ich möchte meinen 1783VA als XAUTH-Client in einem VPN einsetzen. Für die Konfiguration habe ich mich an eine Anleitung benutzt, die ich hier im Forum gefunden habe.
Der Verbindungsaufbau schlägt laut Trace nach dem Senden der XAUTH-Benutzerdaten mit dem Fehler "Default exchange_run: [case -1] exchange_validate2 failed" fehl. Anschließend erfolgt der Fehler "Default dropped message from 93.229.70.171 port 4500 due to notification type PAYLOAD_MALFORMED".
Die Benutzerdaten sind aber definitiv richtig (wird auch mit XAUTH_STATUS 1 so quittiert von der Gegenstellt). Die Gegenstellt ist eine Fritz!Box 7490, der Einwahl z.B. mit einem Android-Handy zur Fritz!Box mit diesem VPN Zugang funktioniert problemlos.
Ich habe den Hinweis gefunden, dass PAYLOAD_MALFORMED auf einen falschen IKE-Proposal hindeutet, dort habe ich "PSK-AES256-SHA" gewählt, diesen sollte die Fritz!Box meines Wissens nach unterstützen.
Wer hat einen entscheidenden Tipp für mich, welche Einstellung falsch ist?
Code: Alles auswählen
[VPN-Status] 2016/11/27 10:14:11,945 Devicetime: 2016/11/27 10:14:10,561
VPN: ruleset installed for LANCOM (93.229.XXX.XXX)
[VPN-Status] 2016/11/27 10:14:11,945 Devicetime: 2016/11/27 10:14:10,561
VPN: start IKE negotiation for LANCOM (93.229.XXX.XXX)
[VPN-Status] 2016/11/27 10:14:11,945 Devicetime: 2016/11/27 10:14:10,562
VPN: WAN state changed to WanProtocol for LANCOM (93.229.XXX.XXX), called by: 00b7b2a8
[VPN-Status] 2016/11/27 10:14:11,945 Devicetime: 2016/11/27 10:14:10,562
VPN: rulesets installed
[VPN-Status] 2016/11/27 10:14:11,945 Devicetime: 2016/11/27 10:14:10,563
IKE info: Phase-1 negotiation started for peer LANCOM rule isakmp-peer-LANCOM using AGGRESSIVE mode
[VPN-IKE] 2016/11/27 10:14:11,945 Devicetime: 2016/11/27 10:14:10,565
Sending packet:
IKE 1.0 Header:
Source/Port : 192.168.56.47:500
Destination/Port : 93.229.XXX.XXX:500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 0
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : AGGRESSIVE
| Flags : 0x00
| Msg-ID : 0
| Length : 366 Bytes
SA Payload
| Next Payload : KEY_EXCH
| Reserved : 0x00
| Length : 60 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 48 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 1
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 40 Bytes
| | | Transform# : 0
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 65001
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Variable, LIFE_DURATION
| | | | Length : 4
| | | | Value : 00 01 A5 E0
| | | Attribute 6
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
KEY_EXCH Payload
| Next Payload : NONCE
| Reserved : 0x00
| Length : 132 Bytes
| DH-Key(1024 bits) : B3 C8 EE 2D B6 AA 5E 75 69 65 BE 8C 9D F7 D9 5D
| B8 3E 81 BE 89 D2 E9 C3 73 22 89 F6 7D E3 B1 E8
| 45 7A E2 23 C1 BA 06 51 89 18 BE 80 6C FE C0 C8
| 74 3A 69 A1 88 3C 8A C2 24 B2 5F D1 F1 F0 61 6A
| F2 FA E1 AC 3E EF 5E F5 69 1B E6 EC D4 FE DD 1E
| F7 BD 7E 58 7F D1 DA 76 6C E7 FB 7C C8 9B C4 D5
| 7A 02 E3 FE 69 B9 8A FE FA F7 20 1F 8A D9 71 4D
| 3A 1B F0 1A 6C F9 66 78 F0 07 A0 79 46 95 EB 6E
NONCE Payload
| Next Payload : ID
| Reserved : 0x00
| Length : 20 Bytes
| Nonce(128 bits) : 8D BE B0 0F 67 2C D6 D5 BF 56 DC 5C CE 98 5D CF
ID Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 14 Bytes
| ID type : KEY_ID
| Protocol ID : 0
| Port : 0
| ID : 4C 41 4E 43 4F 4D
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : EE EF A3 78 09 E3 2A D4 DE 4F 6B 01 0C 26 A6 40
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
[VPN-IKE] 2016/11/27 10:14:12,261 Devicetime: 2016/11/27 10:14:10,887
Received packet:
IKE 1.0 Header:
Source/Port : 93.229.XXX.XXX:500
Destination/Port : 192.168.56.47:500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : SA
| Version : 1.0
| Exchange type : AGGRESSIVE
| Flags : 0x00
| Msg-ID : 0
| Length : 472 Bytes
SA Payload
| Next Payload : KEY_EXCH
| Reserved : 0x00
| Length : 60 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 48 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 1
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 40 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 65001
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Variable, LIFE_DURATION
| | | | Length : 4
| | | | Value : 00 01 A5 E0
KEY_EXCH Payload
| Next Payload : NONCE
| Reserved : 0x00
| Length : 132 Bytes
| DH-Key(1024 bits) : 86 2A EA 4F CE 63 E4 68 BA 2A 40 3A 67 C9 5F 35
| FC C4 CB 3D 50 38 F1 2C E8 B3 65 82 03 81 E3 6F
| 39 84 54 69 55 80 F8 4B F2 64 42 8C 29 1A 90 25
| E4 E8 0F F7 52 4F E6 25 3F D0 5D 5B 0B 03 20 0D
| EB 7F 63 85 11 5D 67 ED BE 42 40 BF F1 6C 30 2B
| A6 60 BC B9 76 67 68 43 A9 49 17 A8 6B AE 33 51
| 62 ED 80 E6 12 7B 8B 19 36 14 7F 6A 31 96 EA B1
| ED 51 09 A3 81 C2 6E EA 21 78 A9 3F A3 85 10 0A
NONCE Payload
| Next Payload : ID
| Reserved : 0x00
| Length : 20 Bytes
| Nonce(128 bits) : 15 7E 0F 81 32 81 FA 84 E7 D9 D1 60 13 43 22 D3
ID Payload
| Next Payload : HASH
| Reserved : 0x00
| Length : 12 Bytes
| ID type : IPV4_ADDR
| Protocol ID : 0
| Port : 0
| ID : 93.229.XXX.XXX
HASH Payload
| Next Payload : NOTIFY
| Reserved : 0x00
| Length : 24 Bytes
| Signature Data : 87 0C 8D 5C C9 A2 A1 DD A9 6E 0C 0C 21 D0 A7 56
| 88 B1 FA E1
NOTIFY Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 36 Bytes
| DOI : IPSEC
| Protocol ID : IPSEC_IKE
| SPI size : 16
| Message type : RESPONDER_LIFETIME
| SPI : 9B B3 8D 15 CF F1 AC 03 3E 57 64 98 5F 89 92 F2
| Notif. data : 80 0B 00 01 80 0C 0E 10
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NAT_D
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
NAT_D Payload
| Next Payload : NAT_D
| Reserved : 0x00
| Length : 24 Bytes
| Hash : 54 CC AC EA 3A 05 65 66 46 A9 2D 8A 96 5A 81 11
| 5E 2F 55 97
NAT_D Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 24 Bytes
| Hash : 49 3B 74 1F F2 FC FA 3D B1 96 48 3A 76 8C B2 99
| 34 5D A0 8C
[VPN-Status] 2016/11/27 10:14:12,261 Devicetime: 2016/11/27 10:14:10,888
IKE info: The remote server 93.229.XXX.XXX:500 (UDP) peer LANCOM id <no_id> supports draft-ietf-ipsec-isakmp-xauth
IKE info: The remote server 93.229.XXX.XXX:500 (UDP) peer LANCOM id <no_id> negotiated rfc-3706-dead-peer-detection
IKE info: The remote peer LANCOM supports NAT-T in RFC mode
IKE info: The remote peer LANCOM supports NAT-T in draft mode
IKE info: The remote peer LANCOM supports NAT-T in draft mode
[VPN-Status] 2016/11/27 10:14:12,261 Devicetime: 2016/11/27 10:14:10,888
IKE info: Phase-1 remote proposal 1 for peer LANCOM matched with local proposal 1
[VPN-IKE] 2016/11/27 10:14:12,261 Devicetime: 2016/11/27 10:14:10,894
Sending packet before encryption:
IKE 1.0 Header:
Source/Port : 192.168.56.47:4500
Destination/Port : 93.229.XXX.XXX:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : AGGRESSIVE
| Flags : 0x00
| Msg-ID : 0
| Length : 108 Bytes
HASH Payload
| Next Payload : NAT_D
| Reserved : 0x00
| Length : 24 Bytes
| Signature Data : 4A F3 DB 18 A1 0F 1D C8 FF 45 0C FE DC F0 98 BF
| 7C 7B D6 85
NAT_D Payload
| Next Payload : NAT_D
| Reserved : 0x00
| Length : 24 Bytes
| Hash : 89 D1 85 87 18 6E 8C C8 15 00 93 EC 5E 00 0D 3B
| DD 4B 6B B2
NAT_D Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 24 Bytes
| Hash : F9 0E 3D F5 25 F1 B7 76 6B C5 39 2C 4A F2 10 46
| 1B F4 8B 90
Rest : 00 00 00 00 00 00 00 00
[VPN-IKE] 2016/11/27 10:14:12,261 Devicetime: 2016/11/27 10:14:10,895
Sending packet after encryption:
IKE 1.0 Header:
Source/Port : 192.168.56.47:4500
Destination/Port : 93.229.XXX.XXX:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : AGGRESSIVE
| Flags : 0x01 Encrypted
| Msg-ID : 0
| Length : 108 Bytes
Encrypted Data : 4A FC 2A F9 3A 68 4B EE A9 AD 55 D9 66 F2 B6 B2
7A 98 76 BC 19 1A 2B 9E 2D CF A4 06 67 2E 11 FB
7E 27 A8 2A D9 D2 83 DC 23 4A 2A AC C4 6D 02 38
75 F7 6B 57 62 46 5B E1 C5 C5 CD 96 42 10 1B 48
77 60 06 A8 F7 A0 3B 5F 1D 47 E7 0F 78 91 9E 39
[VPN-Status] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,896
IKE info: Phase-1 SA Rekeying Timeout (Soft-Event) for peer LANCOM set to 86400 seconds (Initiator)
[VPN-Status] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,896
IKE info: Phase-1 SA Timeout (Hard-Event) for peer LANCOM set to 108000 seconds (Initiator)
[VPN-Status] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,896
Phase-1 [initiator] for peer LANCOM initiator id LANCOM, responder id 93.229.XXX.XXX
initiator cookie: 0x9BB38D15CFF1AC03, responder cookie: 0x3E5764985F8992F2
NAT-T enabled in mode rfc. We are behind a nat, the remote side is not behind a nat
SA ISAKMP for peer LANCOM encryption aes-cbc authentication SHA1
life time soft 11/28/2016 10:14:10 (in 86400 sec) / 0 kb
life time hard 11/28/2016 16:14:10 (in 108000 sec) / 0 kb
[VPN-IKE] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,906
Received packet:
IKE 1.0 Header:
Source/Port : 93.229.XXX.XXX:4500
Destination/Port : 192.168.56.47:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : TRANSACTION
| Flags : 0x01 Encrypted
| Msg-ID : 640599383
| Length : 92 Bytes
Encrypted Data : 55 F7 F1 48 49 95 CA 7E C6 84 93 F4 F3 B4 7D 9E
32 69 0F B7 C8 A9 F6 FD 76 5D 97 00 25 AB 0A AD
63 43 7E ED 0C A6 49 1E EE 05 2A ED F1 32 F6 66
98 4E 72 06 0B CE DC 8E A2 01 C8 41 D9 5B 0F BE
[VPN-IKE] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,907
Received packet after decryption:
IKE 1.0 Header:
Source/Port : 93.229.XXX.XXX:4500
Destination/Port : 192.168.56.47:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : TRANSACTION
| Flags : 0x00
| Msg-ID : 640599383
| Length : 92 Bytes
HASH Payload
| Next Payload : ATTRIBUTE
| Reserved : 0x00
| Length : 24 Bytes
| Signature Data : 99 52 14 1E AA 05 29 BE 1C 28 87 28 B6 8D 34 61
| 23 78 49 57
ATTRIBUTE Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 28 Bytes
| Type : REQUEST
| Reserved2 : 0x00
| Identifier : 34637
| Attribute 0
| | Type : Basic, XAUTH_TYPE
| | Value : 0
| Attribute 1
| | Type : Variable, XAUTH_USER_NAME
| | Length : 4
| | Value :
[VPN-Status] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,908
IKE info: IKE-CFG: Received REQUEST message with id 34637 from peer LANCOM
IKE info: IKE-CFG: Attribute XAUTH_TYPE len 2 value XAUTH_TYPE_GENERIC received
IKE info: IKE-CFG: Attribute XAUTH_USER_NAME len 4 value received
IKE info: IKE-CFG: Attribute XAUTH_PASSWORD len 4 value * received
[VPN-Status] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,909
IKE info: IKE-CFG: Creating REPLY message with id 34637 for peer LANCOM
IKE info: IKE-CFG: Attribute XAUTH_PASSWORD len 6 value * added
IKE info: IKE-CFG: Attribute XAUTH_USER_NAME len 6 value LANCOM added
IKE info: IKE-CFG: Attribute XAUTH_TYPE len 2 value XAUTH_TYPE_GENERIC added
IKE info: IKE-CFG: Sending message
[VPN-IKE] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,910
Sending packet before encryption:
IKE 1.0 Header:
Source/Port : 192.168.56.47:4500
Destination/Port : 93.229.XXX.XXX:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : TRANSACTION
| Flags : 0x00
| Msg-ID : 640599383
| Length : 92 Bytes
HASH Payload
| Next Payload : ATTRIBUTE
| Reserved : 0x00
| Length : 24 Bytes
| Signature Data : CA 75 61 14 05 44 5F 3A 4A 67 9D 71 0E 20 E3 0E
| AA AF 4A BA
ATTRIBUTE Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 28 Bytes
| Type : REPLY
| Reserved2 : 0x00
| Identifier : 34637
| Attribute 0
| | Type : Variable, XAUTH_PASSWORD
| | Length : 6
| | Value : ******
| Attribute 1
| | Type : Variable, XAUTH_USER_NAME
| | Length : 6
| | Value : LANCOM
Rest : 00 00 00 00 00 00 00 00 00 00 00 00
[VPN-IKE] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,911
Sending packet after encryption:
IKE 1.0 Header:
Source/Port : 192.168.56.47:4500
Destination/Port : 93.229.XXX.XXX:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : TRANSACTION
| Flags : 0x01 Encrypted
| Msg-ID : 640599383
| Length : 92 Bytes
Encrypted Data : E0 47 B4 81 E3 1E 18 95 61 BA 91 7F F8 7E 38 2D
6E 84 29 FF 6E CF 53 00 77 4F C3 C1 3C 5A 35 CA
43 90 A4 5E B8 41 3F DD 81 44 C6 27 83 B1 D1 27
9D 16 48 8F 9B 94 CC 30 44 6C 5B 5F EB 65 25 AE
[VPN-IKE] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,916
Received packet:
IKE 1.0 Header:
Source/Port : 93.229.XXX.XXX:4500
Destination/Port : 192.168.56.47:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : TRANSACTION
| Flags : 0x01 Encrypted
| Msg-ID : 640599383
| Length : 76 Bytes
Encrypted Data : 1A 8C 6C 80 27 2C 4B 6D 43 08 0F 86 FA 2F E7 3C
CA 08 D7 88 31 86 63 E6 C0 B8 5D 10 9F 9E CB 25
C7 00 BC 06 7C 43 71 79 EE C0 24 5D 4E 46 86 CE
[VPN-IKE] 2016/11/27 10:14:12,292 Devicetime: 2016/11/27 10:14:10,917
Received packet after decryption:
IKE 1.0 Header:
Source/Port : 93.229.XXX.XXX:4500
Destination/Port : 192.168.56.47:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : TRANSACTION
| Flags : 0x00
| Msg-ID : 640599383
| Length : 76 Bytes
HASH Payload
| Next Payload : ATTRIBUTE
| Reserved : 0x00
| Length : 24 Bytes
| Signature Data : 0E 06 87 F6 D5 26 AE AB 03 DA 91 21 DC 9A 8A 60
| 15 90 48 CF
ATTRIBUTE Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 12 Bytes
| Type : SET
| Reserved2 : 0x00
| Identifier : 34637
| Attribute 0
| | Type : Basic, XAUTH_STATUS
| | Value : 1
Rest : 00 00 00 00 00 00 00 00 00 00 00 00
[VPN-Status] 2016/11/27 10:14:12,361 Devicetime: 2016/11/27 10:14:10,917
IKE log: 101410.917429 Default exchange_run: [case -1] exchange_validate2 failed
[VPN-Status] 2016/11/27 10:14:12,361 Devicetime: 2016/11/27 10:14:10,917
IKE log: 101410.917485 Default dropped message from 93.229.XXX.XXX port 4500 due to notification type PAYLOAD_MALFORMED
[VPN-IKE] 2016/11/27 10:14:12,361 Devicetime: 2016/11/27 10:14:10,920
Sending packet before encryption:
IKE 1.0 Header:
Source/Port : 192.168.56.47:4500
Destination/Port : 93.229.XXX.XXX:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : INFO
| Flags : 0x00
| Msg-ID : 1196673531
| Length : 76 Bytes
HASH Payload
| Next Payload : NOTIFY
| Reserved : 0x00
| Length : 24 Bytes
| Signature Data : 04 9F 2F 68 D9 88 56 29 C3 17 0C E9 49 5C 53 D9
| A1 CF E4 5E
NOTIFY Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 12 Bytes
| DOI : IPSEC
| Protocol ID : IPSEC_IKE
| SPI size : 0
| Message type : PAYLOAD_MALFORMED
Rest : 00 00 00 00 00 00 00 00 00 00 00 00
[VPN-IKE] 2016/11/27 10:14:12,361 Devicetime: 2016/11/27 10:14:10,921
Sending packet after encryption:
IKE 1.0 Header:
Source/Port : 192.168.56.47:4500
Destination/Port : 93.229.XXX.XXX:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : INFO
| Flags : 0x01 Encrypted
| Msg-ID : 1196673531
| Length : 76 Bytes
Encrypted Data : 97 EF FC 0D 15 B9 BD F0 7E 2E 27 9A A1 67 28 30
97 D5 C3 1A 0F B4 AE 6C 9A C1 2F 42 1F 82 A2 73
87 4C B0 E8 FD FC 63 2A 37 D6 E6 25 A9 AF 71 56
[VPN-Status] 2016/11/27 10:14:12,361 Devicetime: 2016/11/27 10:14:10,921
policy manager error indication: LANCOM (93.229.XXX.XXX), cause: 8959
[VPN-Status] 2016/11/27 10:14:12,361 Devicetime: 2016/11/27 10:14:10,921
VPN: Error: IKE-R-General-failure (0x22ff) for LANCOM (93.229.XXX.XXX)
[VPN-IKE] 2016/11/27 10:14:17,316 Devicetime: 2016/11/27 10:14:15,922
Sending packet before encryption:
IKE 1.0 Header:
Source/Port : 192.168.56.47:4500
Destination/Port : 93.229.XXX.XXX:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : INFO
| Flags : 0x00
| Msg-ID : 3093036534
| Length : 92 Bytes
HASH Payload
| Next Payload : DELETE
| Reserved : 0x00
| Length : 24 Bytes
| Signature Data : 2D 8E 37 9B 14 8E F4 32 BE AF 6C C4 39 E3 32 29
| 53 18 00 96
DELETE Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 28 Bytes
| DOI : IPSEC
| Protocol ID : IPSEC_IKE
| SPI size : 16
| #SPIs : 1
| SPI 000 : 9B B3 8D 15 CF F1 AC 03 3E 57 64 98 5F 89 92 F2
Rest : 00 00 00 00 00 00 00 00 00 00 00 00
[VPN-IKE] 2016/11/27 10:14:17,316 Devicetime: 2016/11/27 10:14:15,924
Sending packet after encryption:
IKE 1.0 Header:
Source/Port : 192.168.56.47:4500
Destination/Port : 93.229.XXX.XXX:4500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 13
Loopback : NO
| Initiator cookie : 9B B3 8D 15 CF F1 AC 03
| Responder cookie : 3E 57 64 98 5F 89 92 F2
| Next Payload : HASH
| Version : 1.0
| Exchange type : INFO
| Flags : 0x01 Encrypted
| Msg-ID : 3093036534
| Length : 92 Bytes
Encrypted Data : 34 F8 28 AD 4E 29 E8 62 40 DF 20 B7 5A E5 9E B1
88 10 38 31 A9 6E 53 D9 39 07 9B 11 B2 28 66 FE
F2 CF F8 56 E8 EE 8A 2E B7 09 19 3F F6 6F B0 05
2F F1 E7 31 6B 0F 7D AF 46 58 D4 47 79 27 AA 5E
[VPN-Status] 2016/11/27 10:14:17,316 Devicetime: 2016/11/27 10:14:15,924
IKE info: Delete Notification sent for Phase-1 SA to peer LANCOM, cookies [0x9bb38d15cff1ac03 0x3e5764985f8992f2]
[VPN-Status] 2016/11/27 10:14:17,316 Devicetime: 2016/11/27 10:14:15,924
IKE info: Phase-1 SA removed: peer LANCOM rule LANCOM removed