Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 38 subscribers
  • Views 933 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN ASG -> Netgear

wildy
Nabend zusammen,
ich verzweifel grade an einem Tunnel. Ich habe so das Gefühl das ich da etwas nicht richtig verstanden habe.


Folgendes Setup:

Meine Seite ASG 8 atuell, hängt direkt am DSL Modem, soll Verbindung zum Netgear dg834gb herstellen der ebenfalls direkt ins Internet geht. ( Hängt am Splitter, Modem ist dort inkludiert ).

Verbindung per IPSEC Site to Site mit PSK.

Konfigs hängen unten als Bilder dran. Verbindung kommt nicht zustande, bekomme folgende Fehlermeldung im LOG der ASG. 

2011:10:09-23:33:14 homeserv ipsec_starter[26457]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...

2011:10:09-23:33:14 homeserv pluto[26465]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS

2011:10:09-23:33:14 homeserv ipsec_starter[26463]: pluto (26465) started after 60 ms

2011:10:09-23:33:14 homeserv pluto[26465]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve

2011:10:09-23:33:14 homeserv pluto[26465]: including NAT-Traversal patch (Version 0.6c) [disabled]

2011:10:09-23:33:14 homeserv pluto[26465]: Using Linux 2.6 IPsec interface code

2011:10:09-23:33:15 homeserv pluto[26465]: loading ca certificates from '/etc/ipsec.d/cacerts'

2011:10:09-23:33:15 homeserv pluto[26465]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'

2011:10:09-23:33:15 homeserv pluto[26465]: loading aa certificates from '/etc/ipsec.d/aacerts'

2011:10:09-23:33:15 homeserv pluto[26465]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'

2011:10:09-23:33:15 homeserv pluto[26465]: Changing to directory '/etc/ipsec.d/crls'

2011:10:09-23:33:15 homeserv pluto[26465]: loading attribute certificates from '/etc/ipsec.d/acerts'

2011:10:09-23:33:15 homeserv pluto[26465]: listening for IKE messages

2011:10:09-23:33:15 homeserv pluto[26465]: adding interface ppp0/ppp0 91.55.127.16:500

2011:10:09-23:33:15 homeserv pluto[26465]: adding interface eth0.8/eth0.8 93.236.237.226:500

2011:10:09-23:33:15 homeserv pluto[26465]: adding interface tun0/tun0 10.242.2.1:500

2011:10:09-23:33:15 homeserv pluto[26465]: adding interface eth2/eth2 192.168.2.1:500

2011:10:09-23:33:15 homeserv pluto[26465]: adding interface eth1/eth1 192.168.1.1:500

2011:10:09-23:33:15 homeserv pluto[26465]: adding interface eth3/eth3 192.168.3.1:500

2011:10:09-23:33:15 homeserv pluto[26465]: adding interface lo/lo 127.0.0.1:500

2011:10:09-23:33:15 homeserv pluto[26465]: adding interface lo/lo ::1:500

2011:10:09-23:33:15 homeserv pluto[26465]: loading secrets from "/etc/ipsec.secrets"

2011:10:09-23:33:15 homeserv pluto[26465]: loaded PSK secret for 91.55.127.16 alwaysdel.dyndns.org

2011:10:09-23:33:15 homeserv pluto[26465]: added connection description "S_del-home"

2011:10:09-23:33:15 homeserv pluto[26465]: "S_del-home" #1: initiating Main Mode

2011:10:09-23:33:16 homeserv pluto[26465]: "S_del-home" #1: received Vendor ID payload [Dead Peer Detection]

2011:10:09-23:33:17 homeserv pluto[26465]: "S_del-home" #1: Informational Exchange message must be encrypted

2011:10:09-23:33:26 homeserv pluto[26465]: "S_del-home" #1: Informational Exchange message must be encrypted

2011:10:09-23:33:27 homeserv pluto[26465]: "S_del-home" #1: discarding duplicate packet; already STATE_MAIN_I3

2011:10:09-23:33:46 homeserv pluto[26465]: "S_del-home" #1: Informational Exchange message must be encrypted

2011:10:09-23:33:46 homeserv pluto[26465]: "S_del-home" #1: discarding duplicate packet; already STATE_MAIN_I3

2011:10:09-23:34:26 homeserv pluto[26465]: "S_del-home" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message

2011:10:09-23:34:26 homeserv pluto[26465]: "S_del-home" #1: starting keying attempt 2 of an unlimited number

2011:10:09-23:34:26 homeserv pluto[26465]: "S_del-home" #2: initiating Main Mode to replace #1

2011:10:09-23:34:26 homeserv pluto[26465]: "S_del-home" #2: received Vendor ID payload [Dead Peer Detection]

2011:10:09-23:34:27 homeserv pluto[26465]: "S_del-home" #2: Informational Exchange message must be encrypted

2011:10:09-23:34:36 homeserv pluto[26465]: "S_del-home" #2: discarding duplicate packet; already STATE_MAIN_I3

2011:10:09-23:34:37 homeserv pluto[26465]: "S_del-home" #2: Informational Exchange message must be encrypted

2011:10:09-23:34:56 homeserv pluto[26465]: "S_del-home" #2: discarding duplicate packet; already STATE_MAIN_I3

2011:10:09-23:34:58 homeserv pluto[26465]: "S_del-home" #2: Informational Exchange message must be encrypted 


Der Netgear spuckt folgendes aus: 

Sun, 2011-10-09 22:32:53 - added connection description "hb-home"

Sun, 2011-10-09 22:32:53 - adding interface ipsec0/ppp0 79.203.238.137

Sun, 2011-10-09 22:33:15 - [hb-home] responding to Main Mode

Sun, 2011-10-09 22:33:16 - no suitable connection for peer '91.55.127.16'Sun, 2011-10-09 22:33:16 - [hb-home] sending notification INVALID_ID_INFORMATION to 91.55.127.16:500

Sun, 2011-10-09 22:33:25 - no suitable connection for peer '91.55.127.16'Sun, 2011-10-09 22:33:25 - [hb-home] sending notification INVALID_ID_INFORMATION to 91.55.127.16:500

Sun, 2011-10-09 22:33:26 - [hb-home] STATE_MAIN_R2: retransmission; will wait 20s for response


Eigentlich ist das doch alles passend eingestellt? Oder macht mir die Uhrzeit mal wieder zu schaffen?
--> Der Key im Netgear ist nur leer weil klartext. Die Verbindung im ASG Rot damit das Log nich vollgespamt wird. Was sonst natürlich alles gesetzt.

Gruß

Marco


This thread was automatically locked due to age.
Unfiltered HTML