Punkte 1 und 2 habe ich mit 9.20.0503 erlebt, Punkt 3 mit beiden o. g. Versionen.
Ich berichte beide Punkte ohne die Möglichkeit, die Situation nochmals nachzustellen.
Punkt 3 ist Stress.
1. VPN-Aufbau in Richtung LAN statt INTERNET
- Internetzugang "INTERNET" über DSL-1 mit VLAN Tag und PPPoE (IPv4 und IPv6)
- Google DNS über IP-Parameter zugeordnet: 8.8.4.4, 8.8.8.8
- DNS-Server in LCOS aktiviert
- Weiterleitungen für Zone "*.example.com" an interne NS (über IP-Adressen: eine im LAN Intranet, eine über VPN zu erreichen)
Der DNS im Intranet liefert für "vpn-gw.example.com" eine öffentliche IP-Adresse.
Der VPN-Aufbau wird über das Interface "LAN" versucht, nicht über "INTERNET"
Es sieht so aus, als ob der Ort des DNS-Servers darüber entscheidet, über welches Interface die VPN-Verbindung aufgebaut wird, und nicht die Antwort und die dazu gehörende Route.
Wenn in den DNS-Weiterleitungen für "vpn-gw.example.com" die Gegenstelle "INTERNET" eingetragen wird, wird auch die VPN-Verbindung wieder über "INTERNET" aufgebaut.
2. Interner DNS antwortet auffällig (falsch?) auf SIP-Domains, die in SIP-PBX-Leitungen konfiguriert sind.
- VCM ist aktiv
- Eigener Router heißt "router01.example.com"
- Eigene SIP-Domain ist "sip01.example.com",
- SIP-PBX-Leitung ist definiert: SIP-Domain der Gegenseite "sip00.example.com". Kein Registrar, kein Proxy definiert.
LCOS muss den zuständigen VoIP-Peer für die Leitung über DNS auflösen:
Query: _sip._udp.sip00.example.com SRV
Der für die Domain "*.example.com" eingetragene externe Nameserver liefert:
0 0 5060 router00.voip.example.com (Der SIP-_Router der Gegenseite, der auch eine passende IP-Adresse über A-Record hat)
Das ist der richtige, zuständige Registrar für die SIP-PBX-Leitung zur Domain "sip00.example.com"!!
Eine DNS-Query an den eigenen Router "router01" liefert
0 0 5060 router01.
Das ist das Problem: Der Router beantwortet die Frage nach dem zuständigen Registrar für die VoIP-Domain der Gegenseite mit sich selbst.
Die SIP-PBX-Leitung wird nur aktiv, wenn die IP-Adresse des Registrars der Gegenseite explizit in der Leitungskonfiguration eingetragen wird.
3. Versuche eines VPN-Aufbaus von AdvVPN-Client unter Windows 10 Pro (v3.04, aktueller Build) führen zum sofortigen Absturz des VPN-Zielrouters
Der Client ist noch im Testzeitraum.
Die VPN-Verbindung verwendet:
- IKE v1 mit AES-256 und SHA-1
- Main Mode
- RSA-Signatur mit Zertifikat und ASN1 Distinguished Name
- ESP mit AES-256 und SHA-1
Beim Verbindungsaufbau wird im Trace noch angezeigt, dass ein passendes IKE-Proposal gefunden wurde, dann folgt der LCOS-Crash.
Nachtrag (2016-03-30 23:04): Wenn auf Aggressive Mode und PSK umgestellt wird, funktioniert der Verbindungsaufbau. Es könnte also ein Problem bei der Verarbeitung von X.509-Zertifikaten zu sein. Es sind in der fraglichen Installation ca 12 weitere X.509-Zertifikatsbasierende VPN-Clients im Einsatz.
Bootlog
Code: Alles auswählen
DEVICE: LANCOM 1781AW
HW-RELEASE: B
VERSION: 9.20.0503 / 22.03.2016
****
03/29/2016 22:01:23 System boot after LCOS-Watchdog
DEVICE: LANCOM 1781AW
HW-RELEASE: B
VERSION: 9.20.0503 / 22.03.2016
****
03/29/2016 22:11:34 LCOS-Watchdog
Task name = VPN-IKE Type=e300: DSI Interrupt (Protection error on load access @0x00000000)
Code=0x00000300 Thread=02b32ac8 Task=02b32ac0 Nest=0x00000001
R00=0x01621310 SP =0x0238b790 R02=0x01f75000 R03=0x00000000
R04=0x0236d670 R05=0x00000079 R06=0x000fffdc R07=0x0238b8f4
R08=0x22c9a2c4 R09=0x00fd0128 R10=0x00000000 R11=0x00000000
R12=0x22042082 R13=0x022cc7d0 R14=0x00000000 R15=0x00000000
R16=0x02355adc R17=0x01cd50e8 R18=0x075b53e0 R19=0x00000000
R20=0x0215cb14 R21=0x00000002 R22=0x00000008 R23=0x022c0000
R24=0x00000000 R25=0x00000009 R26=0x023bf9a0 R27=0x00000001
R28=0x00000000 R29=0x0236d690 R30=0x023bf9a4 R31=0x0236d670
CR =0x22042082 XER =0x00000000 LR =0x01621310 CTR =0x00fd0128
DAR =0x00000000 DSR =0x08000000 TBL =0xc7666efd TBU =0x00010f0b
IBCR=0x00e20000 DBCR=0x00000000 DBR =0x00000000 DBR2=0x00000000
HID0=0xc090c000 HID1=0x0c000000 HID2=0x04e40000 MBAR=0x00000000
SPR0=0x00000000 SPR1=0x00000000 SPR2=0x0236d670 SPR3=0x000010b6
SPR4=0x00000000 SPR5=0x00000000 SPR6=0x00000000 SPR7=0x00000000
TGR0=0x00000000 TGR1=0x00000010 TGR2=0x00200040 TGR3=0x200a10b6
SRR0(PC) =0x00fd0140
SRR1(MSR)=0x000010b6
possible error location: [BT] 015fbf98 00fca534 015fc29c 01621310
Stack dump (1024 bytes):
Adr:= 0238b790
Len:= 00000400
0238B790: 02 38 B7 A0 02 2B 66 C8 02 3B F9 A4 02 36 D6 90 | .8...+f. .;...6..
0238B7A0: 02 38 B7 C0 01 62 13 10 00 C4 10 6C 06 31 CB F4 | .8...b.. ...l.1..
0238B7B0: 06 31 CB 80 FF FF FF FE 02 2C 00 00 02 2C 00 00 | .1...... .,...,..
0238B7C0: 02 38 B7 E0 01 5F D2 C8 00 00 08 2C 22 C9 A2 D1 | .8..._.. ...,"...
0238B7D0: 00 00 00 00 00 00 00 00 07 32 87 60 07 32 87 60 | ........ .2.`.2.`
0238B7E0: 02 B6 E4 98 01 61 E2 F8 00 00 00 00 07 FE 54 CE | .....a.. ......T.
0238B7F0: 04 F2 AB 80 00 00 00 00 01 DD 61 D8 01 DD 5E 68 | ........ ..a...^h
0238B800: 01 C0 21 08 00 00 00 00 02 38 B8 08 02 38 B8 08 | ..!..... .8...8..
0238B810: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238B820: 00 00 00 00 00 00 00 00 02 3B FB C0 06 89 C0 40 | ........ .;.....@
0238B830: 00 00 00 E0 01 DD 5E 78 01 C0 21 08 00 00 00 00 | ......^x ..!.....
0238B840: 02 38 B8 40 02 38 B8 40 01 00 00 00 00 00 00 00 | .8.@.8.@ ........
0238B850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238B860: 02 3C 10 60 02 E8 6D E0 00 00 00 08 01 DD 5E 88 | .<.`..m. ......^.
0238B870: 01 C0 21 08 00 00 00 00 02 38 B8 78 02 38 B8 78 | ..!..... .8.x.8.x
0238B880: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238B890: 00 00 00 00 00 00 00 00 02 3B FC 20 02 E0 85 E0 | ........ .;. ....
0238B8A0: 00 00 00 E8 00 00 00 00 02 3B C0 40 02 3B C0 A0 | ........ .;.@.;..
0238B8B0: 02 3B C1 00 02 3B F7 60 02 3B F7 68 02 B3 2A C8 | .;...;.` .;.h..*.
0238B8C0: 02 36 D6 70 02 3B F7 68 00 00 00 03 00 05 26 2F | .6.p.;.h ......&/
0238B8D0: 00 00 00 7A 5E 3B 33 6E 00 10 72 70 01 DD 5C 80 | ...z^;3n ..rp..\.
0238B8E0: 02 3B F7 68 00 00 00 00 00 00 00 03 02 38 B8 F4 | .;.h.... .....8..
0238B8F0: 02 38 B9 34 00 00 00 00 00 00 00 00 00 00 00 00 | .8.4.... ........
0238B900: 00 00 00 00 00 00 00 00 02 36 D6 70 00 00 00 00 | ........ .6.p....
0238B910: 00 00 00 00 02 B3 2A C8 00 00 00 00 00 00 00 00 | ......*. ........
0238B920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238B930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238B940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238B950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238B960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238B970: 00 00 00 00 02 E3 E7 A8 04 E4 21 E8 00 00 00 00 | ........ ..!.....
0238B980: 00 00 00 00 02 E0 45 28 02 3C 11 F0 02 36 19 88 | ......E( .<...6..
0238B990: 06 E2 4C 08 07 68 2E 68 02 2C F5 30 02 2E 78 B0 | ..L..h.h .,.0..x.
0238B9A0: 00 00 00 00 00 00 00 00 00 00 00 00 02 E8 4B 90 | ........ ......K.
0238B9B0: 02 3B F7 68 00 00 10 B6 80 00 00 00 02 3B F9 A0 | .;.h.... .....;..
0238B9C0: 80 00 00 01 02 3B FA 20 02 3B FA 80 00 00 00 00 | .....;. .;......
0238B9D0: 01 DD 61 E8 02 3B FC 80 02 3C 11 20 00 00 00 00 | ..a..;.. .<. ....
0238B9E0: 01 DD 5D D8 00 00 28 7B 00 00 20 62 00 00 50 F7 | ..]...({ .. b..P.
0238B9F0: 00 00 40 C6 00 00 50 F7 00 00 40 C6 00 00 50 F7 | ..@...P. ..@...P.
0238BA00: 00 00 40 C6 00 00 CA 6C 00 00 A1 F0 00 01 94 DA | ..@....l ........
0238BA10: 00 01 43 E2 00 03 29 B6 00 02 87 C5 00 07 E8 49 | ..C...). .......I
0238BA20: 00 06 53 6E 00 07 E8 49 00 06 53 6E 07 69 C6 13 | ..Sn...I ..Sn.i..
0238BA30: 05 EE 38 0F 0B 1E A9 1D 08 E5 54 17 0B 1E A9 1D | ..8..... ..T.....
0238BA40: 08 E5 54 17 0B 1E A9 1D 08 E5 54 17 0B 1E A9 1D | ..T..... ..T.....
0238BA50: 08 E5 54 17 03 B4 E3 09 02 F7 1C 07 03 B4 E3 09 | ..T..... ........
0238BA60: 02 F7 1C 07 00 00 00 01 00 00 00 00 03 09 B1 60 | ........ .......`
0238BA70: 04 E3 20 20 02 DE 9A E0 02 DE 61 C0 06 F7 7B 20 | .. .... ..a...{
0238BA80: 01 C0 21 08 00 00 00 00 02 38 BA 88 02 38 BA 88 | ..!..... .8...8..
0238BA90: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BAA0: 00 00 00 00 00 00 00 00 46 72 65 65 73 63 61 6C | ........ Freescal
0238BAB0: 65 20 4D 50 43 38 33 31 34 45 20 31 2E 32 20 28 | e MPC831 4E 1.2 (
0238BAC0: 63 6F 72 65 20 32 2E 30 29 00 00 00 00 00 00 00 | core 2.0 ).......
0238BAD0: 00 00 00 3C 00 00 00 00 01 C0 21 08 00 00 00 00 | ...<.... ..!.....
0238BAE0: 02 38 BA E0 02 38 BA E0 01 00 00 00 00 00 00 00 | .8...8.. ........
0238BAF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BB00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BB10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BB20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BB30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BB40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BB50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BB60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BB70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
0238BB80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
largest available memory block: 23768544 bytes
Noch ein Versuch, diesmal mit LCOS 9.10.0622 (zum Vergleich)
Code: Alles auswählen
03/29/2016 22:16:27 System boot after firmware upload
DEVICE: LANCOM 1781AW
HW-RELEASE: B
VERSION: 9.10.0622 / 19.03.2016
****
03/29/2016 22:16:55 LCOS-Watchdog
Task name = IT Type=e300: DSI Interrupt (Protection error on load access @0x00000008)
Code=0x00000300 Thread=0234a370 Task=0234a368/00000000 Nest=0x00000000
R00=0x00dd4fac SP =0x02c12358 R02=0x01a3e000 R03=0x35ec89da
R04=0x000010b6 R05=0x00000000 R06=0x02109b75 R07=0x00000000
R08=0x0655fc0c R09=0x000090b2 R10=0x00000000 R11=0x00007120
R12=0x24042042 R13=0x022a2510 R14=0x04e30c00 R15=0x00000000
R16=0x00000001 R17=0x0234a30c R18=0x00000001 R19=0x000090b2
R20=0x0696bf20 R21=0x49545254 R22=0x0216f5d0 R23=0x00000000
R24=0x01705ce0 R25=0x0229be60 R26=0x0229be7c R27=0x0229be74
R28=0x0234a320 R29=0x0229be68 R30=0x00000000 R31=0x00000032
CR =0x40004082 XER =0x00000000 LR =0x00dd502c CTR =0x07fdf457
DAR =0x00000008 DSR =0x08000000 TBL =0x42136f28 TBU =0x00010f0e
IBCR=0x00e20000 DBCR=0x00000000 DBR =0x00000000 DBR2=0x00000000
HID0=0xc090c000 HID1=0x0c000000 HID2=0x04e40000 MBAR=0x00000000
SPR0=0x00007120 SPR1=0x35ec89da SPR2=0x000010b6 SPR3=0x000010b6
SPR4=0x00000000 SPR5=0x00000000 SPR6=0x00000000 SPR7=0x00000000
TGR0=0x00000008 TGR1=0x00000010 TGR2=0x00200040 TGR3=0x400a10b2
SRR0(PC) =0x00dd553c
SRR1(MSR)=0x000010b2
Stack dump (1024 bytes):
Adr:= 02c12358
Len:= 00000400
02C12358: 02 C1 23 D0 00 DD 4F AC 01 89 DF 98 00 00 00 00 | ..#...O. ........
02C12368: 02 C1 23 68 02 C1 23 68 01 C1 23 D0 00 00 00 00 | ..#h..#h ..#.....
02C12378: 00 00 08 2C 35 EC 89 C6 00 00 00 00 00 00 00 00 | ...,5... ........
02C12388: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
02C12398: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
02C123A8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
02C123B8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
02C123C8: 00 00 00 00 00 00 00 00 00 00 00 00 00 DC F1 50 | ........ .......P
02C123D8: F7 F9 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 | ........ ........
02C123E8: 00 00 00 00 00 00 00 00 02 C1 24 40 02 C1 23 A0 | ........ ..$@..#.
02C123F8: F8 2D 00 00 00 00 00 00 02 C1 36 E0 02 C1 13 A0 | .-...... ..6.....
02C12408: 00 00 00 97 02 39 D7 68 00 00 00 00 01 72 55 88 | .....9.h .....rU.
02C12418: 00 40 49 49 00 00 00 00 01 89 E2 B8 00 00 00 05 | .@II.... ........
02C12428: 00 00 00 05 01 1C 10 10 01 41 98 B0 01 40 4A 60 | ........ .A...@J`
02C12438: 01 40 4A CC 01 40 4C 3C 01 70 11 78 02 C1 23 F0 | .@J..@L< .p.x..#.
02C12448: 01 80 19 70 00 00 00 00 00 00 00 00 02 C1 24 48 | ...p.... ......$H
02C12458: 02 C1 25 74 00 00 00 00 00 00 00 00 00 00 00 05 | ..%t.... ........
02C12468: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
02C12478: 00 00 00 00 00 00 00 00 01 EB B7 E0 00 DC CB 5C | ........ .......\
02C12488: 02 C1 24 48 01 98 69 7C 44 5B 24 E0 02 C1 24 40 | ..$H..i| D[$...$@
02C12498: 00 00 00 00 00 00 10 00 02 C1 36 08 02 C1 26 C0 | ........ ..6...&.
02C124A8: 00 00 00 08 00 00 00 05 00 05 89 01 02 36 71 DC | ........ .....6q.
02C124B8: 02 C1 24 48 02 C1 24 48 00 00 00 01 00 00 00 00 | ..$H..$H ........
02C124C8: 00 00 00 08 00 00 00 01 02 17 DA 58 00 00 00 BF | ........ ...X....
02C124D8: 00 00 00 00 02 C1 24 40 02 37 B7 88 04 E8 AE 38 | ......$@ .7.....8
02C124E8: 70 46 9C D5 00 00 00 05 00 00 00 00 00 00 00 BF | pF...... ........
02C124F8: 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 | ........ ........
02C12508: 00 00 00 00 01 98 69 7C 00 00 6C 73 6C 73 00 00 | ......i| ..lsls..
02C12518: 00 DD 0A 80 00 00 00 08 00 00 10 00 02 C1 24 48 | ........ ......$H
02C12528: 00 07 E8 44 00 07 E8 49 00 06 53 6E 00 00 00 00 | ...D...I ..Sn....
02C12538: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 | ........ ........
02C12548: 00 00 00 01 00 00 00 01 01 00 00 00 02 C1 24 48 | ........ ......$H
02C12558: 00 00 28 7C 00 00 28 77 00 36 00 00 00 00 00 00 | ..(|..(w .6......
02C12568: 00 00 00 00 00 00 00 00 02 C1 24 40 01 89 DF 08 | ........ ..$@....
02C12578: 00 00 00 00 00 00 00 00 02 C1 24 48 01 70 C0 28 | ........ ..$H.p.(
02C12588: 00 00 00 00 00 00 00 00 02 C1 24 40 00 00 00 00 | ........ ..$@....
02C12598: 00 00 02 58 00 00 01 E0 01 00 00 00 00 00 00 00 | ...X.... ........
02C125A8: 00 00 00 00 01 1B C8 6C 02 C1 24 40 00 00 00 00 | .......l ..$@....
02C125B8: 00 00 00 02 00 00 00 00 00 00 00 01 12 34 56 78 | ........ .....4Vx
02C125C8: 4A 42 00 00 02 C1 14 60 02 C1 26 20 02 C1 25 80 | JB.....` ..& ..%.
02C125D8: F8 39 00 00 00 00 00 00 02 BE 6A 00 00 00 00 00 | .9...... ..j.....
02C125E8: 02 C1 26 08 00 00 00 02 00 00 00 00 02 C1 26 FC | ..&..... ......&.
02C125F8: 04 CB 88 20 02 BF 64 E8 F8 3A 00 00 00 00 00 00 | ... ..d. .:......
02C12608: F8 07 00 00 00 00 00 00 00 00 00 00 01 59 F8 AC | ........ .....Y..
02C12618: 01 1B F9 D8 00 00 00 00 02 C1 26 70 02 C1 25 D0 | ........ ..&p..%.
02C12628: 01 70 11 48 00 00 00 00 00 00 00 00 00 00 00 00 | .p.H.... ........
02C12638: 00 00 00 00 02 C1 26 28 00 00 00 00 4D 53 00 00 | ......&( ....MS..
02C12648: 00 DD 76 6C FF FF 97 67 02 39 D7 60 00 00 00 00 | ..vl...g .9.`....
02C12658: 01 70 C0 28 02 C1 24 40 02 C1 25 70 02 36 72 70 | .p.(..$@ ..%p.6rp
02C12668: 00 00 00 00 01 1C D8 4C 02 C1 26 C0 02 C1 26 20 | .......L ..&...&
02C12678: 02 BE 6C A0 00 00 00 00 02 C1 24 40 02 BE 6B 20 | ..l..... ..$@..k
02C12688: 02 C1 26 E8 01 1C D7 84 00 00 00 00 00 00 00 00 | ..&..... ........
02C12698: 00 00 00 00 02 BD 62 38 00 00 00 00 00 00 00 00 | ......b8 ........
02C126A8: F8 0B 00 00 00 00 00 00 00 00 00 00 02 C1 15 F4 | ........ ........
02C126B8: 00 00 00 00 02 C1 16 10 55 55 55 55 55 55 55 55 | ........ UUUUUUUU
02C126C8: F8 3F 00 00 00 00 00 00 F8 0C 00 00 00 00 00 00 | .?...... ........
02C126D8: 02 C1 14 C8 00 00 90 B2 00 00 00 00 06 04 7C 44 | ........ ......|D
02C126E8: 02 C0 4F 98 02 C1 68 88 F8 40 00 00 00 00 00 00 | ..O...h. .@......
02C126F8: F8 0D 00 00 00 00 00 00 00 00 00 00 20 00 00 00 | ........ .... ...
02C12708: 00 00 00 00 00 00 00 00 02 C1 27 60 02 C1 26 C0 | ........ ..'`..&.
02C12718: F8 41 00 00 00 00 00 00 F8 0E 00 00 00 00 00 00 | .A...... ........
02C12728: 00 00 00 00 00 00 00 00 00 00 00 00 00 DC EB F8 | ........ ........
02C12738: 02 C0 E2 C8 02 BE 6E 08 F8 42 00 00 00 00 00 00 | ......n. .B......
02C12748: F8 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ........ ........
largest available memory block: 23768544 bytes
Der Absturzfall im Trace (mit anonymisierter IP)
Code: Alles auswählen
> trace # vpn-stat vpn-ike vpn-debug
VPN-Status ON
VPN-IKE ON
VPN-Debug ON
root@my-router:/
[VPN-IKE] 2016/03/30 22:21:44,536
Received packet:
IKE 1.0 Header:
Source/Port : 109.44.2.117:35082
Destination/Port : 10.20.30.40:500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 11
Loopback : NO
| Initiator cookie : 3A 52 5B 35 ED 9B 95 B2
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 312 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 56 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 1
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 3
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 28800
| | | Attribute 6
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : DA 8E 93 78 80 01 00 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 44 85 15 2D 18 B6 BB CD 0B E8 A8 46 95 79 DD CC
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : C7 EB 0B CE BC CF E4 8F 4A F1 C7 C3 5B E5 04 5D
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : C6 1B AC A1 F1 A6 0C C1 14 00 00 00 00 00 00 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : CB E7 94 44 A0 87 0D E4 22 4A 2C 15 1F BF E0 99
<Unknown 43> Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 24 Bytes
| Vendor ID : 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3
| C0 00 00 00
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 12 F5 F2 8C 45 71 68 A9 70 2D 9F E2 74 CC 01 00
[VPN-Status] 2016/03/30 22:21:44,538
IKE info: The remote server 109.44.2.117:35082 (UDP) peer def-main-peer id <no_id> supports draft-ietf-ipsec-isakmp-xauth
IKE info: The remote peer def-main-peer supports NAT-T in draft mode
IKE info: The remote peer def-main-peer supports NAT-T in draft mode
IKE info: The remote peer def-main-peer supports NAT-T in RFC mode
IKE info: The remote server 109.44.2.117:35082 (UDP) peer def-main-peer id <no_id> negotiated rfc-3706-dead-peer-detection
IKE info: The remote client 109.44.2.117:35082 (UDP) peer def-main-peer id <no_id> is NCP LANCOM Serial Number Protocol 1.0 with serial number XXXXXXXX
[VPN-Status] 2016/03/30 22:21:44,542
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = SHA1 <-> local No 1 hash algorithm = SHA-512
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = SHA1 <-> local No 2 hash algorithm = SHA-256
IKE info: Phase-1 remote proposal 1 for peer def-main-peer matched with local proposal 3
[VPN-IKE] 2016/03/30 22:21:44,547
Sending packet:
IKE 1.0 Header:
Source/Port : 10.20.30.40:500
Destination/Port : 109.44.2.117:35082
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 11
Loopback : NO
| Initiator cookie : 3A 52 5B 35 ED 9B 95 B2
| Responder cookie : 75 1C 49 C2 5F 3F 53 B5
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 196 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 56 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 1
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 2
| | | Attribute 2
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 3
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 2
| | | Attribute 4
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 28800
| | | Attribute 6
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 256
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : EE EF A3 78 09 E3 2A D4 DE 4F 6B 01 0C 26 A6 40
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
[VPN-IKE] 2016/03/30 22:21:44,785
Received packet:
IKE 1.0 Header:
Source/Port : 109.44.2.117:35082
Destination/Port : 10.20.30.40:500
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 11
Loopback : NO
| Initiator cookie : 3A 52 5B 35 ED 9B 95 B2
| Responder cookie : 75 1C 49 C2 5F 3F 53 B5
| Next Payload : KEY_EXCH
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 252 Bytes
KEY_EXCH Payload
| Next Payload : NONCE
| Reserved : 0x00
| Length : 132 Bytes
| DH-Key(1024 bits) : 1B 88 7C 05 35 D9 79 B7 92 CE 8A 28 D8 22 D0 4A
| 81 CE AE 18 03 C9 F5 85 B8 02 34 1F DE 09 D6 9E
| 0D 3A E8 6A 67 0C B9 12 45 49 0C 72 1D DB 1C 59
| 30 2B 13 6A 44 C8 E8 FE 19 7B BB 50 13 82 89 99
| DF 81 94 85 1E 39 F7 96 35 7F 25 E3 B8 A4 DA 37
| 0D 3F AB DF 1B F9 E1 AE 87 10 CC 3B 1E 3E 5B B5
| 5F 99 94 FD 84 66 BA 5B 26 C7 2E 98 0E 13 E3 35
| 8A A1 5E 7A 16 CA 01 42 0B E9 97 79 FE 43 A7 9C
NONCE Payload
| Next Payload : NAT_D
| Reserved : 0x00
| Length : 44 Bytes
| Nonce(320 bits) : 15 97 13 1E B5 EC 53 AB D2 FA 9F E6 C9 7F 31 B9
| CC 03 9E 82 2D 6C 43 C8 39 BB 0F 8A F8 CD 59 EB
| DC E1 A9 0D 8A F4 49 52
NAT_D Payload
| Next Payload : NAT_D
| Reserved : 0x00
| Length : 24 Bytes
| Hash : F1 F0 A3 1B 14 83 52 7B 81 3D FC 93 F8 2D FD 20
| 95 30 4A 8B
NAT_D Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 24 Bytes
| Hash : AA 0A 87 CD 76 9E 8E 52 44 AE 65 26 BF 3A B2 A3
| 79 FB 17 29
[VPN-IKE] 2016/03/30 22:21:44,794
Sending packet:
IKE 1.0 Header:
Source/Port : 10.20.30.40:500
Destination/Port : 109.44.2.117:35082
VLAN-ID : 0
HW switch port : 0
Routing-tag : 0
Com-channel : 11
Loopback : NO
| Initiator cookie : 3A 52 5B 35 ED 9B 95 B2
| Responder cookie : 75 1C 49 C2 5F 3F 53 B5
| Next Payload : KEY_EXCH
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 508 Bytes
KEY_EXCH Payload
| Next Payload : NONCE
| Reserved : 0x00
| Length : 132 Bytes
| DH-Key(1024 bits) : 06 90 2F B3 2D E5 71 4A B5 93 1C 07 F4 0A A3 6A
| 3D AB 9E C5 88 82 2B D5 D7 87 15 5D AB 94 16 39
| 2A 07 ED E0 C4 CC 03 46 03 CE 15 49 07 B9 B0 B5
| 36 26 4E CC 40 C5 97 D0 F7 75 67 7A 52 DA 71 08
| D6 39 3A D9 67 0D 89 E4 BD C5 F2 90 C2 90 B5 36
| F5 C2 1F 07 2B 36 49 3C 25 CC D9 6A 67 0E 75 1F
| A3 91 A8 FF A6 60 2D 72 2F 54 FC 5C 10 F7 F3 AF
| 75 E0 91 8E 68 4C A3 E5 19 75 89 D8 B2 0D 3C 72
NONCE Payload
| Next Payload : CERT_REQ
| Reserved : 0x00
| Length : 44 Bytes
| Nonce(320 bits) : 52 2B 71 BC 88 DE 50 B9 DD F8 32 02 46 9D 90 8D
| 09 7C CE 1D 5F C6 FB 11 AC 41 74 4E 2C 6D 8D 20
| A0 D3 C1 44 87 AD D4 7F
CERT_REQ Payload
| Next Payload : NAT_D
| Reserved : 0x00
| Length : 256 Bytes
| Cert. Type : X509_SIG
| Cert. Autherity : 30 81 F8 31 0B 30 09 06 03 55 04 06 13 02 44 45
| 31 10 30 0E 06 03 55 04 08 13 07 47 65 72 6D 61
| 6E 79 31 1A 30 18 06 03 55 04 07 13 11 61 74 20
| 68 6F 6D 65 20 69 6E 20 45 75 72 6F 70 65 31 2F
| 30 2D 06 03 55 04 0A 14 26 48 45 4E 54 47 45 53
| 20 7C 20 53 63 68 61 6C 74 67 65 72 61 65 74 65
| 20 7C 20 44 69 73 74 72 69 62 75 74 69 6F 6E 31
| 3C 30 3A 06 03 55 04 0B 14 33 49 54 20 73 65 72
| 76 69 63 65 73 20 70 72 6F 76 69 64 65 64 20 62
| 79 20 61 73 79 73 74 65 63 2E 6E 65 74 20 7C 20
| 49 54 20 63 6F 6E 73 75 6C 74 69 6E 67 31 2C 30
| 2A 06 03 55 04 03 14 23 48 45 4E 54 47 45 53 20
| 47 6D 62 48 20 7C 20 49 54 20 73 65 63 75 72 69
| 74 79 20 7C 20 45 75 72 6F 70 65 31 1E 30 1C 06
| 09 2A 86 48 86 F7 0D 01 09 01 16 0F 63 65 72 74
| 40 68 65 6E 74 67 65 73 2E 65 75
NAT_D Payload
| Next Payload : NAT_D
| Reserved : 0x00
| Length : 24 Bytes
| Hash : C4 25 77 AC 46 7C E8 62 51 CB D3 AA 76 B7 7B 94
| D9 DE 72 0B
NAT_D Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 24 Bytes
| Hash : F1 F0 A3 1B 14 83 52 7B 81 3D FC 93 F8 2D FD 20
| 95 30 4A 8B
To Whom It May Concern.
Gruß,
Rougu
