[Problem] VPN Verbindung - FritzBox 3490 (OS 7.12) zu LANCOM 1781VA (OS 10.32.0157RU5)

Killom · 8 Feb 2020

Hallo Community!

Da ich bei Google Recherchen zu VPN via FritzBox des öfteren auf Postings aus diesem Forum gestoßen bin, dachte ich ich melde mich hier mal an um mit meinem aktuellen Problem evtl. fachkundige Hilfestellung zu bekommen
.

Ich möchte einen VPN Tunnel zwischen einer FritzBox 3490 (OS 7.12) zu einem LANCOM 1781VA (OS 10.32.0157RU5) etablieren.

FB vpn.cfg:

Code:

vpncfg {
        connections {
                enabled = yes;
                editable = no;
                conn_type = conntype_lan;
                name = "R-LANCOM";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remotehostname = "lancom.host.name";
                keepalive_ip = 192.168.2.1;
                remotevirtualip = 0.0.0.0;
                mode = phase1_mode_aggressive;
                phase1ss = "dh15/aes/sha";
                keytype = connkeytype_pre_shared;
                key = "%geheim%";
                cert_do_server_auth = no;
                use_nat_t = yes;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 192.168.1.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                        ipnet {
                                ipaddr = 192.168.2.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "LT8h/esp-all-all/ah-none/comp-all/pfs";
                accesslist = "permit ip any 192.168.2.0 255.255.255.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}

// EOF

Da ich nicht genau wusste, welche Strategien die Box zur Verfügung stellt, habe ich mit mal das aktuelle Firmware Image zerlegt und einen Blick in die ipsec.cfg geworfen. Ich habe mich basierend darauf dann für folgende Strategien entschieden:

phase1ss:

Code:

{
        name = "dh15/aes/sha";
        comment = "dh_group_modp15";
        dhgroup = dh_group_modp15;
        life_dur_sec = 1h;
        life_dur_kb = 0;
        accept_all_dh_groups = no;
        proposals {
            hash = ike_sha2_512;
            enc {
                type = ike_aes;
                keylength = 256;
            }
        }{
            hash = ike_sha;
            enc {
                type = ike_aes;
                keylength = 256;
            }
        }{
            hash = ike_sha;
            enc {
                type = ike_aes;
                keylength = 192;
            }
        } {
            hash = ike_sha;
            enc {
                type = ike_aes;
                keylength = 0;
            }
        }
    }

phase2ss:

Code:

{
        name = "LT8h/esp-all-all/ah-none/comp-all/pfs";
        comment = "Alle Algorithmen, ohne AH, mit PFS";
        pfs = yes;
        life_dur_sec = 8h;
        life_dur_kb = 0;
        proposals {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = hmac_sha2_512;
            }
        }{
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = hmac_sha2_512;
            }
        }{
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = hmac_sha2_512;
            }
        }{
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = sha;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = sha;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = sha;
            }
        } {
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 192;
                hash = sha;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 192;
                hash = sha;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 192;
                hash = sha;
            }
        } {
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 0;
                hash = sha;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 0;
                hash = sha;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 0;
                hash = sha;
            }
        } {
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_3des;
                enc_key_length = 0;
                hash = sha;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_3des;
                enc_key_length = 0;
                hash = sha;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_3des;
                enc_key_length = 0;
                hash = sha;
            }
        } {
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_des;
                enc_key_length = 0;
                hash = sha;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_des;
                enc_key_length = 0;
                hash = sha;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_des;
                enc_key_length = 0;
                hash = sha;
            }
        } {
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = md5;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = md5;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = md5;
            }
        } {
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 192;
                hash = md5;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 192;
                hash = md5;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 192;
                hash = md5;
            }
        } {
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 0;
                hash = md5;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 0;
                hash = md5;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 0;
                hash = md5;
            }
        } {
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_3des;
                enc_key_length = 0;
                hash = md5;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_3des;
                enc_key_length = 0;
                hash = md5;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_3des;
                enc_key_length = 0;
                hash = md5;
            }
        } {
            comp = comp_lzjh;
            ah = ah_none;
            esp {
                typ = esp_des;
                enc_key_length = 0;
                hash = md5;
            }
        } {
            comp = comp_deflate;
            ah = ah_none;
            esp {
                typ = esp_des;
                enc_key_length = 0;
                hash = md5;
            }
        } {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_des;
                enc_key_length = 0;
                hash = md5;
            }
        }
    }

Diese müssten meinem Verständnis nach mit den getroffenen Einstellungen im LANCOM kompatibel sein:

[Edit Novize: Bilder gemäß der Forenregeln auf Vorschau geschrumpft]
Leider bekomme ich so keine Verbindung zustande.

Im LANmonitor bekomme ich folgenden Fehler angezeigt:

Zeitüberschreitung während IKE- oder IPSec-Verhandlung (Aktiver Verbindungsaufbau) [0x1106]

In der Fritzbox lediglich einmal:

VPN-Fehler: R-LANCOM, IKE Error 0x2026

direkt nach übernahme der Config. Für mich leider nicht wirklich aussagekräftig.

Also erweitertes Supportlog von der Fritzbox gezogen und einen Blick rein geworfen.

Ausgehend von FB:

Code:

2020-02-08 22:08:38 avmike:< add(appl=dsld,cname=%REMOTELANCOM%,localip=%LOCALIP%, remoteip=255.255.255.255, p1ss=dh15/aes/sha, p2ss=LT8h/esp-all-all/ah-none/comp-all/pfs p1mode=4 keepalive_ip=0.0.0.0 flags=0x48001 tunnel no_xauth no_cfgmode nat_t no_certsrv_server_auth)
2020-02-08 22:08:38 avmike:new neighbour %REMOTELANCOM%:  nat_t
2020-02-08 22:08:38 avmike:< create_sa(appl=dsld,cname=%REMOTELANCOM%)
2020-02-08 22:08:38 avmike:%REMOTELANCOM%: Phase 1 starting
2020-02-08 22:08:41 avmike:>>> aggressive mode [%REMOTEIP%] %REMOTELANCOM%: V1.0 720 IC 41a1e2b7c186504 RC 00000000 0000 SA flags=
2020-02-08 22:08:42 avmike:%REMOTELANCOM%: Warning: source changed from 0.0.0.0:500 to %REMOTEIP%:500
2020-02-08 22:08:42 avmike:<<<  infomode[%REMOTEIP%] %REMOTELANCOM%: V1.0 40 IC 41a1e2b7c186504 RC e9a3761b13aadd54 0000 NOTIFICATION flags=
2020-02-08 22:08:42 avmike:%REMOTELANCOM%: Phase 1 failed (initiator): IKE-Error 0x2026
2020-02-08 22:08:42 avmike:< cb_sa_create_failed(name=%REMOTELANCOM%,reason=IKE-Error 0x2026)

Eingehend von LANCOM:

Code:

2020-02-08 22:09:16 avmike:> user_query(ipaddr=%REMOTEIP%)
2020-02-08 22:09:16 avmike:%REMOTEIP%: aggrmode: init aggr-exchange: user request send ID_IPV4_ADDR  :%REMOTEIP%
2020-02-08 22:09:23 avmike:<<<  aggressive mode[%REMOTEIP%] ???: V1.0 616 IC ba20c19ca29b3ff2 RC 00000000 0000 SA flags=
2020-02-08 22:09:32 avmike:<<<  aggressive mode[%REMOTEIP%] ???: V1.0 616 IC ba20c19ca29b3ff2 RC 00000000 0000 SA flags=
2020-02-08 22:09:43 avmike:<<<  aggressive mode[%REMOTEIP%] ???: V1.0 616 IC ba20c19ca29b3ff2 RC 00000000 0000 SA flags=
2020-02-08 22:10:10 avmike:<<<  aggressive mode[%REMOTEIP%] ???: V1.0 616 IC 8ed3197e5e5dcef5 RC 00000000 0000 SA flags=
2020-02-08 22:10:10 avmike:unknown receive VENDOR ID Payload: NAT-T RFC 3947
2020-02-08 22:10:10 avmike:unknown receive VENDOR ID Payload: XAUTH
2020-02-08 22:10:10 avmike:unknown receive VENDOR ID Payload: DPD

[Wiederholend]

Daraus entnehme ich, dass es in Phase 1 schon scheitert. Allerdings erkenne ich nicht, woran. Ebenfalls erkenne ich, dass vom LANCOM laufend Anfragen zum Aufbau des Tunnels eingehen - diese verlaufen sich in der Fritzbox dann im Sand. Ich erkenne leider nicht, weshalb.

Nun komme ich nicht mehr weiter. Ich könnte noch einen Trace im LANCOM laufen lassen - allerdings sind die Trace-Einstellungen dann doch etwas zu komplex. ich weiß nicht, welche davon zum Debuggen der VPN essentiell und welche überflüssig sind.

Freue mich auf Rückmeldungen und Lösungsvorschläge!

PeterPawn · 9 Feb 2020

Killom schrieb:
Rückmeldungen

Woher soll die FRITZ!Box jetzt in Phase1 (IKE) "wissen", welchen "pre-shared key" sie benutzen soll, um die Daten für die Verbindungsaufnahme im "aggressive mode" zu entschlüsseln?

Da gehören nach meinem Verständnis passende Identitäten in den Dialog des LANCOM und eine - ebenso passende - Sektion mit IDs für Phase1 in die FRITZ!Box-Konfiguration. Außerdem würde ich - zumindest bis klar ist, daß die passenden Profile ausgewählt werden und man sich auf eine gemeinsame Sprache einigen konnte (sprich: ein Proposal gewählt wurde, was beide akzeptieren und korrekt umsetzen) - dafür sorgen, daß nur in einer Richtung versucht wird, die Verbindung aufzubauen (Thema Initiator vs. Responder, hier in praktisch jedem Thread mit "handgemachten Konfigurationen" angesprochen).

Ansonsten empfehle ich die Lektüre des RFC für IKEv1 und da speziell die Abschnitte zum "aggressive mode". Dort steht dann auch, daß hier die einzige "Identifikation" der Gegenstelle in ihrer eigenen Angabe dazu besteht und der zuvor ausgehandelte und "out of band" übermittelte "pre-shared key" ist dann die einzige Möglichkeit, das zu verifizieren (sonst könnte sich ja jeder als Peer ausgeben).

Aber genau für diese Zuordnung eines PSK (pre-shared key) zu einem Peer, braucht es auch von diesem Peer die Angabe, wer er eigentlich sein möchte (und ggf. auch noch, was er denkt, wie sein "Gegenpart" eigentlich heißt) ... genau das sind die Identitäten, die in dieser Phase "ausgetauscht" werden und ich wäre schon schwer erstaunt, wenn das eine der beiden Seiten auch dann beherrscht (wohlgemerkt im "aggressive mode", denn im "main mode" hat man ggf. auch noch andere Möglichkeiten, die Identität zu übermitteln, z.B. in einem Zertifikat), wenn da keine Identitäten hinterlegt sind.

Killom · 9 Feb 2020

Danke für deine Ausführungen. Entgegen aller Recherchen lässt sich die FritzBox scheinbar auch im Main Mode betreiben. Da es (scheinbar) keine offizielle Dokumentation seitens AVM gibt, findet man im Internet leider viele widersprüchliche Aussagen zu unterstützten Modi und Strategien.

Durch die Angabe der lokalen und entfernten Identität in der vpn.cfg war es mir dann möglich, einen Tunnel mit den o.g. Strategien herzustellen. Die Zeit wird nun zeigen, wie stabil diese Verbindung ist.

VPN-Verbindung zu R-LANCOM [%REMOTEIP%] IKE SA: DH15/AES-256/SHA2-512 IPsec SA: ESP-AES-256/SHA2-512/LT-28800 wurde erfolgreich hergestellt.

Code:

vpncfg {
        connections {
                enabled = yes;
                editable = no;
                conn_type = conntype_lan;
                name = "R-LANCOM";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remotehostname = "remote.host.name";
                keepalive_ip = %REMOTEROUTERIP%; // = Lokale IP des LANCOM Routers
                remotevirtualip = 0.0.0.0;
                localid {
                    fqdn = "local.host.name"; // z.B DDNS Name
                }
                remoteid {
                    fqdn = "remote.host.name"; // z.B DDNS Name
                }
                mode = phase1_mode_idp;
                phase1ss = "dh15/aes/sha";
                keytype = connkeytype_pre_shared;
                key = "%SECRET%";
                cert_do_server_auth = no;
                use_nat_t = yes;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 192.168.1.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                        ipnet {
                                ipaddr = 192.168.2.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "LT8h/esp-all-all/ah-none/comp-all/pfs";
                accesslist = "permit ip any 192.168.2.0 255.255.255.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}

// EOF

Killom · 26 Aug 2021

Irgend etwas an der VPN wurde in einer der neueren Firmwares verändert. Die oben genannte Config mit der ich unter 7.12 noch erfolgreich eine VPN aufbauen konnte, funktioniert nun nicht mehr. Ich weiß nicht genau, seit welcher FW Version es nicht mehr funktioniert (vermute 7.20) - habe heute jedoch mehrere Boxen von der 7.12 auf die Aktuelle 7.28 aktualisiert - seitdem funktionieren dort die VPNs nicht mehr.

Config jeweils aus Post #3

Lokaler Router, eine FritzBox 3490

Code:

2021-08-26 23:39:19 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 8928bb135b016024 RC b60c5fca59127818 0000 KEY flags=
2021-08-26 23:39:19 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC b0225074c0053479 RC 90fcf8ab59242737 0000 KEY flags=
2021-08-26 23:39:19 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC b0225074c0053479 RC 90fcf8ab59242737 0000 KEY flags=
2021-08-26 23:39:19 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 19601875df52e526 RC 00000000 0000 SA flags=
2021-08-26 23:39:19 avmike:%6490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:39:19 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:39:19 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:39:19 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:39:19 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:39:19 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 196 IC 19601875df52e526 RC 7e11523afe345725 0000 SA flags=
2021-08-26 23:39:20 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 19601875df52e526 RC 7e11523afe345725 0000 KEY flags=
2021-08-26 23:39:38 avmike:%6490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:454
2021-08-26 23:39:38 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 19601875df52e526 RC 7e11523afe345725 0000 KEY flags=
2021-08-26 23:39:38 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 8928bb135b016024 RC b60c5fca59127818 0000 KEY flags=
2021-08-26 23:39:38 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 19601875df52e526 RC 7e11523afe345725 0000 KEY flags=
2021-08-26 23:39:38 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 19601875df52e526 RC 7e11523afe345725 0000 KEY flags=
2021-08-26 23:39:39 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 8697bcf7b77c3da0 RC 00000000 0000 SA flags=
2021-08-26 23:39:39 avmike:%6490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:39:39 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:39:39 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:39:39 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:39:39 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:39:39 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 196 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 SA flags=
2021-08-26 23:39:40 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 KEY flags=
2021-08-26 23:39:58 avmike:%6490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:455
2021-08-26 23:39:58 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 KEY flags=
2021-08-26 23:39:58 avmike:%6490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:39:58 avmike:%6490NAME%: del phase 1 SA 455
2021-08-26 23:39:58 avmike:%6490NAME%: del phase 1 SA 454
2021-08-26 23:39:58 avmike:%6490NAME%: del phase 1 SA 453
2021-08-26 23:39:58 avmike:%6490NAME%: del phase 1 SA 452
2021-08-26 23:39:58 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 KEY flags=
2021-08-26 23:39:58 avmike:%6490NAME%: can't send infomsg, no sa found
2021-08-26 23:39:58 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 KEY flags=
2021-08-26 23:39:58 avmike:%6490NAME%: can't send infomsg, no sa found
2021-08-26 23:39:58 avmike:< cb_sa_create_failed(name=%6490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:39:58 avmike:< create_sa(appl=vpnd,cname=%6490NAME%)
2021-08-26 23:39:58 avmike:%6490NAME%: Phase 1 starting
2021-08-26 23:39:58 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 300 IC f9f8aabcf974954a RC 00000000 0000 SA flags=
2021-08-26 23:39:58 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 196 IC f9f8aabcf974954a RC 702908fe94267a0 0000 SA flags=
2021-08-26 23:39:58 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:39:58 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:39:58 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:39:58 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:40:07 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC f9f8aabcf974954a RC 702908fe94267a0 0000 KEY flags=
2021-08-26 23:40:07 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 1aab4d6e68e0bf3f RC 00000000 0000 SA flags=
2021-08-26 23:40:07 avmike:%6490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:40:07 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:40:07 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:40:07 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:40:07 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:40:07 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 196 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 SA flags=
2021-08-26 23:40:07 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 1aab4d6e68e0bf3f RC 00000000 0000 SA flags=
2021-08-26 23:40:07 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 1aab4d6e68e0bf3f RC 00000000 0000 SA flags=
2021-08-26 23:40:09 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC f9f8aabcf974954a RC 702908fe94267a0 0000 KEY flags=
2021-08-26 23:40:18 avmike:%6490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:456
2021-08-26 23:40:18 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 156 IC f9f8aabcf974954a RC 702908fe94267a0 0000 IDENTIFICATION flags=e
2021-08-26 23:40:18 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:36 avmike:%6490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:457
2021-08-26 23:40:36 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:36 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 156 IC f9f8aabcf974954a RC 702908fe94267a0 0000 IDENTIFICATION flags=e
2021-08-26 23:40:36 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC f9f8aabcf974954a RC 702908fe94267a0 0000 KEY flags=
2021-08-26 23:40:36 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:36 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC f9f8aabcf974954a RC 702908fe94267a0 0000 KEY flags=
2021-08-26 23:40:36 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:36 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 124 IC f9f8aabcf974954a RC 702908fe94267a0 0000 IDENTIFICATION flags=e
2021-08-26 23:40:36 avmike:%6490NAME%: Phase 1 ready
2021-08-26 23:40:36 avmike:%6490NAME%: current=%6490IP% new=%6490IP%
2021-08-26 23:40:36 avmike:%6490NAME%: start waiting connections
2021-08-26 23:40:36 avmike:%6490NAME%: Phase 2 starting (start waiting)
2021-08-26 23:40:45 avmike:>>> quickmode [%6490IP%] %6490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 ea41809e HASH flags=e
2021-08-26 23:40:45 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:45 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 9ebd637b HASH flags=e
2021-08-26 23:41:03 avmike:>>> quickmode [%6490IP%] %6490NAME%: V1.0 604 IC f9f8aabcf974954a RC 702908fe94267a0 9ebd637b HASH flags=e
2021-08-26 23:41:03 avmike:>r> quickmode [%6490IP%] %6490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 ea41809e HASH flags=e
2021-08-26 23:41:03 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:41:03 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 9ebd637b HASH flags=e
2021-08-26 23:41:03 avmike:%6490NAME%: quickmode: double packet V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 9ebd637b HASH flags=e
2021-08-26 23:41:03 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 9ebd637b HASH flags=e
2021-08-26 23:41:03 avmike:%6490NAME%: quickmode: double packet V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 9ebd637b HASH flags=e
2021-08-26 23:41:03 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 b1d181a8 HASH flags=e
2021-08-26 23:41:03 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 b1d181a8 HASH flags=e
2021-08-26 23:41:03 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 b1d181a8 HASH flags=e
2021-08-26 23:41:03 avmike:<<<  infomode[%6490IP%] %6490NAME%: V1.0 124 IC f9f8aabcf974954a RC 702908fe94267a0 3d064bc8 HASH flags=e
2021-08-26 23:41:03 avmike:%6490NAME%: del phase 1 SA 457
2021-08-26 23:41:03 avmike:< cb_sa_create_failed(name=%6490NAME%,reason=IKE-Error 0x203d)
2021-08-26 23:41:03 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 124 IC f9f8aabcf974954a RC 702908fe94267a0 0000 IDENTIFICATION flags=e
2021-08-26 23:41:03 avmike:<<<  infomode[%6490IP%] %6490NAME%: V1.0 124 IC f9f8aabcf974954a RC 702908fe94267a0 5ca7efc5 HASH flags=e
2021-08-26 23:41:03 avmike:%6490NAME%: del phase 1 SA 456
2021-08-26 23:41:03 avmike:%6490NAME% start_vpn_keepalive already running
2021-08-26 23:41:03 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 86645dc919aebb8e RC 00000000 0000 SA flags=
2021-08-26 23:41:03 avmike:%6490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:41:03 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:41:03 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:41:03 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:41:03 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:41:03 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 196 IC 86645dc919aebb8e RC 429890132e091bcf 0000 SA flags=
2021-08-26 23:41:03 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 86645dc919aebb8e RC 00000000 0000 SA flags=
2021-08-26 23:41:03 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 86645dc919aebb8e RC 00000000 0000 SA flags=
2021-08-26 23:41:03 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 4a1be7deb3e35e9e RC 00000000 0000 SA flags=
2021-08-26 23:41:03 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 4a1be7deb3e35e9e RC 00000000 0000 SA flags=
2021-08-26 23:41:03 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 4a1be7deb3e35e9e RC 00000000 0000 SA flags=
2021-08-26 23:41:04 avmike:< create_sa(appl=vpnd,cname=%6490NAME%)
2021-08-26 23:41:04 avmike:%6490NAME%: Phase 1 starting
2021-08-26 23:41:04 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 300 IC c2a01216c2b63d4c RC 00000000 0000 SA flags=
2021-08-26 23:41:04 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 196 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 SA flags=
2021-08-26 23:41:04 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:41:04 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:41:04 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:41:04 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:41:13 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:13 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 2aa2a348ab58aace RC 00000000 0000 SA flags=
2021-08-26 23:41:13 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 2aa2a348ab58aace RC 00000000 0000 SA flags=
2021-08-26 23:41:15 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:15 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:24 avmike:%6490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:458
2021-08-26 23:41:24 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 156 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 IDENTIFICATION flags=e
2021-08-26 23:41:24 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 2aa2a348ab58aace RC 00000000 0000 SA flags=
2021-08-26 23:41:24 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:24 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:25 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 83f962ec57bb356 RC 00000000 0000 SA flags=
2021-08-26 23:41:26 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 156 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 IDENTIFICATION flags=e
2021-08-26 23:41:27 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 83f962ec57bb356 RC 00000000 0000 SA flags=
2021-08-26 23:41:30 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 156 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 IDENTIFICATION flags=e
2021-08-26 23:41:31 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 83f962ec57bb356 RC 00000000 0000 SA flags=
2021-08-26 23:41:32 avmike:%6490NAME%: Phase 1 failed (responder): IKE-Error 0x2027
2021-08-26 23:41:32 avmike:%6490NAME%: del phase 1 SA 458
2021-08-26 23:41:32 avmike:< cb_sa_create_failed(name=%6490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:41:34 avmike:< create_sa(appl=vpnd,cname=%6490NAME%)
2021-08-26 23:41:34 avmike:%6490NAME%: Phase 1 starting
2021-08-26 23:41:34 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 300 IC bdff313d7bf60f04 RC 00000000 0000 SA flags=
2021-08-26 23:41:34 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 196 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 SA flags=
2021-08-26 23:41:34 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:41:34 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:41:34 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:41:34 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:41:43 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 KEY flags=
2021-08-26 23:41:43 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 95da2d0a2739aaf0 RC 00000000 0000 SA flags=
2021-08-26 23:41:43 avmike:%6490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:41:43 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:41:43 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:41:43 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:41:43 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:41:43 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 196 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 SA flags=
2021-08-26 23:41:43 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 95da2d0a2739aaf0 RC 00000000 0000 SA flags=
2021-08-26 23:41:45 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 KEY flags=
2021-08-26 23:41:54 avmike:%6490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:459
2021-08-26 23:41:54 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 156 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 IDENTIFICATION flags=e
2021-08-26 23:41:54 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:42:16 avmike:%6490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:460
2021-08-26 23:42:16 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:42:16 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 156 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 IDENTIFICATION flags=e
2021-08-26 23:42:16 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 KEY flags=
2021-08-26 23:42:16 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:42:16 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 KEY flags=
2021-08-26 23:42:16 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:42:16 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 124 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 IDENTIFICATION flags=e
2021-08-26 23:42:16 avmike:%6490NAME%: Phase 1 ready
2021-08-26 23:42:16 avmike:%6490NAME%: current=%6490IP% new=%6490IP%
2021-08-26 23:42:16 avmike:%6490NAME%: start waiting connections
2021-08-26 23:42:16 avmike:%6490NAME%: Phase 2 starting (start waiting)
2021-08-26 23:42:26 avmike:>>> quickmode [%6490IP%] %6490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 41387393 HASH flags=e
2021-08-26 23:42:26 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:42:26 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 85b3eb55 HASH flags=e
2021-08-26 23:42:47 avmike:>>> quickmode [%6490IP%] %6490NAME%: V1.0 604 IC bdff313d7bf60f04 RC 6b46af05392026ab 85b3eb55 HASH flags=e
2021-08-26 23:42:47 avmike:>r> quickmode [%6490IP%] %6490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 41387393 HASH flags=e
2021-08-26 23:42:47 avmike:>r> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:42:47 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 85b3eb55 HASH flags=e
2021-08-26 23:42:47 avmike:%6490NAME%: quickmode: double packet V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 85b3eb55 HASH flags=e
2021-08-26 23:42:47 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 9639e90c HASH flags=e
2021-08-26 23:42:47 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 9639e90c HASH flags=e
2021-08-26 23:42:47 avmike:<<<  quickmode[%6490IP%] %6490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 9639e90c HASH flags=e
2021-08-26 23:42:47 avmike:<<<  infomode[%6490IP%] %6490NAME%: V1.0 124 IC bdff313d7bf60f04 RC 6b46af05392026ab 80566294 HASH flags=e
2021-08-26 23:42:47 avmike:%6490NAME%: del phase 1 SA 460
2021-08-26 23:42:47 avmike:< cb_sa_create_failed(name=%6490NAME%,reason=IKE-Error 0x203d)
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 124 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 IDENTIFICATION flags=e
2021-08-26 23:42:47 avmike:<<<  infomode[%6490IP%] %6490NAME%: V1.0 124 IC bdff313d7bf60f04 RC 6b46af05392026ab 13ec6282 HASH flags=e
2021-08-26 23:42:47 avmike:%6490NAME%: del phase 1 SA 459
2021-08-26 23:42:47 avmike:%6490NAME% start_vpn_keepalive already running
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 823ed109636b8fd3 RC 00000000 0000 SA flags=
2021-08-26 23:42:47 avmike:%6490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:42:47 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:42:47 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:42:47 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:42:47 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:42:47 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 196 IC 823ed109636b8fd3 RC 2e211073f44b9435 0000 SA flags=
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 823ed109636b8fd3 RC 00000000 0000 SA flags=
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 823ed109636b8fd3 RC 00000000 0000 SA flags=
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC c1a480232b94f626 RC 00000000 0000 SA flags=
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC c1a480232b94f626 RC 00000000 0000 SA flags=
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC c1a480232b94f626 RC 00000000 0000 SA flags=
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC d724c79776ab65e4 RC 00000000 0000 SA flags=
2021-08-26 23:42:48 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC d724c79776ab65e4 RC 00000000 0000 SA flags=
2021-08-26 23:42:52 avmike:< create_sa(appl=vpnd,cname=%6490NAME%)
2021-08-26 23:42:52 avmike:%6490NAME%: Phase 1 starting
2021-08-26 23:42:52 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 300 IC d3db51e1ceba2a3 RC 00000000 0000 SA flags=
2021-08-26 23:42:52 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 196 IC d3db51e1ceba2a3 RC 40f469c18f5d6ee 0000 SA flags=
2021-08-26 23:42:52 avmike:identity protection mode %6490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:42:52 avmike:%6490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:42:52 avmike:%6490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:42:52 avmike:%6490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:43:04 avmike:>>> identity protection mode [%6490IP%] %6490NAME%: V1.0 572 IC d3db51e1ceba2a3 RC 40f469c18f5d6ee 0000 KEY flags=
2021-08-26 23:43:04 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC d724c79776ab65e4 RC 00000000 0000 SA flags=
2021-08-26 23:43:04 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 8064af96700d32c9 RC 00000000 0000 SA flags=
2021-08-26 23:43:04 avmike:<<<  identity protection mode[%6490IP%] %6490NAME%: V1.0 300 IC 8064af96700d32c9 RC 00000000 0000 SA flags=

Gegenseite, eine FritzBox 6490:

Code:

2021-08-26 23:39:19 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC b0225074c0053479 RC 90fcf8ab59242737 0000 KEY flags=
2021-08-26 23:39:19 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:39:19 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 8928bb135b016024 RC b60c5fca59127818 0000 KEY flags=
2021-08-26 23:39:19 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:39:19 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:39:19 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:39:19 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 19601875df52e526 RC 00000000 0000 SA flags=
2021-08-26 23:39:19 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 196 IC 19601875df52e526 RC 7e11523afe345725 0000 SA flags=
2021-08-26 23:39:19 avmike:identity protection mode %3490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:39:19 avmike:%3490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:39:19 avmike:%3490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:39:19 avmike:%3490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:39:20 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 19601875df52e526 RC 7e11523afe345725 0000 KEY flags=
2021-08-26 23:39:22 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 19601875df52e526 RC 7e11523afe345725 0000 KEY flags=
2021-08-26 23:39:26 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 19601875df52e526 RC 7e11523afe345725 0000 KEY flags=
2021-08-26 23:39:34 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:39:34 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:39:38 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 19601875df52e526 RC 7e11523afe345725 0000 KEY flags=
2021-08-26 23:39:38 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:39:38 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 8928bb135b016024 RC b60c5fca59127818 0000 KEY flags=
2021-08-26 23:39:38 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:39:39 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:39:39 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:39:39 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 8697bcf7b77c3da0 RC 00000000 0000 SA flags=
2021-08-26 23:39:39 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 196 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 SA flags=
2021-08-26 23:39:39 avmike:identity protection mode %3490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:39:39 avmike:%3490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:39:39 avmike:%3490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:39:39 avmike:%3490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:39:40 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 KEY flags=
2021-08-26 23:39:42 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 KEY flags=
2021-08-26 23:39:46 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 KEY flags=
2021-08-26 23:39:54 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:39:54 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:39:58 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 8697bcf7b77c3da0 RC c239a4fa48604845 0000 KEY flags=
2021-08-26 23:39:58 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:39:58 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 300 IC f9f8aabcf974954a RC 00000000 0000 SA flags=
2021-08-26 23:39:58 avmike:%3490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:39:58 avmike:identity protection mode %3490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:39:58 avmike:%3490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:39:58 avmike:%3490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:39:58 avmike:%3490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:39:58 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 196 IC f9f8aabcf974954a RC 702908fe94267a0 0000 SA flags=
2021-08-26 23:39:59 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:39:59 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:39:59 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 1aab4d6e68e0bf3f RC 00000000 0000 SA flags=
2021-08-26 23:40:01 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 1aab4d6e68e0bf3f RC 00000000 0000 SA flags=
2021-08-26 23:40:05 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 1aab4d6e68e0bf3f RC 00000000 0000 SA flags=
2021-08-26 23:40:07 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC f9f8aabcf974954a RC 702908fe94267a0 0000 KEY flags=
2021-08-26 23:40:09 avmike:%3490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:75
2021-08-26 23:40:09 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC f9f8aabcf974954a RC 702908fe94267a0 0000 KEY flags=
2021-08-26 23:40:09 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 196 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 SA flags=
2021-08-26 23:40:09 avmike:identity protection mode %3490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:40:09 avmike:%3490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:40:09 avmike:%3490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:40:09 avmike:%3490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:40:10 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:11 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC f9f8aabcf974954a RC 702908fe94267a0 0000 KEY flags=
2021-08-26 23:40:12 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:15 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC f9f8aabcf974954a RC 702908fe94267a0 0000 KEY flags=
2021-08-26 23:40:16 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:18 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 156 IC f9f8aabcf974954a RC 702908fe94267a0 0000 IDENTIFICATION flags=e
2021-08-26 23:40:18 avmike:%3490NAME%: embedded inital contact message received
2021-08-26 23:40:18 avmike:%3490NAME% start_vpn_keepalive already running
2021-08-26 23:40:18 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 124 IC f9f8aabcf974954a RC 702908fe94267a0 0000 IDENTIFICATION flags=e
2021-08-26 23:40:18 avmike:%3490NAME%: Phase 1 ready
2021-08-26 23:40:18 avmike:%3490NAME%: current=%3490IP% new=%3490IP%
2021-08-26 23:40:18 avmike:%3490NAME%: start waiting connections
2021-08-26 23:40:18 avmike:%3490NAME%: Phase 2 starting (start waiting)
2021-08-26 23:40:19 avmike:>>> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 7b63bd9e HASH flags=e
2021-08-26 23:40:21 avmike:>r> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 7b63bd9e HASH flags=e
2021-08-26 23:40:24 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:40:24 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:40:25 avmike:>r> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 7b63bd9e HASH flags=e
2021-08-26 23:40:25 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:40:25 avmike:%3490NAME%: Phase 2 starting
2021-08-26 23:40:26 avmike:>>> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 a881d1b1 HASH flags=e
2021-08-26 23:40:28 avmike:>r> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 a881d1b1 HASH flags=e
2021-08-26 23:40:32 avmike:>r> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 a881d1b1 HASH flags=e
2021-08-26 23:40:36 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:36 avmike:>r> infomode [%3490IP%] %3490NAME%: V1.0 124 IC f9f8aabcf974954a RC 702908fe94267a0 c84b063d HASH flags=e
2021-08-26 23:40:36 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 156 IC f9f8aabcf974954a RC 702908fe94267a0 0000 IDENTIFICATION flags=e
2021-08-26 23:40:36 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 124 IC f9f8aabcf974954a RC 702908fe94267a0 0000 IDENTIFICATION flags=e
2021-08-26 23:40:40 avmike:>r> infomode [%3490IP%] %3490NAME%: V1.0 124 IC f9f8aabcf974954a RC 702908fe94267a0 c5efa75c HASH flags=e
2021-08-26 23:40:40 avmike:%3490NAME%: del phase 1 SA 75
2021-08-26 23:40:40 avmike:wolke_neighbour_renew_sa 0 SAs
2021-08-26 23:40:40 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:40:40 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:40:40 avmike:%3490NAME%: Phase 2 waiting
2021-08-26 23:40:40 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 86645dc919aebb8e RC 00000000 0000 SA flags=
2021-08-26 23:40:42 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 86645dc919aebb8e RC 00000000 0000 SA flags=
2021-08-26 23:40:45 avmike:<<<  quickmode[%3490IP%] %3490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 9e8041ea HASH flags=e
2021-08-26 23:40:45 avmike:%3490NAME%: quickmode: no SA found V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 9e8041ea HASH flags=e
2021-08-26 23:40:45 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:40:45 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:40:46 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 86645dc919aebb8e RC 00000000 0000 SA flags=
2021-08-26 23:40:54 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:40:54 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:40:55 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:40:55 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:40:55 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 4a1be7deb3e35e9e RC 00000000 0000 SA flags=
2021-08-26 23:40:57 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 4a1be7deb3e35e9e RC 00000000 0000 SA flags=
2021-08-26 23:41:01 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 4a1be7deb3e35e9e RC 00000000 0000 SA flags=
2021-08-26 23:41:03 avmike:<<<  quickmode[%3490IP%] %3490NAME%: V1.0 604 IC f9f8aabcf974954a RC 702908fe94267a0 7b63bd9e HASH flags=e
2021-08-26 23:41:03 avmike:%3490NAME%: quickmode: no SA found V1.0 604 IC f9f8aabcf974954a RC 702908fe94267a0 7b63bd9e HASH flags=e
2021-08-26 23:41:03 avmike:<<<  quickmode[%3490IP%] %3490NAME%: V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 9e8041ea HASH flags=e
2021-08-26 23:41:03 avmike:%3490NAME%: quickmode: no SA found V1.0 1020 IC f9f8aabcf974954a RC 702908fe94267a0 9e8041ea HASH flags=e
2021-08-26 23:41:03 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 1aab4d6e68e0bf3f RC aaff90037c232a3 0000 KEY flags=
2021-08-26 23:41:03 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:41:03 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 196 IC 86645dc919aebb8e RC 429890132e091bcf 0000 SA flags=
2021-08-26 23:41:03 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:41:04 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 300 IC c2a01216c2b63d4c RC 00000000 0000 SA flags=
2021-08-26 23:41:04 avmike:%3490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:41:04 avmike:identity protection mode %3490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:41:04 avmike:%3490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:41:04 avmike:%3490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:41:04 avmike:%3490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:41:04 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 196 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 SA flags=
2021-08-26 23:41:09 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:41:09 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:41:10 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:41:10 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:41:10 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 2aa2a348ab58aace RC 00000000 0000 SA flags=
2021-08-26 23:41:12 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 2aa2a348ab58aace RC 00000000 0000 SA flags=
2021-08-26 23:41:13 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:15 avmike:%3490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:76
2021-08-26 23:41:15 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:15 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:16 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 2aa2a348ab58aace RC 00000000 0000 SA flags=
2021-08-26 23:41:17 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:21 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 KEY flags=
2021-08-26 23:41:24 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:41:24 avmike:%3490NAME%: del phase 1 SA 76
2021-08-26 23:41:24 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:41:24 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 156 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 IDENTIFICATION flags=e
2021-08-26 23:41:24 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:41:25 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:41:25 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:41:25 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 83f962ec57bb356 RC 00000000 0000 SA flags=
2021-08-26 23:41:26 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 156 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 IDENTIFICATION flags=e
2021-08-26 23:41:26 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:41:27 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 83f962ec57bb356 RC 00000000 0000 SA flags=
2021-08-26 23:41:30 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 156 IC c2a01216c2b63d4c RC ba12e8a1e2b1bfb5 0000 IDENTIFICATION flags=e
2021-08-26 23:41:30 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:41:31 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 83f962ec57bb356 RC 00000000 0000 SA flags=
2021-08-26 23:41:34 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 300 IC bdff313d7bf60f04 RC 00000000 0000 SA flags=
2021-08-26 23:41:34 avmike:%3490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:41:34 avmike:identity protection mode %3490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:41:34 avmike:%3490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:41:34 avmike:%3490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:41:34 avmike:%3490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:41:34 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 196 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 SA flags=
2021-08-26 23:41:39 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:41:39 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:41:40 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:41:40 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:41:40 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 95da2d0a2739aaf0 RC 00000000 0000 SA flags=
2021-08-26 23:41:42 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 95da2d0a2739aaf0 RC 00000000 0000 SA flags=
2021-08-26 23:41:43 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 KEY flags=
2021-08-26 23:41:45 avmike:%3490NAME%: add phase 1 SA: DH15/AES-256/SHA2-512/3600sec id:77
2021-08-26 23:41:45 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 KEY flags=
2021-08-26 23:41:45 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 196 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 SA flags=
2021-08-26 23:41:45 avmike:identity protection mode %3490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:41:45 avmike:%3490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:41:45 avmike:%3490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:41:45 avmike:%3490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:41:46 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:41:47 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 KEY flags=
2021-08-26 23:41:48 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:41:51 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 KEY flags=
2021-08-26 23:41:52 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:41:54 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 156 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 IDENTIFICATION flags=e
2021-08-26 23:41:54 avmike:%3490NAME%: embedded inital contact message received
2021-08-26 23:41:54 avmike:%3490NAME% start_vpn_keepalive already running
2021-08-26 23:41:54 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 124 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 IDENTIFICATION flags=e
2021-08-26 23:41:54 avmike:%3490NAME%: Phase 1 ready
2021-08-26 23:41:54 avmike:%3490NAME%: current=%3490IP% new=%3490IP%
2021-08-26 23:41:54 avmike:%3490NAME%: start waiting connections
2021-08-26 23:41:54 avmike:%3490NAME%: Phase 2 starting (start waiting)
2021-08-26 23:41:55 avmike:>>> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 55ebb385 HASH flags=e
2021-08-26 23:41:57 avmike:>r> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 55ebb385 HASH flags=e
2021-08-26 23:42:00 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:42:00 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:42:01 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:42:01 avmike:%3490NAME%: Phase 2 starting
2021-08-26 23:42:02 avmike:>>> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab ce93996 HASH flags=e
2021-08-26 23:42:04 avmike:>r> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab ce93996 HASH flags=e
2021-08-26 23:42:08 avmike:>r> quickmode [%3490IP%] %3490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab ce93996 HASH flags=e
2021-08-26 23:42:16 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:42:16 avmike:>r> infomode [%3490IP%] %3490NAME%: V1.0 124 IC bdff313d7bf60f04 RC 6b46af05392026ab 94625680 HASH flags=e
2021-08-26 23:42:16 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 156 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 IDENTIFICATION flags=e
2021-08-26 23:42:16 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 124 IC bdff313d7bf60f04 RC 6b46af05392026ab 0000 IDENTIFICATION flags=e
2021-08-26 23:42:16 avmike:>r> infomode [%3490IP%] %3490NAME%: V1.0 124 IC bdff313d7bf60f04 RC 6b46af05392026ab 8262ec13 HASH flags=e
2021-08-26 23:42:16 avmike:%3490NAME%: del phase 1 SA 77
2021-08-26 23:42:16 avmike:wolke_neighbour_renew_sa 0 SAs
2021-08-26 23:42:16 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:42:16 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 823ed109636b8fd3 RC 00000000 0000 SA flags=
2021-08-26 23:42:16 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:42:16 avmike:%3490NAME%: Phase 2 waiting
2021-08-26 23:42:18 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 823ed109636b8fd3 RC 00000000 0000 SA flags=
2021-08-26 23:42:22 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 823ed109636b8fd3 RC 00000000 0000 SA flags=
2021-08-26 23:42:26 avmike:<<<  quickmode[%3490IP%] %3490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 93733841 HASH flags=e
2021-08-26 23:42:26 avmike:%3490NAME%: quickmode: no SA found V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 93733841 HASH flags=e
2021-08-26 23:42:26 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:42:26 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:42:30 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:42:30 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:42:31 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:42:31 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:42:31 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC c1a480232b94f626 RC 00000000 0000 SA flags=
2021-08-26 23:42:33 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC c1a480232b94f626 RC 00000000 0000 SA flags=
2021-08-26 23:42:37 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC c1a480232b94f626 RC 00000000 0000 SA flags=
2021-08-26 23:42:45 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:42:45 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:42:46 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:42:46 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:42:46 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC d724c79776ab65e4 RC 00000000 0000 SA flags=
2021-08-26 23:42:47 avmike:<<<  quickmode[%3490IP%] %3490NAME%: V1.0 604 IC bdff313d7bf60f04 RC 6b46af05392026ab 55ebb385 HASH flags=e
2021-08-26 23:42:47 avmike:%3490NAME%: quickmode: no SA found V1.0 604 IC bdff313d7bf60f04 RC 6b46af05392026ab 55ebb385 HASH flags=e
2021-08-26 23:42:47 avmike:<<<  quickmode[%3490IP%] %3490NAME%: V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 93733841 HASH flags=e
2021-08-26 23:42:47 avmike:%3490NAME%: quickmode: no SA found V1.0 1020 IC bdff313d7bf60f04 RC 6b46af05392026ab 93733841 HASH flags=e
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC 95da2d0a2739aaf0 RC 524c6917994fd4da 0000 KEY flags=
2021-08-26 23:42:47 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:42:47 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 196 IC 823ed109636b8fd3 RC 2e211073f44b9435 0000 SA flags=
2021-08-26 23:42:47 avmike:%3490NAME%: can't send infomsg, no sa found
2021-08-26 23:42:48 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC d724c79776ab65e4 RC 00000000 0000 SA flags=
2021-08-26 23:42:52 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 300 IC d3db51e1ceba2a3 RC 00000000 0000 SA flags=
2021-08-26 23:42:52 avmike:%3490NAME%: no valid sa, reseting initialcontactdone flag
2021-08-26 23:42:52 avmike:identity protection mode %3490NAME%: selected lifetime: 3600 sec(no notify)
2021-08-26 23:42:52 avmike:%3490NAME% receive VENDOR ID Payload: XAUTH
2021-08-26 23:42:52 avmike:%3490NAME% receive VENDOR ID Payload: DPD
2021-08-26 23:42:52 avmike:%3490NAME% receive VENDOR ID Payload: NAT-T RFC 3947
2021-08-26 23:42:52 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 196 IC d3db51e1ceba2a3 RC 40f469c18f5d6ee 0000 SA flags=
2021-08-26 23:42:52 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC d724c79776ab65e4 RC 00000000 0000 SA flags=
2021-08-26 23:43:00 avmike:%3490NAME%: Phase 1 failed (initiator): timeout, checking ip address
2021-08-26 23:43:00 avmike:< cb_sa_create_failed(name=%3490NAME%,reason=IKE-Error 0x2027)
2021-08-26 23:43:01 avmike:< create_sa(appl=vpnd,cname=%3490NAME%)
2021-08-26 23:43:01 avmike:%3490NAME%: Phase 1 starting
2021-08-26 23:43:01 avmike:>>> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 8064af96700d32c9 RC 00000000 0000 SA flags=
2021-08-26 23:43:03 avmike:>r> identity protection mode [%3490IP%] %3490NAME%: V1.0 300 IC 8064af96700d32c9 RC 00000000 0000 SA flags=
2021-08-26 23:43:04 avmike:<<<  identity protection mode[%3490IP%] %3490NAME%: V1.0 572 IC d3db51e1ceba2a3 RC 40f469c18f5d6ee 0000 KEY flags=

Für mich schaut es so aus, als ob SA mit der neuen Firmware aus irgend einem Grund fehl schlägt.

Killom · 27 Aug 2021

Nachtrag, da >50k Zeichen:

Habe nochmal in die ipsec.cfg der neuen Firmware geschaut. Die Phase1 (dh15/aes/sha) scheint identisch zu der alten aus 7.12 zu sein.
ABER:
In der Phase2 sind bei "LT8h/esp-all-all/ah-none/comp-all/pfs" scheinbar alle Kompressionen rausgeflogen. Vgl. mit phase2ss aus Post #1.

Code:

{
        name = "LT8h/esp-all-all/ah-none/comp-all/pfs";
        comment = "Alle Algorithmen, ohne AH, mit PFS";
        pfs = yes;
        life_dur_sec = 8h;
        life_dur_kb = 0;
        proposals {
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = hmac_sha2_512;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = sha;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 192;
                hash = sha;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 0;
                hash = sha;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_3des;
                enc_key_length = 0;
                hash = sha;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_des;
                enc_key_length = 0;
                hash = sha;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 256;
                hash = md5;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 192;
                hash = md5;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_aes;
                enc_key_length = 0;
                hash = md5;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_3des;
                enc_key_length = 0;
                hash = md5;
            }
        }{
            comp = comp_none;
            ah = ah_none;
            esp {
                typ = esp_des;
                enc_key_length = 0;
                hash = md5;
            }
        }
    }

Languages

Suche

Languages

Suche

[Problem] VPN Verbindung - FritzBox 3490 (OS 7.12) zu LANCOM 1781VA (OS 10.32.0157RU5)

Killom

Neuer User

PeterPawn

IPPF-Urgestein

Killom

Neuer User

Killom

Neuer User

Killom

Neuer User

Neueste Beiträge

Kategorien

Wissenswertes

Zurzeit aktive Besucher

Statistik des Forums

3CX jetzt einen Monat kostenlos testen

Unternehmen

Lösungen

Nützliche Links

Mehr erfahren