Habe einen 1900EF mit 10.40.0142 installiert ( IP 192.168.16.10).
Es handelt sich um meinen Testrouter. Auf diesem ist nichts außer DSL und eine VPN Verbindung konfiguriert.
Die Einwahl erfolgt über den Shewsoft VPN Client.
Der Client bekommt die 192.168.16.9 als IP zugewiesen.
Zu Testzwecken soll die VPN Verbindung nur auf die iP 192.168.16.10 zugreifen können.
Jegliche Regeln / Tests meinerseits führen nicht zum gewünschten Ergebnis.
Später sollen 1-2 bestimmt IP Adresse über diese VPN erreicht werden können. Der Rest vom Netz soll durch die VPN Verbindung nicht erreicht werden können.
Hier die config:
Code: Alles auswählen
# Script (10.40.0142 / 12.02.2020)
lang English
flash No
set /Setup/Name "TestRouter"
cd /Setup/WAN/Layer
del *
# WAN-layer Encaps. Lay-3 Lay-2 L2-Opt. Lay-1
# ===========--------------------------------------------------
add "DEFAULT" {Encaps.} TRANS {Lay-3} PPP {Lay-2} PPPoE {L2-Opt.} none {Lay-1} ETH
add "T-DSL" {Encaps.} TRANS {Lay-3} PPP {Lay-2} PPPoE {L2-Opt.} none {Lay-1} ETH
add "PPPOE" {Encaps.} TRANS {Lay-3} PPP {Lay-2} PPPoE {L2-Opt.} none {Lay-1} ETH
add "IPOE" {Encaps.} ETHER {Lay-3} TRANS {Lay-2} TRANS {L2-Opt.} none {Lay-1} ETH
add "DHCPOE" {Encaps.} ETHER {Lay-3} DHCP {Lay-2} TRANS {L2-Opt.} none {Lay-1} ETH
add "V.24_DEF" {Encaps.} TRANS {Lay-3} APPP {Lay-2} TRANS {L2-Opt.} none {Lay-1} SERIAL
add "UMTS" {Encaps.} TRANS {Lay-3} APPP {Lay-2} TRANS {L2-Opt.} none {Lay-1} SERIAL
add "WWAN" {Encaps.} TRANS {Lay-3} APPP {Lay-2} TRANS {L2-Opt.} none {Lay-1} SERIAL
add "INTERNET" {Encaps.} ETHER {Lay-3} TRANS {Lay-2} TRANS {L2-Opt.} none {Lay-1} ETH
add "INET_2" {Encaps.} ETHER {Lay-3} TRANS {Lay-2} TRANS {L2-Opt.} none {Lay-1} ETH
cd /
cd /Setup/WAN/DSL-Broadband-Peers
del *
# Peer SH-Time AC-name Servicename WAN-layer MAC-Type user-def.-MAC DSL-ifc(s) VLAN-ID Prio-Mapping IPv6
# ==================----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "INTERNET" {SH-Time} 0 {AC-name} "" {Servicename} "" {WAN-layer} "INTERNET" {MAC-Type} global {user-def.-MAC} 000000000000 {DSL-ifc(s)} "" {VLAN-ID} 0 {Prio-Mapping} off {IPv6} ""
add "INET_2" {SH-Time} 9999 {AC-name} "" {Servicename} "" {WAN-layer} "INET_2" {MAC-Type} local {user-def.-MAC} 000000000000 {DSL-ifc(s)} "" {VLAN-ID} 0 {Prio-Mapping} off {IPv6} ""
cd /
cd /Setup/WAN/IP-List
del *
# Peer IP-Address IP-Netmask Masq.-IP-Addr. Gateway DNS-Default DNS-Backup NBNS-Default NBNS-Backup
# ==================--------------------------------------------------------------------------------------------------------------------------------------
add "INTERNET" {IP-Address} xxx.xxx.xxx.xxx {IP-Netmask} 255.255.255.248 {Masq.-IP-Addr.} 0.0.0.0 {Gateway} yyy.yyy.yyy.yyy {DNS-Default} 8.8.8.8 {DNS-Backup} 8.8.4.4 {NBNS-Default} 0.0.0.0 {NBNS-Backup} 0.0.0.0
add "INET_2" {IP-Address} xxx.xxx.xxx.xxx {IP-Netmask} 255.255.255.248 {Masq.-IP-Addr.} 0.0.0.0 {Gateway} yyy.yyy.yyy.yyy {DNS-Default} 8.8.8.8 {DNS-Backup} 8.8.8.8 {NBNS-Default} 0.0.0.0 {NBNS-Backup} 0.0.0.0
cd /
cd /Setup/WAN/MTU-List
del *
# Peer MTU
# ====================---------------
add "INET_2" {MTU} 1024
cd /
set /Setup/WAN/SSL-for-Action-Table/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/WAN/SSL-for-Action-Table/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
# VPN
set /Setup/VPN/Operating yes
cd /Setup/VPN/VPN-Peers
del *
# Peer SH-Time Extranet-Address Remote-Gw Rtg-tag Layer dynamic IKE-Exchange Rule-creation DPD-Inact-Timeout IKE-CFG XAUTH SSL-Encaps. OCSP-Check IPv4-Rules IPv6-Rules IPv6
# ==================-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "VAGUAR2" {SH-Time} 0 {Extranet-Address} 0.0.0.0 {Remote-Gw} "0.0.0.0" {Rtg-tag} 0 {Layer} "P-VAGUAR2" {dynamic} No {IKE-Exchange} Aggressive-Mode {Rule-creation} manually {DPD-Inact-Timeout} 90 {IKE-CFG} Server {XAUTH} Off {SSL-Encaps.} No {OCSP-Check} No {IPv4-Rules} "" {IPv6-Rules} "" {IPv6} "DEFAULT"
cd /
cd /Setup/VPN/Layer
del *
# Name PFS-Grp IKE-Grp IKE-Prop-List IPSEC-Prop-List IKE-Key
# ==================--------------------------------------------------------------------------
add "P-VAGUAR2" {PFS-Grp} 0 {IKE-Grp} 2 {IKE-Prop-List} "IKE_PRESH_KEY" {IPSEC-Prop-List} "IPS-VAGUAR2" {IKE-Key} "KEY-VAGUAR2"
cd /
cd /Setup/VPN/Proposals/IKE
del *
# Name IKE-Crypt-Alg IKE-Crypt-Keylen IKE-Auth-Alg IKE-Auth-Mode Lifetime-Sec Lifetime-KB
# ===================----------------------------------------------------------------------------------------------------------
add "PSK-AES256-SHA" {IKE-Crypt-Alg} AES-CBC {IKE-Crypt-Keylen} 256 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-AES256-MD5" {IKE-Crypt-Alg} AES-CBC {IKE-Crypt-Keylen} 256 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-AES-SHA" {IKE-Crypt-Alg} AES-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-AES-MD5" {IKE-Crypt-Alg} AES-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-BLOW-SHA" {IKE-Crypt-Alg} BLOWFISH-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-BLOW-MD5" {IKE-Crypt-Alg} BLOWFISH-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-CAST-SHA" {IKE-Crypt-Alg} CAST128-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-CAST-MD5" {IKE-Crypt-Alg} CAST128-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-3DES-SHA" {IKE-Crypt-Alg} 3DES-CBC {IKE-Crypt-Keylen} 168 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-3DES-MD5" {IKE-Crypt-Alg} 3DES-CBC {IKE-Crypt-Keylen} 168 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-DES-SHA" {IKE-Crypt-Alg} DES-CBC {IKE-Crypt-Keylen} 56 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "PSK-DES-MD5" {IKE-Crypt-Alg} DES-CBC {IKE-Crypt-Keylen} 56 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} Preshared-Key {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-AES256-SHA" {IKE-Crypt-Alg} AES-CBC {IKE-Crypt-Keylen} 256 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-AES256-MD5" {IKE-Crypt-Alg} AES-CBC {IKE-Crypt-Keylen} 256 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-AES-SHA" {IKE-Crypt-Alg} AES-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-AES-MD5" {IKE-Crypt-Alg} AES-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-BLOW-SHA" {IKE-Crypt-Alg} BLOWFISH-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-BLOW-MD5" {IKE-Crypt-Alg} BLOWFISH-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-CAST-SHA" {IKE-Crypt-Alg} CAST128-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-CAST-MD5" {IKE-Crypt-Alg} CAST128-CBC {IKE-Crypt-Keylen} 128 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-3DES-SHA" {IKE-Crypt-Alg} 3DES-CBC {IKE-Crypt-Keylen} 168 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-3DES-MD5" {IKE-Crypt-Alg} 3DES-CBC {IKE-Crypt-Keylen} 168 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-DES-SHA" {IKE-Crypt-Alg} DES-CBC {IKE-Crypt-Keylen} 56 {IKE-Auth-Alg} SHA1 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
add "RSA-DES-MD5" {IKE-Crypt-Alg} DES-CBC {IKE-Crypt-Keylen} 56 {IKE-Auth-Alg} MD5 {IKE-Auth-Mode} RSA-Signature {Lifetime-Sec} 108000 {Lifetime-KB} 0
cd /
cd /Setup/VPN/Proposals/IPSEC
del *
# Name ESP-Crypt-Alg ESP-Crypt-Keylen ESP-Auth-Alg Lifetime-Sec Lifetime-KB
# ===================----------------------------------------------------------------------------------------
add "TN-AES256-SHA" {ESP-Crypt-Alg} AES-CBC {ESP-Crypt-Keylen} 256 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-AES256-MD5" {ESP-Crypt-Alg} AES-CBC {ESP-Crypt-Keylen} 256 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-AES-SHA-96" {ESP-Crypt-Alg} AES-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-AES-MD5-96" {ESP-Crypt-Alg} AES-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-BLOW-SHA-96" {ESP-Crypt-Alg} BLOWFISH-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-BLOW-MD5-96" {ESP-Crypt-Alg} BLOWFISH-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-CAST-SHA-96" {ESP-Crypt-Alg} CAST128-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-CAST-MD5-96" {ESP-Crypt-Alg} CAST128-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-3DES-SHA-96" {ESP-Crypt-Alg} 3DES-CBC {ESP-Crypt-Keylen} 168 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-3DES-MD5-96" {ESP-Crypt-Alg} 3DES-CBC {ESP-Crypt-Keylen} 168 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-DES-SHA-96" {ESP-Crypt-Alg} DES-CBC {ESP-Crypt-Keylen} 56 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "TN-DES-MD5-96" {ESP-Crypt-Alg} DES-CBC {ESP-Crypt-Keylen} 56 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "WIZ-TN-AES256-SHA" {ESP-Crypt-Alg} AES-CBC {ESP-Crypt-Keylen} 256 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "WIZ-TN-AES-MD5-96" {ESP-Crypt-Alg} AES-CBC {ESP-Crypt-Keylen} 256 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "WIZ-TN-AES128-SHA" {ESP-Crypt-Alg} AES-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "WIZ-TN-AES128-MD5" {ESP-Crypt-Alg} AES-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "WIZ-TN-BLW-SHA-96" {ESP-Crypt-Alg} BLOWFISH-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "WIZ-TN-BLW-MD5-96" {ESP-Crypt-Alg} BLOWFISH-CBC {ESP-Crypt-Keylen} 128 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "WIZ-TN-3DS-SHA-96" {ESP-Crypt-Alg} 3DES-CBC {ESP-Crypt-Keylen} 168 {ESP-Auth-Alg} HMAC-SHA1 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
add "WIZ-TN-3DS-MD5-96" {ESP-Crypt-Alg} 3DES-CBC {ESP-Crypt-Keylen} 168 {ESP-Auth-Alg} HMAC-MD5 {Lifetime-Sec} 28800 {Lifetime-KB} 2000000
cd /
cd /Setup/VPN/Proposals/IKE-Proposal-Lists
del *
# IKE-Proposal-Lists IKE-Proposal-1 IKE-Proposal-2 IKE-Proposal-3 IKE-Proposal-4 IKE-Proposal-5 IKE-Proposal-6 IKE-Proposal-7 IKE-Proposal-8
# =====================------------------------------------------------------------------------------------------------------------------------------------------------------
add "IKE_PRESH_KEY" {IKE-Proposal-1} "PSK-AES256-SHA" {IKE-Proposal-2} "PSK-AES256-MD5" {IKE-Proposal-3} "PSK-AES-SHA" {IKE-Proposal-4} "PSK-AES-MD5" {IKE-Proposal-5} "PSK-BLOW-SHA" {IKE-Proposal-6} "PSK-BLOW-MD5" {IKE-Proposal-7} "PSK-3DES-SHA" {IKE-Proposal-8} "PSK-3DES-MD5"
add "IKE_RSA_SIG" {IKE-Proposal-1} "RSA-AES256-SHA" {IKE-Proposal-2} "RSA-AES256-MD5" {IKE-Proposal-3} "RSA-AES-SHA" {IKE-Proposal-4} "RSA-AES-MD5" {IKE-Proposal-5} "RSA-BLOW-SHA" {IKE-Proposal-6} "RSA-BLOW-MD5" {IKE-Proposal-7} "RSA-3DES-SHA" {IKE-Proposal-8} "RSA-3DES-MD5"
cd /
cd /Setup/VPN/Proposals/IPSEC-Proposal-Lists
del *
# IPSEC-Proposal-Lists IPSEC-Proposal-1 IPSEC-Proposal-2 IPSEC-Proposal-3 IPSEC-Proposal-4 IPSEC-Proposal-5 IPSEC-Proposal-6 IPSEC-Proposal-7 IPSEC-Proposal-8
# =======================------------------------------------------------------------------------------------------------------------------------------------------------------
add "ESP_TN" {IPSEC-Proposal-1} "TN-AES256-SHA" {IPSEC-Proposal-2} "TN-AES256-MD5" {IPSEC-Proposal-3} "TN-AES-SHA-96" {IPSEC-Proposal-4} "TN-AES-MD5-96" {IPSEC-Proposal-5} "TN-BLOW-SHA-96" {IPSEC-Proposal-6} "TN-BLOW-MD5-96" {IPSEC-Proposal-7} "TN-3DES-SHA-96" {IPSEC-Proposal-8} "TN-3DES-MD5-96"
add "IPS-VAGUAR2" {IPSEC-Proposal-1} "WIZ-TN-AES256-SHA" {IPSEC-Proposal-2} "WIZ-TN-AES-MD5-96" {IPSEC-Proposal-3} "WIZ-TN-AES128-SHA" {IPSEC-Proposal-4} "WIZ-TN-AES128-MD5" {IPSEC-Proposal-5} "WIZ-TN-BLW-SHA-96" {IPSEC-Proposal-6} "WIZ-TN-BLW-MD5-96" {IPSEC-Proposal-7} "WIZ-TN-3DS-SHA-96" {IPSEC-Proposal-8} "WIZ-TN-3DS-MD5-96"
cd /
cd /Setup/VPN/Certificates-and-Keys/IKE-Keys
del *
# Name Local-ID-Type Local-Identity Remote-ID-Type Remote-Identity Shared-Sec Shared-Sec-File
# ==================--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "KEY-VAGUAR2" {Local-ID-Type} No-Identity {Local-Identity} "" {Remote-ID-Type} Domain-Name {Remote-Identity} "VAGUAR2" {Shared-Sec} "xxxxxxxxxxxx" {Shared-Sec-File} ""
cd /
set /Setup/VPN/SSL-Encaps.-Allowed Yes
cd /Setup/VPN/IKEv2/Auth/Addit.-Remote-ID-List
del *
# Name Addit.-Remote-IDs
# ======================--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "DEFAULT" {Addit.-Remote-IDs} "DEFAULT-RSA-PKCS,DEFAULT-RSA-PSS"
cd /
cd /Setup/VPN/IKEv2/Auth/Addit.-Remote-IDs
del *
# Name Remote-Auth Remote-Dig-Sig-Profile Remote-EAP-Profile Remote-ID-Type Remote-ID Remote-Password Remote-Cert-ID-Check OCSP-Check CRL-Check
# ======================--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "DEFAULT-RSA-PKCS" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-RSA-PKCS" {Remote-EAP-Profile} "" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Remote-Cert-ID-Check} No {OCSP-Check} No {CRL-Check} Yes
add "DEFAULT-RSA-PSS" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-RSA-PSS" {Remote-EAP-Profile} "" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Remote-Cert-ID-Check} No {OCSP-Check} No {CRL-Check} Yes
cd /
cd /Setup/VPN/IKEv2/Auth/Digital-Signature-Profiles
del *
# Name Auth-Method Hash-Algorithms
# ======================---------------------------------------------------------------
add "DEFAULT-RSA-PSS" {Auth-Method} RSASSA-PSS {Hash-Algorithms} SHA-512,SHA-384,SHA-256
add "DEFAULT-RSA-PKCS" {Auth-Method} RSASSA-PKCS1-v1_5 {Hash-Algorithms} SHA-512,SHA-384,SHA-256
cd /
cd /Setup/VPN/Load-Balancer/Message-Profiles
del *
# Profile-Name Interface Address Port Interval Holdtime Replay-Window Max-Time-Skew Secret Cipher HMAC Comment
# ==================-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "DEFAULT" {Interface} "INTRANET" {Address} "239.255.22.11" {Port} 1987 {Interval} 2000 {Holdtime} 3000 {Replay-Window} 5 {Max-Time-Skew} 15 {Secret} "" {Cipher} None {HMAC} 96-Bits {Comment} ""
cd /
cd /Setup/Charges/Volume-Budgets
del *
# Peer Limit-MB Action
# ==================--------------------------------------------
add "INET_2" {Limit-MB} 0 {Action} none
cd /
cd /Setup/TCP-IP/Network-list
del *
# Network-name IP-Address IP-Netmask VLAN-ID Interface Src-check Type Rtg-tag Comment
# ==================-----------------------------------------------------------------------------------------------------------------------------------------------------------------
add "INTRANET" {IP-Address} 192.168.16.10 {IP-Netmask} 255.255.248.0 {VLAN-ID} 0 {Interface} LAN-1 {Src-check} loose {Type} Intranet {Rtg-tag} 0 {Comment} "local intranet"
add "DMZ" {IP-Address} 0.0.0.0 {IP-Netmask} 255.255.255.0 {VLAN-ID} 0 {Interface} LAN-2 {Src-check} loose {Type} DMZ {Rtg-tag} 0 {Comment} "demilitarized zone"
cd /
cd /Setup/IP-Router/IP-Routing-Table
del *
# IP-Address IP-Netmask Rtg-tag Admin-Distance Peer-or-IP Distance Masquerade Active Comment
# ===========================================================----------------------------------------------------------------------------------------------------------------------
add 192.168.16.9 255.255.255.255 0 0 {Peer-or-IP} "VAGUAR2" {Distance} 0 {Masquerade} No {Active} Yes {Comment} ""
add 192.168.0.0 255.255.0.0 0 0 {Peer-or-IP} "0.0.0.0" {Distance} 0 {Masquerade} No {Active} No {Comment} "template: block private networks: 192.168.x.y"
add 172.16.0.0 255.240.0.0 0 0 {Peer-or-IP} "0.0.0.0" {Distance} 0 {Masquerade} No {Active} No {Comment} "template: block private networks: 172.16-31.x.y"
add 10.0.0.0 255.0.0.0 0 0 {Peer-or-IP} "0.0.0.0" {Distance} 0 {Masquerade} No {Active} No {Comment} "template: block private network: 10.x.y.z"
add 255.255.255.255 0.0.0.0 0 0 {Peer-or-IP} "INET_2" {Distance} 0 {Masquerade} on {Active} Yes {Comment} "Diese Route wurde durch den Internet-Assistenten erzeugt"
cd /
set /Setup/IP-Router/Proxy-ARP Yes
cd /Setup/IP-Router/RIP/LAN-Sites
del *
# Network-name RIP-Type RIP-Send RIP-Accept Propagate Poisoned-Reverse Dft-Rtg-Tag Rtg-Tag-List Ignore-Tags Rx-Filter Tx-Filter
# ==================----------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "INTRANET" {RIP-Type} Off {RIP-Send} No {RIP-Accept} No {Propagate} No {Poisoned-Reverse} No {Dft-Rtg-Tag} 0 {Rtg-Tag-List} "" {Ignore-Tags} No {Rx-Filter} "" {Tx-Filter} ""
add "DMZ" {RIP-Type} Off {RIP-Send} No {RIP-Accept} No {Propagate} No {Poisoned-Reverse} No {Dft-Rtg-Tag} 0 {Rtg-Tag-List} "" {Ignore-Tags} No {Rx-Filter} "" {Tx-Filter} ""
cd /
set /Setup/IP-Router/1-N-NAT/UDP-Aging-Seconds 20
cd /Setup/IP-Router/Firewall/Actions
del *
# Name Description
# ==================================----------------------------------------------------------------
add "ACCEPT" {Description} "%A"
add "REJECT" {Description} "%R %N"
add "DROP" {Description} "%D %N"
add "CONNECT-FILTER" {Description} "@c %R"
add "INTERNET-FILTER" {Description} "@i %R"
add "CONTENT-FILTER-BASIC" {Description} "%Lcds0 %xcCF-BASIC-PROFILE"
add "CONTENT-FILTER-WORK" {Description} "%Lcds0 %xcCF-WORK-PROFILE"
add "CONTENT-FILTER-PARENTAL-CONTROL" {Description} "%Lcds0 %xcCF-PARENTAL-CONTROL-PROFILE"
cd /
cd /Setup/IP-Router/Firewall/Objects
del *
# Name Description
# ==================================----------------------------------------------------------------
add "ANY" {Description} ""
add "ANYHOST" {Description} "%A0.0.0.0 %M0.0.0.0"
add "LOCALNET" {Description} "%L"
add "ICMP" {Description} "%P1"
add "TCP" {Description} "%P6"
add "UDP" {Description} "%P17"
add "ESP" {Description} "%P50"
add "AH" {Description} "%P51"
add "IPCOMP" {Description} "%P108"
add "FTP" {Description} "TCP %S21"
add "MAIL" {Description} "TCP %S25,110,143"
add "SECURE-MAIL" {Description} "TCP %S587,993,995"
add "HTTP" {Description} "TCP %S80"
add "HTTPS" {Description} "TCP %S443"
add "WEB" {Description} "TCP %S80,443"
add "NEWS" {Description} "TCP %S119"
add "TFTP" {Description} "UDP %S69"
add "IPSEC" {Description} "UDP %S500,4500"
add "SSH" {Description} "TCP %S22"
add "TELNET" {Description} "TCP %S23"
add "DNS" {Description} "TCP UDP %S53"
add "NETBIOS" {Description} "TCP UDP %S137-139"
add "PPTP" {Description} "TCP %S1723"
add "ELSTER" {Description} "TCP %S8000"
add "RDP" {Description} "TCP %S3389"
add "SNMP" {Description} "UDP %S161-162"
add "NTP" {Description} "UDP %S123"
add "PC-ANYWHERE" {Description} "TCP UDP %S5631-5632"
add "HBCI-ONLINE-BANKING" {Description} "TCP %S3000"
add "KAAZAA-MORPHEUS" {Description} "TCP %S1214"
add "SAP-GUI" {Description} "TCP %S515,3200,3600"
add "ECHO" {Description} "TCP UDP %S7"
add "SYSLOG" {Description} "UDP %S514"
cd /
cd /Setup/IP-Router/Firewall/Rules
del *
# Name Prot. Source Destination Action Linked Prio Firewall-Rule VPN-Rule Stateful Src-Tag Rtg-tag Comment
# ==================================-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "WINS" {Prot.} "TCP UDP" {Source} "NETBIOS ANYHOST" {Destination} "ANYHOST" {Action} "INTERNET-FILTER" {Linked} No {Prio} 0 {Firewall-Rule} Yes {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "block NetBIOS/WINS name resolution via DNS"
add "WIZ_VPN-VAGUAR2" {Prot.} "ANY" {Source} "%A192.168.16.10" {Destination} "%HVAGUAR2" {Action} "%Lcds0 %A %N" {Linked} No {Prio} 0 {Firewall-Rule} No {VPN-Rule} Yes {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "Created by Setup Wizard"
add "CONTENT-FILTER" {Prot.} "TCP" {Source} "LOCALNET" {Destination} "WEB ANYHOST" {Action} "CONTENT-FILTER-BASIC" {Linked} No {Prio} 9999 {Firewall-Rule} No {VPN-Rule} No {Stateful} Yes {Src-Tag} 0 {Rtg-tag} 0 {Comment} "pass web traffic to Content-Filter"
cd /
# DHCP
cd /Setup/DHCP/Network-list
del *
# Network-name Start-Address-Pool End-Address-Pool Netmask Broadcast-Address Gateway-Address DNS-Default DNS-Backup NBNS-Default NBNS-Backup Operating Broadcast-Bit Master-Server 2nd-Master-Server 3rd-Master-Server 4th-Master-Server Loopback-Address Cache Adaption Cluster Max.-Lease Def.-Lease Suppress-ARP-check
# ==================-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "INTRANET" {Start-Address-Pool} 0.0.0.0 {End-Address-Pool} 0.0.0.0 {Netmask} 0.0.0.0 {Broadcast-Address} 0.0.0.0 {Gateway-Address} 0.0.0.0 {DNS-Default} 0.0.0.0 {DNS-Backup} 0.0.0.0 {NBNS-Default} 0.0.0.0 {NBNS-Backup} 0.0.0.0 {Operating} No {Broadcast-Bit} No {Master-Server} 0.0.0.0 {2nd-Master-Server} 0.0.0.0 {3rd-Master-Server} 0.0.0.0 {4th-Master-Server} 0.0.0.0 {Loopback-Address} "" {Cache} No {Adaption} No {Cluster} No {Max.-Lease} 0 {Def.-Lease} 0 {Suppress-ARP-check} No
add "DMZ" {Start-Address-Pool} 0.0.0.0 {End-Address-Pool} 0.0.0.0 {Netmask} 0.0.0.0 {Broadcast-Address} 0.0.0.0 {Gateway-Address} 0.0.0.0 {DNS-Default} 0.0.0.0 {DNS-Backup} 0.0.0.0 {NBNS-Default} 0.0.0.0 {NBNS-Backup} 0.0.0.0 {Operating} No {Broadcast-Bit} No {Master-Server} 0.0.0.0 {2nd-Master-Server} 0.0.0.0 {3rd-Master-Server} 0.0.0.0 {4th-Master-Server} 0.0.0.0 {Loopback-Address} "" {Cache} No {Adaption} No {Cluster} No {Max.-Lease} 0 {Def.-Lease} 0 {Suppress-ARP-check} No
cd /
cd /Setup/NetBIOS/Networks
del *
# Network-name Operating NT-Domain
# ==================--------------------------
add "INTRANET" {Operating} No {NT-Domain} ""
add "DMZ" {Operating} No {NT-Domain} ""
cd /
set /Setup/Config/TFTP-Operating Yes
set /Setup/Config/Telnet-SSL/Versions TLSv1,TLSv1.1,TLSv1.2,TLSv1.3
set /Setup/Config/Telnet-SSL/Keyex-Algorithms RSA,DHE,ECDHE
set /Setup/Config/Telnet-SSL/Crypto-Algorithms 3DES,AES-128,AES-256,AESGCM-128,AESGCM-256,Chacha20-Poly1305
set /Setup/Config/Telnet-SSL/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/Config/Telnet-SSL/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/Config/SSL-for-Cron-Table/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/Config/SSL-for-Cron-Table/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/Config/Rollout-Agent/SSL/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/Config/Rollout-Agent/SSL/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/Config/SSH/Cipher-Algorithms 3des-cbc,3des-ctr,blowfish-cbc,blowfish-ctr,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305,aes128-gcm,aes256-gcm
set /Setup/Config/SSH/MAC-Algorithms hmac-sha1,hmac-sha2-256,hmac-sha2-512
set /Setup/Config/SSH/Key-Exchange-Algorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2,curve25519-sha256
set /Setup/Config/SSH/DH-Groups Group-1,Group-5,Group-14
set /Setup/Config/SSH/Min-Hostkey-Length 512
set /Setup/HTTP/SSL/Versions TLSv1,TLSv1.1,TLSv1.2,TLSv1.3
set /Setup/HTTP/SSL/Keyex-Algorithms RSA,DHE,ECDHE
set /Setup/HTTP/SSL/Crypto-Algorithms 3DES,AES-128,AES-256,AESGCM-128,AESGCM-256,Chacha20-Poly1305
set /Setup/HTTP/SSL/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/HTTP/SSL/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/HTTP/SSL/Renegotiations allowed
cd /Setup/HTTP/Show-device-information
del *
# Device-Information Position
# ==================================================----------
add Systeminfo {Position} 1
add Firmware {Position} 2
add CPU {Position} 4
add Memory {Position} 5
add WAN {Position} 8
add Mobile-Modem-Interface {Position} 10
add Ethernet-Ports {Position} 11
add Throughput(Ethernet) {Position} 14
add Router {Position} 15
add Firewall {Position} 16
add DHCP {Position} 17
add DNS {Position} 18
add VPN {Position} 19
add Connections {Position} 20
add SCEP-CA {Position} 21
add WLAN-Controller {Position} 22
add Time {Position} 23
add IPv4-Addresses {Position} 24
add IPv6-Addresses {Position} 25
add IPv6-Prefixes {Position} 26
add DHCPv6-Client {Position} 27
add DHCPv6-Server {Position} 28
add Operating-Time {Position} 29
add TR069 {Position} 31
cd /
set /Setup/HTTP/HTTP-Compression Activated
cd /Setup/HTTP/Keep-Server-Ports-Open
# Ifc. Keep-Server-Ports-Open
# ============--------------------------------
set LAN {Keep-Server-Ports-Open} automatic
set WAN {Keep-Server-Ports-Open} automatic
set WLAN {Keep-Server-Ports-Open} automatic
cd /
set /Setup/HTTP/Automatic-Redirect-to-HTTPS No
set /Setup/HTTP/Rollout-Wizard/SSL/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/HTTP/Rollout-Wizard/SSL/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/HTTP/Rollout-Wizard/SSL/Renegotiations allowed
cd /Setup/Interfaces/Ethernet-Ports
# Port Assignment Connector MDI-Mode Private-Mode Downshift Clock-Role Power-Saving Flow-Control
# ===========---------------------------------------------------------------------------------------------------------------------------
set ETH-1 {Assignment} LAN-1 {Connector} Auto {MDI-Mode} Auto {Private-Mode} No {Downshift} Yes {Clock-Role} Master-Preferred {Power-Saving} No {Flow-Control} Auto
set ETH-2 {Assignment} LAN-1 {Connector} Auto {MDI-Mode} Auto {Private-Mode} No {Downshift} Yes {Clock-Role} Master-Preferred {Power-Saving} No {Flow-Control} Auto
set ETH-3 {Assignment} LAN-1 {Connector} Auto {MDI-Mode} Auto {Private-Mode} No {Downshift} Yes {Clock-Role} Master-Preferred {Power-Saving} No {Flow-Control} Auto
set ETH-4 {Assignment} LAN-1 {Connector} Auto {MDI-Mode} Auto {Private-Mode} No {Downshift} Yes {Clock-Role} Master-Preferred {Power-Saving} No {Flow-Control} Auto
set WAN-1 {Assignment} DSL-1 {Connector} Auto {MDI-Mode} Auto {Private-Mode} No {Downshift} Yes {Clock-Role} Master-Preferred {Power-Saving} No {Flow-Control} Auto
set WAN-2 {Assignment} DSL-1 {Connector} Auto {MDI-Mode} Auto {Private-Mode} No {Downshift} Yes {Clock-Role} Master-Preferred {Power-Saving} No {Flow-Control} Auto
cd /
cd /Setup/Public-Spot-Module/Page-Table
# Page URL Type Fallback Loopback-Addr. Template-Cache
# ================================------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
set Welcome {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Login {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Error {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Start {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Status {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Logoff {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Help {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set No-Proxy {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Voucher {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set GTC {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Fallback-Error {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Registration-(e-mail) {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Login-(e-mail) {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Registration-(SMS) {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
set Login-(SMS) {URL} "" {Type} Template {Fallback} No {Loopback-Addr.} "" {Template-Cache} No
cd /
set /Setup/Public-Spot-Module/SSL-for-Page-Table/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/Public-Spot-Module/SSL-for-Page-Table/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/Public-Spot-Module/Authentication-Modules/e-mail2Sms-Authentication/SSL/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/Public-Spot-Module/Authentication-Modules/e-mail2Sms-Authentication/SSL/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/Public-Spot-Module/Authentication-Modules/e-mail2Sms-Authentication/SSL/Renegotiations allowed
set /Setup/Public-Spot-Module/Authentication-Modules/Radius-Server/SSL/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/Public-Spot-Module/Authentication-Modules/Radius-Server/SSL/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/Public-Spot-Module/Authentication-Modules/Radius-Server/SSL/Renegotiations allowed
set /Setup/RADIUS/Server/EAP/EAP-TLS/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/RADIUS/RADSEC/Versions TLSv1,TLSv1.1,TLSv1.2,TLSv1.3
set /Setup/RADIUS/RADSEC/Keyex-Algorithms RSA,DHE,ECDHE
set /Setup/RADIUS/RADSEC/Crypto-Algorithms 3DES,AES-128,AES-256,AESGCM-128,AESGCM-256,Chacha20-Poly1305
set /Setup/RADIUS/RADSEC/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/RADIUS/RADSEC/Signature-Hash-Algorithms SHA1-RSA,SHA224-RSA,SHA256-RSA,SHA384-RSA,SHA512-RSA
set /Setup/NTP/BC-Mode Yes
cd /Setup/NTP/RQ-Address
del *
# RQ-Address Loopback-Addr. Authentication-Enabled Key-ID
# ==================================================================---------------------------------------------------------------------------------
add "192.168.20.10" {Loopback-Addr.} "" {Authentication-Enabled} No {Key-ID} 0
cd /
cd /Setup/NTP/Networklist
del *
# Network-name Server-Operating
# ==================----------------------------------------------------------------
add "INTRANET" {Server-Operating} Yes
add "DMZ" {Server-Operating} Yes
cd /
# Network-Name Port-List
# ==================-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add "INTRANET" {Port-List} "*-*"
add "DMZ" {Port-List} "*-*"
cd /
set /Setup/Certificates/SCEP-CA/Encryption-Algorithm DES
set /Setup/Automatic-Firmware-Update/Mode manual
set /Setup/CWMP/Data-Model TR-181
set /Setup/CWMP/SSL/Hash-Algorithms SHA1,SHA-256,SHA-384
set /Setup/CWMP/SSL/Signature-Hash-Algorithms SHA256-RSA,SHA384-RSA,SHA512-RSA
flash Yes
# done
exit
Fehler: Entweder ich erreiche das ganze Netz, oder ich erreiche nichts.
Komme da leider nicht weiter.
Code: Alles auswählen
[VPN-Status] 2020/02/25 13:03:55,952
IKE info: Phase-2 failed for peer VAGUAR2: no rule matches the phase-2 ids 192.168.16.9 <-> 0.0.0.0/0.0.0.0
IKE log: 130355.952565 Default message_negotiate_sa: no compatible proposal found
IKE log: 130355.952585 Default dropped message from aaa.aaa.aaa.aaa port 500 due to notification type NO_PROPOSAL_CHOSEN
[VPN-Debug] 2020/02/25 13:03:55,954
QUB-DATA: xxx.xxx.xxx.xxx:500<---aaa.aaa.aaa.aaa:500 rtg_tag 0 physical-channel WAN(1) vpn-channel 10
transport: [id: 16477, UDP (17) {incoming unicast, fixed source address}, dst: aaa.aaa.aaa.aaa, tag 0 (U), src: 62.159.75.130, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1024, iface: INET_2 (4), mac address: 4c:5e:0, port 0], local port: 500, remote port: 500
Peer VANGUARD2: Looking for a matching rule for IPV4_ADDR(0, 0, 192.168.16.9)<->IPV4_ADDR_SUBNET(0, 0, 0.0.0.0/0.0.0.0) (IDci<->IDcr)
Trying exact match:
'IPSEC-0-VAGUAR2-PR0-L0-R0': IPV4_ADDR(0, 0, 192.168.16.9)<->IPV4_ADDR(0, 0, 192.168.16.9)...Not found
'IPSEC-0-VAGUAR2-PR0-L1-R0': IPV4_ADDR(0, 0, 192.168.16.10)<->IPV4_ADDR(0, 0, 192.168.16.9)...Not found
Trying not exact match:
'IPSEC-0-VAGUAR2-PR0-L0-R0': IPV4_ADDR(0, 0, 192.168.16.9)<->IPV4_ADDR(0, 0, 192.168.16.9)...Not found
'IPSEC-0-VAGUAR2-PR0-L1-R0': IPV4_ADDR(0, 0, 192.168.16.10)<->IPV4_ADDR(0, 0, 192.168.16.9)...Not found
[VPN-Status] 2020/02/25 13:03:55,954
Phase-2 SA ('', '') entered to SADB
Peer VAGUAR2: Could not find a matching rule
[VPN-Status] 2020/02/25 13:03:55,954
VPN: policy manager error indication: VAGUAR22 (.aa.aaa.aaa.aaa), cause: 12801
[VPN-Status] 2020/02/25 13:03:55,954
VPN: WAN state changed to WanCalled for VANGUARD2 (0.0.0.0), called by: 020fc8b8
[VPN-Status] 2020/02/25 13:03:55,954
VPN: Error: IPSEC-R-No-rule-matched-IDs (0x3201) for VAGUAR2 (aaa.aaa.aaa.aaa)
[VPN-Status] 2020/02/25 13:03:55,954
vpn-maps[10], remote: VAGUAR2, idle, static-name
Was mache ich bei den Regeln falsch? Soll ich das lieber anders lösen?