Hallo,
heute hatte ich wieder Zeit hier weiter zu experimentieren bzw. es konnte jemand auf der Remote-Seite den Verbindungsaufbau triggern, damit ich den gewünschten Trace machen konnte.
Bitte teile uns deine Firmware-Version mit.
Lancom:
Code: Alles auswählen
DEVICE: LANCOM 1781EF+
HW-RELEASE: C
VERSION: 9.10.0530RU5 / 09.12.2015
Die Fritzbox sagt sie hätte FritzOS 06.30
Bitte mach einen IKE-Trace und schau dir an was genau von welcher Seite übertragen wird.
Den Trace habe ich gemacht, der ist aber "recht lang". Soll ich den hier als Datei anhängen? Ein "kurzer Auszug" zeigt die Meldung INVALID_ID_INFORMATION, allerdings kann ich aus dem Trace nicht erkennen, was falsch ist
Code: Alles auswählen
[VPN-IKE] 2016/04/14 19:12:14,391 Devicetime: 2016/04/14 19:12:20,654
Received packet:
IKE 1.0 Header:
Source/Port : <Remote-IP>:500
Destination/Port : <Local-IP>:500
| Initiator cookie : D1 17 35 83 1D 90 5F 89
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : AGGRESSIVE
| Flags : 0x00
| Msg-ID : 0
| Length : 645 Bytes
SA Payload
| Next Payload : KEY_EXCH
| Reserved : 0x00
| Length : 356 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 344 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 10
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 4
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 5
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 5
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 1
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 6
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 7
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 192
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 4
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 8
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 1
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 9
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 5
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 1
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 32 Bytes
| | | Transform# : 10
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 1
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 1
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
KEY_EXCH Payload
| Next Payload : NONCE
| Reserved : 0x00
| Length : 132 Bytes
| DH-Key(1024 bits) : 60 6C 9F F2 FA CB 82 BD 73 8B A1 E2 F5 C8 E8 4B
| 1A 89 F7 4B A2 6C 27 BD 1C ED 21 41 8E 6F D5 7E
| A2 6F 01 DA 3B 24 1A 9B 5E EC 74 0D EB B4 73 BF
| 52 89 2F 48 03 A1 0E 5A A4 2A B9 B0 63 FC 58 2A
| 5E F5 4A 47 A5 06 48 68 A4 01 81 C0 19 86 C2 55
| CC 2F 62 72 8D AD 1D D5 8F 64 D3 7E 21 DF D0 36
| DC 6A 31 7E EA 37 2E 5E 56 92 BD A0 E5 2C AA 7C
| 8B 00 50 CF 80 A9 42 AE 25 25 E4 E3 B9 59 DE 6C
NONCE Payload
| Next Payload : ID
| Reserved : 0x00
| Length : 20 Bytes
| Nonce(128 bits) : 9F 6C 95 FC 6E BD FA 84 45 F7 0A 8F 9F 6D 66 1C
ID Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 17 Bytes
| ID type : FQDN
| Protocol ID : 0
| Port : 0
| ID : FRITZBOX
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : A2 22 6F C3 64 50 0F 56 34 FF 77 DB 3B 74 F4 1B
[VPN-IKE] 2016/04/14 19:12:14,609 Devicetime: 2016/04/14 19:12:20,662
Sending packet:
IKE 1.0 Header:
Source/Port : <Local-IP>:500
Destination/Port : <Remote-IP>:500
| Initiator cookie : D1 17 35 83 1D 90 5F 89
| Responder cookie : 34 D5 4D B2 82 6B D5 E2
| Next Payload : NOTIFY
| Version : 1.0
| Exchange type : INFO
| Flags : 0x00
| Msg-ID : 0
| Length : 40 Bytes
NOTIFY Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 12 Bytes
| DOI : IPSEC
| Protocol ID : IPSEC_IKE
| SPI size : 0
| Message type : INVALID_ID_INFORMATION
Grüße
Booker