Hello all together,
kann jemand von euch in den folgenden VPN-Trace reinsehen? Ich versuche herauszufinden, warum nach dem Einrichten der VPN-Verbindung und einer ersten erfolgreichen Remote-Desktop-Verbindungüber Port 3389, die anschließenden Verbindungen nicht mehr möglich sind. Pings zum Lancom-Router auf die 192.168.3.254 funktionieren -> pings zu anderen Adressen sind nicht möglich.
+++++++++++++++++++++++++++++++++++++++++++++++++
Hier der Auszug aus dem Lancom-VPN Client *.logs: (Öffendliche IP-Adressen & Namen sind allerdings geändert)
+++++++++++++++++++++++++++++++++++++++++++++++++
27.08.2006 16:01:59 IPSDIALCHAN::start building connection
27.08.2006 16:01:59 NCPIKE-phase1:name(MUSTER-VPN-1) - outgoing connect request - aggressive mode.
27.08.2006 16:01:59 XMIT_MSG1_AGGRESSIVE - MUSTER-VPN-1
27.08.2006 16:01:59 RECV_MSG2_AGGRESSIVE - MUSTER-VPN-1
27.08.2006 16:01:59 IPSDIAL->FINAL_TUNNEL_ENDPOINT:089.166.000.000
27.08.2006 16:01:59 IKE phase I: Setting LifeTime to 28800 seconds
27.08.2006 16:01:59 MUSTER-VPN-1 ->Support for NAT-T version - 9
27.08.2006 16:01:59 Turning on NATD mode - MUSTER-VPN-1 - 1
27.08.2006 16:01:59 XMIT_MSG3_AGGRESSIVE - MUSTER-VPN-1
27.08.2006 16:01:59 Turning on DPD mode - MUSTER-VPN-1
27.08.2006 16:01:59 NCPIKE-phase1:name(MUSTER-VPN-1) - connected
27.08.2006 16:01:59 Phase1 is Ready: IkeIndex = 00000015
27.08.2006 16:01:59 Quick Mode is Ready: IkeIndex = 00000015 , VpnSrcPort = 4500
27.08.2006 16:01:59 Assigned IP Address: 192.168.3.51
27.08.2006 16:02:00 XMIT_MSG1_QUICK - MUSTER-VPN-1
27.08.2006 16:02:00 RECV_MSG2_QUICK - MUSTER-VPN-1
27.08.2006 16:02:00 XMIT_MSG3_QUICK - MUSTER-VPN-1
27.08.2006 16:02:00 NCPIKE-phase2:name(MUSTER-VPN-1) - connected
27.08.2006 16:02:00 IPSDIAL - verbunden mit MUSTER-VPN-1 auf Kanal 1.
27.08.2006 16:02:00 IPCP - verbunden mit MUSTER-VPN-1 mit IP Adresse: 192.168.003.051. : 192.168.003.052.
27.08.2006 16:02:22 NOTIFY : MUSTER-VPN-1 : SENT : NOTIFY_MSG_R_U_HERE
27.08.2006 16:02:23 NOTIFY : MUSTER-VPN-1 : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
27.08.2006 16:02:47 Disconnect: cause - Manual Disconnect.
27.08.2006 16:02:47 IPSDIAL - trennen von MUSTER-VPN-1 auf Kanal 1.
27.08.2006 16:02:48 IPSDIAL - disconnected from MUSTER-VPN-1 on channel 1.
+++++++++++++++++++++++++++++++++++++++++++++++++
Hier der trace:
+++++++++++++++++++++++++++++++++++++++++++++++++
#
| LANCOM 1722 VoIP (Annex B)
| Ver. 6.15.0020 / 24.07.2006 / 2.73/a27.4.11
| SN. *****************
| Copyright (c) LANCOM Systems
Connection No.: 002 (LAN)
Password:
root@:/
> trace # vpn
VPN :
VPN-Status ON
VPN-Packet ON
root@:/
>
[VPN-Status] 2006/08/27 16:08:51,420
IKE info: The remote server 84.136.1.112:500 peer def-aggr-peer id <no_id> suppo
rts NAT-T in mode draft
IKE info: The remote server 84.136.1.112:500 peer def-aggr-peer id <no_id> suppo
rts NAT-T in mode draft
IKE info: The remote server 84.136.1.112:500 peer def-aggr-peer id <no_id> suppo
rts NAT-T in mode draft
IKE info: The remote server 84.136.1.112:500 peer def-aggr-peer id <no_id> suppo
rts NAT-T in mode rfc
IKE info: The remote server 84.136.1.112:500 peer def-aggr-peer id <no_id> negot
iated rfc-3706-dead-peer-detection
IKE info: The remote server 84.136.1.112:500 peer def-aggr-peer id <no_id> suppo
rts NAT-T in mode rfc
IKE info: The remote server 84.136.1.112:500 peer def-aggr-peer id <no_id> suppo
rts NAT-T in mode rfc
[VPN-Status] 2006/08/27 16:08:51,420
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = SHA <-> local No
1 hash algorithm = MD5
IKE info: Phase-1 remote proposal 1 for peer def-aggr-peer matched with local pr
oposal 2
[VPN-Status] 2006/08/27 16:08:51,600
IKE info: Phase-1 [responder] got initial contact from peer MUSTER-VPN-1 (84.136
.1.112)
[VPN-Status] 2006/08/27 16:08:51,600
IKE info: Phase-1 [responder] for peer MUSTER-VPN-1 between initiator id doh@hal
ler24.de, responder id doh@MUSTER24.de done
IKE info: NAT-T enabled in mode rfc, we are not behind a nat, the remote side is
behind a nat
IKE info: SA ISAKMP for peer MUSTER-VPN-1 encryption aes-cbc authentication sha1
IKE info: life time ( 28800 sec/ 0 kb)
[VPN-Status] 2006/08/27 16:08:51,850
IKE info: Phase-2 remote proposal 1 for peer MUSTER-VPN-1 matched with local pro
posal 1
[VPN-Status] 2006/08/27 16:08:51,950
IKE info: Phase-2 [responder] done with 2 SAS for peer MUSTER-VPN-1 rule ipsec-1
-MUSTER-VPN-1-pr0-l0-r0
IKE info: rule:' ipsec 0.0.0.0/0.0.0.0 <-> 192.168.3.51/255.255.255.255 '
IKE info: SA ESP [0x5364b97a] alg AES keylength 128 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x349c7808] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: life soft( 25920 sec/0 kb) hard (28800 sec/0 kb)
IKE info: tunnel between src: 89.166.000.000 dst: 84.136.1.112
[VPN-Status] 2006/08/27 16:08:51,950
VPN: wait for IKE negotiation from MUSTER-VPN-1 (84.136.1.112)
[VPN-Status] 2006/08/27 16:08:52,950
VPN: MUSTER-VPN-1 (84.136.1.112) connected
[VPN-Packet] 2006/08/27 16:08:52,950
for send: 192.168.3.254->192.168.3.51 78 UDP port 137->137
[VPN-Packet] 2006/08/27 16:08:52,950
encap: 89.166.000.000->84.136.1.112 98 IP-ENCAP
[VPN-Packet] 2006/08/27 16:08:52,950
encrypted: 89.166.000.000->84.136.1.112 144 UDP port 4500->57550
[VPN-Packet] 2006/08/27 16:08:52,950
no policy found for: 192.168.3.254->255.255.255.255 78 UDP port 137->137
[VPN-Packet] 2006/08/27 16:08:52,960
for send: 192.168.3.254->192.168.3.51 78 UDP port 137->137
[VPN-Packet] 2006/08/27 16:08:52,960
encap: 89.166.000.000->84.136.1.112 98 IP-ENCAP
[VPN-Packet] 2006/08/27 16:08:52,960
encrypted: 89.166.000.000->84.136.1.112 144 UDP port 4500->57550
[VPN-Packet] 2006/08/27 16:08:52,960
no policy found for: 192.168.3.254->255.255.255.255 78 UDP port 137->137
[VPN-Packet] 2006/08/27 16:08:54,880
received: 84.136.1.112->89.166.000.000 136 ESP SPI[349c7808]
[VPN-Packet] 2006/08/27 16:08:54,880
decrypted: 84.136.1.112->89.166.000.000 120 IP-ENCAP
[VPN-Packet] 2006/08/27 16:08:54,880
decap: 192.168.3.51->192.53.103.108 76 UDP port 123->123
[VPN-Packet] 2006/08/27 16:08:54,910
for send: 192.53.103.108->192.168.3.51 76 UDP port 123->123
[VPN-Packet] 2006/08/27 16:08:54,910
encap: 89.166.000.000->84.136.1.112 96 IP-ENCAP
[VPN-Packet] 2006/08/27 16:08:54,910
encrypted: 89.166.000.000->84.136.1.112 144 UDP port 4500->57550
[VPN-Packet] 2006/08/27 16:09:02,380
received: 84.136.1.112->89.166.000.000 120 ESP SPI[349c7808]
[VPN-Packet] 2006/08/27 16:09:02,380
decrypted: 84.136.1.112->89.166.000.000 92 IP-ENCAP
[VPN-Packet] 2006/08/27 16:09:02,380
decap: 192.168.3.51->192.168.3.210 48 TCP port 3395->3389
[VPN-Packet] 2006/08/27 16:09:02,380
for send: 192.168.3.210->192.168.3.51 48 TCP port 3389->3395
[VPN-Packet] 2006/08/27 16:09:02,380
encap: 89.166.000.000->84.136.1.112 68 IP-ENCAP
[VPN-Packet] 2006/08/27 16:09:02,380
encrypted: 89.166.000.000->84.136.1.112 128 UDP port 4500->57550
[VPN-Packet] 2006/08/27 16:09:02,450
received: 84.136.1.112->89.166.000.000 104 ESP SPI[349c7808]
[VPN-Packet] 2006/08/27 16:09:02,450
decrypted: 84.136.1.112->89.166.000.000 84 IP-ENCAP
[VPN-Packet] 2006/08/27 16:09:02,450
decap: 192.168.3.51->192.168.3.210 40 TCP port 3395->3389
[VPN-Packet] 2006/08/27 16:09:02,460
received: 84.136.1.112->89.166.000.000 152 ESP SPI[349c7808]
[VPN-Packet] 2006/08/27 16:09:02,460
decrypted: 84.136.1.112->89.166.000.000 123 IP-ENCAP
[VPN-Packet] 2006/08/27 16:09:02,460
decap: 192.168.3.51->192.168.3.210 79 TCP port 3395->3389
[VPN-Packet] 2006/08/27 16:09:05,480
received: 84.136.1.112->89.166.000.000 152 ESP SPI[349c7808]
[VPN-Packet] 2006/08/27 16:09:05,480
decrypted: 84.136.1.112->89.166.000.000 123 IP-ENCAP
[VPN-Packet] 2006/08/27 16:09:05,480
decap: 192.168.3.51->192.168.3.210 79 TCP port 3395->3389
[VPN-Packet] 2006/08/27 16:09:11,490
received: 84.136.1.112->89.166.000.000 152 ESP SPI[349c7808]
[VPN-Packet] 2006/08/27 16:09:11,500
decrypted: 84.136.1.112->89.166.000.000 123 IP-ENCAP
[VPN-Packet] 2006/08/27 16:09:11,500
decap: 192.168.3.51->192.168.3.210 79 TCP port 3395->3389
[VPN-Status] 2006/08/27 16:09:22,200
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE for peer MUSTER-VP
N-1 Seq-Nr 0x476f3673, expected 0x476f3673
[VPN-Status] 2006/08/27 16:09:22,200
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE_ACK sent for Phase-1 SA to peer MUSTER-VPN
-1, sequence nr 0x476f3673
[VPN-Packet] 2006/08/27 16:09:23,530
received: 84.136.1.112->89.166.000.000 152 ESP SPI[349c7808]
[VPN-Packet] 2006/08/27 16:09:23,530
decrypted: 84.136.1.112->89.166.000.000 123 IP-ENCAP
[VPN-Packet] 2006/08/27 16:09:23,530
decap: 192.168.3.51->192.168.3.210 79 TCP port 3395->3389
[VPN-Packet] 2006/08/27 16:09:32,370
received: 84.136.1.112->89.166.000.000 120 ESP SPI[349c7808]
[VPN-Packet] 2006/08/27 16:09:32,370
decrypted: 84.136.1.112->89.166.000.000 93 IP-ENCAP
[VPN-Packet] 2006/08/27 16:09:32,370
decap: 192.168.3.51->192.168.3.210 49 TCP port 3395->3389
[VPN-Packet] 2006/08/27 16:09:32,370
received: 84.136.1.112->89.166.000.000 104 ESP SPI[349c7808]
[VPN-Packet] 2006/08/27 16:09:32,370
decrypted: 84.136.1.112->89.166.000.000 84 IP-ENCAP
[VPN-Packet] 2006/08/27 16:09:32,370
decap: 192.168.3.51->192.168.3.210 40 TCP port 3395->3389
[VPN-Status] 2006/08/27 16:09:37,480
IKE info: Delete Notification received for Phase-2 SA ipsec-1-MUSTER-VPN-1-pr0-l
0-r0 peer MUSTER-VPN-1 spi [0x5364b97a]
[VPN-Status] 2006/08/27 16:09:37,480
IKE info: Phase-2 SA removed: peer MUSTER-VPN-1 rule ipsec-1-MUSTER-VPN-1-pr0-l0
-r0 removed
IKE info: containing Protocol IPSEC_ESP, with spis [5364b97a ] [349c7808 ]
[VPN-Status] 2006/08/27 16:09:37,480
IKE info: Delete Notification received for Phase-1 SA isakmp-peer-MUSTER-VPN-1 p
eer MUSTER-VPN-1 cookies [e19ae46b63e6a156 2c56da7ae9c2871d]
[VPN-Status] 2006/08/27 16:09:37,480
IKE info: Phase-1 SA removed: peer MUSTER-VPN-1 rule MUSTER-VPN-1 removed
[VPN-Status] 2006/08/27 16:09:37,480
VPN: MUSTER-VPN-1 (84.136.1.112) disconnected
[VPN-Status] 2006/08/27 16:09:37,480
VPN: Disconnect info: remote-disconnected (0x4301) for MUSTER-VPN-1 (84.136.1.11
2)
[VPN-Status] 2006/08/27 16:09:37,490
VPN: selecting next remote gateway using strategy eFirst for MUSTER-VPN-1
=> no remote gateway selected
[VPN-Status] 2006/08/27 16:09:37,490
VPN: selecting first remote gateway using strategy eFirst for MUSTER-VPN-1
=> no remote gateway selected
[VPN-Status] 2006/08/27 16:09:37,490
VPN: installing ruleset for MUSTER-VPN-1 (0.0.0.0)
[VPN-Status] 2006/08/27 16:09:37,510
VPN: rulesets installed
+++++++++++++++++++++++++++++++++++++++++++++++++
Hat jemand eine Idee, was nicht stimmen könnte? Interessanterweise habe ich die Einstellungen von diesem System mit einer anderen (funktionierenden) VPN-Strecke (Geräte+LCOS gleich) verglichen, kann allerdings nicht den Grund finden, was hier nicht stimmt.
Gruss
Rolf
VPN mittels VPN-Client zu Lancom 1722 ->
Moderator: Lancom-Systems Moderatoren