LANCOM <-> Fortigate VPN Probleme

Forum zum Thema allgemeinen Fragen zu VPN

Moderator: Lancom-Systems Moderatoren

Antworten
marc10k
Beiträge: 8
Registriert: 06 Feb 2015, 08:00

LANCOM <-> Fortigate VPN Probleme

Beitrag von marc10k »

Hallo

Ich versuche von einem Fortigate 60D (v5.4.0) zu einem LANCOM 7100 (9.10.0382RU1) automatisch eine VPN Verbindung zu erstellen, was leider nicht so ganz klappt. Die peer IDs, Passwörter, DH groups und Proposals sind meiner Meinung nach richtig. Von einem Computer im LANCOM LAN sollen die Daten über die VPN Verbindung geschickt werden sobald die IPs 10.219.219.0/24 IP angesprochen werden. In dem Computer ist eine Route eingestellt die dann alle Daten an den LANCOM schickt und dieser soll es dann über die VPN Verbindung zum Fortigate weitergeben.
Als Grundlage wurde der Wizard im Fortigate verwendet und auf die LANCOM Situation angepass. Weiter unten habe ich die Logs vom beiden Routern, wobei HQ_INTERNET_IP die öffentliche LANCOM Router IP und BRANCH_INTERNET_IP die öffentliche Fortigate IP ist. Da ich bisland immer nur mit dem Wizard gearbeitet habe braucht in nie wirklich tief in Geschehen eingreifen.
Hat jemand ein Idee wo das Problem liegen könnten und ob es überhaupt möglich ist ein VPN Verbindung zwischen den Geräten zu erstellen?

With regards
Marc

Fortigate Debug

Code: Alles auswählen

Test_VPN # diagnose debug application ike -1
Test_VPN # diagnose debug enable
ike 0:Test VPN:107: add INITIAL-CONTACT
ike 0:Test VPN:107: enc D9ACD7B126184B43CF869C4AFA31E94B0810040100000000000000741400001422E7BA8BC86228EC59A09845C061685A14000014CC6B09DAE8C80A365FDD279D66C86B230B000014BF12BDA514A2610F61AFB161D35B1AD00000001C0000B
ike 0:Test VPN:107: out D9ACD7B126184B43CF869C4AFA31E94B08100401000000000000007CD1C7CB4BFA0A3FCD94F97CA7DE8D058AF77E5594BED2FD403E553F8F7C72D6314240A1F097AB97B66CEC8E98DB2A4F2CE1DA0C41153BE54F61216CF67974638D58F63
ike 0:Test VPN:107: sent IKE msg (agg_i2send): 192.168.100.251:4500->HQ_INTERNET_IP:4500, len=124, id=d9acd7b126184b43/cf869c4afa31e94b
ike 0:Test VPN:107: established IKE SA d9acd7b126184b43/cf869c4afa31e94b
ike 0:Test VPN: set oper up
ike 0:Test VPN: schedule auto-negotiate
ike 0:Test VPN:107: no pending Quick-Mode negotiations
ike 0:Test VPN: carrier up
diagnose debug ike 0:Test VPN:Test VPN: IPsec SA connect 5 192.168.100.251->HQ_INTERNET_IP:4500
ike 0:Test VPN:Test VPN: using existing connection
ike 0:Test VPN:Test VPN: config found
ike 0:Test VPN:Test VPN: IPsec SA connect 5 192.168.100.251->HQ_INTERNET_IP:4500 negotiating
ike 0:Test VPN:107: cookie d9acd7b126184b43/cf869c4afa31e94b:3874122b
ike 0:Test VPN:107:Test VPN:111: natt flags 0x13, encmode 1->3
ike 0:Test VPN:107:Test VPN:111: initiator selectors 0 0:10.219.219.0/255.255.255.0:0:0->0:10.10.100.0/255.255.255.0:0:0
ike 0:Test VPN:107: enc D9ACD7B126184B43CF869C4AFA31E94B081020013874122B0000011401000014F12B72D64435B8EEF8D7015057C5C0010A0000B00000000100000001000000A40103040636CA887B0300001C010C0000800100018002A8C08004000380060
ike 0:Test VPN:107: out D9ACD7B126184B43CF869C4AFA31E94B081020013874122B0000011C5C1C0CA8955E7A5A742D9A0A88711CDAB8AE2128B7AC94487A43D94097D7456D2DBCD501E89B7BAC4E5A6C3DD3568F06BEDD6A19EEFAE7FBB1A30249D21984A39B8DB
ike 0:Test VPN:107: sent IKE msg (quick_i1send): 192.168.100.251:4500->HQ_INTERNET_IP:4500, len=284, id=d9acd7b126184b43/cf869c4afa31e94b:3874122b
ike 0: comes HQ_INTERNET_IP:4500->192.168.100.251:4500,ifindex=5....
ike 0: IKEv1 exchange=Informational id=d9acd7b126184b43/cf869c4afa31e94b:ee0b8b0e len=60
ike 0: in D9ACD7B126184B43CF869C4AFA31E94B08100501EE0B8B0E0000003C38407FB16B5292DD10F914A192B714C0F80C2352946128835226F0DEAA91DC33
ike 0:Test VPN:107: dec D9ACD7B126184B43CF869C4AFA31E94B08100501EE0B8B0E0000003C0B0000145D788A7F832FE95E20F433A7EFA64B420000000C000000010100000E
ike 0:Test VPN:107: notify msg received: NO-PROPOSAL-CHOSEN
ike 0:Test VPN:107:: no matching IPsec SPI
ike 0:Test VPN:107:Test VPN:111: delete phase2 SPI 7b88ca36
ike 0: comes HQ_INTERNET_IP:4500->192.168.100.251:4500,ifindex=5....
ike 0: IKEv1 exchange=Informational id=d9acd7b126184b43/cf869c4afa31e94b:3f64bbf5 len=76
ike 0: in D9ACD7B126184B43CF869C4AFA31E94B081005013F64BBF50000004CDD9BFBC2AF198CBE597C2F9E55A67BAECD22A06A85AF1A34ACE9D4759AA37A7EB568DA80D006F874628BA6396AE8132B
ike 0:Test VPN:107: dec D9ACD7B126184B43CF869C4AFA31E94B081005013F64BBF50000004C0C000014C1403CA46F29759F81A7C5638E2C8AF70000001C0000000101100001D9ACD7B126184B43CF869C4AFA31E94B
ike 0:Test VPN:107: recv ISAKMP SA delete d9acd7b126184b43/cf869c4afa31e94b
ike 0:Test VPN: deleting
ike 0:Test VPN: flushing 
ike 0:Test VPN: flushed 
ike 0:Test VPN: reset NAT-T
ike 0:Test VPN: deleted
ike 0:Test VPN: set oper down
ike 0:Test VPN: schedule auto-negotiate
ike 0:Test VPN: carrier down
disable ike 0:Test VPN: auto-negotiate connection
ike 0:Test VPN: created connection: 0x290b860 5 192.168.100.251->HQ_INTERNET_IP:500.
ike 0:Test VPN:108: initiator: aggressive mode is sending 1st message...
ike 0:Test VPN:108: cookie 3c103800ae8523f6/0000000000000000
ike 0:Test VPN:108: out 3C103800AE8523F60000000000000000011004000000000000000288040000F40000000100000001000000E8010100060300002801010000800B0001000C00040001518080010007800E00808003000180020001800400020300002802013
ike 0:Test VPN:108: sent IKE msg (agg_i1send): 192.168.100.251:500->HQ_INTERNET_IP:500, len=648, id=3c103800ae8523f6/0000000000000000
ike 0: comes HQ_INTERNET_IP:500->192.168.100.251:500,ifindex=5....
ike 0: IKEv1 exchange=Aggressive id=3c103800ae8523f6/5f3922b6ddd65653 len=432
ike 0: in 3C103800AE8523F65F3922B6DDD656530110040000000000000001B00400003C000000010000000100000030010100010000002801010000800B0001000C00040001518080010007800E00808003000180020001800400020A0000844F676E9B216EF699D41
ike 0:Test VPN:108: initiator: aggressive mode get 1st response...
ike 0:Test VPN:108: VID unknown (16): EEEFA37809E32AD4DE4F6B010C26A640
ike 0:Test VPN:108: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712
ike 0:Test VPN:108: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:Test VPN:108: DPD negotiated
ike 0:Test VPN:108: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
ike 0:Test VPN:108: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
ike 0:Test VPN:108: VID RFC 3947 4A131C81070358455C5728F20E95452F
ike 0:Test VPN:108: received peer identifier FQDN 'VPN_Service'
ike 0:Test VPN:108: negotiation result
ike 0:Test VPN:108: proposal id = 1:
ike 0:Test VPN:108: protocol id = ISAKMP:
ike 0:Test VPN:108: trans_id = KEY_IKE.
ike 0:Test VPN:108: encapsulation = IKE/none
ike 0:Test VPN:108: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=128
ike 0:Test VPN:108: type=OAKLEY_HASH_ALG, val=MD5.
ike 0:Test VPN:108: type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:Test VPN:108: type=OAKLEY_GROUP, val=MODP1024.
ike 0:Test VPN:108: ISAKMP SA lifetime=86400
ike 0:Test VPN:108: selected NAT-T version: RFC 3947
ike 0:Test VPN:108: NAT detected: ME 
ike 0:Test VPN:108: ISAKMP SA 3c103800ae8523f6/5f3922b6ddd65653 key 16:B89CA01028B1FDB0C83E6C1C00880C5D
ike 0:Test VPN:108: PSK authentication succeeded
ike 0:Test VPN:108: authentication OK
ike 0:Test VPN:108: NAT-T float port 4500

LANCOM Trace

Code: Alles auswählen

  Connection #52   ikev1        10.219.219.253/255.255.255.255:0 <-> 10.219.219.0/255.255.255.0:0 any

    Name:                       FORTIGATE_60D
    Unique Id:                  ipsec-0-FORTIGATE_60D-pr0-l0-r0
    Flags:                      aggressive-mode
    Local  Network:             IPV4_ADDR(any:0, 10.219.219.253/255.255.255.255)
    Local  Gateway:             IPV4_ADDR(any:0, HQ_INTERNET_IP)
    Remote Gateway:             IPV4_ADDR(any:0, BRANCH_INTERNET_IP)
    Remote Network:             IPV4_ADDR_SUBNET(any:0, 10.219.219.0/255.255.255.0)

[ShowCmd] 2016/04/14 10:56:20,041
Result of command: "show bootlog "
Boot log (162 Bytes):

****

04/13/2016 14:18:21  System boot after power on

DEVICE:           LANCOM 7100 VPN
HW-RELEASE:       B
VERSION:          9.10.0382RU1 / 22.08.2015

[Sysinfo] 2016/04/14 10:56:20,251
Result of command: "sysinfo"

DEVICE:           LANCOM 7100 VPN
HW-RELEASE:       B
SERIAL-NUMBER:    217941800002
MAC-ADDRESS:      00a057148607
IP-ADDRESS:       192.168.11.254
IP-NETMASK:       255.255.0.0
INTRANET-ADDRESS: 0.0.0.0
INTRANETMASK:     0.0.0.0
LANCAPI-PORT:     75
VERSION:          9.10.0382RU1 / 22.08.2015
VERSION-GIT:      4a09f32cbbc018ff7479f1be36d45d4f7d91e7aa
NAME:             Gema_Service
CONFIG-STATUS:    1056;0;51b37b3dbf1bf9f34a7d42c221786d1ae4f9e152.06425914042016.671
FIRMWARE-STATUS:  0;0.8;0.1;9.10RU1.22082015.8;9.04RU4.24032015.7
HW-MASK:          00000000000000000000000000000011
FEATUREWORD:      00000000001000000001000000011110
REGISTERED-WORD:  00000000001000000001000100011110
FEATURE-LIST:     01/I
FEATURE-LIST:     02/F
FEATURE-LIST:     03/F
FEATURE-LIST:     04/F
FEATURE-LIST:     08/H
FEATURE-LIST:     0c/F
FEATURE-LIST:     15/F
TIME:             10561914042016
HTTP-PORT:        80
HTTPS-PORT:       443
TELNET-PORT:      23
TELNET-SSL-PORT:  992
SSH-PORT:         22
SNMP-PORT:        161
TFTP-PORT:        69
LOCATION:         0
COUNTRY-CODE:     0/0 (NA)
COMMENT:          VPN Service Router
MYVPN:            0
MYVPN-HOSTNAME:   
EXTENDED-NAME:    LANCOM 7100 VPN
SNMP-PASSWORD-REQ: 0

[Table] 2016/04/14 10:56:20,452
Content of table: /Status/VPN/DH-Groups/Precalculation

DH-Group Rule-Dependent-Target Configured-Target Actual-Target Current-Stock
----------------------------------------------------------------------------
1        0                     0                 0             0            
2        148                   0                 148           146          
5        4                     0                 4             4            
14       0                     0                 0             0            
[Value] 2016/04/14 10:56:20,652
Content of node: /Status/VPN/IKE-SAs
  25
[VPN-Status] 2016/04/14 10:56:19,908  Devicetime: 2016/04/14 10:56:19,824
VPN: FORTIGATE_60D (0.0.0.0)  disconnected

[VPN-Status] 2016/04/14 10:56:21,173  Devicetime: 2016/04/14 10:56:20,895
IKE info: Phase-1 [responder] got INITIAL-CONTACT from peer FORTIGATE_60D (BRANCH_INTERNET_IP)

[VPN-Status] 2016/04/14 10:56:21,173  Devicetime: 2016/04/14 10:56:20,895
IKE info: Phase-1 [responder] for peer FORTIGATE_60D initiator id Fortigate60D, responder id GEMA_SERVICE
IKE info: initiator cookie: 0x027135582db61e10, responder cookie: 0x0e4aa9a053b7b76b
IKE info: NAT-T enabled in mode rfc, we are not behind a nat, the remote side is  behind a nat
IKE info: SA ISAKMP for peer FORTIGATE_60D encryption aes-cbc authentication MD5
IKE info: life time ( 86400 sec/ 0 kb) DPD 0 sec

[VPN-Status] 2016/04/14 10:56:21,173  Devicetime: 2016/04/14 10:56:20,895
IKE info: Phase-1 SA Rekeying Timeout (Soft-Event) for peer FORTIGATE_60D set to 77760 seconds (Responder)

[VPN-Status] 2016/04/14 10:56:21,173  Devicetime: 2016/04/14 10:56:20,896
IKE info: Phase-1 SA Timeout (Hard-Event) for peer FORTIGATE_60D set to 86400 seconds (Responder)

[VPN-Status] 2016/04/14 10:56:24,158  Devicetime: 2016/04/14 10:56:23,882
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE sent for Phase-1 SA to peer FORTIGATE_60D, sequence nr 0x363be5ea

[VPN-Status] 2016/04/14 10:56:24,166  Devicetime: 2016/04/14 10:56:23,912
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE_ACK for peer FORTIGATE_60D Seq-Nr 0x363be5ea, expected 0x363be5ea

[VPN-Status] 2016/04/14 10:56:24,896  Devicetime: 2016/04/14 10:56:24,790
IKE info: Phase-2 failed for peer FORTIGATE_60D: no rule matches the phase-2 ids  10.219.219.0/255.255.255.0 <->  10.10.100.0/255.255.255.0
IKE log: 105624.790688 Default message_negotiate_sa: no compatible proposal found
IKE log: 105624.790743 Default dropped message from BRANCH_INTERNET_IP port 4500 due to notification type NO_PROPOSAL_CHOSEN

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,792
policy manager error indication: FORTIGATE_60D (BRANCH_INTERNET_IP), cause: 12801

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,792
VPN: WAN state changed to WanCalled for FORTIGATE_60D (0.0.0.0), called by: 009bf738

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,792
VPN: Error: IPSEC-R-No-rule-matched-IDs (0x3201) for FORTIGATE_60D (BRANCH_INTERNET_IP)

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,792
vpn-maps[86], remote: FORTIGATE_60D, idle, static-name

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,792
selecting next remote gateway using strategy eFirst for FORTIGATE_60D
     => no remote gateway selected

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,792
selecting first remote gateway using strategy eFirst for FORTIGATE_60D
     => no remote gateway selected

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,792
VPN: installing ruleset for FORTIGATE_60D (0.0.0.0)

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,792
VPN: WAN state changed to WanDisconnect for FORTIGATE_60D (0.0.0.0), called by: 009bf738

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,797
VPN: WAN state changed to WanIdle for FORTIGATE_60D (0.0.0.0), called by: 009bf738

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,803
IKE info: Delete Notification sent for Phase-1 SA to peer FORTIGATE_60D, cookies [0x027135582db61e10 0x0e4aa9a053b7b76b]

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,803
IKE info: Phase-1 SA removed: peer FORTIGATE_60D rule FORTIGATE_60D removed

[VPN-Status] 2016/04/14 10:56:24,897  Devicetime: 2016/04/14 10:56:24,816
VPN: FORTIGATE_60D (0.0.0.0)  disconnected

[TraceStopped] 2016/04/14 10:56:39,717
Nach oben
MariusP
Beiträge: 1036
Registriert: 10 Okt 2011, 14:29

Re: LANCOM <-> Fortigate VPN Probleme

Beitrag von MariusP »

Hi,
IKE info: SA ISAKMP for peer FORTIGATE_60D encryption aes-cbc authentication MD5
Ich möchte dir davon abraten MD5 zu verwenden.
IKE log: 105624.790688 Default message_negotiate_sa: no compatible proposal found
Bitte poste mal ein "show vpn long". und am besten auch die /Setup/VPN/Proposals und ein /Setup/VPN/Layer .
Dann können wir weiter schauen ob die Proposal zusammenpassen.
Dazu kannst du dir natürlich selber den IKE-Trace anschauen und dir die Verhandlung anschauen.
Gruß
Erst wenn der letzte Baum gerodet, der letzte Fluss vergiftet, der letzte Fisch gefangen ist, werdet Ihr merken, dass man Geld nicht essen kann.

Ein Optimist, mit entäuschten Idealen, hat ein besseres Leben als ein Pessimist der sich bestätigt fühlt.
Nach oben
backslash
Moderator
Moderator
Beiträge: 7129
Registriert: 08 Nov 2004, 21:26
Wohnort: Aachen

Re: LANCOM <-> Fortigate VPN Probleme

Beitrag von backslash »

Hi marc10k,

die fortigate fordert:
10.219.219.0/255.255.255.0 <-> 10.10.100.0/255.255.255.0
und du hast im LANCOM konfiguriert:
Connection #52 ikev1 10.219.219.253/255.255.255.255:0 <-> 10.219.219.0/255.255.255.0:0 any

Name: FORTIGATE_60D
Unique Id: ipsec-0-FORTIGATE_60D-pr0-l0-r0
Flags: aggressive-mode
Local Network: IPV4_ADDR(any:0, 10.219.219.253/255.255.255.255)
Local Gateway: IPV4_ADDR(any:0, HQ_INTERNET_IP)
Remote Gateway: IPV4_ADDR(any:0, BRANCH_INTERNET_IP)
Remote Network: IPV4_ADDR_SUBNET(any:0, 10.219.219.0/255.255.255.0)
siehst du den Unterschied?

Hier stimmen die Netzbeziehungen nicht, 10.219.219.253/255.255.255.255 != 10.10.100.0/255.255.255.0

Gruß
Backslash
Nach oben
marc10k
Beiträge: 8
Registriert: 06 Feb 2015, 08:00

Re: LANCOM <-> Fortigate VPN Probleme

Beitrag von marc10k »

Hallo

Vielen Dank schon mal für die Antworten. Ich stehe hier echt auf dem Schlauch. Leider stecke ich nicht so tief in der Materie wie gewünscht.

Ich habe die Netzbeziehungen auf folgendes geändert:
Im Lancom: 10.219.219.253/255.255.255.255:0 <-> 10.10.100.253/255.255.255.255:0 any

und der Fortigate schreibt nun:
0:10.219.219.253:0:0->0:10.10.100.253:0:0

Viel mehr als vorher passiert da nicht.
Wie kann ich mir den IKE-Trace anzeigen lassen um die Verhandlung zu sehen? Ich dachte das wäre in dem LANCOM Trace oben weiter schon zu sehen.

Marc

Hier die Ausgabe von "show vpn long" mit dem relevanten Ausschnitt für die VPN Verbindung.

Code: Alles auswählen

root@Gema_Service:/
> show vpn long

VPN SPD and IKE configuration:

  # of connections = 76

   Connection #3    ikev1        10.219.219.253/255.255.255.255:0 <-> 10.10.100.253/255.255.255.255:0 any

    Name:                       FORTIGATE_60D
    Unique Id:                  ipsec-0-FORTIGATE_60D-pr0-l0-r0
    Flags:                      aggressive-mode
    Local  Network:             IPV4_ADDR(any:0, 10.219.219.253/255.255.255.255)
    Local  Gateway:             IPV4_ADDR(any:0, HQ_INTERNET_IP)
    Remote Gateway:             IPV4_ADDR(any:0, BRANCH_INTERNET_IP)
    Remote Network:             IPV4_ADDR(any:0, 10.10.100.253/255.255.255.255)
    IKE Proposal List:          isakmp-IKE_FORTIGATE-gr2-aggr
      # of proposals = 6
      IKE Proposal #1:          prop-PSK-AES-MD5-ike-gr2
        IKE Encryption:         AES_CBC
        IKE Hash:               MD5
        Authentication:         PRE_SHARED
        IKE Group:              MODP_1024
        Lifetime (sec, hard):   8000,0:8000
        Lifetime (KB, hard):    ANY
      IKE Proposal #2:          prop-PSK-AES-SHA-ike-gr2
        IKE Encryption:         AES_CBC
        IKE Hash:               SHA
        Authentication:         PRE_SHARED
        IKE Group:              MODP_1024
        Lifetime (sec, hard):   8000,0:8000
        Lifetime (KB, hard):    ANY
      IKE Proposal #3:          prop-PSK-3DES-MD5-ike-gr2
        IKE Encryption:         3DES_CBC
        IKE Hash:               MD5
        Authentication:         PRE_SHARED
        IKE Group:              MODP_1024
        Lifetime (sec, hard):   8000,0:8000
        Lifetime (KB, hard):    ANY
      IKE Proposal #4:          prop-PSK-3DES-SHA-ike-gr2
        IKE Encryption:         3DES_CBC
        IKE Hash:               SHA
        Authentication:         PRE_SHARED
        IKE Group:              MODP_1024
        Lifetime (sec, hard):   8000,0:8000
        Lifetime (KB, hard):    ANY
      IKE Proposal #5:          prop-PSK-DES-MD5-ike-gr2
        IKE Encryption:         DES_CBC
        IKE Hash:               MD5
        Authentication:         PRE_SHARED
        IKE Group:              MODP_1024
        Lifetime (sec, hard):   8000,0:8000
        Lifetime (KB, hard):    ANY
      IKE Proposal #6:          prop-PSK-DES-SHA-ike-gr2
        IKE Encryption:         DES_CBC
        IKE Hash:               SHA
        Authentication:         PRE_SHARED
        IKE Group:              MODP_1024
        Lifetime (sec, hard):   8000,0:8000
        Lifetime (KB, hard):    ANY
    IKE Identities and Key:
      Local  Identity:          FQDN: <GEMA_SERVICE>
      Remote Identity:          FQDN: <Fortigate60D>
      Key:                      *
    IPSec Proposal List:        ipsec-IPSEC_FORTIGATE-gr2
      # of proposals = 6
      IPSec Proposal #1:        IPSEC_ESP AES_CBC(128,128:256) HMAC_MD5
          Encapsulation Mode:   TUNNEL
          PFS Group:            MODP_1024
          Lifetime (sec, hard): 2000,0:2000
          Lifetime (KB, hard):  200000,0:200000
      IPSec Proposal #2:        IPSEC_ESP AES_CBC(128,128:256) HMAC_SHA1
          Encapsulation Mode:   TUNNEL
          PFS Group:            MODP_1024
          Lifetime (sec, hard): 2000,0:2000
          Lifetime (KB, hard):  200000,0:200000
      IPSec Proposal #3:        IPSEC_ESP 3DES HMAC_MD5
          Encapsulation Mode:   TUNNEL
          PFS Group:            MODP_1024
          Lifetime (sec, hard): 2000,0:2000
          Lifetime (KB, hard):  200000,0:200000
      IPSec Proposal #4:        IPSEC_ESP 3DES HMAC_SHA1
          Encapsulation Mode:   TUNNEL
          PFS Group:            MODP_1024
          Lifetime (sec, hard): 2000,0:2000
          Lifetime (KB, hard):  200000,0:200000
      IPSec Proposal #5:        IPSEC_ESP DES HMAC_MD5
          Encapsulation Mode:   TUNNEL
          PFS Group:            MODP_1024
          Lifetime (sec, hard): 2000,0:2000
          Lifetime (KB, hard):  200000,0:200000
      IPSec Proposal #6:        IPSEC_ESP DES HMAC_SHA1
          Encapsulation Mode:   TUNNEL
          PFS Group:            MODP_1024
          Lifetime (sec, hard): 2000,0:2000
          Lifetime (KB, hard):  200000,0:20000


root@Gema_Service:/
>
Hier die Ausgabe von Setup/VPN/Proposals

Code: Alles auswählen

cd /Setup/VPN/Proposals/IKE 
del *
#    Name               IKE-Crypt-Alg     IKE-Crypt-Keylen  IKE-Auth-Alg      IKE-Auth-Mode     Lifetime-Sec      Lifetime-KB     
#    ----------------------------------------------------------------------------------------------------------------------------------
add  "PSK-3DES-MD5"    {IKE-Crypt-Alg}  3DES-CBC         {IKE-Crypt-Keylen}  168              {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "PSK-3DES-SHA"    {IKE-Crypt-Alg}  3DES-CBC         {IKE-Crypt-Keylen}  168              {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "PSK-AES-MD5"     {IKE-Crypt-Alg}  AES-CBC          {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "PSK-AES-SHA"     {IKE-Crypt-Alg}  AES-CBC          {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "PSK-BLOW-MD5"    {IKE-Crypt-Alg}  BLOWFISH-CBC     {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "PSK-BLOW-SHA"    {IKE-Crypt-Alg}  BLOWFISH-CBC     {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "PSK-CAST-MD5"    {IKE-Crypt-Alg}  CAST128-CBC      {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "PSK-CAST-SHA"    {IKE-Crypt-Alg}  CAST128-CBC      {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "PSK-DES-MD5"     {IKE-Crypt-Alg}  DES-CBC          {IKE-Crypt-Keylen}  56               {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "PSK-DES-SHA"     {IKE-Crypt-Alg}  DES-CBC          {IKE-Crypt-Keylen}  56               {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-3DES-MD5"    {IKE-Crypt-Alg}  3DES-CBC         {IKE-Crypt-Keylen}  168              {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-3DES-SHA"    {IKE-Crypt-Alg}  3DES-CBC         {IKE-Crypt-Keylen}  168              {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-AES-MD5"     {IKE-Crypt-Alg}  AES-CBC          {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-AES-SHA"     {IKE-Crypt-Alg}  AES-CBC          {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-BLOW-MD5"    {IKE-Crypt-Alg}  BLOWFISH-CBC     {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-BLOW-SHA"    {IKE-Crypt-Alg}  BLOWFISH-CBC     {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-CAST-MD5"    {IKE-Crypt-Alg}  CAST128-CBC      {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-CAST-SHA"    {IKE-Crypt-Alg}  CAST128-CBC      {IKE-Crypt-Keylen}  128              {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-DES-MD5"     {IKE-Crypt-Alg}  DES-CBC          {IKE-Crypt-Keylen}  56               {IKE-Auth-Alg}  MD5              {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "RSA-DES-SHA"     {IKE-Crypt-Alg}  DES-CBC          {IKE-Crypt-Keylen}  56               {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  RSA-Signature    {Lifetime-Sec}  8000             {Lifetime-KB}  0
add  "WRVS4400N"       {IKE-Crypt-Alg}  3DES-CBC         {IKE-Crypt-Keylen}  168              {IKE-Auth-Alg}  SHA1             {IKE-Auth-Mode}  Preshared-Key    {Lifetime-Sec}  28800            {Lifetime-KB}  0
cd /
cd /Setup/VPN/Proposals/IPSEC 
del *
#    Name               Encaps-Mode       ESP-Crypt-Alg     ESP-Crypt-Keylen  ESP-Auth-Alg      AH-Auth-Alg       IPCOMP-Alg        Lifetime-Sec      Lifetime-KB     
#    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------
add  "PH2-RM9000"      {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  AES-CBC          {ESP-Crypt-Keylen}  256              {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  28800            {Lifetime-KB}  2000000
add  "TN-3DES-MD5-96"  {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  3DES-CBC         {ESP-Crypt-Keylen}  168              {ESP-Auth-Alg}  HMAC-MD5         {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "TN-3DES-SHA-96"  {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  3DES-CBC         {ESP-Crypt-Keylen}  168              {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "TN-AES-MD5-96"   {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  AES-CBC          {ESP-Crypt-Keylen}  128              {ESP-Auth-Alg}  HMAC-MD5         {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "TN-AES-SHA-96"   {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  AES-CBC          {ESP-Crypt-Keylen}  128              {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "TN-AES256-MD5"   {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  AES-CBC          {ESP-Crypt-Keylen}  256              {ESP-Auth-Alg}  HMAC-MD5         {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  28800            {Lifetime-KB}  2000000
add  "TN-AES256-SHA"   {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  AES-CBC          {ESP-Crypt-Keylen}  256              {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  28800            {Lifetime-KB}  2000000
add  "TN-BLOW-MD5-96"  {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  BLOWFISH-CBC     {ESP-Crypt-Keylen}  128              {ESP-Auth-Alg}  HMAC-MD5         {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "TN-BLOW-SHA-96"  {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  BLOWFISH-CBC     {ESP-Crypt-Keylen}  128              {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "TN-CAST-MD5-96"  {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  CAST128-CBC      {ESP-Crypt-Keylen}  128              {ESP-Auth-Alg}  HMAC-MD5         {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "TN-CAST-SHA-96"  {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  CAST128-CBC      {ESP-Crypt-Keylen}  128              {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "TN-DES-MD5-96"   {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  DES-CBC          {ESP-Crypt-Keylen}  56               {ESP-Auth-Alg}  HMAC-MD5         {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "TN-DES-SHA-96"   {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  DES-CBC          {ESP-Crypt-Keylen}  56               {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  2000             {Lifetime-KB}  200000
add  "WIZ-TN-AES128-MD5" {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  AES-CBC          {ESP-Crypt-Keylen}  128              {ESP-Auth-Alg}  HMAC-MD5         {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  28800            {Lifetime-KB}  2000000
add  "WIZ-TN-AES128-SHA" {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  AES-CBC          {ESP-Crypt-Keylen}  128              {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  28800            {Lifetime-KB}  2000000
add  "WIZ-TN-AES256-SHA" {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  AES-CBC          {ESP-Crypt-Keylen}  256              {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  28800            {Lifetime-KB}  2000000
add  "WRVS4400N"       {Encaps-Mode}  Tunnel           {ESP-Crypt-Alg}  3DES-CBC         {ESP-Crypt-Keylen}  168              {ESP-Auth-Alg}  HMAC-SHA1        {AH-Auth-Alg}  none             {IPCOMP-Alg}  none             {Lifetime-Sec}  3600             {Lifetime-KB}  200000
cd /
cd /Setup/VPN/Proposals/IKE-Proposal-Lists 
del *
#    IKE-Proposal-Lists   IKE-Proposal-1     IKE-Proposal-2     IKE-Proposal-3     IKE-Proposal-4     IKE-Proposal-5     IKE-Proposal-6     IKE-Proposal-7     IKE-Proposal-8   
#    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add  "IKE_PRESH_KEY"     {IKE-Proposal-1}  "PSK-AES-MD5"     {IKE-Proposal-2}  "PSK-AES-SHA"     {IKE-Proposal-3}  "PSK-BLOW-MD5"    {IKE-Proposal-4}  "PSK-BLOW-SHA"    {IKE-Proposal-5}  "PSK-CAST-MD5"    {IKE-Proposal-6}  "PSK-CAST-SHA"    {IKE-Proposal-7}  "PSK-3DES-MD5"    {IKE-Proposal-8}  "PSK-3DES-SHA"
add  "IKE_RSA_SIG"       {IKE-Proposal-1}  "RSA-AES-MD5"     {IKE-Proposal-2}  "RSA-AES-SHA"     {IKE-Proposal-3}  "RSA-BLOW-MD5"    {IKE-Proposal-4}  "RSA-BLOW-SHA"    {IKE-Proposal-5}  "RSA-CAST-MD5"    {IKE-Proposal-6}  "RSA-CAST-SHA"    {IKE-Proposal-7}  "RSA-3DES-MD5"    {IKE-Proposal-8}  "RSA-3DES-SHA"
add  "WRVS4400N"         {IKE-Proposal-1}  "WRVS4400N"       {IKE-Proposal-2}  ""                {IKE-Proposal-3}  ""                {IKE-Proposal-4}  ""                {IKE-Proposal-5}  ""                {IKE-Proposal-6}  ""                {IKE-Proposal-7}  ""                {IKE-Proposal-8}  ""
add  "IKE_PRESH_SHA"     {IKE-Proposal-1}  "PSK-AES-SHA"     {IKE-Proposal-2}  ""                {IKE-Proposal-3}  ""                {IKE-Proposal-4}  ""                {IKE-Proposal-5}  ""                {IKE-Proposal-6}  ""                {IKE-Proposal-7}  ""                {IKE-Proposal-8}  ""
add  "IKE_FORTIGATE"     {IKE-Proposal-1}  "PSK-AES-MD5"     {IKE-Proposal-2}  "PSK-AES-SHA"     {IKE-Proposal-3}  "PSK-3DES-MD5"    {IKE-Proposal-4}  "PSK-3DES-SHA"    {IKE-Proposal-5}  "PSK-DES-MD5"     {IKE-Proposal-6}  "PSK-DES-SHA"     {IKE-Proposal-7}  ""                {IKE-Proposal-8}  ""
cd /
cd /Setup/VPN/Proposals/IPSEC-Proposal-Lists 
del *
#    IPSEC-Proposal-Lists   IPSEC-Proposal-1   IPSEC-Proposal-2   IPSEC-Proposal-3   IPSEC-Proposal-4   IPSEC-Proposal-5   IPSEC-Proposal-6   IPSEC-Proposal-7   IPSEC-Proposal-8 
#    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add  "ESP_TN"              {IPSEC-Proposal-1}  "TN-AES256-SHA"   {IPSEC-Proposal-2}  "TN-AES256-MD5"   {IPSEC-Proposal-3}  "TN-AES-MD5-96"   {IPSEC-Proposal-4}  "TN-AES-SHA-96"   {IPSEC-Proposal-5}  "TN-BLOW-SHA-96"  {IPSEC-Proposal-6}  "TN-BLOW-MD5-96"  {IPSEC-Proposal-7}  "TN-3DES-SHA-96"  {IPSEC-Proposal-8}  "TN-3DES-MD5-96"
add  "WRVS4400N"           {IPSEC-Proposal-1}  "WRVS4400N"       {IPSEC-Proposal-2}  ""                {IPSEC-Proposal-3}  ""                {IPSEC-Proposal-4}  ""                {IPSEC-Proposal-5}  ""                {IPSEC-Proposal-6}  ""                {IPSEC-Proposal-7}  ""                {IPSEC-Proposal-8}  ""
add  "WIZ-IPS-ADVCLIENT"   {IPSEC-Proposal-1}  "WIZ-TN-AES256-SHA" {IPSEC-Proposal-2}  "WIZ-TN-AES128-MD5" {IPSEC-Proposal-3}  ""                {IPSEC-Proposal-4}  ""                {IPSEC-Proposal-5}  ""                {IPSEC-Proposal-6}  ""                {IPSEC-Proposal-7}  ""                {IPSEC-Proposal-8}  ""
add  "PH2-RM9000"          {IPSEC-Proposal-1}  "PH2-RM9000"      {IPSEC-Proposal-2}  ""                {IPSEC-Proposal-3}  ""                {IPSEC-Proposal-4}  ""                {IPSEC-Proposal-5}  ""                {IPSEC-Proposal-6}  ""                {IPSEC-Proposal-7}  ""                {IPSEC-Proposal-8}  ""
add  "ESP_TN_SHA"          {IPSEC-Proposal-1}  "TN-AES256-SHA"   {IPSEC-Proposal-2}  ""                {IPSEC-Proposal-3}  ""                {IPSEC-Proposal-4}  ""                {IPSEC-Proposal-5}  ""                {IPSEC-Proposal-6}  ""                {IPSEC-Proposal-7}  ""                {IPSEC-Proposal-8}  ""
add  "IPSEC_FORTIGATE"     {IPSEC-Proposal-1}  "TN-AES-MD5-96"   {IPSEC-Proposal-2}  "TN-AES-SHA-96"   {IPSEC-Proposal-3}  "TN-3DES-MD5-96"  {IPSEC-Proposal-4}  "TN-3DES-SHA-96"  {IPSEC-Proposal-5}  "TN-DES-MD5-96"   {IPSEC-Proposal-6}  "TN-DES-SHA-96"   {IPSEC-Proposal-7}  ""                {IPSEC-Proposal-8}  ""
Hier die Ausgabe von Setup/VPN/Layer

Code: Alles auswählen

cd /Setup/VPN/Layer 
del *
#    Name              PFS-Grp   IKE-Grp   IKE-Prop-List      IPSEC-Prop-List    IKE-Key        
#    ------------------------------------------------------------------------------------------------
add  "FORTIGATE"      {PFS-Grp}  2        {IKE-Grp}  2        {IKE-Prop-List}  "IKE_FORTIGATE"   {IPSEC-Prop-List}  "IPSEC_FORTIGATE" {IKE-Key}  "FORTIGATE"
Nach oben
backslash
Moderator
Moderator
Beiträge: 7129
Registriert: 08 Nov 2004, 21:26
Wohnort: Aachen

Re: LANCOM <-> Fortigate VPN Probleme

Beitrag von backslash »

Hi marc10k,
Ich habe die Netzbeziehungen auf folgendes geändert:
Im Lancom: 10.219.219.253/255.255.255.255:0 <-> 10.10.100.253/255.255.255.255:0 any

und der Fortigate schreibt nun:
0:10.219.219.253:0:0->0:10.10.100.253:0:0
auch das paßt nicht zusammen... Auf beiden Seiten müssen die Netzbeziehungen passend zueinander konfiguriert werden.

Im LANCOM wird bei automatischer Regelerzeugung die Netzbeziehung Intranet <-> VPN-Route erstellt, d.h. wenn dein Interanet 192.168.1.x/255.255.255.0 ist und über das VPN das Netz 172.23.56.x/255.255.255.0 erreicht werden soll, dann erzeugt die automatische Regelerzeugung die Netzbeziehung

192.168.1.0/255.255.255.0:0 <-> 172.23.56.0/255.255.255.0:0

entsprechend mußt du die Netzbeziehung in der Fortigate konfigurieren - nur daß dort das lokale Netz im Beispiel 172.23.56.0/255.255.255.0 und das entfernte 192.168.1.0/255.255.255.0 ist. Was für Netze du da jetzt konkret eintragen mußt, das mußt du schon selbst wissen...

Gruß
Backslash
Nach oben
Benutzeravatar
Bernie137
Beiträge: 1700
Registriert: 17 Apr 2013, 21:50
Wohnort: zw. Chemnitz und Annaberg-Buchholz

Re: LANCOM <-> Fortigate VPN Probleme

Beitrag von Bernie137 »

Hi,

ich muss backslash zustimmen, die Netzbeziehungen passen nicht und noch folgendes ergänzen:
Ich habe die Netzbeziehungen auf folgendes geändert:
Im Lancom: 10.219.219.253/255.255.255.255:0 <-> 10.10.100.253/255.255.255.255:0 any
Wieso sind das nur Host-Routen mit 255.255.255.255 und keine ganzen Netze? Du schreibst doch beim Eröffnen des Postings selbst vom Netz:
werden sobald die IPs 10.219.219.0/24 IP angesprochen werden
Demnach muss es doch min. im Lancom 10.219.219.0/255.255.255.0:0 <-> [ganzes Netz des Fortigate-Standorts] heißen. Und umgekehrt in der Fortigate.

vg Bernie
Man lernt nie aus.
Nach oben
Antworten

Zurück zu „Fragen zum Thema VPN“