Hallo Zusammen!
Ich möchte mal unter Mac OS X IPSecuritas testen.
Soweit habe ich IPSecuritas analog dem AVC und der Router Konfig konfiguriert.
Verbindung kommt nicht ganz zustande.
Ich kann mit den Fehlermeldungen nur teilweise was anfangen. Von daher brauche ich Eure Hilfe.
Dec 12, 20:47:40 Error IKE inappropriate sadb acquire message passed.
und danach direkt
Dec 12, 20:47:41 Error IKE fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Mit folgenden Konfig Punkten kann ich nichts anfangen, da es sie so direkt im Lancom AVC nicht gibt:
- Propsal Check+Nonce Länge
Folgendes habe ich unter Optionen angehackt (siehe Bild)
Die Einstellungen unter Optionen sind analog dieser Konfig
http://209.85.129.104/search?q=cache:6A ... cd=4&gl=de
Für eure Hilfe wäre ich Euch sehr dankbar.
Grüße
DB
IPSecuritas und Lancom 1811
Moderator: Lancom-Systems Moderatoren
IPSecuritas und Lancom 1811
Du hast keine ausreichende Berechtigung, um die Dateianhänge dieses Beitrags anzusehen.
Okay. Du hast Recht. Anbei das Trace. Teilweise dürfte am Anfang das Trace vom LANCOM AVC stammen.
Aber ich denke, du weißt, ab wann ich mit IPSecuritas mit connectet habe.
>
[VPN-Status] 2007/12/13 19:33:09,270
IKE info: Delete Notification received for Phase-2 SA ipsec-10-USERNAME-pr0-l1-r0
peer USERNAME spi [0x5302a72d]
[VPN-Status] 2007/12/13 19:33:09,270
IKE info: Phase-2 SA removed: peer USERNAME rule ipsec-10-USERNAME-pr0-l1-r0 removed
IKE info: containing Protocol IPSEC_ESP, with spis [5302a72d ] [41e1affb ]
IKE info: containing Protocol IPCOMP, with spis [0003 ] [659c ]
[VPN-Status] 2007/12/13 19:33:09,280
IKE info: Delete Notification received for Phase-2 SA ipsec-10-USERNAME-pr0-l0-r0
peer USERNAME spi [0x535bff57]
[VPN-Status] 2007/12/13 19:33:09,280
IKE info: Phase-2 SA removed: peer USERNAME rule ipsec-10-USERNAME-pr0-l0-r0 removed
IKE info: containing Protocol IPSEC_ESP, with spis [535bff57 ] [33cbbff2 ]
IKE info: containing Protocol IPCOMP, with spis [0003 ] [bdf3 ]
[VPN-Status] 2007/12/13 19:33:09,290
IKE info: Delete Notification received for Phase-1 SA isakmp-peer-USERNAME peer USERNAME cookies [4e202ac3e3e06e19 3c46a45d5ba2c929]
[VPN-Status] 2007/12/13 19:33:09,290
IKE info: Phase-1 SA removed: peer USERNAME rule USERNAME removed
[VPN-Status] 2007/12/13 19:33:09,290
VPN: USERNAME (12.23.45.78) disconnected
[VPN-Status] 2007/12/13 19:33:09,290
VPN: Disconnect info: remote-disconnected (0x4301) for USERNAME (12.23.45.78)
[VPN-Status] 2007/12/13 19:33:09,300
VPN: selecting first remote gateway using strategy eFirst for USERNAME
=> no remote gateway selected
[VPN-Status] 2007/12/13 19:33:09,300
VPN: installing ruleset for USERNAME (0.0.0.0)
[VPN-Status] 2007/12/13 19:33:22,920
IKE info: Phase-1 [responder] for peer USERNAME between initiator id USERNAME, respo
nder id USERNAME done
IKE info: NAT-T enabled in mode rfc, we are not behind a nat, the remote side is
behind a nat
IKE info: SA ISAKMP for peer USERNAME encryption aes-cbc authentication md5
IKE info: life time ( 28800 sec/ 0 kb)
[VPN-Status] 2007/12/13 19:33:22,930
IKE info: NOTIFY received of type INITIAL_CONTACT for peer USERNAME
[VPN-Status] 2007/12/13 19:33:23,950
IKE info: Phase-2 proposal failed: remote No 1, number of protos 1 <-> local No
1, number of protos 2
IKE info: Phase-2 remote proposal 1 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 2, number of protos 1 <-> local No
1, number of protos 2
IKE info: Phase-2 remote proposal 2 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 3, number of protos 1 <-> local No
1, number of protos 2
IKE info: Phase-2 remote proposal 3 failed for peer USERNAME
IKE log: 193323 Default message_negotiate_sa: no compatible proposal found
IKE log: 193323 Default dropped message from 12.23.45.78 port -8553 due to notif
ication type NO_PROPOSAL_CHOSEN
IKE info: dropped message from peer USERNAME 12.23.45.78 port -8553 due to notific
ation type NO_PROPOSAL_CHOSEN
[VPN-Status] 2007/12/13 19:33:23,960
VPN: Error: IPSEC-R-No-proposal-matched (0x3202) for USERNAME (12.23.45.78)
[VPN-Status] 2007/12/13 19:33:23,970
VPN: selecting next remote gateway using strategy eFirst for USERNAME
=> no remote gateway selected
[VPN-Status] 2007/12/13 19:33:23,970
VPN: selecting first remote gateway using strategy eFirst for USERNAME
=> no remote gateway selected
[VPN-Status] 2007/12/13 19:33:23,970
VPN: installing ruleset for USERNAME (0.0.0.0)
[VPN-Status] 2007/12/13 19:33:23,980
IKE info: Delete Notificaton sent for Phase-1 SA to peer USERNAME
[VPN-Status] 2007/12/13 19:33:23,980
IKE info: Phase-1 SA removed: peer USERNAME rule USERNAME removed
[VPN-Status] 2007/12/13 19:33:34,750
IKE info: Phase-1 [responder] got initial contact from peer USERNAME (12.23.45.78)
[VPN-Status] 2007/12/13 19:33:34,750
IKE info: Phase-1 [responder] for peer USERNAME between initiator id USERNAME, respo
nder id USERNAME done
IKE info: NAT-T enabled in mode rfc, we are not behind a nat, the remote side is
behind a nat
IKE info: SA ISAKMP for peer USERNAME encryption aes-cbc authentication sha1
IKE info: life time ( 28800 sec/ 0 kb)
[VPN-Status] 2007/12/13 19:33:35,380
IKE info: Phase-2 proposal failed: remote No 1, ipcomp algorithm DEFLATE <-> loc
al No 1, ipcomp algorithm LZS
IKE info: Phase-2 remote proposal 1 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 2, esp hmac HMAC_SHA <-> local No 1
, esp hmac HMAC_MD5
IKE info: Phase-2 remote proposal 2 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 3, esp algorithm 3DES <-> local No
1, esp algorithm AES
IKE info: Phase-2 proposal failed: remote No 3, esp algorithm keylen 0 <-> local
No 1, esp algorithm keylen 128,128:256
IKE info: Phase-2 remote proposal 3 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 4, esp algorithm 3DES <-> local No
1, esp algorithm AES
IKE info: Phase-2 proposal failed: remote No 4, esp algorithm keylen 0 <-> local
No 1, esp algorithm keylen 128,128:256
IKE info: Phase-2 proposal failed: remote No 4, esp hmac HMAC_SHA <-> local No 1
, esp hmac HMAC_MD5
IKE info: Phase-2 remote proposal 4 failed for peer USERNAME
IKE info: Phase-2 remote proposal 5 for peer USERNAME matched with local proposal
1
[VPN-Status] 2007/12/13 19:33:35,480
IKE info: Phase-2 [responder] done with 4 SAS for peer USERNAME rule ipsec-10-USERNAME-pr0-l0-r0
IKE info: rule:' ipsec 192.168.24.0/255.255.255.0 <-> 192.168.24.186/255.255.255
.255 '
IKE info: SA ESP [0x0f7c4fff] alg AES keylength 128 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x100cb03b] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: SA IPCOMP [0x0003] alg LZS outgoing
IKE info: SA IPCOMP [0xec05] alg LZS incoming
IKE info: life soft( 25920 sec/0 kb) hard (28800 sec/0 kb)
IKE info: tunnel between src: 123.456.789.10 dst: 12.23.45.78
[VPN-Status] 2007/12/13 19:33:35,480
VPN: wait for IKE negotiation from USERNAME (12.23.45.78)
[VPN-Status] 2007/12/13 19:33:36,390
IKE info: Phase-2 proposal failed: remote No 1, ipcomp algorithm DEFLATE <-> loc
al No 1, ipcomp algorithm LZS
IKE info: Phase-2 remote proposal 1 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 2, esp hmac HMAC_SHA <-> local No 1
, esp hmac HMAC_MD5
IKE info: Phase-2 remote proposal 2 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 3, esp algorithm 3DES <-> local No
1, esp algorithm AES
IKE info: Phase-2 proposal failed: remote No 3, esp algorithm keylen 0 <-> local
No 1, esp algorithm keylen 128,128:256
IKE info: Phase-2 remote proposal 3 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 4, esp algorithm 3DES <-> local No
1, esp algorithm AES
IKE info: Phase-2 proposal failed: remote No 4, esp algorithm keylen 0 <-> local
No 1, esp algorithm keylen 128,128:256
IKE info: Phase-2 proposal failed: remote No 4, esp hmac HMAC_SHA <-> local No 1
, esp hmac HMAC_MD5
IKE info: Phase-2 remote proposal 4 failed for peer USERNAME
IKE info: Phase-2 remote proposal 5 for peer USERNAME matched with local proposal
1
Aber ich denke, du weißt, ab wann ich mit IPSecuritas mit connectet habe.
>
[VPN-Status] 2007/12/13 19:33:09,270
IKE info: Delete Notification received for Phase-2 SA ipsec-10-USERNAME-pr0-l1-r0
peer USERNAME spi [0x5302a72d]
[VPN-Status] 2007/12/13 19:33:09,270
IKE info: Phase-2 SA removed: peer USERNAME rule ipsec-10-USERNAME-pr0-l1-r0 removed
IKE info: containing Protocol IPSEC_ESP, with spis [5302a72d ] [41e1affb ]
IKE info: containing Protocol IPCOMP, with spis [0003 ] [659c ]
[VPN-Status] 2007/12/13 19:33:09,280
IKE info: Delete Notification received for Phase-2 SA ipsec-10-USERNAME-pr0-l0-r0
peer USERNAME spi [0x535bff57]
[VPN-Status] 2007/12/13 19:33:09,280
IKE info: Phase-2 SA removed: peer USERNAME rule ipsec-10-USERNAME-pr0-l0-r0 removed
IKE info: containing Protocol IPSEC_ESP, with spis [535bff57 ] [33cbbff2 ]
IKE info: containing Protocol IPCOMP, with spis [0003 ] [bdf3 ]
[VPN-Status] 2007/12/13 19:33:09,290
IKE info: Delete Notification received for Phase-1 SA isakmp-peer-USERNAME peer USERNAME cookies [4e202ac3e3e06e19 3c46a45d5ba2c929]
[VPN-Status] 2007/12/13 19:33:09,290
IKE info: Phase-1 SA removed: peer USERNAME rule USERNAME removed
[VPN-Status] 2007/12/13 19:33:09,290
VPN: USERNAME (12.23.45.78) disconnected
[VPN-Status] 2007/12/13 19:33:09,290
VPN: Disconnect info: remote-disconnected (0x4301) for USERNAME (12.23.45.78)
[VPN-Status] 2007/12/13 19:33:09,300
VPN: selecting first remote gateway using strategy eFirst for USERNAME
=> no remote gateway selected
[VPN-Status] 2007/12/13 19:33:09,300
VPN: installing ruleset for USERNAME (0.0.0.0)
[VPN-Status] 2007/12/13 19:33:22,920
IKE info: Phase-1 [responder] for peer USERNAME between initiator id USERNAME, respo
nder id USERNAME done
IKE info: NAT-T enabled in mode rfc, we are not behind a nat, the remote side is
behind a nat
IKE info: SA ISAKMP for peer USERNAME encryption aes-cbc authentication md5
IKE info: life time ( 28800 sec/ 0 kb)
[VPN-Status] 2007/12/13 19:33:22,930
IKE info: NOTIFY received of type INITIAL_CONTACT for peer USERNAME
[VPN-Status] 2007/12/13 19:33:23,950
IKE info: Phase-2 proposal failed: remote No 1, number of protos 1 <-> local No
1, number of protos 2
IKE info: Phase-2 remote proposal 1 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 2, number of protos 1 <-> local No
1, number of protos 2
IKE info: Phase-2 remote proposal 2 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 3, number of protos 1 <-> local No
1, number of protos 2
IKE info: Phase-2 remote proposal 3 failed for peer USERNAME
IKE log: 193323 Default message_negotiate_sa: no compatible proposal found
IKE log: 193323 Default dropped message from 12.23.45.78 port -8553 due to notif
ication type NO_PROPOSAL_CHOSEN
IKE info: dropped message from peer USERNAME 12.23.45.78 port -8553 due to notific
ation type NO_PROPOSAL_CHOSEN
[VPN-Status] 2007/12/13 19:33:23,960
VPN: Error: IPSEC-R-No-proposal-matched (0x3202) for USERNAME (12.23.45.78)
[VPN-Status] 2007/12/13 19:33:23,970
VPN: selecting next remote gateway using strategy eFirst for USERNAME
=> no remote gateway selected
[VPN-Status] 2007/12/13 19:33:23,970
VPN: selecting first remote gateway using strategy eFirst for USERNAME
=> no remote gateway selected
[VPN-Status] 2007/12/13 19:33:23,970
VPN: installing ruleset for USERNAME (0.0.0.0)
[VPN-Status] 2007/12/13 19:33:23,980
IKE info: Delete Notificaton sent for Phase-1 SA to peer USERNAME
[VPN-Status] 2007/12/13 19:33:23,980
IKE info: Phase-1 SA removed: peer USERNAME rule USERNAME removed
[VPN-Status] 2007/12/13 19:33:34,750
IKE info: Phase-1 [responder] got initial contact from peer USERNAME (12.23.45.78)
[VPN-Status] 2007/12/13 19:33:34,750
IKE info: Phase-1 [responder] for peer USERNAME between initiator id USERNAME, respo
nder id USERNAME done
IKE info: NAT-T enabled in mode rfc, we are not behind a nat, the remote side is
behind a nat
IKE info: SA ISAKMP for peer USERNAME encryption aes-cbc authentication sha1
IKE info: life time ( 28800 sec/ 0 kb)
[VPN-Status] 2007/12/13 19:33:35,380
IKE info: Phase-2 proposal failed: remote No 1, ipcomp algorithm DEFLATE <-> loc
al No 1, ipcomp algorithm LZS
IKE info: Phase-2 remote proposal 1 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 2, esp hmac HMAC_SHA <-> local No 1
, esp hmac HMAC_MD5
IKE info: Phase-2 remote proposal 2 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 3, esp algorithm 3DES <-> local No
1, esp algorithm AES
IKE info: Phase-2 proposal failed: remote No 3, esp algorithm keylen 0 <-> local
No 1, esp algorithm keylen 128,128:256
IKE info: Phase-2 remote proposal 3 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 4, esp algorithm 3DES <-> local No
1, esp algorithm AES
IKE info: Phase-2 proposal failed: remote No 4, esp algorithm keylen 0 <-> local
No 1, esp algorithm keylen 128,128:256
IKE info: Phase-2 proposal failed: remote No 4, esp hmac HMAC_SHA <-> local No 1
, esp hmac HMAC_MD5
IKE info: Phase-2 remote proposal 4 failed for peer USERNAME
IKE info: Phase-2 remote proposal 5 for peer USERNAME matched with local proposal
1
[VPN-Status] 2007/12/13 19:33:35,480
IKE info: Phase-2 [responder] done with 4 SAS for peer USERNAME rule ipsec-10-USERNAME-pr0-l0-r0
IKE info: rule:' ipsec 192.168.24.0/255.255.255.0 <-> 192.168.24.186/255.255.255
.255 '
IKE info: SA ESP [0x0f7c4fff] alg AES keylength 128 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x100cb03b] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: SA IPCOMP [0x0003] alg LZS outgoing
IKE info: SA IPCOMP [0xec05] alg LZS incoming
IKE info: life soft( 25920 sec/0 kb) hard (28800 sec/0 kb)
IKE info: tunnel between src: 123.456.789.10 dst: 12.23.45.78
[VPN-Status] 2007/12/13 19:33:35,480
VPN: wait for IKE negotiation from USERNAME (12.23.45.78)
[VPN-Status] 2007/12/13 19:33:36,390
IKE info: Phase-2 proposal failed: remote No 1, ipcomp algorithm DEFLATE <-> loc
al No 1, ipcomp algorithm LZS
IKE info: Phase-2 remote proposal 1 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 2, esp hmac HMAC_SHA <-> local No 1
, esp hmac HMAC_MD5
IKE info: Phase-2 remote proposal 2 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 3, esp algorithm 3DES <-> local No
1, esp algorithm AES
IKE info: Phase-2 proposal failed: remote No 3, esp algorithm keylen 0 <-> local
No 1, esp algorithm keylen 128,128:256
IKE info: Phase-2 remote proposal 3 failed for peer USERNAME
IKE info: Phase-2 proposal failed: remote No 4, esp algorithm 3DES <-> local No
1, esp algorithm AES
IKE info: Phase-2 proposal failed: remote No 4, esp algorithm keylen 0 <-> local
No 1, esp algorithm keylen 128,128:256
IKE info: Phase-2 proposal failed: remote No 4, esp hmac HMAC_SHA <-> local No 1
, esp hmac HMAC_MD5
IKE info: Phase-2 remote proposal 4 failed for peer USERNAME
IKE info: Phase-2 remote proposal 5 for peer USERNAME matched with local proposal
1
So. Die Verbindung kommt nun zustande.
Was allerdings nicht geht, ich kann keinen Ping absetzen.
Lutz aus diesem Post
http://www.spenneberg.com/6536.html
hatte gleiches Problem. Er hat es aber gelöst bekommen mit den entsprechenden Kommandos
ip address add und ip route add
Beides Kommandos gibt es aber nicht mehr unter Leopard.
Hat hier zu jmd. eine Idee?
Ebenso kenne ich den Namen des VPN-Adapter Devices nicht.
Wie kann ich diesen ausfindig machen?
Besten Dank vorab.
Was allerdings nicht geht, ich kann keinen Ping absetzen.
Lutz aus diesem Post
http://www.spenneberg.com/6536.html
hatte gleiches Problem. Er hat es aber gelöst bekommen mit den entsprechenden Kommandos
ip address add und ip route add
Beides Kommandos gibt es aber nicht mehr unter Leopard.
Hat hier zu jmd. eine Idee?
Ebenso kenne ich den Namen des VPN-Adapter Devices nicht.
Wie kann ich diesen ausfindig machen?
Besten Dank vorab.
