Zertifikatsbasiertes VPN mit Mac OS X ML funktioniert nicht

rrr · Beitrag von **rrr** » 01 Sep 2012, 06:09

Ich bekomme keine zertifikatsbasierte Verbindung mit Mac OS X Mountain Lion und einem LC 1722 zustande. Er scheint irgendwie nicht über die Phase 1 hinaus zu kommen...

Zertifikatsverbindungen mit iOS-Geräten funktionieren problemlos. - Was kann ich tun damits auch mit dem Mac läuft?

Lancom-Tracelog:

Code: Alles auswählen

[VPN-Status] 2012/09/01 05:57:50,609
IKE info: The remote peer def-main-peer supports NAT-T in RFC mode
IKE info: The remote peer def-main-peer supports NAT-T in draft mode
IKE info: The remote peer def-main-peer supports NAT-T in draft mode
IKE info: The remote server remote_ip:500 (UDP) peer def-main-peer id <no_id> supports draft-ietf-ipsec-isakmp-xauth
IKE info: The remote server remote_ip:500 (UDP) peer def-main-peer id <no_id> negotiated rfc-3706-dead-peer-detection


[VPN-Status] 2012/09/01 05:57:50,610
IKE info: Phase-1 remote proposal 1 for peer def-main-peer matched with local proposal 1


[VPN-Status] 2012/09/01 05:57:51,913
IKE log: 055751.000000 Default message_recv: invalid payload type 132 in ISAKMP header (check passphrases, if applicable and in Phase 1)


[VPN-Status] 2012/09/01 05:57:51,913
IKE log: 055751.000000 Default dropped message from remote_ip port 4294962023 due to notification type INVALID_PAYLOAD_TYPE


[VPN-Status] 2012/09/01 05:57:51,913
IKE info: dropped message from peer unknown remote_ip port 4294962023 due to notification type INVALID_PAYLOAD_TYPE


[VPN-Status] 2012/09/01 05:57:51,978
IKE log: 055751.000000 Default message_recv: invalid payload type 132 in ISAKMP header (check passphrases, if applicable and in Phase 1)


[VPN-Status] 2012/09/01 05:57:51,978
IKE log: 055751.000000 Default dropped message from remote_ip port 4294955165 due to notification type INVALID_PAYLOAD_TYPE


[VPN-Status] 2012/09/01 05:57:51,978
IKE info: dropped message from peer unknown remote_ip port 4294955165 due to notification type INVALID_PAYLOAD_TYPE


[VPN-Status] 2012/09/01 05:57:56,586
IKE log: 055756.000000 Default message_recv: invalid payload type 132 in ISAKMP header (check passphrases, if applicable and in Phase 1)

Mac-OS Log:

Code: Alles auswählen

02.09.12 01:51:56,733 configd[18]: IPSec connecting to server vpn.example.org
02.09.12 01:51:56,734 configd[18]: SCNC: start, triggered by System Preferen, type IPSec, status 0
02.09.12 01:51:56,737 configd[18]: IPSec Phase1 starting.
02.09.12 01:51:56,750 racoon[334]: IPSec connecting to server vpn.example.org
02.09.12 01:51:56,750 racoon[334]: Connecting.
02.09.12 01:51:56,750 racoon[334]: IPSec Phase1 started (Initiated by me).
02.09.12 01:51:56,750 racoon[334]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
02.09.12 01:51:59,752 racoon[334]: IKE Packet: transmit success. (Phase1 Retransmit).
02.09.12 01:52:00,929 racoon[334]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
02.09.12 01:52:00,942 racoon[334]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
02.09.12 01:52:01,545 racoon[334]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
02.09.12 01:52:01,593 racoon[334]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
02.09.12 01:52:04,595 racoon[334]: IKE Packet: transmit success. (Phase1 Retransmit).
02.09.12 01:52:07,768 racoon[334]: IKE Packet: transmit success. (Phase1 Retransmit).
02.09.12 01:52:10,649 racoon[334]: IKE Packet: transmit success. (Phase1 Retransmit).
02.09.12 01:52:22,242 racoon[334]: IKE Packet: transmit success. (Phase1 Retransmit).
02.09.12 01:52:30,929 configd[18]: IPSec disconnecting from server vpn.example.org
02.09.12 01:52:30,930 racoon[334]: IPSec disconnecting from server vpn.example.org
02.09.12 01:52:30,933 racoon[334]: IPSec disconnecting from server vpn.example.org

Hab mal den Log vom Mac OS nachgereicht. Eine testweise Verbindung via PSK funktioniert auch tadellos - nur eben nicht mit Zertifikat.