19:26:44 fw pluto[18314]: | L0 - x509:
    2011:11:16-19:26:44 fw pluto[18314]: | L1 - tbsCertificate:
    2011:11:16-19:26:44 fw pluto[18314]: | L2 - DEFAULT v1:
    2011:11:16-19:26:44 fw pluto[18314]: | L3 - version:
    2011:11:16-19:26:44 fw pluto[18314]: | X.509v3
    
    2011:11:16-19:26:44 fw pluto[18314]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2011:11:16-19:26:44 fw pluto[18314]: | authcert inserted
    2011:11:16-19:26:44 fw pluto[18314]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2011:11:16-19:26:44 fw pluto[18314]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2011:11:16-19:26:44 fw pluto[18314]: Changing to directory '/etc/ipsec.d/crls'
    2011:11:16-19:26:44 fw pluto[18314]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2011:11:16-19:26:44 fw pluto[18314]: | inserting event EVENT_LOG_DAILY, timeout in 16396 seconds
    2011:11:16-19:26:44 fw pluto[18314]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2011:11:16-19:26:44 fw pluto[18314]: |
    2011:11:16-19:26:44 fw pluto[18314]: | *received whack message
    2011:11:16-19:26:44 fw pluto[18314]: listening for IKE messages
    2011:11:16-19:26:44 fw pluto[18314]: | found lo with address 127.0.0.1
    2011:11:16-19:26:44 fw pluto[18314]: | found eth0 with address 192.168.6.254
    2011:11:16-19:26:44 fw pluto[18314]: | found eth0 with address 192.168.7.254
    2011:11:16-19:26:44 fw pluto[18314]: | found eth1 with address 46.4.133.26
    2011:11:16-19:26:44 fw pluto[18314]: adding interface eth1/eth1 46.4.133.26:500
    2011:11:16-19:26:44 fw pluto[18314]: adding interface eth0/eth0 192.168.7.254:500
    2011:11:16-19:26:44 fw pluto[18314]: adding interface eth0/eth0 192.168.6.254:500
    2011:11:16-19:26:44 fw pluto[18314]: adding interface lo/lo 127.0.0.1:500
    2011:11:16-19:26:44 fw pluto[18314]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
    2011:11:16-19:26:44 fw pluto[18314]: adding interface lo/lo ::1:500
    2011:11:16-19:26:44 fw pluto[18314]: loading secrets from "/etc/ipsec.secrets"
    2011:11:16-19:26:44 fw pluto[18314]: loaded PSK secret for 46.4.133.26 192.168.42.101
    2011:11:16-19:26:44 fw pluto[18314]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2011:11:16-19:26:44 fw pluto[18314]: |
    2011:11:16-19:26:44 fw pluto[18314]: | *received whack message
    2011:11:16-19:26:44 fw pluto[18314]: | from whack: got --esp=3des-sha1;modp1024
    2011:11:16-19:26:44 fw pluto[18314]: | esp proposal: 3DES_CBC/HMAC_SHA1, ; pfsgroup=MODP_1024;
    2011:11:16-19:26:44 fw pluto[18314]: | from whack: got --ike=3des-sha-modp1024
    2011:11:16-19:26:44 fw pluto[18314]: | ike proposal: 3DES_CBC/HMAC_SHA1/MODP_1024,
    2011:11:16-19:26:44 fw pluto[18314]: added connection description "S_Daniel"
    2011:11:16-19:26:44 fw pluto[18314]: | 192.168.7.0/24===46.4.133.26[46.4.133.26]...77.23.190.245[192.168.42.101]===192.168.42.0/24
    2011:11:16-19:26:44 fw pluto[18314]: | ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+PFS
    2011:11:16-19:26:44 fw pluto[18314]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2011:11:16-19:26:44 fw pluto[18314]: |
    2011:11:16-19:26:44 fw pluto[18314]: | *received whack message
    2011:11:16-19:26:44 fw pluto[18314]: | creating state object #1 at 0x8d8fb88
    2011:11:16-19:26:44 fw pluto[18314]: | ICOOKIE: 4d d0 6e 3e 09 4a 19 80
    2011:11:16-19:26:44 fw pluto[18314]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2011:11:16-19:26:44 fw pluto[18314]: | peer: 4d 17 be f5
    2011:11:16-19:26:44 fw pluto[18314]: | state hash entry 6
    2011:11:16-19:26:44 fw pluto[18314]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
    2011:11:16-19:26:44 fw pluto[18314]: | Queuing pending Quick Mode with 77.23.190.245 "S_Daniel"
    2011:11:16-19:26:44 fw pluto[18314]: "S_Daniel" #1: initiating Main Mode
    2011:11:16-19:26:44 fw pluto[18314]: | **emit ISAKMP Message:
    2011:11:16-19:26:44 fw pluto[18314]: | initiator cookie:
    2011:11:16-19:26:44 fw pluto[18314]: | 4d d0 6e 3e 09 4a 19 80
    2011:11:16-19:26:44 fw pluto[18314]: | responder cookie:
    2011:11:16-19:26:44 fw pluto[18314]: | 00 00 00 00 00 00 00 00
    2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_SA
    2011:11:16-19:26:44 fw pluto[18314]: | ISAKMP version: ISAKMP Version 1.0
    2011:11:16-19:26:44 fw pluto[18314]: | exchange type: ISAKMP_XCHG_IDPROT
    2011:11:16-19:26:44 fw pluto[18314]: | flags: none
    2011:11:16-19:26:44 fw pluto[18314]: | message ID: 00 00 00 00
    2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Security Association Payload:
    2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_VID
    2011:11:16-19:26:44 fw pluto[18314]: | DOI: ISAKMP_DOI_IPSEC
    2011:11:16-19:26:44 fw pluto[18314]: | ****emit IPsec DOI SIT:
    2011:11:16-19:26:44 fw pluto[18314]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
    2011:11:16-19:26:44 fw pluto[18314]: | ike proposal: 3DES_CBC/HMAC_SHA1/MODP_1024,
    2011:11:16-19:26:44 fw pluto[18314]: | ****emit ISAKMP Proposal Payload:
    2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_NONE
    2011:11:16-19:26:44 fw pluto[18314]: | proposal number: 0
    2011:11:16-19:26:44 fw pluto[18314]: | protocol ID: PROTO_ISAKMP
    2011:11:16-19:26:44 fw pluto[18314]: | SPI size: 0
    2011:11:16-19:26:44 fw pluto[18314]: | number of transforms: 1
    2011:11:16-19:26:44 fw pluto[18314]: | *****emit ISAKMP Transform Payload (ISAKMP):
    2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_NONE
    2011:11:16-19:26:44 fw pluto[18314]: | transform number: 0
    2011:11:16-19:26:44 fw pluto[18314]: | transform ID: KEY_IKE
    2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
    2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_LIFE_TYPE
    2011:11:16-19:26:44 fw pluto[18314]: | length/value: 1
    2011:11:16-19:26:44 fw pluto[18314]: | [1 is OAKLEY_LIFE_SECONDS]
    2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
    2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_LIFE_DURATION
    2011:11:16-19:26:44 fw pluto[18314]: | length/value: 3600
    2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
    2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
    2011:11:16-19:26:44 fw pluto[18314]: | length/value: 5
    2011:11:16-19:26:44 fw pluto[18314]: | [5 is 3DES_CBC]
    2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
    2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_HASH_ALGORITHM
    2011:11:16-19:26:44 fw pluto[18314]: | length/value: 2
    2011:11:16-19:26:44 fw pluto[18314]: | [2 is HMAC_SHA1]
    2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
    2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_AUTHENTICATION_METHOD
    2011:11:16-19:26:44 fw pluto[18314]: | length/value: 1
    2011:11:16-19:26:44 fw pluto[18314]: | [1 is pre-shared key]
    2011:11:16-19:26:44 fw pluto[18314]: | ******emit ISAKMP Oakley attribute:
    2011:11:16-19:26:44 fw pluto[18314]: | af+type: OAKLEY_GROUP_DESCRIPTION
    2011:11:16-19:26:44 fw pluto[18314]: | length/value: 2
    2011:11:16-19:26:44 fw pluto[18314]: | [2 is MODP_1024]
    2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32
    2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Proposal Payload: 40
    2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Security Association Payload: 52
    2011:11:16-19:26:44 fw pluto[18314]: | out_vendorid(): sending [strongSwan]
    2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Vendor ID Payload:
    2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_VID
    2011:11:16-19:26:44 fw pluto[18314]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
    2011:11:16-19:26:44 fw pluto[18314]: | V_ID 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb
    2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Vendor ID Payload: 20
    2011:11:16-19:26:44 fw pluto[18314]: | out_vendorid(): sending [Cisco-Unity]
    2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Vendor ID Payload:
    2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_VID
    2011:11:16-19:26:44 fw pluto[18314]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
    2011:11:16-19:26:44 fw pluto[18314]: | V_ID 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
    2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Vendor ID Payload: 20
    2011:11:16-19:26:44 fw pluto[18314]: | out_vendorid(): sending [XAUTH]
    2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Vendor ID Payload:
    2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_VID
    2011:11:16-19:26:44 fw pluto[18314]: | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
    2011:11:16-19:26:44 fw pluto[18314]: | V_ID 09 00 26 89 df d6 b7 12
    2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Vendor ID Payload: 12
    2011:11:16-19:26:44 fw pluto[18314]: | out_vendorid(): sending [Dead Peer Detection]
    2011:11:16-19:26:44 fw pluto[18314]: | ***emit ISAKMP Vendor ID Payload:
    2011:11:16-19:26:44 fw pluto[18314]: | next payload type: ISAKMP_NEXT_NONE
    2011:11:16-19:26:44 fw pluto[18314]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
    2011:11:16-19:26:44 fw pluto[18314]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
    2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Vendor ID Payload: 20
    2011:11:16-19:26:44 fw pluto[18314]: | emitting length of ISAKMP Message: 152
    2011:11:16-19:26:44 fw pluto[18314]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2011:11:16-19:26:44 fw pluto[18314]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2011:11:16-19:26:54 fw pluto[18314]: |
    2011:11:16-19:26:54 fw pluto[18314]: | *time to handle event
    2011:11:16-19:26:54 fw pluto[18314]: | event after this is EVENT_REINIT_SECRET in 3590 seconds
    2011:11:16-19:26:54 fw pluto[18314]: | handling event EVENT_RETRANSMIT for 77.23.190.245 "S_Daniel" #1
    2011:11:16-19:26:54 fw pluto[18314]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
    2011:11:16-19:26:54 fw pluto[18314]: | next event EVENT_RETRANSMIT in 20 seconds for #1
    2011:11:16-19:26:58 fw pluto[18314]: |
    2011:11:16-19:26:58 fw pluto[18314]: | *received whack message
    2011:11:16-19:26:58 fw pluto[18314]: | next event EVENT_RETRANSMIT in 16 seconds for #1