ich verzweifel grade an einem Tunnel. Ich habe so das Gefühl das ich da etwas nicht richtig verstanden habe.
Folgendes Setup:
Meine Seite ASG 8 atuell, hängt direkt am DSL Modem, soll Verbindung zum Netgear dg834gb herstellen der ebenfalls direkt ins Internet geht. ( Hängt am Splitter, Modem ist dort inkludiert ).
Verbindung per IPSEC Site to Site mit PSK.
Konfigs hängen unten als Bilder dran. Verbindung kommt nicht zustande, bekomme folgende Fehlermeldung im LOG der ASG.
2011:10:09-23:33:14 homeserv ipsec_starter[26457]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
2011:10:09-23:33:14 homeserv pluto[26465]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
2011:10:09-23:33:14 homeserv ipsec_starter[26463]: pluto (26465) started after 60 ms
2011:10:09-23:33:14 homeserv pluto[26465]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
2011:10:09-23:33:14 homeserv pluto[26465]: including NAT-Traversal patch (Version 0.6c) [disabled]
2011:10:09-23:33:14 homeserv pluto[26465]: Using Linux 2.6 IPsec interface code
2011:10:09-23:33:15 homeserv pluto[26465]: loading ca certificates from '/etc/ipsec.d/cacerts'
2011:10:09-23:33:15 homeserv pluto[26465]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2011:10:09-23:33:15 homeserv pluto[26465]: loading aa certificates from '/etc/ipsec.d/aacerts'
2011:10:09-23:33:15 homeserv pluto[26465]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2011:10:09-23:33:15 homeserv pluto[26465]: Changing to directory '/etc/ipsec.d/crls'
2011:10:09-23:33:15 homeserv pluto[26465]: loading attribute certificates from '/etc/ipsec.d/acerts'
2011:10:09-23:33:15 homeserv pluto[26465]: listening for IKE messages
2011:10:09-23:33:15 homeserv pluto[26465]: adding interface ppp0/ppp0 91.55.127.16:500
2011:10:09-23:33:15 homeserv pluto[26465]: adding interface eth0.8/eth0.8 93.236.237.226:500
2011:10:09-23:33:15 homeserv pluto[26465]: adding interface tun0/tun0 10.242.2.1:500
2011:10:09-23:33:15 homeserv pluto[26465]: adding interface eth2/eth2 192.168.2.1:500
2011:10:09-23:33:15 homeserv pluto[26465]: adding interface eth1/eth1 192.168.1.1:500
2011:10:09-23:33:15 homeserv pluto[26465]: adding interface eth3/eth3 192.168.3.1:500
2011:10:09-23:33:15 homeserv pluto[26465]: adding interface lo/lo 127.0.0.1:500
2011:10:09-23:33:15 homeserv pluto[26465]: adding interface lo/lo ::1:500
2011:10:09-23:33:15 homeserv pluto[26465]: loading secrets from "/etc/ipsec.secrets"
2011:10:09-23:33:15 homeserv pluto[26465]: loaded PSK secret for 91.55.127.16 alwaysdel.dyndns.org
2011:10:09-23:33:15 homeserv pluto[26465]: added connection description "S_del-home"
2011:10:09-23:33:15 homeserv pluto[26465]: "S_del-home" #1: initiating Main Mode
2011:10:09-23:33:16 homeserv pluto[26465]: "S_del-home" #1: received Vendor ID payload [Dead Peer Detection]
2011:10:09-23:33:17 homeserv pluto[26465]: "S_del-home" #1: Informational Exchange message must be encrypted
2011:10:09-23:33:26 homeserv pluto[26465]: "S_del-home" #1: Informational Exchange message must be encrypted
2011:10:09-23:33:27 homeserv pluto[26465]: "S_del-home" #1: discarding duplicate packet; already STATE_MAIN_I3
2011:10:09-23:33:46 homeserv pluto[26465]: "S_del-home" #1: Informational Exchange message must be encrypted
2011:10:09-23:33:46 homeserv pluto[26465]: "S_del-home" #1: discarding duplicate packet; already STATE_MAIN_I3
2011:10:09-23:34:26 homeserv pluto[26465]: "S_del-home" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
2011:10:09-23:34:26 homeserv pluto[26465]: "S_del-home" #1: starting keying attempt 2 of an unlimited number
2011:10:09-23:34:26 homeserv pluto[26465]: "S_del-home" #2: initiating Main Mode to replace #1
2011:10:09-23:34:26 homeserv pluto[26465]: "S_del-home" #2: received Vendor ID payload [Dead Peer Detection]
2011:10:09-23:34:27 homeserv pluto[26465]: "S_del-home" #2: Informational Exchange message must be encrypted
2011:10:09-23:34:36 homeserv pluto[26465]: "S_del-home" #2: discarding duplicate packet; already STATE_MAIN_I3
2011:10:09-23:34:37 homeserv pluto[26465]: "S_del-home" #2: Informational Exchange message must be encrypted
2011:10:09-23:34:56 homeserv pluto[26465]: "S_del-home" #2: discarding duplicate packet; already STATE_MAIN_I3
2011:10:09-23:34:58 homeserv pluto[26465]: "S_del-home" #2: Informational Exchange message must be encrypted
Der Netgear spuckt folgendes aus:
Sun, 2011-10-09 22:32:53 - added connection description "hb-home"
Sun, 2011-10-09 22:32:53 - adding interface ipsec0/ppp0 79.203.238.137
Sun, 2011-10-09 22:33:15 - [hb-home] responding to Main Mode
Sun, 2011-10-09 22:33:16 - no suitable connection for peer '91.55.127.16'Sun, 2011-10-09 22:33:16 - [hb-home] sending notification INVALID_ID_INFORMATION to 91.55.127.16:500
Sun, 2011-10-09 22:33:25 - no suitable connection for peer '91.55.127.16'Sun, 2011-10-09 22:33:25 - [hb-home] sending notification INVALID_ID_INFORMATION to 91.55.127.16:500
Sun, 2011-10-09 22:33:26 - [hb-home] STATE_MAIN_R2: retransmission; will wait 20s for response
Eigentlich ist das doch alles passend eingestellt? Oder macht mir die Uhrzeit mal wieder zu schaffen?
--> Der Key im Netgear ist nur leer weil klartext. Die Verbindung im ASG Rot damit das Log nich vollgespamt wird. Was sonst natürlich alles gesetzt.
Gruß
Marco
This thread was automatically locked due to age.