VPN Zugriff mit Linux Notebook klappt nicht

Forum zum Thema allgemeinen Fragen zu VPN

Moderator: Lancom-Systems Moderatoren

Dr.Einstein
Beiträge: 2893
Registriert: 12 Jan 2010, 14:10

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von Dr.Einstein »

Du kannst normalerweise jeglichen Output im SSH Client in ein Log (.txt) schreiben lassen. Ansonsten bietet dir das Windows Tool LanConfig von Lancom die Möglichkeit, mittels rechtsklick auf das Gerät den lanTracer zu starten. Dort kannst du genauso wie über SSH die 3 Debugs anhaken.
rsielaff
Beiträge: 19
Registriert: 27 Mär 2023, 06:56

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von rsielaff »

Ich habe nur Linux Rechner.
Gehe jetzt aber mal an den PC meines Sohnes,
rsielaff
Beiträge: 19
Registriert: 27 Mär 2023, 06:56

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von rsielaff »

[VPN-IKE] 2023/04/03 11:31:38,608 Devicetime: 2023/04/03 11:33:08,105
[BBRI02] Sending packet after encryption:
IKE 2.0 Header:
Source/Port : 62.157.14.x:500
Destination/Port : 91.54.43.x:500
Routing-tag : 0
Com-channel : 20
| Initiator cookie : B7 50 37 63 45 7D 29 F3
| Responder cookie : FE 5A B9 DD D6 BC 23 69
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x28 Response Initiator
| Msg-ID : 1505
| Length : 80 Bytes
ENCR Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 52 Bytes
| IV : D3 82 16 C1 7B 8D 53 2E F6 5A FA 72 31 73 18 5B
| Encrypted Data : 10 28 8D 93 09 11 D9 1B 53 B4 34 2D C1 29 54 CB
| ICV : 66 8D 03 98 F0 37 35 9A 61 10 D2 BD 82 63 9E CA

[VPN-Debug] 2023/04/03 11:31:38,609 Devicetime: 2023/04/03 11:33:08,105
Peer BBRI02: Constructing an INFORMATIONAL-RESPONSE for send
Message encrypted successfully
Message authenticated successfully
IKE_SA(0xB7503763457D29F3FE5AB9DDD6BC2369).EXPECTED-MSG-ID raised to 1506
+(request, response) pair inserted into retransmission map
Sending an INFORMATIONAL-RESPONSE of 80 bytes (initiator encrypted)
Gateways: 62.157.14.249:x-->91.54.43.x:500, tag 0 (UDP)
SPIs: 0xB7503763457D29F3FE5AB9DDD6BC2369, Message-ID 1505
Payloads: ENCR

[VPN-Debug] 2023/04/03 11:31:39,265 Devicetime: 2023/04/03 11:33:09,105
BBRI02: Rescheduling DPD-Timer in 30s 0us

[VPN-IKE] 2023/04/03 11:32:00,999 Devicetime: 2023/04/03 11:33:30,783
[<UNKNOWN>] Received packet:
IKE 2.0 Header:
Source/Port : 80.187.72.x:29849
Destination/Port : 62.157.14.x:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 3A 64 ED 32 25 2F 9D E0
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 0
| Length : 844 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 652 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 272 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 30
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CAMELLIA-CBC (23)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CAMELLIA-CBC (23)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CAMELLIA-CBC (23)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : 3DES (3)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-384 (13)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-XCBC-96 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE448 (32)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 256-BIT RANDOM ECP (19)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 384-BIT RANDOM ECP (20)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 521-BIT RANDOM ECP (21)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP256R1 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP384R1 (29)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP512R1 (30)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 6144-BIT MODP (17)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 8192-BIT MODP (18)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 376 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 37
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-16 (16)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-16 (16)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-16 (16)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-12 (15)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-12 (15)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-12 (15)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-8 (14)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-8 (14)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-8 (14)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE448 (32)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 256-BIT RANDOM ECP (19)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 384-BIT RANDOM ECP (20)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 521-BIT RANDOM ECP (21)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP256R1 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP384R1 (29)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP512R1 (30)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 6144-BIT MODP (17)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 8192-BIT MODP (18)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 40 Bytes
| DH Group : 31
| Reserved2 : 0x0000
| DH-Key(256 bits) : 26 4B 1C 48 97 30 FC C4 3C 81 7E 6B E7 9E 82 5B
| AE EF 85 44 55 7D 46 92 E2 99 47 14 3B DA 1A 60
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 36 Bytes
| Nonce(256 bits) : 0E 60 6F 2D F3 31 FE 2F 69 DD FD 56 E4 EE 04 A2
| C1 7E 2F 0F 89 58 D7 62 4C DD 56 E2 F1 A8 8F F5
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : 3C F5 C8 CD E2 AE 2C 16 AB 9D FA 2A 9F 8E 2F AC
| F4 4F 54 D0
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : 8F 07 CD F2 28 AA DC 65 4A E6 71 23 FA DB 90 3E
| 2C F5 27 B3
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 16 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs. : SHA-256, SHA-384, SHA-512, IDENTITY
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : REDIRECT_SUPPORTED

[VPN-Debug] 2023/04/03 11:32:00,999 Devicetime: 2023/04/03 11:33:30,786
Peer <UNKNOWN>: Received an IKE_SA_INIT-REQUEST of 844 bytes
Gateways: 62.157.14.x:500<--80.187.72.x:29849
SPIs: 0x3A64ED32252F9DE00000000000000000, Message-ID 0
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS), NOTIFY(REDIRECT_SUPPORTED)
QUB-DATA: 62.157.14.x:500<---80.187.72.x:29849 rtg_tag 0 physical-channel WAN(1)
transport: [id: 1154734, UDP (17) {incoming unicast, fixed source address}, dst: 80.187.72.189, tag 0 (U), src: 62.157.14.249, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (3)], local port: 500, remote port: 29849
LCVPEI: IKE-R-No-rule-matched-ID
IKE-TRANSPORT freed

[VPN-IKE] 2023/04/03 11:32:04,908 Devicetime: 2023/04/03 11:33:34,828
[<UNKNOWN>] Received packet:
IKE 2.0 Header:
Source/Port : 80.187.72.x:29849
Destination/Port : 62.157.14.x:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 3A 64 ED 32 25 2F 9D E0
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 0
| Length : 844 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 652 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 272 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 30
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CAMELLIA-CBC (23)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CAMELLIA-CBC (23)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CAMELLIA-CBC (23)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : 3DES (3)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-384 (13)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-XCBC-96 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE448 (32)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 256-BIT RANDOM ECP (19)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 384-BIT RANDOM ECP (20)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 521-BIT RANDOM ECP (21)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP256R1 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP384R1 (29)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP512R1 (30)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 6144-BIT MODP (17)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 8192-BIT MODP (18)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 376 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 37
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-16 (16)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-16 (16)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-16 (16)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-12 (15)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-12 (15)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-12 (15)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-8 (14)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-8 (14)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-AES-CCM-8 (14)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE448 (32)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 256-BIT RANDOM ECP (19)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 384-BIT RANDOM ECP (20)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 521-BIT RANDOM ECP (21)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP256R1 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP384R1 (29)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : BRAINPOOLP512R1 (30)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 6144-BIT MODP (17)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 8192-BIT MODP (18)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 40 Bytes
| DH Group : 31
| Reserved2 : 0x0000
| DH-Key(256 bits) : 26 4B 1C 48 97 30 FC C4 3C 81 7E 6B E7 9E 82 5B
| AE EF 85 44 55 7D 46 92 E2 99 47 14 3B DA 1A 60
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 36 Bytes
| Nonce(256 bits) : 0E 60 6F 2D F3 31 FE 2F 69 DD FD 56 E4 EE 04 A2
| C1 7E 2F 0F 89 58 D7 62 4C DD 56 E2 F1 A8 8F F5
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : 3C F5 C8 CD E2 AE 2C 16 AB 9D FA 2A 9F 8E 2F AC
| F4 4F 54 D0
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : 8F 07 CD F2 28 AA DC 65 4A E6 71 23 FA DB 90 3E
| 2C F5 27 B3
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 16 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs. : SHA-256, SHA-384, SHA-512, IDENTITY
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : REDIRECT_SUPPORTED
Dr.Einstein
Beiträge: 2893
Registriert: 12 Jan 2010, 14:10

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von Dr.Einstein »

Hast du überhaupt ein DEFAULT-Peer unter IKEv2 Peers? fragen-zum-thema-vpn-f14/vpn-ikev2-defa ... 15581.html

Ich bin der Meinung, der Debug ist unvollständig. Mir fehlt auch z.B. der VPN-Status.

Ich sehe lediglich die Meldung

Code: Alles auswählen

IKE-R-No-rule-matched-ID
Dies deutet normalerweise auf ein Problem mit der SA-Bildung hin, also IP-Adresse beziehen beim Client. Passt aber nicht zu deiner ersten Meldung. Bitte nochmal einen vollständigen Debug liefern.

Code: Alles auswählen

trace # vpn-status
trace # vpn-ike
trace # vpn-debug
rsielaff
Beiträge: 19
Registriert: 27 Mär 2023, 06:56

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von rsielaff »

Den Default Peer hatte ich nicht. Habe ich aber gerade angelegt. Die Frage ist, was da an Werten drin stehen muss.
Dr.Einstein
Beiträge: 2893
Registriert: 12 Jan 2010, 14:10

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von Dr.Einstein »

rsielaff hat geschrieben: 03 Apr 2023, 12:08 Den Default Peer hatte ich nicht. Habe ich aber gerade angelegt. Die Frage ist, was da an Werten drin stehen muss.
Ich gehe mal davon aus, dass du noch mehr gelöscht hast, was mit DEFAULT zutun hat. Deswegen schick ich dir mal alle damit verknüpften Unterpunkte dazu.

Code: Alles auswählen

cd /Setup/VPN/IKEv2/Peers
tab Peer Active SH-Time Remote-Gateway Rtg-tag Encryption Authentication General Lifetimes IKE-CFG IPv4-CFG-Pool IPv6-CFG-Pool CFG-Client-Profile Split-DNS-Profile Auto-IP-Profile Rule-creation IPv4-Rules IPv6-Rules Routing RADIUS-Authorization RADIUS-Accounting IPv6 HSVPN Comment
add "DEFAULT" Yes 0 "" 0 "DEFAULT" "DEFAULT" "DEFAULT" "DEFAULT" Off "" "" "" "" "" manually "" "" "" "" "" "" "" ""
cd /

cd /Setup/VPN/IKEv2/Encryption
tab Name DH-Groups PFS IKE-SA-Cipher-List IKE-SA-Integ-Alg-List Child-SA-Cipher-List Child-SA-Integ-Alg-List
add "DEFAULT" DH16,DH14 Yes AES-CBC-256,AES-GCM-256 SHA-512,SHA-256 AES-CBC-256,AES-GCM-256 SHA-512,SHA-256
cd /

cd /Setup/VPN/IKEv2/Auth/Parameter
tab Name Local-Auth Local-Dig-Sig-Profile Local-ID-Type Local-ID Local-Password Remote-Auth Remote-Dig-Sig-Profile Remote-EAP-Profile Remote-ID-Type Remote-ID Remote-Password Addit.-Remote-ID-List Local-Certificate Remote-Cert-ID-Check OCSP-Check CRL-Check
add "DEFAULT" Digital-Signature "DEFAULT-RSA-PKCS" No-Identity "" "" Digital-Signature "DEFAULT-RSA-PKCS" "" No-Identity "" "" "DEFAULT" "VPN1" No No Yes
cd /

cd /Setup/VPN/IKEv2/Auth/Addit.-Remote-ID-List
tab Name Addit.-Remote-IDs
add "DEFAULT" "DEFAULT-RSA-PKCS,DEFAULT-RSA-PSS,DEFAULT-ECDSA,DEFAULT-EDDSA25519,DEFAULT-EDDSA448"
cd /

cd /Setup/VPN/IKEv2/Auth/Addit.-Remote-IDs
tab Name Remote-Auth Remote-Dig-Sig-Profile Remote-EAP-Profile Remote-ID-Type Remote-ID Remote-Password Remote-Cert-ID-Check OCSP-Check CRL-Check
add "DEFAULT-RSA-PKCS" Digital-Signature "DEFAULT-RSA-PKCS" "" No-Identity "" "" No No Yes
add "DEFAULT-RSA-PSS" Digital-Signature "DEFAULT-RSA-PSS" "" No-Identity "" "" No No Yes
add "DEFAULT-ECDSA" Digital-Signature "DEFAULT-ECDSA" "" No-Identity "" "" No No Yes
add "DEFAULT-EDDSA25519" Digital-Signature "DEFAULT-EDDSA25519" "" No-Identity "" "" No No Yes
add "DEFAULT-EDDSA448" Digital-Signature "DEFAULT-EDDSA448" "" No-Identity "" "" No No Yes
cd /

cd /Setup/VPN/IKEv2/Auth/Digital-Signature-Profiles
tab Name Auth-Method Hash-Algorithms
add "DEFAULT-RSA-PSS" RSASSA-PSS SHA-512,SHA-384,SHA-256
add "DEFAULT-RSA-PKCS" RSASSA-PKCS1-v1_5 SHA-512,SHA-384,SHA-256
add "DEFAULT-ECDSA" ECDSA SHA-512,SHA-384,SHA-256
add "DEFAULT-EDDSA25519" EdDSA25519 IDENTITY
add "DEFAULT-EDDSA448" EdDSA448 IDENTITY
cd /

cd /Setup/VPN/IKEv2/General
tab Name DPD-Inact-Timeout Encapsulation Destination-Port
add "DEFAULT" 30 None 0
cd /

cd /Setup/VPN/IKEv2/Lifetimes
tab Name IKE-SA-Sec IKE-SA-KB Child-SA-Sec Child-SA-KB
add "DEFAULT" 84600 0 14400 2000000
cd /
Dr.Einstein
Beiträge: 2893
Registriert: 12 Jan 2010, 14:10

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von Dr.Einstein »

Wie schauts aus? nicht sofort aufgeben, brauchen vielleicht noch 3-4 Anläufe mit Tracen bis es läuft.
rsielaff
Beiträge: 19
Registriert: 27 Mär 2023, 06:56

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von rsielaff »

Ich hatte heute leider keine Zeit. Aber ich melde mich, wenn ich alles gemacht habe.
rsielaff
Beiträge: 19
Registriert: 27 Mär 2023, 06:56

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von rsielaff »

So ich habe alles eingetragen. Die Fehlermeldung hat sich geändert:

[VPN-IKE] 2023/04/08 16:46:17,279 Devicetime: 2023/04/08 16:48:20,181
[IKEV2C_0002] Received packet after decryption:
IKE 2.0 Header:
Source/Port : 80.187.70.x:6607
Destination/Port : 62.157.14.x:4500
Routing-tag : 0
Com-channel : 22
| Initiator cookie : 11 BF AD CD DE E9 51 D1
| Responder cookie : 98 C0 89 14 A1 3F F0 BB
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x08 Initiator
| Msg-ID : 2
| Length : 80 Bytes
ENCR Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 52 Bytes
| IV : 94 F9 F8 04 EA 9C 59 54 C1 55 24 57 F0 DB 4D BC
| ICV : 47 59 BD 3E BA 0D D4 B0 DA 25 D6 8B ED 09 A9 B3
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : AUTHENTICATION_FAILED
Rest : DE ED 4A 27 04 16 FC 07

[VPN-Status] 2023/04/08 16:46:17,384 Devicetime: 2023/04/08 16:48:20,181
IKE info: inform_responder_recv_AuthFailed: AUTHENTICATION_FAILED received from peer IKEV2C_0002 in informational exchange (authenticated)

[VPN-Debug] 2023/04/08 16:46:17,384 Devicetime: 2023/04/08 16:48:20,181
Peer IKEV2C_0002 [responder]: Received an INFORMATIONAL-REQUEST of 80 bytes (encrypted)
Gateways: 62.157.14.x:4500<--80.187.70.x:6607
SPIs: 0x11BFADCDDEE951D198C08914A13FF0BB, Message-ID 2
Payloads: ENCR
QUB-DATA: 62.157.14.x:4500<---80.187.70.x:6607 rtg_tag 0 physical-channel WAN(1) vpn-channel 22
transport: [id: 1378496, UDP (17) {incoming unicast, fixed source address}, dst: 80.187.70.x, tag 0 (U), src: 62.157.14.x, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (3)], local port: 4500, remote port: 6607, flags: UDP_ENCAPSULATION
+IKE_SA found and assigned
+Exchange created (flags: 0x00000000)
Message verified successfully
Message decrypted successfully
Payloads: ENCR, NOTIFY(AUTHENTICATION_FAILED)

[VPN-Status] 2023/04/08 16:46:17,385 Devicetime: 2023/04/08 16:48:20,181
Peer IKEV2C_0002 [responder]: Received an INFORMATIONAL-REQUEST of 80 bytes (encrypted)
Gateways: 62.157.14.x:4500<--80.187.70.x:6607
SPIs: 0x11BFADCDDEE951D198C08914A13FF0BB, Message-ID 2
Received 1 notification:
+AUTHENTICATION_FAILED (ERROR)
IKE_SA ('IKEV2C_0002', 'ISAKMP-PEER-IKEV2C_0002' IPSEC_IKE SPIs 0x11BFADCDDEE951D198C08914A13FF0BB) removed from SADB
CHILD_SA ('IKEV2C_0002', 'IPSEC-1-IKEV2C_0002-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0xC3DD99F6 Inbound-SPI 0x5ECC8D0F) removed from SADB
CHILD_SA ('IKEV2C_0002', 'IPSEC-1-IKEV2C_0002-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0xC3DD99F6 Inbound-SPI 0x5ECC8D0F) freed

[VPN-IKE] 2023/04/08 16:46:17,386 Devicetime: 2023/04/08 16:48:20,182
[IKEV2C_0002] Sending packet before encryption:
IKE 2.0 Header:
Source/Port : 62.157.14.x:4500
Destination/Port : 80.187.70.x:6607
Routing-tag : 0
Com-channel : 22
| Initiator cookie : 11 BF AD CD DE E9 51 D1
| Responder cookie : 98 C0 89 14 A1 3F F0 BB
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x20 Response
| Msg-ID : 2
| Length : 80 Bytes
ENCR Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 52 Bytes
| IV : 23 2B 3B 91 BB 98 35 2C 05 EE 5C 81 76 B2 A7 9D
| ICV : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Rest : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0F

[VPN-Debug] 2023/04/08 16:46:17,384 Devicetime: 2023/04/08 16:48:20,181
Peer IKEV2C_0002 [responder]: Received an INFORMATIONAL-REQUEST of 80 bytes (encrypted)
Gateways: 62.157.14.x:4500<--80.187.70.x:6607
SPIs: 0x11BFADCDDEE951D198C08914A13FF0BB, Message-ID 2
Payloads: ENCR
QUB-DATA: 62.157.14.x:4500<---80.187.70.x:6607 rtg_tag 0 physical-channel WAN(1) vpn-channel 22
transport: [id: 1378496, UDP (17) {incoming unicast, fixed source address}, dst: 80.187.70.x, tag 0 (U), src: 62.157.14.x, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (3)], local port: 4500, remote port: 6607, flags: UDP_ENCAPSULATION
+IKE_SA found and assigned
+Exchange created (flags: 0x00000000)
Message verified successfully
Message decrypted successfully
Payloads: ENCR, NOTIFY(AUTHENTICATION_FAILED)

[VPN-Status] 2023/04/08 16:46:17,385 Devicetime: 2023/04/08 16:48:20,181
Peer IKEV2C_0002 [responder]: Received an INFORMATIONAL-REQUEST of 80 bytes (encrypted)
Gateways: 62.157.14.x:4500<--80.187.70.x:6607
SPIs: 0x11BFADCDDEE951D198C08914A13FF0BB, Message-ID 2
Received 1 notification:
+AUTHENTICATION_FAILED (ERROR)
IKE_SA ('IKEV2C_0002', 'ISAKMP-PEER-IKEV2C_0002' IPSEC_IKE SPIs 0x11BFADCDDEE951D198C08914A13FF0BB) removed from SADB
CHILD_SA ('IKEV2C_0002', 'IPSEC-1-IKEV2C_0002-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0xC3DD99F6 Inbound-SPI 0x5ECC8D0F) removed from SADB
CHILD_SA ('IKEV2C_0002', 'IPSEC-1-IKEV2C_0002-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0xC3DD99F6 Inbound-SPI 0x5ECC8D0F) freed

[VPN-IKE] 2023/04/08 16:46:17,386 Devicetime: 2023/04/08 16:48:20,182
[IKEV2C_0002] Sending packet before encryption:
IKE 2.0 Header:
Source/Port : 62.157.14.x:4500
Destination/Port : 80.187.70.x:6607
Routing-tag : 0
Com-channel : 22
| Initiator cookie : 11 BF AD CD DE E9 51 D1
| Responder cookie : 98 C0 89 14 A1 3F F0 BB
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x20 Response
| Msg-ID : 2
| Length : 80 Bytes
ENCR Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 52 Bytes
| IV : 23 2B 3B 91 BB 98 35 2C 05 EE 5C 81 76 B2 A7 9D
| ICV : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Rest : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0F

[VPN-IKE] 2023/04/08 16:46:17,386 Devicetime: 2023/04/08 16:48:20,185
[IKEV2C_0002] Sending packet after encryption:
IKE 2.0 Header:
Source/Port : 62.157.14.x:4500
Destination/Port : 80.187.70.x:6607
Routing-tag : 0
Com-channel : 22
| Initiator cookie : 11 BF AD CD DE E9 51 D1
| Responder cookie : 98 C0 89 14 A1 3F F0 BB
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x20 Response
| Msg-ID : 2
| Length : 80 Bytes
ENCR Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 52 Bytes
| IV : 23 2B 3B 91 BB 98 35 2C 05 EE 5C 81 76 B2 A7 9D
| Encrypted Data : CF A1 86 93 E8 05 89 AD B2 47 2C 7B 51 A2 EC 0E
| ICV : C3 34 FF D2 97 12 CF 50 94 FA B9 E2 83 68 1B 7E

[VPN-IKE] 2023/04/08 16:46:17,386 Devicetime: 2023/04/08 16:48:20,185
[IKEV2C_0002] Sending packet after encryption:
IKE 2.0 Header:
Source/Port : 62.157.14.x:4500
Destination/Port : 80.187.70.x:6607
Routing-tag : 0
Com-channel : 22
| Initiator cookie : 11 BF AD CD DE E9 51 D1
| Responder cookie : 98 C0 89 14 A1 3F F0 BB
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x20 Response
| Msg-ID : 2
| Length : 80 Bytes
ENCR Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 52 Bytes
| IV : 23 2B 3B 91 BB 98 35 2C 05 EE 5C 81 76 B2 A7 9D
| Encrypted Data : CF A1 86 93 E8 05 89 AD B2 47 2C 7B 51 A2 EC 0E
| ICV : C3 34 FF D2 97 12 CF 50 94 FA B9 E2 83 68 1B 7E

[VPN-Debug] 2023/04/08 16:46:17,387 Devicetime: 2023/04/08 16:48:20,186
Peer IKEV2C_0002: Constructing an INFORMATIONAL-RESPONSE for send
Message encrypted successfully
Message authenticated successfully
Non-ESP-Marker Prepended
IKE_SA(0x11BFADCDDEE951D198C08914A13FF0BB).EXPECTED-MSG-ID raised to 3
+(request, response) pair inserted into retransmission map
Sending an INFORMATIONAL-RESPONSE of 80 bytes (responder encrypted)
Gateways: 62.157.14.x:4500-->80.187.70.x:6607, tag 0 (UDP)
SPIs: 0x11BFADCDDEE951D198C08914A13FF0BB, Message-ID 2
Payloads: ENCR

[VPN-Status] 2023/04/08 16:46:17,387 Devicetime: 2023/04/08 16:48:20,186
Peer IKEV2C_0002: Constructing an INFORMATIONAL-RESPONSE for send
Sending an INFORMATIONAL-RESPONSE of 80 bytes (responder encrypted)
Gateways: 62.157.14.x:4500-->80.187.70.x:6607, tag 0 (UDP)
SPIs: 0x11BFADCDDEE951D198C08914A13FF0BB, Message-ID 2

[VPN-Debug] 2023/04/08 16:46:17,388 Devicetime: 2023/04/08 16:48:20,186
LCVPEI: IKE-R-IKE-key-mismatch
DISCONNECT-RESPONSE sent for handle 22
IKE-TRANSPORT freed

[VPN-Status] 2023/04/08 16:46:17,388 Devicetime: 2023/04/08 16:48:20,186
IKE_SA ('IKEV2C_0002', 'ISAKMP-PEER-IKEV2C_0002' IPSEC_IKE SPIs 0x11BFADCDDEE951D198C08914A13FF0BB) freed

[VPN-Debug] 2023/04/08 16:46:17,388 Devicetime: 2023/04/08 16:48:20,186
CRYPTACCESS: Unregistering combined id: 19

[VPN-Debug] 2023/04/08 16:46:17,389 Devicetime: 2023/04/08 16:48:20,186
CRYPTACCESS: Unregistering combined id: 13
Dr.Einstein
Beiträge: 2893
Registriert: 12 Jan 2010, 14:10

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von Dr.Einstein »

Dein Debug ist wieder unvollständig. Der komplette Verbindungsaufbau fehlt... Aber egal, der Client meldet dir "AUTHENTICATION_FAILED", d.h. der Client ist nicht zufrieden mit dem Lancom. Vermutlich musst du an den IDs rumschrauben. Trage mal im Client als entfernte Identität die WAN-IP (bzw Domainname falls du DynDns nutzt) ein und ändere den Typ auf IPv4-Adresse bzw. FQDN bei Domainname. Das gleiche musst du dann im Lancom bei der lokalen Identität machen. Sollte das nicht klappen, musst du im Log des Clients schauen, was ihm nicht gefällt. Alternativ ein wenig im Internet googln, was andere Hersteller zu dem Linux Client empfehlen.
rsielaff
Beiträge: 19
Registriert: 27 Mär 2023, 06:56

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von rsielaff »

Es klappt nicht.
rsielaff
Beiträge: 19
Registriert: 27 Mär 2023, 06:56

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von rsielaff »

Ich habe jetzt versucht, das Ganze mit Zertifikaten einzurichten. Leider klappt auch das nicht.
Als Anleitung habe ich folgendes genommen:

https://uwe-kernchen.de/phpmyfaq/index. ... artlang=de

Der Client baut irgendwie keine Verbindung auf (trace auf dem Lancom zeigt nichts an)

Am Client wird angezeigt, dass die VPN Verbindung nicht aufgebaut wurde, da keine VPN-Geheimnisse vorliegen.

???
Dr.Einstein
Beiträge: 2893
Registriert: 12 Jan 2010, 14:10

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von Dr.Einstein »

Alle Angaben mit < > austauschen durch eigene Parameter, inkl der < >.

PSK:

/etc/ipsec.secrets

Code: Alles auswählen

%any <ip/dns> : PSK "<PSK>"
/etc/ipsec.conf

Code: Alles auswählen

config setup
        charondebug="all"
        uniqueids=yes
conn Linux-Lancom
        type=tunnel
        auto=start
        keyexchange=ikev2
        authby=secret
        left=%any
        leftid=linux01.intern
        leftsourceip=%config
        right=<ip/dns>
        rightid=zentrale.intern
        rightsubnet=0.0.0.0/0
        ike=aes256-sha512-modp4096!
        esp=aes256-sha512!
        aggressive=no
        keyingtries=%forever
        ikelifetime=28800s
        lifetime=3600s
        dpddelay=30s
        dpdtimeout=120s
        dpdaction=restart
        forceencaps=yes
Lancom

Code: Alles auswählen

cd /Setup/VPN/IKEv2/Peers
tab Peer Active SH-Time Remote-Gateway Rtg-tag Encryption Authentication General Lifetimes IKE-CFG IPv4-CFG-Pool IPv6-CFG-Pool CFG-Client-Profile Split-DNS-Profile Auto-IP-Profile Rule-creation IPv4-Rules IPv6-Rules Routing RADIUS-Authorization RADIUS-Accounting IPv6 HSVPN Comment
add "DEFAULT" Yes 0 "" 0 "DEFAULT" "DEFAULT" "DEFAULT" "DEFAULT" Off "" "" "" "" "" manually "" "" "" "" "" "" "" ""
add "LINUX-PSK" Yes 0 "0.0.0.0" 0 "DEFAULT" "LINUX-PSK" "DEFAULT" "DEFAULT" Server "IP-POOL" "" "" "" "" manually "RAS-WITH-NETWORK-SELECTION" "" "" "" "" "DEFAULT" "" ""
cd /

cd /Setup/VPN/IKEv2/Encryption
tab Name DH-Groups PFS IKE-SA-Cipher-List IKE-SA-Integ-Alg-List Child-SA-Cipher-List Child-SA-Integ-Alg-List
add "DEFAULT" DH16,DH14 Yes AES-CBC-256,AES-GCM-256 SHA-512,SHA-256 AES-CBC-256,AES-GCM-256 SHA-512,SHA-256
cd /

cd /Setup/VPN/IKEv2/Auth/Parameter
tab Name Local-Auth Local-Dig-Sig-Profile Local-ID-Type Local-ID Local-Password Remote-Auth Remote-Dig-Sig-Profile Remote-EAP-Profile Remote-ID-Type Remote-ID Remote-Password Addit.-Remote-ID-List Local-Certificate Remote-Cert-ID-Check OCSP-Check CRL-Check
add "LINUX-PSK" PSK "DEFAULT-RSA-PKCS" Domain-Name "zentrale.intern" "<PSK>" PSK "DEFAULT-RSA-PKCS" "" Domain-Name "linux01.intern" "<PSK>" "" "" No No Yes
cd /

cd /Setup/VPN/IKEv2/IKE-CFG/IPv4
tab Name Start-Address-Pool End-Address-Pool Primary-DNS Secondary-DNS
add "IP-POOL" "192.168.1.100" "192.168.1.199" "192.168.1.1" "0.0.0.0"
cd /
rsielaff
Beiträge: 19
Registriert: 27 Mär 2023, 06:56

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von rsielaff »

Das ist dann aber wieder PSK und nicht Zertifikate, richtig ?

Was müsste denn dann in der ersten Zeile eingetragen werden:
%any <ip/dns> : PSK "<PSK>"
Dr.Einstein
Beiträge: 2893
Registriert: 12 Jan 2010, 14:10

Re: VPN Zugriff mit Linux Notebook klappt nicht

Beitrag von Dr.Einstein »

Du hattest eingangs nach PSK gefragt, deswegen meine gepostete Lösung.

Zu deiner Frage:

Code: Alles auswählen

%any <ip/dns> : PSK "<PSK>"
wird zu

Code: Alles auswählen

%any 1.2.3.4 : PSK "123456789"
1.2.3.4 ersetzt du durch deine WAN IP-Adresse des Lancom Routers (oder halt Domainnamen), und den PSK 123456789 ersetzt du durch was sicheres, vielleicht zum Einstieg nicht direkt alles mit Sonderzeichen.
Antworten