bitte verzeiht mir meine ersten Gehversuche in Sachen VPN-Tunnel und die vielleicht dummen Fragen.
Ich versuche mittels Shrew-VPN einen VPN-Tunnel zu unserem Lancom 1781VAW aufzubauen und habe mich an die Anleitungen gehalten, die Shrewsoft hier anbietet:
1.) https://www.shrew.net/support/images/b/ ... ateway.pdf
2.) https://www.shrew.net/support/images/4/ ... client.pdf
Wenn ich die Konfiguration genauso umsetze, kann ich mich mit dem Lancom verbinden. LANMonitor und Shrew-VPN bestätigen dies. Der Client erhält auch eine interne IP zugewiesen (192.168.2.222). Allerdings sehe ich am Client nicht die Netzwerk-Verbindungen (freigegebene Laufwerke), die allgemein freigegeben sind.
Woran kann das liegen? Bin für jeden Hinweis dankbar!
LG
Pino
Konfiguration Office:
Lancom 1781VAW (intern 192.168.2.0 / DMZ 192.168.118.0)
Konfiguration Client:
Windows 10 Home
Shrew-VPN 2.2.2
Code: Alles auswählen
[VPN-Status] 2017/05/31 16:22:05,852 Devicetime: 2017/05/31 16:22:06,391
IKE info: The remote peer def-aggr-peer supports NAT-T in draft mode
IKE info: The remote peer def-aggr-peer supports NAT-T in draft mode
IKE info: The remote peer def-aggr-peer supports NAT-T in RFC mode
IKE info: The remote server 109.44.3.122:62843 (UDP) peer def-aggr-peer id <no_id> negotiated rfc-3706-dead-peer-detection
[VPN-Status] 2017/05/31 16:22:05,852 Devicetime: 2017/05/31 16:22:06,391
IKE error: 162206.391502 Default attribute_unacceptable: conf_match_num failed, type [14]: No such file or directory
IKE error: 162206.391554 Default attribute_unacceptable: conf_match_num failed, type [14]: No such file or directory
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = MD5 <-> local No 3 hash algorithm = SHA1
IKE info: Phase-1 remote proposal 1 for peer def-aggr-peer matched with local proposal 4
[VPN-Status] 2017/05/31 16:22:05,853 Devicetime: 2017/05/31 16:22:06,548
IKE info: Phase-1 SA Rekeying Timeout (Soft-Event) for peer VPN_GS set to 77760 seconds (Responder)
[VPN-Status] 2017/05/31 16:22:05,853 Devicetime: 2017/05/31 16:22:06,548
IKE info: Phase-1 SA Timeout (Hard-Event) for peer VPN_GS set to 86400 seconds (Responder)
[VPN-Status] 2017/05/31 16:22:05,853 Devicetime: 2017/05/31 16:22:06,548
Phase-1 [responder] for peer VPN_GS initiator id abc@abc.de, responder id abc@abc.de
initiator cookie: 0x080319747BA311E5, responder cookie: 0xFC66032ACD3101C5
NAT-T enabled in mode rfc. We are behind a nat, the remote side is behind a nat
SA ISAKMP for peer VPN_GS encryption aes-cbc authentication MD5
life time soft 06/01/2017 13:58:06 (in 77760 sec) / 0 kb
life time hard 06/01/2017 16:22:06 (in 86400 sec) / 0 kb
DPD: 90 sec
[VPN-Status] 2017/05/31 16:22:05,853 Devicetime: 2017/05/31 16:22:06,550
IKE info: NOTIFY received of type INITIAL_CONTACT for peer VPN_GS
[VPN-Status] 2017/05/31 16:22:05,853 Devicetime: 2017/05/31 16:22:06,550
IKE info: Phase-1 [responder] got INITIAL-CONTACT from peer VPN_GS (109.44.3.122)
[VPN-Status] 2017/05/31 16:22:05,853 Devicetime: 2017/05/31 16:22:06,554
IKE info: IKE-CFG: Received REQUEST message with id 0 from peer VPN_GS
IKE info: IKE-CFG: Attribute INTERNAL_IP4_DNS len 0 value (none) received
IKE info: IKE-CFG: Attribute INTERNAL_IP4_NBNS len 0 value (none) received
[VPN-Status] 2017/05/31 16:22:05,853 Devicetime: 2017/05/31 16:22:06,554
IKE info: IKE-CFG: Creating REPLY message with id 0 for peer VPN_GS
IKE info: Assigned IPv4 config payload parameters to VPN_GS:
IP: 192.168.2.222
DNS: 192.168.2.1, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
IKE info: IKE-CFG: Attribute INTERNAL_IP4_NBNS len 0 skipped
IKE info: IKE-CFG: Attribute INTERNAL_IP4_DNS len 4 value 192.168.2.1 added
IKE info: IKE-CFG: Sending message
[VPN-Status] 2017/05/31 16:22:20,496 Devicetime: 2017/05/31 16:22:21,040
IKE info: The remote peer def-aggr-peer supports NAT-T in draft mode
IKE info: The remote peer def-aggr-peer supports NAT-T in draft mode
IKE info: The remote peer def-aggr-peer supports NAT-T in RFC mode
IKE info: The remote server 109.44.3.122:61780 (UDP) peer def-aggr-peer id <no_id> negotiated rfc-3706-dead-peer-detection
[VPN-Status] 2017/05/31 16:22:20,496 Devicetime: 2017/05/31 16:22:21,040
IKE error: 162221.040906 Default attribute_unacceptable: conf_match_num failed, type [14]: No such file or directory
IKE error: 162221.040956 Default attribute_unacceptable: conf_match_num failed, type [14]: No such file or directory
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = MD5 <-> local No 3 hash algorithm = SHA1
IKE info: Phase-1 remote proposal 1 for peer def-aggr-peer matched with local proposal 4
[VPN-Status] 2017/05/31 16:22:20,497 Devicetime: 2017/05/31 16:22:21,198
IKE info: Phase-1 SA Rekeying Timeout (Soft-Event) for peer VPN_GS set to 77760 seconds (Responder)
[VPN-Status] 2017/05/31 16:22:20,497 Devicetime: 2017/05/31 16:22:21,198
IKE info: Phase-1 SA Timeout (Hard-Event) for peer VPN_GS set to 86400 seconds (Responder)
[VPN-Status] 2017/05/31 16:22:20,497 Devicetime: 2017/05/31 16:22:21,198
Phase-1 [responder] for peer VPN_GS initiator id abc@abc.de, responder id abc@abc.de
initiator cookie: 0xE7F714D65BE3B324, responder cookie: 0x39A0AA90C929E543
NAT-T enabled in mode rfc. We are not behind a nat, the remote side is behind a nat
SA ISAKMP for peer VPN_GS encryption aes-cbc authentication MD5
life time soft 06/01/2017 13:58:21 (in 77760 sec) / 0 kb
life time hard 06/01/2017 16:22:21 (in 86400 sec) / 0 kb
DPD: 90 sec
[VPN-Status] 2017/05/31 16:22:20,497 Devicetime: 2017/05/31 16:22:21,201
IKE info: Phase-2 proposal failed: remote No 1, esp hmac HMAC-MD5 <-> local No 1, esp hmac HMAC-SHA1
IKE info: Phase-2 remote proposal 1 for peer VPN_GS matched with local proposal 2
[VPN-Status] 2017/05/31 16:22:20,696 Devicetime: 2017/05/31 16:22:21,291
IKE info: Phase-2 SA Rekeying Timeout (Soft-Event) for peer VPN_GS set to 3240 seconds (Responder)
[VPN-Status] 2017/05/31 16:22:20,696 Devicetime: 2017/05/31 16:22:21,291
IKE info: Phase-2 SA Timeout (Hard-Event) for peer VPN_GS set to 3600 seconds (Responder)
[VPN-Status] 2017/05/31 16:22:20,697 Devicetime: 2017/05/31 16:22:21,291
Phase-2 [responder] done with 2 SAS for peer VPN_GS rule ipsec-0-VPN_GS-pr0-l0-r0
123.456.12.34:4500<--109.44.3.122:61780, VLAN-ID 0, HW switch port 0, Routing tag 0, Com-channel 1
rule:' ipsec 192.168.2.0/24 <-> 192.168.2.222/32
SA ESP [0xB34FC8CA] alg AES_CBC keylength 256 +hmac HMAC-MD5 outgoing
SA ESP [0x996E297B] alg AES_CBC keylength 256 +hmac HMAC-MD5 incoming
life time soft 05/31/2017 17:16:21 (in 3240 sec) / 0 kb
life time hard 05/31/2017 17:22:21 (in 3600 sec) / 0 kb
tunnel between src: 123.456.12.34 dst: 109.44.3.122
[VPN-Status] 2017/05/31 16:22:20,697 Devicetime: 2017/05/31 16:22:21,292
VPN: WAN state changed to WanCalled for VPN_GS (109.44.3.122), called by: 0183d5e0
[VPN-Status] 2017/05/31 16:22:20,697 Devicetime: 2017/05/31 16:22:21,292
vpn-maps[22], remote: VPN_GS, nego, static-name, connected-by-name
[VPN-Status] 2017/05/31 16:22:20,697 Devicetime: 2017/05/31 16:22:21,292
VPN: wait for IKE negotiation from VPN_GS (109.44.3.122)
[VPN-Status] 2017/05/31 16:22:20,697 Devicetime: 2017/05/31 16:22:21,292
VPN: WAN state changed to WanProtocol for VPN_GS (109.44.3.122), called by: 0183d5e0
[VPN-Status] 2017/05/31 16:22:20,896 Devicetime: 2017/05/31 16:22:21,589
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE for peer VPN_GS Seq-Nr 0x3225c38e, expected 0x3225c38e
[VPN-Status] 2017/05/31 16:22:20,896 Devicetime: 2017/05/31 16:22:21,590
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE_ACK sent for Phase-1 SA to peer VPN_GS, sequence nr 0x3225c38e
[VPN-Status] 2017/05/31 16:22:21,800 Devicetime: 2017/05/31 16:22:22,298
VPN: VPN_GS connected
[VPN-Status] 2017/05/31 16:22:21,800 Devicetime: 2017/05/31 16:22:22,298
VPN: WAN state changed to WanConnect for VPN_GS (109.44.3.122), called by: 0183d5e0
[VPN-Status] 2017/05/31 16:22:21,800 Devicetime: 2017/05/31 16:22:22,298
vpn-maps[22], remote: VPN_GS, connected, static-name, connected-by-name
[VPN-Status] 2017/05/31 16:22:21,800 Devicetime: 2017/05/31 16:22:22,305
internal DNS resolution for VPN_GS
IpStr=>0.0.0.0<, IpAddr(old)=0.0.0.0, IpTtl(old)=0s
IpStr=>0.0.0.0<, IpAddr(new)=0.0.0.0, IpTtl(new)=0s
[ICMP] 2017/05/31 16:22:22,000 Devicetime: 2017/05/31 16:22:22,619
ICMP Rx (WAN, VPN_GS): Src-IP: 192.168.2.222: Destination unreachable (Port unreachable)
original packet:
DstIP: 192.168.2.222, SrcIP: 192.168.2.1, Len: 366, DSCP: CS0/BE (0x00), ECT: 0, CE: 0
Prot.: UDP (17), DstPort: 51101, SrcPort: 53
[VPN-Status] 2017/05/31 16:22:35,103 Devicetime: 2017/05/31 16:22:35,606
IKE info: Delete Notification sent for Phase-1 SA to peer VPN_GS, cookies [0xe7f714d65be3b324 0x39a0aa90c929e543]
[VPN-Status] 2017/05/31 16:22:35,103 Devicetime: 2017/05/31 16:22:35,607
IKE info: Phase-1 SA removed: peer VPN_GS rule VPN_GS removed
[ICMP] 2017/05/31 16:22:43,084 Devicetime: 2017/05/31 16:22:43,591
ICMP Rx (LAN-2, NETZ118): Src-IP: 192.168.118.175: Echo request, ID: 20214, Seq: 0
[ICMP] 2017/05/31 16:22:43,084 Devicetime: 2017/05/31 16:22:43,591
ICMP Tx (LAN-2, NETZ118): Dest-IP: 192.168.118.175: Echo reply, ID: 20214, Seq: 0
[ICMP] 2017/05/31 16:22:44,077 Devicetime: 2017/05/31 16:22:44,590
ICMP Rx (LAN-2, NETZ118): Src-IP: 192.168.118.175: Echo request, ID: 50835, Seq: 0
[ICMP] 2017/05/31 16:22:44,077 Devicetime: 2017/05/31 16:22:44,590
ICMP Tx (LAN-2, NETZ118): Dest-IP: 192.168.118.175: Echo reply, ID: 50835, Seq: 0
[TraceStopped] 2017/05/31 16:23:27,040