Hallo in die Runde,
habe einen 1781VA und eine FB 7590AX auf der anderen Seite. Habe versucht eine Site2Site Verbindung entsprechend dieser Anleitung herzustellen.
Konfiguration einer VPN-Verbindung (IKEv1) zwischen einem LANCOM Router und einer FRITZ!Box
Leider bekomme immer den Fehler IKE-Error 0x2027 auf Seiten der Fritzbox, was auf einen Timeout hindeutet.
Der Trace auf Seiten des Lancom sagt folgendes:
[VPN-Status] 2025/03/06 11:28:06,488 Devicetime: 2025/03/06 11:28:36,061
IKE info: Phase-1 negotiation failed: no configuration found for incoming peer 79.234.179.218
[VPN-Debug] 2025/03/06 11:28:06,488 Devicetime: 2025/03/06 11:28:36,061
LCVPEI: IKE-R-No-rule-matched-ID
Da ich keine Detailkenntnis in der Konfiguration von VPNs habe steh ich jetzt leider auf dem Schlauch...
Viele Grüße
Jan
Site2Site zwischen Lancom und Fritzbox
Moderator: Lancom-Systems Moderatoren
Re: Site2Site zwischen Lancom und Fritzbox
Moin Jan,
Das Log der Fritzbox wird dir nicht weiter helfen. IPsec kann man nur auf der annehmenden Seite anhand der Logs troubleshooten.
Die Fritzbox kann selbst nicht zwingend unterscheiden ob eine Ablehnung aus einem falschen PSK oder eine falschen cyphergroups kommt - man möchte dem Angreifer je nicht zu viel verraten, warum man ihn abgelehnt hat. Das steht immer nur im Log der annehmenden Seite.
Daher wichtig, dass klar ist, wer die Verbindung initiiert, in deinem Fall die Fritzbox.
Offensicht kann der LANCOM Router den Verbindungsversuch nicht zuordnen.
Schau mal in der Verbindungsliste, ob du bei dem FritzVPN als Entferntes Gateway entweder 0.0.0.0 oder die tatsächliche öffentliche IP der Fritzbox eingetragen hast. Wenn es die tatsächliche öffentliche IP ist, bitte gegenprüfen, ob sie richtig ist.
Dadurch, dass Local und Remote ID leer gelassen werden, kann der Router die Verbindung nicht an diesen festmachen. Es bleibt die IP, wenn die auf 0.0.0.0 steht muss der router alle 0.0.0.0 Verbindungen gegen alle eingehenden Verbindungen checken.
Wenn es 0.0.0.0 ist, dann mal testweise die tatsächliche öffentliche rein, damit wir im log ggf. mehr sehen.
Bitte die Traces nach jedem Test widerholen und hier anhängen.
Ich kopiere mal der Vollständigkeit halber den Disclaimer aus dem KB-Artikel, ist aber aktuell der einzige Weg eine Fritzbox anzubinden, da AVM sich mit der Implementierung von IKEv2 schwer tut..
Das Log der Fritzbox wird dir nicht weiter helfen. IPsec kann man nur auf der annehmenden Seite anhand der Logs troubleshooten.
Die Fritzbox kann selbst nicht zwingend unterscheiden ob eine Ablehnung aus einem falschen PSK oder eine falschen cyphergroups kommt - man möchte dem Angreifer je nicht zu viel verraten, warum man ihn abgelehnt hat. Das steht immer nur im Log der annehmenden Seite.
Daher wichtig, dass klar ist, wer die Verbindung initiiert, in deinem Fall die Fritzbox.
Offensicht kann der LANCOM Router den Verbindungsversuch nicht zuordnen.
Schau mal in der Verbindungsliste, ob du bei dem FritzVPN als Entferntes Gateway entweder 0.0.0.0 oder die tatsächliche öffentliche IP der Fritzbox eingetragen hast. Wenn es die tatsächliche öffentliche IP ist, bitte gegenprüfen, ob sie richtig ist.
Dadurch, dass Local und Remote ID leer gelassen werden, kann der Router die Verbindung nicht an diesen festmachen. Es bleibt die IP, wenn die auf 0.0.0.0 steht muss der router alle 0.0.0.0 Verbindungen gegen alle eingehenden Verbindungen checken.
Wenn es 0.0.0.0 ist, dann mal testweise die tatsächliche öffentliche rein, damit wir im log ggf. mehr sehen.
Bitte die Traces nach jedem Test widerholen und hier anhängen.
Ich kopiere mal der Vollständigkeit halber den Disclaimer aus dem KB-Artikel, ist aber aktuell der einzige Weg eine Fritzbox anzubinden, da AVM sich mit der Implementierung von IKEv2 schwer tut..
IKEv1 wird seit 2019 durch die IETF (Internet Engineering Task Force) als veraltet (deprecated) und unsicher bezeichnet und sollte daher nicht mehr verwendet werden. LANCOM Systems empfiehlt stattdessen den aktuellen Standard IKEv2 zu verwenden.
Die IKEv1 Funktionalität bleibt in LANCOM Geräten erhalten und kann somit weiterhin für Szenarien mit Geräten ohne IKEv2 Unterstützung verwendet werden. LANCOM Systems wird allerdings keinen Support mehr bei der Analyse von Verbindungs-Problemen mit IKEv1-Verbindungen leisten. Auch wird es für IKEv1 keine Fehlerbehebungen oder neue Features in der Firmware geben.
Gruß Lukas
Re: Site2Site zwischen Lancom und Fritzbox
Moin zurück,
habe jetzt das GW vom Dyndns account auf 0.0.0.0 geändert. dadurch ist aber keine Verbesserung eingetreten. Anbei die aktuellen logs:
[VPN-IKE] 2025/03/06 14:03:59,576 Devicetime: 2025/03/06 14:04:28,249
[<UNKNOWN>] Received packet:
IKE 1.0 Header:
Source/Port : 79.234.179.218:500
Destination/Port : 87.191.171.196:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 4C A6 47 05 2B 58 AF 83
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 300 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 160 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 148 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 6
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 4
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
[VPN-Status] 2025/03/06 14:03:59,592 Devicetime: 2025/03/06 14:04:28,249
IKE info: Phase-1 negotiation failed: no configuration found for incoming peer 79.234.179.218
[VPN-Debug] 2025/03/06 14:03:59,592 Devicetime: 2025/03/06 14:04:28,249
LCVPEI: IKE-R-No-rule-matched-ID
[VPN-Debug] 2025/03/06 14:03:59,592 Devicetime: 2025/03/06 14:04:28,249
QUB-DATA: 87.191.171.196:500<---79.234.179.218:500 rtg_tag 0 physical-channel WAN(11)
transport: [id: 2804, UDP (17) {incoming unicast, fixed source address}, dst: 79.234.179.218, tag 0 (U), src: 87.191.171.196, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (3)], local port: 500, remote port: 500
Counting consumed licenses by active channels...
Consumed connected licenses : 0
Negotiating connections : 0
IKE negotiations : 0
MPPE connections : 0
LTA licenses : 0
Licenses in use : 0 < 5
+Passive connection request accepted (35 micro seconds)
IKE-TRANSPORT freed
[VPN-IKE] 2025/03/06 14:04:01,580 Devicetime: 2025/03/06 14:04:30,251
[<UNKNOWN>] Received packet:
IKE 1.0 Header:
Source/Port : 79.234.179.218:500
Destination/Port : 87.191.171.196:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 4C A6 47 05 2B 58 AF 83
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 300 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 160 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 148 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 6
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 4
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
habe jetzt das GW vom Dyndns account auf 0.0.0.0 geändert. dadurch ist aber keine Verbesserung eingetreten. Anbei die aktuellen logs:
[VPN-IKE] 2025/03/06 14:03:59,576 Devicetime: 2025/03/06 14:04:28,249
[<UNKNOWN>] Received packet:
IKE 1.0 Header:
Source/Port : 79.234.179.218:500
Destination/Port : 87.191.171.196:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 4C A6 47 05 2B 58 AF 83
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 300 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 160 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 148 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 6
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 4
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
[VPN-Status] 2025/03/06 14:03:59,592 Devicetime: 2025/03/06 14:04:28,249
IKE info: Phase-1 negotiation failed: no configuration found for incoming peer 79.234.179.218
[VPN-Debug] 2025/03/06 14:03:59,592 Devicetime: 2025/03/06 14:04:28,249
LCVPEI: IKE-R-No-rule-matched-ID
[VPN-Debug] 2025/03/06 14:03:59,592 Devicetime: 2025/03/06 14:04:28,249
QUB-DATA: 87.191.171.196:500<---79.234.179.218:500 rtg_tag 0 physical-channel WAN(11)
transport: [id: 2804, UDP (17) {incoming unicast, fixed source address}, dst: 79.234.179.218, tag 0 (U), src: 87.191.171.196, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (3)], local port: 500, remote port: 500
Counting consumed licenses by active channels...
Consumed connected licenses : 0
Negotiating connections : 0
IKE negotiations : 0
MPPE connections : 0
LTA licenses : 0
Licenses in use : 0 < 5
+Passive connection request accepted (35 micro seconds)
IKE-TRANSPORT freed
[VPN-IKE] 2025/03/06 14:04:01,580 Devicetime: 2025/03/06 14:04:30,251
[<UNKNOWN>] Received packet:
IKE 1.0 Header:
Source/Port : 79.234.179.218:500
Destination/Port : 87.191.171.196:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 4C A6 47 05 2B 58 AF 83
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 300 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 160 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 148 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 6
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 4
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
Re: Site2Site zwischen Lancom und Fritzbox
Kannst du bitte statt der 0.0.0.0 die 79.234.179.218 (laut trace aktuelle public IP der Fritzbox) als entferntes Gateway angeben und dann nochmal tracen?
Gruß Lukas
Re: Site2Site zwischen Lancom und Fritzbox
Das ergibt leider auch nichts. Hatte ich zwischendurch auch schon probiert. Würde da jetzt wieder die DynDNS-Adresse eintragen.
Was bedeutet den eigenlich: IKE info: Phase-1 negotiation failed: no configuration found for incoming peer 79.234.179.218
Das hört sich für mich so an, als ob die Fritzbox nicht den richtigen "Dialekt" spricht...
Was bedeutet den eigenlich: IKE info: Phase-1 negotiation failed: no configuration found for incoming peer 79.234.179.218
Das hört sich für mich so an, als ob die Fritzbox nicht den richtigen "Dialekt" spricht...
-
Dr.Einstein
- Beiträge: 3223
- Registriert: 12 Jan 2010, 14:10
Re: Site2Site zwischen Lancom und Fritzbox
IP eintragen, wieder den Trace anwerfen und hier posten. Außer der Inhalt sieht 1:1 gleich aus was ich bezweifel. Oben müsste das Unknown auf den Peernamen wechseln.JaLu hat geschrieben: 06 Mär 2025, 14:42 Das ergibt leider auch nichts. Hatte ich zwischendurch auch schon probiert.
Re: Site2Site zwischen Lancom und Fritzbox
Für mich sieht das Trace-Log genauso aus wie vorher:
[VPN-IKE] 2025/03/06 15:23:00,545 Devicetime: 2025/03/06 15:23:29,455
[<UNKNOWN>] Received packet:
IKE 1.0 Header:
Source/Port : 79.234.179.218:500
Destination/Port : 87.191.171.196:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 11 30 B5 C1 D7 9A 5D 27
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 300 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 160 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 148 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 6
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 4
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
[VPN-Status] 2025/03/06 15:23:00,561 Devicetime: 2025/03/06 15:23:29,456
IKE info: Phase-1 negotiation failed: no configuration found for incoming peer 79.234.179.218
[VPN-Debug] 2025/03/06 15:23:00,561 Devicetime: 2025/03/06 15:23:29,456
LCVPEI: IKE-R-No-rule-matched-ID
[VPN-Debug] 2025/03/06 15:23:00,561 Devicetime: 2025/03/06 15:23:29,456
QUB-DATA: 87.191.171.196:500<---79.234.179.218:500 rtg_tag 0 physical-channel WAN(11)
transport: [id: 5370, UDP (17) {incoming unicast, fixed source address}, dst: 79.234.179.218, tag 0 (U), src: 87.191.171.196, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (3)], local port: 500, remote port: 500
Counting consumed licenses by active channels...
Consumed connected licenses : 0
Negotiating connections : 0
IKE negotiations : 0
MPPE connections : 0
LTA licenses : 0
Licenses in use : 0 < 5
+Passive connection request accepted (37 micro seconds)
IKE-TRANSPORT freed
[VPN-IKE] 2025/03/06 15:23:02,554 Devicetime: 2025/03/06 15:23:31,457
[<UNKNOWN>] Received packet:
IKE 1.0 Header:
Source/Port : 79.234.179.218:500
Destination/Port : 87.191.171.196:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 11 30 B5 C1 D7 9A 5D 27
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 300 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 160 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 148 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 6
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 4
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
[VPN-IKE] 2025/03/06 15:23:00,545 Devicetime: 2025/03/06 15:23:29,455
[<UNKNOWN>] Received packet:
IKE 1.0 Header:
Source/Port : 79.234.179.218:500
Destination/Port : 87.191.171.196:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 11 30 B5 C1 D7 9A 5D 27
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 300 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 160 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 148 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 6
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 4
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
[VPN-Status] 2025/03/06 15:23:00,561 Devicetime: 2025/03/06 15:23:29,456
IKE info: Phase-1 negotiation failed: no configuration found for incoming peer 79.234.179.218
[VPN-Debug] 2025/03/06 15:23:00,561 Devicetime: 2025/03/06 15:23:29,456
LCVPEI: IKE-R-No-rule-matched-ID
[VPN-Debug] 2025/03/06 15:23:00,561 Devicetime: 2025/03/06 15:23:29,456
QUB-DATA: 87.191.171.196:500<---79.234.179.218:500 rtg_tag 0 physical-channel WAN(11)
transport: [id: 5370, UDP (17) {incoming unicast, fixed source address}, dst: 79.234.179.218, tag 0 (U), src: 87.191.171.196, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (3)], local port: 500, remote port: 500
Counting consumed licenses by active channels...
Consumed connected licenses : 0
Negotiating connections : 0
IKE negotiations : 0
MPPE connections : 0
LTA licenses : 0
Licenses in use : 0 < 5
+Passive connection request accepted (37 micro seconds)
IKE-TRANSPORT freed
[VPN-IKE] 2025/03/06 15:23:02,554 Devicetime: 2025/03/06 15:23:31,457
[<UNKNOWN>] Received packet:
IKE 1.0 Header:
Source/Port : 79.234.179.218:500
Destination/Port : 87.191.171.196:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 11 30 B5 C1 D7 9A 5D 27
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 300 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 160 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 148 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 6
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 4
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
Re: Site2Site zwischen Lancom und Fritzbox
Hab jetzt einmal mit dem Wizard eine gleichartige Verbindung eingerichtet und danach die einzelnen Punkte wieder gelöscht. Seitdem scheint der ursprüngliche VPN-Tunnel jetzt zu laufen.
Danke für die Hilfe hier im Forum, auch wenn die eigentliche Lösung für mich nicht ersichtlich ist.
Danke für die Hilfe hier im Forum, auch wenn die eigentliche Lösung für mich nicht ersichtlich ist.
Re: Site2Site zwischen Lancom und Fritzbox
vermutlich reicht für alles weitere der vpn-status trace, dann wird es auch nicht so lang.
es scheint, dass der Router die eingehende Verbindung keiner konfigurierten Verbindung zuordnen kann.
Der KB-Artikel schient schon länger nicht aktualisiert worden zu sein (da steht was von version 9.24). In meinem Router (10.80) sehen die Menus etwas anders aus.
ich habe in diesem Artikel gesehen, dass das AVM Konfig-File auch lokale und remote ID unterstützt.
ich denke das würde es nochmal erleichtern.
dort steht zwar "fqdn" es muss aber kein öffentlich registrierter/ auflösbarer Name sein - es reicht, wenn es in deinem Kontext eindeutig ist, daher habe ich mal fb.intern und zentrale.intern vorgeschlagen.
Auf seiten der Zentrale muss das nun "über kreuz" eingetragen werden.
Auf dem LANCOM also im verwendeten "IKE-Schlüssel & Identitäten" Eintrag Lokaler Identität Typ auf "Domänen-Name (FQDN)" und Lokale identität auf "zentrale.intern", Entfernter Identität-Typ auf "Domänen-Name (FQDN)" und entfernte Identität auf "fb.intern" ändern.
Im Konfigfile dafür innerhalb von connections das folgende eintragen.
anschließend nochmal tracen, es reicht aber der vpn-status trace.
es scheint, dass der Router die eingehende Verbindung keiner konfigurierten Verbindung zuordnen kann.
Der KB-Artikel schient schon länger nicht aktualisiert worden zu sein (da steht was von version 9.24). In meinem Router (10.80) sehen die Menus etwas anders aus.
ich habe in diesem Artikel gesehen, dass das AVM Konfig-File auch lokale und remote ID unterstützt.
ich denke das würde es nochmal erleichtern.
dort steht zwar "fqdn" es muss aber kein öffentlich registrierter/ auflösbarer Name sein - es reicht, wenn es in deinem Kontext eindeutig ist, daher habe ich mal fb.intern und zentrale.intern vorgeschlagen.
Auf seiten der Zentrale muss das nun "über kreuz" eingetragen werden.
Auf dem LANCOM also im verwendeten "IKE-Schlüssel & Identitäten" Eintrag Lokaler Identität Typ auf "Domänen-Name (FQDN)" und Lokale identität auf "zentrale.intern", Entfernter Identität-Typ auf "Domänen-Name (FQDN)" und entfernte Identität auf "fb.intern" ändern.
Im Konfigfile dafür innerhalb von connections das folgende eintragen.
Code: Alles auswählen
localid {
fqdn = "fb.intern"; // ID der Fritzbox
}
remoteid {
fqdn = "zentrale.intern"; // ID der Zentrale
}
anschließend nochmal tracen, es reicht aber der vpn-status trace.
Gruß Lukas
Re: Site2Site zwischen Lancom und Fritzbox
ah, ok. ich war zu langsam. Freut mich dass es jetzt klappt.
vermutlich ist es nur eine Kleinigkeit gewesen und es fehlte irgendwo ein "element aktiv" häkchen
vermutlich ist es nur eine Kleinigkeit gewesen und es fehlte irgendwo ein "element aktiv" häkchen
Gruß Lukas