VPN IPsec Verbindung zwischen Lancom 1781AW und ViDEC TC MOBILE ROUTER 3G (Phoenix PSI Modem 3G) Möglichkeiten Client (Mobilfunkrouter Phoenix daher wechselnde IP) Remote Host: Ist ein Lancom VPN Router 1781AW Authentification PSK/X.509 remote certificate (Ich habe PSK gewählt) PSK: GanzSicheresPaswort Remote certificate: none (Nutze PSK) Local certificate: none (Nutze PSK) Remote ID: [email protected] (fictive E-Mailadresse) Lokale ID: [email protected] (fictive E-Mailadresse) Adress remoet Network: 192.168.100.0/24 Adresskreis des Lancom Routers Adress local network: 192.168.101.0/24 Adresskreis des Mobilfunkrouters Connection NAT: None/Local 1:1 NAT/Remote masquerading (gewählt wurde none) Remote connection: Accept/Initiate (gewählt wurde Initiate weil der Mobilfunkrouter eine wechselnde IP hat. Phase 1 ISAKMP SA: ISAKMP SA encryption: AES-128 ISAKMP SA hash: SHA-1 ISAKMP SA lifetime: 8000s Phase 2 IPsec SA: IPSec SA encryption: AES-128 IPsec SA hash: SHA-1 IPsec SA lifetime: 28800 PFS: YES DH/PFS group: 2/modp1024 Rekey: Yes Dead per detection: Yes DPD delay: 30s DPD timeout: 90s Mar 19 09:43:56 pluto[1290]: "vpn1" #59: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Mar 19 09:43:56 pluto[1290]: "vpn1" #59: starting keying attempt 21 of an unlimited number Mar 19 09:43:56 pluto[1290]: "vpn1" #60: initiating Main Mode to replace #59 Mar 19 09:44:05 pluto[1290]: "vpn1" #60: received Vendor ID payload [draftietf-ipsec-nat-t-ike-02_n] Mar 19 09:44:05 pluto[1290]: "vpn1" #60: received Vendor ID payload [draftietf-ipsec-nat-t-ike-03] Mar 19 09:44:05 pluto[1290]: "vpn1" #60: received Vendor ID payload [RFC 3947] Mar 19 09:44:05 pluto[1290]: "vpn1" #60: ignoring Vendor ID payload [eeefa37809e32ad4de4f6b010c26a640] Mar 19 09:44:05 pluto[1290]: "vpn1" #60: received Vendor ID payload [XAUTH] Mar 19 09:44:05 pluto[1290]: "vpn1" #60: received Vendor ID payload [Dead Peer Detection] Mar 19 09:44:05 pluto[1290]: "vpn1" #60: enabling possible NAT-traversal with method 3 Mar 19 09:44:05 pluto[1290]: "vpn1" #60: NAT-Traversal: Result using RFC 3947: i am NATed Mar 19 09:44:05 pluto[1290]: ERROR: asynchronous network error report on ppp0 for message to 79.211.98.171 port 4500, complainant 79.211.98.171: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Mar 19 09:44:15 pluto[1290]: ERROR: asynchronous network error report on ppp0 for message to 79.211.98.171 port 4500, complainant 79.211.98.171: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Mar 19 09:44:29 gsmCtrld[1101]: CREG: stat=1 ci=4C858A Mar 19 09:44:37 pluto[1290]: ERROR: asynchronous network error report on ppp0 for message to 79.211.98.171 port 4500, complainant 79.211.98.171: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Mar 19 09:44:37 pluto[1290]: packet from 79.211.98.171:4500: ignoring informational payload, type INVALID_COOKIE Einstellungen Lancom: Main Mode (Wird vom Mobilen Router verlangt), XAUTH=Aus, IKE Config=Server PFS Gruppe: 2 (modp-1024) IKE Gruppe: 2 (modp-1024) IKE Proposal: 1. PSK-AES-MD5 Verschlüsselung AES-CBC 128Bit Hash: MD5 Authentifizierung: PSK Gültigkeit: 8000s 2. PSK-AES-SHA Verschlüsselung AES-CBC 128Bit Hash: SHA1 Authentifizierung: PSK Gültigkeit: 8000s 3. PSK-BLOW-MD5 Verschlüsselung Blowfish CBC 128Bit Hash: MD5 Authentifizierung: PSK Gültigkeit: 8000s 4. …… IKE Schlüssel: PSK: GanzSicheresPaswort Remote ID: E-Mailadresse (FGUN): [email protected] (fictive E-Mailadresse) Lokale ID: E-Mailadresse (FGUN): [email protected] (fictive E-Mailadresse) IPsec Proposal: Modus: Tunnel ESP Proposal: Verschlüsselung: AES CBC 128Bit Authentifizierung: HMAC-SHA1 AH-Proposal: Authentifizierung: HMAC-SHA1 IPCOMP: Kompression: Kein IPCOMP Gültigkeit: 28800s VPN Trace Lancom (Main Mode): [VPN-Status] 2015/03/19 09:26:50,603 Devicetime: 2015/03/19 09:26:56,266 IKE info: The remote server 80.187.111.111:7396 (UDP) peer def-main-peer id <no_id> supports draftietf-ipsec-isakmp-xauth IKE info: The remote server 80.187.111.111:7396 (UDP) peer def-main-peer id <no_id> negotiated rfc3706-dead-peer-detection IKE info: The remote peer def-main-peer supports NAT-T in RFC mode IKE info: The remote peer def-main-peer supports NAT-T in draft mode IKE info: The remote peer def-main-peer supports NAT-T in draft mode [VPN-Status] 2015/03/19 09:26:50,603 Devicetime: 2015/03/19 09:26:56,267 IKE info: Phase-1 remote proposal 1 for peer def-main-peer matched with local proposal 1 [VPN-Status] 2015/03/19 09:26:50,814 Devicetime: 2015/03/19 09:26:56,546 IKE info: no preshared secret found for peer isakmp-peer-def-main-peer [VPN-Status] 2015/03/19 09:26:50,814 Devicetime: 2015/03/19 09:26:56,546 IKE log: 092656.000000 Default ike_auth_get_key: no key found for peer "isakmp-peer-def-main-peer"or local ID "(null)" [VPN-Status] 2015/03/19 09:26:50,814 Devicetime: 2015/03/19 09:26:56,612 IKE log: 092656.000000 Default ipsec_get_keystate: no keystate in ISAKMP SA 04d75840
© Copyright 2024 ExpyDoc
