site2site zwischen Lancom 1811 und FB 7390

rajiv · Beitrag von **rajiv** » 10 Jan 2014, 22:14

Hallo zusammen,
ich bin leider kein Profi und komme einfach nicht dahinter warum die VPN Verbindung nicht funktioniert.

Lancom Konfiguration:
lang English
flash No
cd /Setup/IP-Router/IP-Routing-Table
add 192.168.1.0 255.255.255.0 0 {Peer-or-IP} "LANCOM" {Distance} 0 {Masquerade} No {Active} Yes {Comment} "VPN-Verbindung zu fritzbox"
cd /
cd /Setup/VPN/VPN-Peers
add "LANCOM" {SH-Time} 3600 {Extranet-Address} 0.0.0.0 {Remote-Gw} "" {Rtg-tag} 0 {Layer} "FRITZ!BOX" {dynamic} No {IKE-Exchange} Aggressive-Mode {Rule-creation} auto {DPD-Inact-Timeout} 0 {IKE-CFG} Off {XAUTH} Off {SSL-Encaps.} No
cd /
cd /Setup/VPN/Layer
add "FRITZ!BOX" {PFS-Grp} 2 {IKE-Grp} 2 {IKE-Prop-List} "IKE-FRITZ!BOX" {IPSEC-Prop-List} "IPS-FRITZ!BOX" {IKE-Key} "P-LANCOM"
cd /
cd /Setup/VPN/Proposals/IKE
add "PSK-FRITZ!BOX" {IKE-Crypt-Alg} AES-CBC {IKE-Crypt-Keylen} 256 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 3600 {Lifetime-KB} 0
cd /
cd /Setup/VPN/Proposals/IPSEC
add "TN-AES-FRITZ!BOX" {Encaps-Mode} Tunnel {ESP-Crypt-Alg} AES-CBC {ESP-Crypt-Keylen} 256 {ESP-Auth-Alg} HMAC-SHA1 {AH-Auth-Alg} none {IPCOMP-Alg} none {Lifetime-Sec} 3600 {Lifetime-KB} 200000
cd /
cd /Setup/VPN/Proposals/IKE-Proposal-Lists
add "IKE-FRITZ!BOX" {IKE-Proposal-1} "PSK-FRITZ!BOX"
cd /
cd /Setup/VPN/Proposals/IPSEC-Proposal-Lists
add "IPS-FRITZ!BOX" {IPSEC-Proposal-1} "TN-AES-FRITZ!BOX"
cd /
cd /Setup/VPN/Certificates-and-Keys/IKE-Keys
add "P-LANCOM" {Local-ID-Type} Domain-Name {Local-Identity} "lancom" {Remote-ID-Type} Domain-Name {Remote-Identity} "fritzbox" {Shared-Sec} "xxxx" {Shared-Sec-File} ""
cd /
flash Yes
exit

FB Konfiguration:
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "FRITZ!BOX";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "xxxx.dyndns.org";
localid {
fqdn = "fritzbox";
}
remoteid {
fqdn = "lancom";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "xxxx";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.1.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.0.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "permit ip any 192.168.0.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}

Was muss ich ändern?

Danke im Voraus
Rajiv

rajiv · Beitrag von **rajiv** » 12 Jan 2014, 00:31

mitttlerweile habe ich weiter herumprobiert und bekomme eine Fehlermeldung:

Error: IKE-R-ID-type-mismatch (0x2208).

Leider finde ich im Internet nichts dazu.

Was muss ich machen?

Bernie137 · Beitrag von **Bernie137** » 12 Jan 2014, 10:50

Hi,

am Lancom trace status vpn, öffentliche IPs anonymisieren und hier posten.

vg Heiko

rajiv · Beitrag von **rajiv** » 12 Jan 2014, 14:48

Hallo,
ich bekomme ständig andere Fehlermeldungen. Wie empfohlen anbei den Trace:

[TraceData]

(Version) 8.30.0001
(Tracesessions) 0
(Comment) {N/A}
(NumberOfMessages) 29
(OffsetToIndex) 10044
[EndOfHeader]
[TraceStarted] 2014/01/12 12:45:13,702
Used config:
# Trace config
trace + VPN-Status

# Show commands
show bootlog
[ShowCmd] 2014/01/12 12:45:14,624
Result of command: "show bootlog "
Boot log (171 Bytes):

****

01/01/1900 00:00:01 System boot after power on

DEVICE: LANCOM 1811 Wireless DSL
HW-RELEASE: C
VERSION: 8.00.0221RU2 / 07.10.2010

[Sysinfo] 2014/01/12 12:45:14,624
Result of command: "sysinfo"

DEVICE: LANCOM 1811 Wireless DSL
HW-RELEASE: C
SERIAL-NUMBER: xxxxx
MAC-ADDRESS: xxxxx
IP-ADDRESS: 192.168.0.254
IP-NETMASK: 255.255.255.0
INTRANET-ADDRESS: 0.0.0.0
INTRANETMASK: 0.0.0.0
VERSION: 8.00.0221RU2 / 07.10.2010
NAME: LANCOM
CONFIG-STATUS: 1056;0
FIRMWARE-STATUS: 0;0.8;0.1;8.00RU2.07102010.8;8.00Rel.16062010.7
LANCAPI-PORT: 75
HW-MASK: 00001100000000000000000000000011
FEATUREWORD: 00000000000000000100000100011101
REGISTERED-WORD: 00000000000000000100000100011101
FEATURE-LIST: 00/F
FEATURE-LIST: 02/F
FEATURE-LIST: 03/F
FEATURE-LIST: 04/F
FEATURE-LIST: 08/F
FEATURE-LIST: 0e/F
TIME: 12450912012014
HTTP-PORT: 80
HTTPS-PORT: 443
TELNET-PORT: 23
TELNET-SSL-PORT: 992
SSH-PORT: 22

[VPN-Status] 2014/01/12 12:48:01,780 Devicetime: 2014/01/12 12:47:56,580
starting external DNS resolution for FRITZBOX7390
IpStr=>xxxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s

[VPN-Status] 2014/01/12 12:48:01,921 Devicetime: 2014/01/12 12:47:56,640
external DNS resolution for FRITZBOX7390
IpStr=>xxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s
IpStr=>xxx.dyndns.org<, IpAddr(new)=xxx.xxx.xxx.xxx, IpTtl(new)=60s

#start Ping ans entfernte Netzwerk

[VPN-Status] 2014/01/12 13:06:53,421 Devicetime: 2014/01/12 13:06:48,180
VPN: connecting to FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:06:53,561 Devicetime: 2014/01/12 13:06:48,210
VPN: installing ruleset for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:06:53,561 Devicetime: 2014/01/12 13:06:48,220
VPN: ruleset installed for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:06:53,561 Devicetime: 2014/01/12 13:06:48,220
VPN: start IKE negotiation for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:06:53,561 Devicetime: 2014/01/12 13:06:48,250
VPN: rulesets installed

[VPN-Status] 2014/01/12 13:06:54,452 Devicetime: 2014/01/12 13:06:49,230
IKE info: Phase-1 negotiation started for peer FRITZBOX7390 rule isakmp-peer-FRITZBOX7390 using AGGRESSIVE mode

[VPN-Status] 2014/01/12 13:07:23,514 Devicetime: 2014/01/12 13:07:18,250
VPN: connection for FRITZBOX7390 (xxx.xxx.xxx.xxx) timed out: no response

[VPN-Status] 2014/01/12 13:07:23,514 Devicetime: 2014/01/12 13:07:18,250
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,250
VPN: disconnecting FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,250
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,290
VPN: FRITZBOX7390 (xxx.xxx.xxx.xxx) disconnected

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,310
selecting next remote gateway using strategy eFirst for FRITZBOX7390
=> no remote gateway selected

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,310
selecting first remote gateway using strategy eFirst for FRITZBOX7390
=> CurrIdx=0, IpStr=>erik27.dyndns.org<, IpAddr=xxx.xxx.xxx.xxx, IpTtl=60s

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,310
VPN: installing ruleset for FRITZBOX7390 (xxx.xxx.xxx.xxx)
[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,330
VPN: rulesets installed

[TraceStopped] 2014/01/12 13:09:12,858
Used config:
# Trace config
trace + VPN-Status

# Show commands
show bootlog
[Legend] 2009/07/09 00:00:00,000
VPN-Status, TraceStarted, TraceStopped, Sysinfo, ShowCmd
[Index] 2009/07/09 00:00:00,000
1,124,7;4,267,12;3,950,32;0,197,4;0,258,6;0,197,4;0,258,6;0,197,4;0,258,6;0,197,4;0,258,6;0,197,4;0,258,6;0,126,3;0,135,3;0,134,3;0,138,3;0,102,3;0,191,4;
0,150,3;0,167,3;0,126,3;0,167,3;0,126,3;0,183,4;0,226,4;0,134,3;0,103,4;2,124,7;

rajiv · Beitrag von **rajiv** » 12 Jan 2014, 15:12

und noch ein weiterer Teil:

[TraceData]
(Version) 8.30.0001
(Tracesessions) 0
(Comment) {N/A}
(NumberOfMessages) 77
(OffsetToIndex) 19458
[EndOfHeader]
[TraceStarted] 2014/01/12 12:45:13,702
Used config:
# Trace config
trace + VPN-Status

# Show commands
show bootlog
[ShowCmd] 2014/01/12 12:45:14,624
Result of command: "show bootlog "
Boot log (171 Bytes):

****

01/01/1900 00:00:01 System boot after power on

DEVICE: LANCOM 1811 Wireless DSL
HW-RELEASE: C
VERSION: 8.00.0221RU2 / 07.10.2010

[Sysinfo] 2014/01/12 12:45:14,624
Result of command: "sysinfo"

DEVICE: LANCOM 1811 Wireless DSL
HW-RELEASE: C
SERIAL-NUMBER: xxx
MAC-ADDRESS: xxx
IP-ADDRESS: 192.168.0.254
IP-NETMASK: 255.255.255.0
INTRANET-ADDRESS: 0.0.0.0
INTRANETMASK: 0.0.0.0
VERSION: 8.00.0221RU2 / 07.10.2010
NAME: LANCOM
CONFIG-STATUS: 1056;0
FIRMWARE-STATUS: 0;0.8;0.1;8.00RU2.07102010.8;8.00Rel.16062010.7
LANCAPI-PORT: 75
HW-MASK: 00001100000000000000000000000011
FEATUREWORD: 00000000000000000100000100011101
REGISTERED-WORD: 00000000000000000100000100011101
FEATURE-LIST: 00/F
FEATURE-LIST: 02/F
FEATURE-LIST: 03/F
FEATURE-LIST: 04/F
FEATURE-LIST: 08/F
FEATURE-LIST: 0e/F
TIME: 12450912012014
HTTP-PORT: 80
HTTPS-PORT: 443
TELNET-PORT: 23
TELNET-SSL-PORT: 992
SSH-PORT: 22

[VPN-Status] 2014/01/12 12:48:01,780 Devicetime: 2014/01/12 12:47:56,580
starting external DNS resolution for FRITZBOX7390
IpStr=>xxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s

[VPN-Status] 2014/01/12 12:48:01,921 Devicetime: 2014/01/12 12:47:56,640
external DNS resolution for FRITZBOX7390
IpStr=>xxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s
IpStr=>xxx.dyndns.org<, IpAddr(new)=xxx.xxx.xxx.xxx, IpTtl(new)=60s

[VPN-Status] 2014/01/12 12:51:45,811 Devicetime: 2014/01/12 12:51:40,610
starting external DNS resolution for FRITZBOX7390
IpStr=>xxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s

[VPN-Status] 2014/01/12 12:51:45,936 Devicetime: 2014/01/12 12:51:40,660
external DNS resolution for FRITZBOX7390
IpStr=>xxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s
IpStr=>xxx.dyndns.org<, IpAddr(new)=xxx.xxx.xxx.xxx, IpTtl(new)=60s

[VPN-Status] 2014/01/12 13:06:53,421 Devicetime: 2014/01/12 13:06:48,180
VPN: connecting to FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:06:53,561 Devicetime: 2014/01/12 13:06:48,210
VPN: installing ruleset for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:06:53,561 Devicetime: 2014/01/12 13:06:48,220
VPN: ruleset installed for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:06:53,561 Devicetime: 2014/01/12 13:06:48,220
VPN: start IKE negotiation for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:06:53,561 Devicetime: 2014/01/12 13:06:48,250
VPN: rulesets installed

[VPN-Status] 2014/01/12 13:06:54,452 Devicetime: 2014/01/12 13:06:49,230
IKE info: Phase-1 negotiation started for peer FRITZBOX7390 rule isakmp-peer-FRITZBOX7390 using AGGRESSIVE mode

[VPN-Status] 2014/01/12 13:07:23,514 Devicetime: 2014/01/12 13:07:18,250
VPN: connection for FRITZBOX7390 (xxx.xxx.xxx.xxx) timed out: no response

[VPN-Status] 2014/01/12 13:07:23,514 Devicetime: 2014/01/12 13:07:18,250
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,250
VPN: disconnecting FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,250
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,290
VPN: FRITZBOX7390 (xxx.xxx.xxx.xxx) disconnected

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,310
selecting next remote gateway using strategy eFirst for FRITZBOX7390
=> no remote gateway selected

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,310
selecting first remote gateway using strategy eFirst for FRITZBOX7390
=> CurrIdx=0, IpStr=>xxx.dyndns.org<, IpAddr=xxx.xxx.xxx.xxx, IpTtl=60s

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,310
VPN: installing ruleset for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 13:07:23,733 Devicetime: 2014/01/12 13:07:18,330
VPN: rulesets installed

[TraceStopped] 2014/01/12 13:09:12,858
Used config:
# Trace config
trace + VPN-Status

# Show commands
show bootlog
[TraceStarted] 2014/01/12 15:02:05,733
Used config:
# Trace config
trace + VPN-Status

# Show commands
show bootlog
[ShowCmd] 2014/01/12 15:02:06,374
Result of command: "show bootlog "
Boot log (171 Bytes):

****

01/01/1900 00:00:01 System boot after power on

DEVICE: LANCOM 1811 Wireless DSL
HW-RELEASE: C
VERSION: 8.00.0221RU2 / 07.10.2010

[Sysinfo] 2014/01/12 15:02:06,389
Result of command: "sysinfo"

DEVICE: LANCOM 1811 Wireless DSL
HW-RELEASE: C
SERIAL-NUMBER: 030380600064
MAC-ADDRESS: 00a0570fbe02
IP-ADDRESS: 192.168.0.254
IP-NETMASK: 255.255.255.0
INTRANET-ADDRESS: 0.0.0.0
INTRANETMASK: 0.0.0.0
VERSION: 8.00.0221RU2 / 07.10.2010
NAME: LANCOM
CONFIG-STATUS: 1056;0
FIRMWARE-STATUS: 0;0.8;0.1;8.00RU2.07102010.8;8.00Rel.16062010.7
LANCAPI-PORT: 75
HW-MASK: 00001100000000000000000000000011
FEATUREWORD: 00000000000000000100000100011101
REGISTERED-WORD: 00000000000000000100000100011101
FEATURE-LIST: 00/F
FEATURE-LIST: 02/F
FEATURE-LIST: 03/F
FEATURE-LIST: 04/F
FEATURE-LIST: 08/F
FEATURE-LIST: 0e/F
TIME: 15020112012014
HTTP-PORT: 80
HTTPS-PORT: 443
TELNET-PORT: 23
TELNET-SSL-PORT: 992
SSH-PORT: 22

[VPN-Status] 2014/01/12 15:02:17,983 Devicetime: 2014/01/12 15:02:12,680
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE sent for Phase-1 SA to peer FRITZBOX7390, sequence nr 0x2de6917c

[VPN-Status] 2014/01/12 15:02:18,264 Devicetime: 2014/01/12 15:02:12,740
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE_ACK for peer FRITZBOX7390 Seq-Nr 0x2de6917c, expected 0x2de6917c

[VPN-Status] 2014/01/12 15:02:25,327 Devicetime: 2014/01/12 15:02:19,990
VPN: connection for FRITZBOX7390 (xxx.xxx.xxx.xxx) timed out: no response

[VPN-Status] 2014/01/12 15:02:25,327 Devicetime: 2014/01/12 15:02:19,990
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:19,990
VPN: disconnecting FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:19,990
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:20,020
IKE info: Delete Notificaton sent for Phase-1 SA to peer FRITZBOX7390

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:20,020
IKE info: Phase-1 SA removed: peer FRITZBOX7390 rule FRITZBOX7390 removed

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:20,040
VPN: FRITZBOX7390 (xxx.xxx.xxx.xxx) disconnected

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:20,060
selecting next remote gateway using strategy eFirst for FRITZBOX7390
=> no remote gateway selected

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:20,060
selecting first remote gateway using strategy eFirst for FRITZBOX7390
=> CurrIdx=0, IpStr=>xxx.dyndns.org<, IpAddr=xxx.xxx.xxx.xxx, IpTtl=60s

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:20,060
VPN: installing ruleset for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:20,060
VPN: FRITZBOX7390 (xxx.xxx.xxx.xxx) disconnected

[VPN-Status] 2014/01/12 15:02:25,608 Devicetime: 2014/01/12 15:02:20,080
VPN: rulesets installed

[VPN-Status] 2014/01/12 15:03:08,999 Devicetime: 2014/01/12 15:03:03,690
starting external DNS resolution for FRITZBOX7390
IpStr=>xxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s

[VPN-Status] 2014/01/12 15:03:09,171 Devicetime: 2014/01/12 15:03:03,760
external DNS resolution for FRITZBOX7390
IpStr=>xxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s
IpStr=>xxx.dyndns.org<, IpAddr(new)=xxx.xxx.xxx.xxx, IpTtl(new)=60s

[VPN-Status] 2014/01/12 15:04:32,155 Devicetime: 2014/01/12 15:04:26,830
VPN: connecting to FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:04:32,358 Devicetime: 2014/01/12 15:04:26,850
VPN: installing ruleset for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:04:32,358 Devicetime: 2014/01/12 15:04:26,870
VPN: ruleset installed for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:04:32,358 Devicetime: 2014/01/12 15:04:26,870
VPN: start IKE negotiation for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:04:32,358 Devicetime: 2014/01/12 15:04:26,900
VPN: rulesets installed

[VPN-Status] 2014/01/12 15:04:33,202 Devicetime: 2014/01/12 15:04:27,880
IKE info: Phase-1 negotiation started for peer FRITZBOX7390 rule isakmp-peer-FRITZBOX7390 using AGGRESSIVE mode

[VPN-Status] 2014/01/12 15:04:33,702 Devicetime: 2014/01/12 15:04:28,300
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> supports draft-ietf-ipsec-isakmp-xauth
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> negotiated rfc-3706-dead-peer-detection
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> supports NAT-T in mode rfc
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> supports NAT-T in mode rfc
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> supports NAT-T in mode rfc

[VPN-Status] 2014/01/12 15:04:33,702 Devicetime: 2014/01/12 15:04:28,300
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = SHA <-> local No 1 hash algorithm = MD5
IKE info: Phase-1 remote proposal 1 for peer FRITZBOX7390 matched with local proposal 2

[VPN-Status] 2014/01/12 15:04:33,967 Devicetime: 2014/01/12 15:04:28,510
IKE info: Phase-1 [inititiator] for peer FRITZBOX7390 between initiator id lancom1811, responder id fritzbox7390 done
IKE info: NAT-T enabled in mode rfc, we are not behind a nat, the remote side is behind a nat
IKE info: SA ISAKMP for peer FRITZBOX7390 encryption aes-cbc authentication sha1
IKE info: life time ( 8000 sec/ 0 kb)

[VPN-Status] 2014/01/12 15:04:33,967 Devicetime: 2014/01/12 15:04:28,520
IKE info: Phase-1 SA Rekeying Timeout (Soft-Event) for peer FRITZBOX7390 set to 6400 seconds (Initiator)

[VPN-Status] 2014/01/12 15:04:33,967 Devicetime: 2014/01/12 15:04:28,520
IKE info: Phase-1 SA Timeout (Hard-Event) for peer FRITZBOX7390 set to 8000 seconds (Initiator)

[VPN-Status] 2014/01/12 15:04:33,967 Devicetime: 2014/01/12 15:04:28,610
IKE info: NOTIFY received of type INVALID_ID_INFORMATION for peer FRITZBOX7390

[VPN-Status] 2014/01/12 15:04:47,921 Devicetime: 2014/01/12 15:04:42,610
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE sent for Phase-1 SA to peer FRITZBOX7390, sequence nr 0x52c2770d

[VPN-Status] 2014/01/12 15:04:48,046 Devicetime: 2014/01/12 15:04:42,670
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE_ACK for peer FRITZBOX7390 Seq-Nr 0x52c2770d, expected 0x52c2770d

[VPN-Status] 2014/01/12 15:05:02,233 Devicetime: 2014/01/12 15:04:56,900
VPN: connection for FRITZBOX7390 (xxx.xxx.xxx.xxx) timed out: no response

[VPN-Status] 2014/01/12 15:05:02,233 Devicetime: 2014/01/12 15:04:56,900
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,900
VPN: disconnecting FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,900
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,930
IKE info: Delete Notificaton sent for Phase-1 SA to peer FRITZBOX7390

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,930
IKE info: Phase-1 SA removed: peer FRITZBOX7390 rule FRITZBOX7390 removed

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,940
VPN: FRITZBOX7390 (xxx.xxx.xxx.xxx) disconnected

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,970
selecting next remote gateway using strategy eFirst for FRITZBOX7390
=> no remote gateway selected

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,970
selecting first remote gateway using strategy eFirst for FRITZBOX7390
=> CurrIdx=0, IpStr=>xxx.dyndns.org<, IpAddr=xxx.xxx.xxx.xxx, IpTtl=60s

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,970
VPN: installing ruleset for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,970
VPN: FRITZBOX7390 (xxx.xxx.xxx.xxx) disconnected

[VPN-Status] 2014/01/12 15:05:02,530 Devicetime: 2014/01/12 15:04:56,980
VPN: rulesets installed

[VPN-Status] 2014/01/12 15:05:29,014 Devicetime: 2014/01/12 15:05:23,700
starting external DNS resolution for FRITZBOX7390
IpStr=>xxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s

[VPN-Status] 2014/01/12 15:05:29,186 Devicetime: 2014/01/12 15:05:23,840
external DNS resolution for FRITZBOX7390
IpStr=>xxx.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s
IpStr=>xxx.dyndns.org<, IpAddr(new)=xxx.xxx.xxx.xxx, IpTtl(new)=60s

[TraceStopped] 2014/01/12 15:06:24,842
Used config:
# Trace config
trace + VPN-Status

# Show commands
show bootlog
[Legend] 2009/07/09 00:00:00,000
VPN-Status, TraceStarted, TraceStopped, Sysinfo, ShowCmd
[Index] 2009/07/09 00:00:00,000
1,124,7;4,267,12;3,950,32;0,197,4;0,258,6;0,197,4;0,258,6;0,197,4;0,258,6;0,197,4;0,258,6;0,197,4;0,258,6;0,126,3;0,135,3;0,134,3;0,138,3;0,102,3;0,191,4;
0,150,3;0,167,3;0,126,3;0,167,3;0,126,3;0,183,4;0,226,4;0,134,3;0,103,4;2,124,7;1,124,7;4,267,12;3,950,32;0,181,3;0,206,4;0,149,3;0,166,3;0,125,3;0,166,3;
0,148,3;0,152,3;0,125,3;0,183,4;0,226,4;0,134,3;0,125,3;0,103,4;0,197,4;0,258,6;0,125,3;0,134,3;0,133,3;0,137,3;0,102,3;0,190,3;0,642,7;0,271,4;0,412,6;
0,183,3;0,174,3;0,158,4;0,181,3;0,206,4;0,149,3;0,166,3;0,125,3;0,166,3;0,148,3;0,152,3;0,125,3;0,183,4;0,226,4;0,134,3;0,125,3;0,103,4;0,197,4;0,258,6;
2,124,7;

Bernie137 · Beitrag von **Bernie137** » 13 Jan 2014, 12:14

Hallo,

also ganz auffällig ist die Fehlermeldung:

Code: Alles auswählen

[VPN-Status] 2014/01/12 13:07:23,514 Devicetime: 2014/01/12 13:07:18,250
VPN: connection for FRITZBOX7390 (xxx.xxx.xxx.xxx) timed out: no response

Das heißt ganz einfach, dass die Fritz!Box unter der IP im Internet nicht erreichbar ist und deshalb scheitert auch alles Weitere bzgl. VPN. Stimmt die IP Adresse auch wirklich, die über dyndns aufgelöst wird?

vg Heiko

MariusP · Beitrag von **MariusP** » 13 Jan 2014, 13:48

Hi,

[VPN-Status] 2014/01/12 15:04:33,702 Devicetime: 2014/01/12 15:04:28,300
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = SHA <-> local No 1 hash algorithm = MD5
IKE info: Phase-1 remote proposal 1 for peer FRITZBOX7390 matched with local proposal 2

Du könntest die Reihenfolge anpassen und SHA an erste Stelle deiner Proposals setzen.

[VPN-Status] 2014/01/12 15:04:33,967 Devicetime: 2014/01/12 15:04:28,610
IKE info: NOTIFY received of type INVALID_ID_INFORMATION for peer FRITZBOX7390

[VPN-Status] 2014/01/12 15:04:47,921 Devicetime: 2014/01/12 15:04:42,610
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE sent for Phase-1 SA to peer FRITZBOX7390, sequence nr 0x52c2770d

[VPN-Status] 2014/01/12 15:04:48,046 Devicetime: 2014/01/12 15:04:42,670
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE_ACK for peer FRITZBOX7390 Seq-Nr 0x52c2770d, expected 0x52c2770d

Zitat: RFC 2409

The identities of the SAs negotiated in Quick Mode are implicitly
assumed to be the IP addresses of the ISAKMP peers, without any
implied constraints on the protocol or port numbers allowed, unless
client identifiers are specified in Quick Mode. If ISAKMP is acting
as a client negotiator on behalf of another party, the identities of
the parties MUST be passed as IDci and then IDcr. Local policy will
dictate whether the proposals are acceptable for the identities
specified. If the client identities are not acceptable to the Quick
Mode responder (due to policy or other reasons), a Notify payload
with Notify Message Type INVALID-ID-INFORMATION (18) SHOULD be sent.

Da du diese Nachricht von der FritzBox erhälts, musst du schauen nach welchen Kriterien die Fritzbox diese Entscheidung trifft.
Gruß

rajiv · Beitrag von **rajiv** » 17 Jan 2014, 22:31

Hallo,
sorry das ich jetzt erste reagiere, aber ich kann nur am WE "basteln". Ih habe die Reihenfolge der Proposals geändert, aber weiss nicht was bei der FB zu machen ist, um die Hinweise aus dem RFC umzusetzen. Aktuell habe ich immer noch folgende Trace:

[TraceData]
(Version) 8.30.0001
(Tracesessions) 0
(Comment) {N/A}
(NumberOfMessages) 37
(OffsetToIndex) 13028
[EndOfHeader]
[TraceStarted] 2014/01/17 22:13:13,497
Used config:
# Trace config
trace + VPN-Status
trace + VPN-Packet

# Show commands
show bootlog
[ShowCmd] 2014/01/17 22:13:14,465
Result of command: "show bootlog "
Boot log (171 Bytes):

****

01/01/1900 00:00:01 System boot after power on

DEVICE: LANCOM 1811 Wireless DSL
HW-RELEASE: C
VERSION: 8.00.0221RU2 / 07.10.2010

[Sysinfo] 2014/01/17 22:13:14,481
Result of command: "sysinfo"

DEVICE: LANCOM 1811 Wireless DSL
HW-RELEASE: C
SERIAL-NUMBER:
MAC-ADDRESS:
IP-ADDRESS: 192.168.0.254
IP-NETMASK: 255.255.255.0
INTRANET-ADDRESS: 0.0.0.0
INTRANETMASK: 0.0.0.0
VERSION: 8.00.0221RU2 / 07.10.2010
NAME: LANCOM
CONFIG-STATUS: 1056;0
FIRMWARE-STATUS: 0;0.8;0.1;8.00RU2.07102010.8;8.00Rel.16062010.7
LANCAPI-PORT: 75
HW-MASK: 00001100000000000000000000000011
FEATUREWORD: 00000000000000000100000100011101
REGISTERED-WORD: 00000000000000000100000100011101
FEATURE-LIST: 00/F
FEATURE-LIST: 02/F
FEATURE-LIST: 03/F
FEATURE-LIST: 04/F
FEATURE-LIST: 08/F
FEATURE-LIST: 0e/F
TIME: 22131217012014
HTTP-PORT: 80
HTTPS-PORT: 443
TELNET-PORT: 23
TELNET-SSL-PORT: 992
SSH-PORT: 22

[VPN-Status] 2014/01/17 22:13:32,153 Devicetime: 2014/01/17 22:13:30,170
starting external DNS resolution for FRITZBOX7390
IpStr=>xxxx7.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s

[VPN-Status] 2014/01/17 22:13:32,356 Devicetime: 2014/01/17 22:13:30,220
external DNS resolution for FRITZBOX7390
IpStr=>xxxx7.dyndns.org<, IpAddr(old)=xxx.xxx.xxx.xxx, IpTtl(old)=60s
IpStr=>xxxx7.dyndns.org<, IpAddr(new)=xxx.xxx.xxx.xxx, IpTtl(new)=60s

[VPN-Status] 2014/01/17 22:13:41,700 Devicetime: 2014/01/17 22:13:39,700
VPN: connecting to FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/17 22:13:41,903 Devicetime: 2014/01/17 22:13:39,720
VPN: installing ruleset for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/17 22:13:41,903 Devicetime: 2014/01/17 22:13:39,740
VPN: ruleset installed for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/17 22:13:41,903 Devicetime: 2014/01/17 22:13:39,740
VPN: start IKE negotiation for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/17 22:13:41,903 Devicetime: 2014/01/17 22:13:39,760
VPN: rulesets installed

[VPN-Packet] 2014/01/17 22:13:43,028 Devicetime: 2014/01/17 22:13:40,740
for send: 192.168.0.240->192.168.1.51 60 ICMP ECHOREQUEST
-->IPv4 Header
Version : 4
Header Length : 20
Type of service : (0x00) Precedence 0
Total length : 60
ID : 9407
Fragment : Offset 0
TTL : 127
Protocol : ICMP
Checksum : 37774 (OK)
Src Address : 192.168.0.240
Dest Address : 192.168.1.51
-->ICMP Header
Msg : echo request
Checksum : 18267 (OK)
Body : 61 62 63 64 65 66 67 68 abcdefgh
69 6a 6b 6c 6d 6e 6f 70 ijklmnop
71 72 73 74 75 76 77 61 qrstuvwa
62 63 64 65 66 67 68 69 bcdefghi

[VPN-Packet] 2014/01/17 22:13:43,028 Devicetime: 2014/01/17 22:13:40,740
no sa available: give up, should be retransmitted: 192.168.0.240->192.168.1.51 60 ICMP ECHOREQUEST
-->IPv4 Header
Version : 4
Header Length : 20
Type of service : (0x00) Precedence 0
Total length : 60
ID : 9407
Fragment : Offset 0
TTL : 127
Protocol : ICMP
Checksum : 37774 (OK)
Src Address : 192.168.0.240
Dest Address : 192.168.1.51
-->ICMP Header
Msg : echo request
Checksum : 18267 (OK)
Body : 61 62 63 64 65 66 67 68 abcdefgh
69 6a 6b 6c 6d 6e 6f 70 ijklmnop
71 72 73 74 75 76 77 61 qrstuvwa
62 63 64 65 66 67 68 69 bcdefghi

[VPN-Status] 2014/01/17 22:13:43,028 Devicetime: 2014/01/17 22:13:40,750
IKE info: Phase-1 negotiation started for peer FRITZBOX7390 rule isakmp-peer-FRITZBOX7390 using AGGRESSIVE mode

[VPN-Status] 2014/01/17 22:13:43,247 Devicetime: 2014/01/17 22:13:41,160
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> supports draft-ietf-ipsec-isakmp-xauth
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> negotiated rfc-3706-dead-peer-detection
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> supports NAT-T in mode rfc
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> supports NAT-T in mode rfc
IKE info: The remote server xxx.xxx.xxx.xxx:500 (UDP) peer FRITZBOX7390 id <no_id> supports NAT-T in mode rfc

[VPN-Status] 2014/01/17 22:13:43,247 Devicetime: 2014/01/17 22:13:41,160
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = SHA <-> local No 1 hash algorithm = MD5
IKE info: Phase-1 remote proposal 1 for peer FRITZBOX7390 matched with local proposal 2

[VPN-Status] 2014/01/17 22:13:43,528 Devicetime: 2014/01/17 22:13:41,360
IKE info: Phase-1 [inititiator] for peer FRITZBOX7390 between initiator id lancom1811, responder id fritzbox7390 done
IKE info: NAT-T enabled in mode rfc, we are not behind a nat, the remote side is behind a nat
IKE info: SA ISAKMP for peer FRITZBOX7390 encryption aes-cbc authentication sha1
IKE info: life time ( 8000 sec/ 0 kb)

[VPN-Status] 2014/01/17 22:13:43,528 Devicetime: 2014/01/17 22:13:41,360
IKE info: Phase-1 SA Rekeying Timeout (Soft-Event) for peer FRITZBOX7390 set to 6400 seconds (Initiator)

[VPN-Status] 2014/01/17 22:13:43,528 Devicetime: 2014/01/17 22:13:41,360
IKE info: Phase-1 SA Timeout (Hard-Event) for peer FRITZBOX7390 set to 8000 seconds (Initiator)

[VPN-Status] 2014/01/17 22:13:43,528 Devicetime: 2014/01/17 22:13:41,460
IKE info: NOTIFY received of type INITIAL_CONTACT for peer FRITZBOX7390

[VPN-Status] 2014/01/17 22:13:43,528 Devicetime: 2014/01/17 22:13:41,460
IKE info: Phase-1 [responder] got INITIAL-CONTACT from peer FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/17 22:13:43,528 Devicetime: 2014/01/17 22:13:41,460
IKE info: Phase-1 SA removed: peer FRITZBOX7390 rule FRITZBOX7390 removed

[VPN-Status] 2014/01/17 22:13:43,528 Devicetime: 2014/01/17 22:13:41,470
IKE info: NOTIFY received of type INVALID_ID_INFORMATION for peer FRITZBOX7390

[VPN-Status] 2014/01/17 22:13:46,450 Devicetime: 2014/01/17 22:13:44,470
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE sent for Phase-1 SA to peer FRITZBOX7390, sequence nr 0x7bef6663

[VPN-Status] 2014/01/17 22:13:46,653 Devicetime: 2014/01/17 22:13:44,560
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE_ACK for peer FRITZBOX7390 Seq-Nr 0x7bef6663, expected 0x7bef6663

[VPN-Status] 2014/01/17 22:14:11,778 Devicetime: 2014/01/17 22:14:09,760
VPN: connection for FRITZBOX7390 (xxx.xxx.xxx.xxx) timed out: no response

[VPN-Status] 2014/01/17 22:14:11,778 Devicetime: 2014/01/17 22:14:09,760
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/17 22:14:11,809 Devicetime: 2014/01/17 22:14:09,760
VPN: disconnecting FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/17 22:14:11,809 Devicetime: 2014/01/17 22:14:09,760
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/17 22:14:11,809 Devicetime: 2014/01/17 22:14:09,790
IKE info: Delete Notificaton sent for Phase-1 SA to peer FRITZBOX7390

[VPN-Status] 2014/01/17 22:14:11,809 Devicetime: 2014/01/17 22:14:09,790
IKE info: Phase-1 SA removed: peer FRITZBOX7390 rule FRITZBOX7390 removed

[VPN-Status] 2014/01/17 22:14:11,809 Devicetime: 2014/01/17 22:14:09,800
VPN: FRITZBOX7390 (xxx.xxx.xxx.xxx) disconnected

[VPN-Status] 2014/01/17 22:14:12,090 Devicetime: 2014/01/17 22:14:09,830
selecting next remote gateway using strategy eFirst for FRITZBOX7390
=> no remote gateway selected

[VPN-Status] 2014/01/17 22:14:12,090 Devicetime: 2014/01/17 22:14:09,830
selecting first remote gateway using strategy eFirst for FRITZBOX7390
=> CurrIdx=0, IpStr=>erik27.dyndns.org<, IpAddr=xxx.xxx.xxx.xxx, IpTtl=60s

[VPN-Status] 2014/01/17 22:14:12,090 Devicetime: 2014/01/17 22:14:09,830
VPN: installing ruleset for FRITZBOX7390 (xxx.xxx.xxx.xxx)

[VPN-Status] 2014/01/17 22:14:12,090 Devicetime: 2014/01/17 22:14:09,830
VPN: FRITZBOX7390 (xxx.xxx.xxx.xxx) disconnected

[VPN-Status] 2014/01/17 22:14:12,090 Devicetime: 2014/01/17 22:14:09,840
VPN: rulesets installed

[TraceStopped] 2014/01/17 22:15:02,903
Used config:
# Trace config
trace + VPN-Status
trace + VPN-Packet

# Show commands
show bootlog
[Legend] 2009/07/09 00:00:00,000
VPN-Status, VPN-Packet, TraceStarted, TraceStopped, Sysinfo, ShowCmd
[Index] 2009/07/09 00:00:00,000
2,144,8;5,267,12;4,950,32;0,197,4;0,258,6;0,125,3;0,134,3;0,133,3;0,137,3;0,102,3;1,807,22;1,848,22;0,190,3;0,642,7;0,271,4;0,412,6;0,183,3;0,174,3;0,150,3;
0,166,3;0,152,3;0,157,3;0,181,3;0,206,4;0,149,3;0,166,3;0,125,3;0,166,3;0,148,3;0,152,3;0,125,3;0,183,4;0,226,4;0,134,3;0,125,3;0,103,4;3,144,8;

Habt ihr noch weitere Tipps?

rajiv · Beitrag von **rajiv** » 27 Jan 2014, 22:19

Hallo Leute,
nach weiteren Einstellung, habe ich nun folgende Fehlermeldung. Was soll ich machen?

[VPN-Status] 2014/01/27 22:04:42,779 Devicetime: 2014/01/27 22:04:44,570
VPN: rulesets installed

[VPN-Status] 2014/01/27 22:04:43,544 Devicetime: 2014/01/27 22:04:45,550
IKE info: Phase-1 negotiation started for peer FRITZBOX7390 rule isakmp-peer-FRITZBOX7390 using AGGRESSIVE mode

[VPN-Status] 2014/01/27 22:04:44,029 Devicetime: 2014/01/27 22:04:45,950
IKE info: The remote server xx.xx.xxx.xx:500 (UDP) peer FRITZBOX7390 id <no_id> supports draft-ietf-ipsec-isakmp-xauth
IKE info: The remote server xx.xx.xxx.xx:500 (UDP) peer FRITZBOX7390 id <no_id> negotiated rfc-3706-dead-peer-detection

[VPN-Status] 2014/01/27 22:04:44,029 Devicetime: 2014/01/27 22:04:45,950
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = SHA <-> local No 1 hash algorithm = MD5
IKE info: Phase-1 remote proposal 1 for peer FRITZBOX7390 matched with local proposal 2

[VPN-Status] 2014/01/27 22:04:44,185 Devicetime: 2014/01/27 22:04:46,140
IKE info: Phase-1 [inititiator] for peer FRITZBOX7390 between initiator id lancom1811, responder id FRITZBOX7390 done
IKE info: SA ISAKMP for peer FRITZBOX7390 encryption aes-cbc authentication sha1
IKE info: life time ( 8000 sec/ 0 kb)

[VPN-Status] 2014/01/27 22:04:44,185 Devicetime: 2014/01/27 22:04:46,140
IKE info: Phase-1 SA Rekeying Timeout (Soft-Event) for peer FRITZBOX7390 set to 6400 seconds (Initiator)

[VPN-Status] 2014/01/27 22:04:44,185 Devicetime: 2014/01/27 22:04:46,140
IKE info: Phase-1 SA Timeout (Hard-Event) for peer FRITZBOX7390 set to 8000 seconds (Initiator)

[VPN-Status] 2014/01/27 22:04:44,388 Devicetime: 2014/01/27 22:04:46,230
IKE info: NOTIFY received of type INVALID_ID_INFORMATION for peer FRITZBOX7390

[VPN-Status] 2014/01/27 22:04:51,294 Devicetime: 2014/01/27 22:04:53,300
IKE info: NOTIFY received of type INVALID_ID_INFORMATION for peer FRITZBOX7390

[VPN-Status] 2014/01/27 22:04:55,279 Devicetime: 2014/01/27 22:04:57,300
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE sent for Phase-1 SA to peer FRITZBOX7390, sequence nr 0x71275d38

[VPN-Status] 2014/01/27 22:04:55,451 Devicetime: 2014/01/27 22:04:57,360
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE_ACK for peer FRITZBOX7390 Seq-Nr 0x71275d38, expected 0x71275d38

MariusP · Beitrag von **MariusP** » 28 Jan 2014, 11:30

Hi,
Es ist immernoch das selbe Problem.

Code: Alles auswählen

[VPN-Status] 2014/01/27 22:04:44,388 Devicetime: 2014/01/27 22:04:46,230
IKE info: NOTIFY received of type INVALID_ID_INFORMATION for peer FRITZBOX7390

Außer du findest hier einen Fritzbox-Experten, wird es schwer.

Du könntest mit einer Sache versuchen hier Licht reinzu bringen:
Poste bitte die Auszüge aus den Netzbeziehungen des Lancoms:"show vpn"
Mehr Infos zu "show vpn" findest du unter "show vpn ?".
Wenn du uns nun informationen zu den Netzbeziehungen der Fritzbox raussuchen könntest (selber keine Ahnung wie das geht).
Gruß

Dr.Einstein · Beitrag von **Dr.Einstein** » 28 Jan 2014, 12:01

rajiv hat geschrieben: cd /Setup/VPN/Certificates-and-Keys/IKE-Keys
add "P-LANCOM" {Local-ID-Type} Domain-Name {Local-Identity} "lancom" {Remote-ID-Type} Domain-Name {Remote-Identity} "fritzbox" {Shared-Sec} "xxxx" {Shared-Sec-File} ""
cd /

rajiv hat geschrieben: localid {
fqdn = "fritzbox";
}
remoteid {
fqdn = "lancom";
}

rajiv hat geschrieben: IKE info: Phase-1 [inititiator] for peer FRITZBOX7390 between initiator id lancom1811, responder id FRITZBOX7390 done

Für mich wäre die Meldung ID Mismatch relativ logisch aktuell.

LANCOM-Forum.de

site2site zwischen Lancom 1811 und FB 7390

site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390

Re: site2site zwischen Lancom 1811 und FB 7390