ich habe nach dieser Anleitung »VPN-Verbindung zwischen LANCOM und integrierten VPN-Client im MacOS X« versucht eine VPN Verbindung aufzubauen. Leider scheitere ich, ohne eine Vermutung woran es noch liegen könnte.
Die Anleitung gibt in Schritt 11. vor, als lokale Identität sowie als entfernte Identität »apple_vpn« zu nutzen. Ich habe dies nun auf »No identity« geändert, da ich ansonsten folgenden Fehler im Lancom bekomme.
Code: Alles auswählen
Default dropped message from 77.20.82.12 port 500 due to notification type INVALID_ID_INFORMATION
Hat vielleicht jemand eine Ahnung weshalb die Verbindung ohne sinnvolle Fehlermeldungen abstirbt und kann mir bei der Fehlerbehebung helfen?
Beste Grüße
Jan
Gerät: 1781VA (Firmware 9.04.0084)
Anbei habe ich die den trace + vpn-status, das lokale MacOS Log und die generierte Racoon Config gehängt.
trace + vpn-status
Code: Alles auswählen
root@Lancom1781VA:/
> trace + vpn-status
VPN-Status ON
[VPN-Status] 2015/01/17 18:52:43,102
IKE info: The remote peer def-aggr-peer supports NAT-T in RFC mode
IKE info: The remote peer def-aggr-peer supports NAT-T in draft mode
IKE info: The remote peer def-aggr-peer supports NAT-T in draft mode
IKE info: The remote server 77.20.82.12:500 (UDP) peer def-aggr-peer id <no_id> supports draft-ietf-ipsec-isakmp-xauth
IKE info: The remote server 77.20.82.12:500 (UDP) peer def-aggr-peer id <no_id> negotiated rfc-3706-dead-peer-detection
[VPN-Status] 2015/01/17 18:52:43,103
IKE info: Phase-1 remote proposal 1 for peer def-aggr-peer matched with local proposal 1
Lokales Log des MacOS
Code: Alles auswählen
17.01.15 18:52:50,911 configd[18]: IPSec connecting to server XXX.XXX.XXX.XXX
17.01.15 18:52:50,912 configd[18]: SCNC: start, triggered by (199) SystemUIServer, type IPSec, status 0, trafficClass 0
17.01.15 18:52:50,918 configd[18]: network changed.
17.01.15 18:52:50,921 configd[18]: IPSec Phase1 starting.
17.01.15 18:52:50,990 racoon[35780]: accepted connection on vpn control socket.
17.01.15 18:52:50,991 racoon[35780]: IPSec connecting to server XXX.XXX.XXX.XXX
17.01.15 18:52:50,991 racoon[35780]: Connecting.
17.01.15 18:52:50,991 racoon[35780]: IPSec Phase 1 started (Initiated by XX).
17.01.15 18:52:50,993 racoon[35780]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
17.01.15 18:52:50,993 racoon[35780]: >>>>> phase change status = Phase 1 started by us
17.01.15 18:52:50,997 configd[18]: network changed.
17.01.15 18:52:51,096 racoon[35780]: IKEv1 Phase 1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
17.01.15 18:52:51,096 racoon[35780]: >>>>> phase change status = Phase 1 started by peer
17.01.15 18:52:51,096 racoon[35780]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
17.01.15 18:52:51,096 racoon[35780]: IKEv1 Phase 1 Initiator: success. (Initiator, Aggressive-Mode).
17.01.15 18:52:51,096 racoon[35780]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
17.01.15 18:52:51,097 racoon[35780]: IKE Packet: transmit success. (Information message).
17.01.15 18:52:51,097 racoon[35780]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
17.01.15 18:52:51,097 racoon[35780]: IPSec Phase 1 established (Initiated by XX).
17.01.15 18:52:51,100 configd[18]: network changed.
17.01.15 18:52:58,786 racoon[35780]: !!! skipped retransmitting frags: frag_flags 1, r->sendbuf->l 104, max 1280
17.01.15 18:52:58,787 racoon[35780]: Received retransmitted packet from XXX.XXX.XXX.XXX[500].
17.01.15 18:52:58,787 racoon[35780]: the packet is retransmitted by XXX.XXX.XXX.XXX[500].
17.01.15 18:53:07,786 racoon[35780]: !!! skipped retransmitting frags: frag_flags 1, r->sendbuf->l 104, max 1280
17.01.15 18:53:07,786 racoon[35780]: Received retransmitted packet from XXX.XXX.XXX.XXX[500].
17.01.15 18:53:07,786 racoon[35780]: the packet is retransmitted by XXX.XXX.XXX.XXX[500].
17.01.15 18:53:19,064 racoon[35780]: !!! skipped retransmitting frags: frag_flags 1, r->sendbuf->l 104, max 1280
17.01.15 18:53:19,064 racoon[35780]: Received retransmitted packet from XXX.XXX.XXX.XXX[500].
17.01.15 18:53:19,065 racoon[35780]: the packet is retransmitted by XXX.XXX.XXX.XXX[500].
17.01.15 18:53:21,096 configd[18]: IPSec disconnecting from server XXX.XXX.XXX.XXX
17.01.15 18:53:21,097 racoon[35780]: IPSec disconnecting from server XXX.XXX.XXX.XXX
17.01.15 18:53:21,097 racoon[35780]: IKE Packet: transmit success. (Information message).
17.01.15 18:53:21,097 racoon[35780]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
Code: Alles auswählen
remote XXX.XXX.XXX.XXX {
doi ipsec_doi;
situation identity_only;
exchange_mode aggressive;
my_identifier keyid_use "apple_vpn";
verify_identifier off;
shared_secret keychain "0FFFF5F1-F0FF-4FF1-AFF7-F1FFAF4F1F7F.SS";
nonce_size 16;
dpd_delay 20;
dpd_retry 5;
dpd_maxfail 5;
dpd_algorithm dpd_blackhole_detect;
initial_contact on;
support_proxy on;
proposal_check obey;
xauth_login "apple_vpn";
mode_cfg on;
proposal {
authentication_method xauth_psk_client;
hash_algorithm sha1;
encryption_algorithm aes 256;
lifetime time 3600 sec;
dh_group 2;
}
proposal {
authentication_method xauth_psk_client;
hash_algorithm sha1;
encryption_algorithm aes;
lifetime time 3600 sec;
dh_group 2;
}
proposal {
authentication_method xauth_psk_client;
hash_algorithm md5;
encryption_algorithm aes 256;
lifetime time 3600 sec;
dh_group 2;
}
proposal {
authentication_method xauth_psk_client;
hash_algorithm md5;
encryption_algorithm aes;
lifetime time 3600 sec;
dh_group 2;
}
proposal {
authentication_method xauth_psk_client;
hash_algorithm sha1;
encryption_algorithm 3des;
lifetime time 3600 sec;
dh_group 2;
}
proposal {
authentication_method xauth_psk_client;
hash_algorithm md5;
encryption_algorithm 3des;
lifetime time 3600 sec;
dh_group 2;
}
proposal {
authentication_method xauth_psk_client;
hash_algorithm sha1;
encryption_algorithm des;
lifetime time 3600 sec;
dh_group 2;
}
proposal {
authentication_method xauth_psk_client;
hash_algorithm md5;
encryption_algorithm des;
lifetime time 3600 sec;
dh_group 2;
}
}