Auf der Seite der Clients wird diese Meldung angezeigt: Keine Regel für ID's gefunden - unbekannte Verbindung oder fehlerhafte ID (z.B. IP-Netzwerkdefinition)
Das passiert bei allen 3 Partner-Routern, die sich in den Netzen 192.168.2.x - 192.168.4.x befinden.
Die VPN-Verbindungen unter diesen Routern sind hingegen frei von diesem Fehler. Lediglich alle ausgelösten VPN-Verbindungen, die von meinem Router zu den anderen initiiert werden, lösen den eben beschriebenen Fehler aus.
Ich habe zur Verdeutlichung mal ein kleines Verbindungsprotokoll angefertigt:
Kann jemand aus diesem Wurstsalat erkennen, wo das Problem liegt und warum nur ich diesen Fehler bekomme?[VPN-Status] 2010/02/18 00:02:31,600
VPN: poll timeout for GUMMIBROETCHEN (88.71.x.x)
remote site answered during intervall
send poll frame to 192.168.2.1
[VPN-Status] 2010/02/18 00:02:31,650
VPN: Poll reply from GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:36,490
VPN: Disconnect info: physical-disconnected (0x4304) for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:36,490
VPN: disconnecting GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:36,490
VPN: Disconnect info: physical-disconnected (0x4304) for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:36,510
IKE info: Delete Notificaton sent for Phase-2 SA ipsec-1-GUMMIBROETCHEN-pr0-l0-r0 to peer GUMMIBROETCHEN, spi [0x69737fb1]
[VPN-Status] 2010/02/18 00:02:36,510
IKE info: Phase-2 SA removed: peer GUMMIBROETCHEN rule ipsec-1-GUMMIBROETCHEN-pr0-l0-r0 removed
IKE info: containing Protocol IPSEC_ESP, with spis [16fdb4de ] [69737fb1 ]
[VPN-Status] 2010/02/18 00:02:36,510
IKE info: Delete Notificaton sent for Phase-1 SA to peer GUMMIBROETCHEN
[VPN-Status] 2010/02/18 00:02:36,510
IKE info: Phase-1 SA removed: peer GUMMIBROETCHEN rule GUMMIBROETCHEN removed
[VPN-Status] 2010/02/18 00:02:36,550
selecting first remote gateway using strategy eFirst for GUMMIBROETCHEN
=> CurrIdx=0, IpStr=>server.domain.net<, IpAddr=88.71.x.x, IpTtl=60s
[VPN-Status] 2010/02/18 00:02:36,550
VPN: installing ruleset for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:36,560
VPN: GUMMIBROETCHEN (88.71.x.x) disconnected
[VPN-Status] 2010/02/18 00:02:36,600
VPN: rulesets installed
[VPN-Status] 2010/02/18 00:02:36,900
VPN: poll timeout for PURZELCHEN (81.38.x.x)
remote site answered during intervall
send poll frame to 192.168.4.1
[VPN-Status] 2010/02/18 00:02:37,070
VPN: Poll reply from PURZELCHEN (81.38.x.x)
[VPN-Status] 2010/02/18 00:02:37,550
VPN: connecting to GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:37,560
VPN: start dynamic VPN negotiation for GUMMIBROETCHEN (88.71.x.x) via ICMP/UDP
[VPN-Status] 2010/02/18 00:02:37,560
VPN: create dynamic VPN V2 authentication packet for GUMMIBROETCHEN (88.71.x.x)
DNS: 192.168.1.1, 0.0.0.0
NBNS: 192.168.1.1, 0.0.0.0
polling address: 192.168.1.1
[VPN-Status] 2010/02/18 00:02:37,630
VPN: received dynamic VPN V2 authentication packet from GUMMIBROETCHEN (88.71.x.x)
DNS: 192.168.2.1, 0.0.0.0
NBNS: 192.168.2.1, 0.0.0.0
polling address: 192.168.2.1
[VPN-Status] 2010/02/18 00:02:37,630
VPN: installing ruleset for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:37,650
VPN: ruleset installed for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:37,650
VPN: create dynamic VPN V2 authentication packet for GUMMIBROETCHEN (88.71.x.x)
DNS: 192.168.1.1, 0.0.0.0
NBNS: 192.168.1.1, 0.0.0.0
polling address: 192.168.1.1
[VPN-Status] 2010/02/18 00:02:37,650
VPN: start IKE negotiation for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:37,650
IKE info: Phase-1 negotiation started for peer GUMMIBROETCHEN rule isakmp-peer-GUMMIBROETCHEN using MAIN mode
[VPN-Status] 2010/02/18 00:02:37,670
VPN: rulesets installed
[VPN-Status] 2010/02/18 00:02:37,720
IKE info: The remote server 88.71.x.x:500 peer GUMMIBROETCHEN id <no_id> is Enigmatec IPSEC version 1.5.1
IKE info: The remote server 88.71.x.x:500 peer GUMMIBROETCHEN id <no_id> negotiated rfc-3706-dead-peer-detection
[VPN-Status] 2010/02/18 00:02:37,720
IKE info: Phase-1 remote proposal 1 for peer GUMMIBROETCHEN matched with local proposal 1
[VPN-Status] 2010/02/18 00:02:37,920
IKE info: Phase-1 [inititiator] for peer GUMMIBROETCHEN between initiator id 91.67.x.x, responder id 88.71.x.x done
IKE info: SA ISAKMP for peer GUMMIBROETCHEN encryption aes-cbc authentication md5
IKE info: life time ( 108000 sec/ 0 kb)
[VPN-Status] 2010/02/18 00:02:37,920
IKE info: Phase-1 SA Rekeying Timeout (Soft-Event) for peer GUMMIBROETCHEN set to 86400 seconds (Initiator)
[VPN-Status] 2010/02/18 00:02:37,920
IKE info: Phase-1 SA Timeout (Hard-Event) for peer GUMMIBROETCHEN set to 108000 seconds (Initiator)
[VPN-Status] 2010/02/18 00:02:38,090
IKE info: Phase-2 SA Rekeying Timeout (Soft-Event) for peer GUMMIBROETCHEN set to 1600 seconds (Initiator)
[VPN-Status] 2010/02/18 00:02:38,090
IKE info: Phase-2 SA Timeout (Hard-Event) for peer GUMMIBROETCHEN set to 2000 seconds (Initiator)
[VPN-Status] 2010/02/18 00:02:38,090
IKE info: Phase-2 [inititiator] done with 2 SAS for peer GUMMIBROETCHEN rule ipsec-1-GUMMIBROETCHEN-pr0-l0-r0
IKE info: rule:' ipsec 192.168.1.0/255.255.255.0 <-> 192.168.2.0/255.255.255.0 '
IKE info: SA ESP [0x6d817bbb] alg AES keylength 128 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x765edfe9] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: life soft( 1600 sec/160000 kb) hard (2000 sec/200000 kb)
IKE info: tunnel between src: 91.67.x.x dst: 88.71.x.x
[VPN-Status] 2010/02/18 00:02:38,100
IKE info: NOTIFY received of type NO_PROPOSAL_CHOSEN for peer GUMMIBROETCHEN
[VPN-Status] 2010/02/18 00:02:38,100
VPN: Error: IPSEC-I-No-proposal-matched (0x3102) for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:39,100
VPN: GUMMIBROETCHEN (88.71.x.x) connected, set poll timer to 30 sec
[VPN-Status] 2010/02/18 00:02:44,100
VPN: poll timeout for GUMMIBROETCHEN (88.71.x.x)
send poll frame to 192.168.2.1
[VPN-Status] 2010/02/18 00:02:44,150
IKE info: NOTIFY received of type NO_PROPOSAL_CHOSEN for peer GUMMIBROETCHEN
[VPN-Status] 2010/02/18 00:02:44,160
VPN: Error: IPSEC-I-No-proposal-matched (0x3102) for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:44,160
VPN: Poll reply from GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:02:53,000
VPN: poll timeout for KRUEMELCHEN (91.67.x.x)
remote site answered during intervall
send poll frame to 192.168.3.1
[VPN-Status] 2010/02/18 00:02:53,010
VPN: Poll reply from KRUEMELCHEN (91.67.x.x)
[VPN-Status] 2010/02/18 00:02:53,190
IKE info: NOTIFY received of type NO_PROPOSAL_CHOSEN for peer GUMMIBROETCHEN
[VPN-Status] 2010/02/18 00:02:53,200
VPN: Error: IPSEC-I-No-proposal-matched (0x3102) for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:03:04,240
IKE info: NOTIFY received of type NO_PROPOSAL_CHOSEN for peer GUMMIBROETCHEN
[VPN-Status] 2010/02/18 00:03:04,240
VPN: Error: IPSEC-I-No-proposal-matched (0x3102) for GUMMIBROETCHEN (88.71.x.x)
[VPN-Status] 2010/02/18 00:03:14,100
VPN: poll timeout for GUMMIBROETCHEN (88.71.x.x)
remote site answered during intervall
send poll frame to 192.168.2.1
[VPN-Status] 2010/02/18 00:03:14,150
VPN: Poll reply from GUMMIBROETCHEN (88.71.x.x)
