ich habe einen (1) cloud-server den ich via vpn anbinden will.
cloud-server: strongswan 5.9.5
lancom: lcos 10.72
Konstrukt: cloud-server - lancom - 2 netze (ipv4)
Ich habe es hinbekommen, dass die Verbindung aufgebaut wird, aber es kommen keine Daten an - in keiner Richtung. Die Firewall meckert nicht.
Code: Alles auswählen
add "GWFWSFI" {Active} Yes {SH-Time} 9999 {Remote-Gateway} "rv1280.averlon.de" {Rtg-tag} 0 {Encryption} "DEFAULT" {Authentication} "IKEV2_GWFWSFI" {General} "DEFAULT" {Lifetimes} "DEFAULT" {IKE-CFG} Off {IPv4-CFG-Pool} "" {IPv6-CFG-Pool} "" {CFG-Client-Profile} "" {Split-DNS-Profile} "" {Auto-IP-Profile} "" {Rule-creation} manually {IPv4-Rules} "VPN_REGL_GWFSWFI" {IPv6-Rules} "" {Routing} "" {RADIUS-Authorization} "" {RADIUS-Accounting} "" {IPv6} "" {HSVPN} "" {Comment} ""
Code: Alles auswählen
cd /Setup/IP-Router/IP-Routing-Table
add 10.10.200.0 255.255.255.0 0 0 {Peer-or-IP} "GWFWSFI" {Distance} 0 {Masquerade} No {Active} Yes {Comment} ""
Code: Alles auswählen
connections {
averlon {
local_addrs = <ip cloud server>
remote_addrs = <dns des lancom>
local {
auth = psk
id = a@b.de
}
remote {
auth = psk
id = b@c.de
}
children {
av_dmz {
local_ts = 10.10.200.1
remote_ts = 10.10.108.0/24
esp_proposals = aes256-sha256-modp2048
}
av_intra {
local_ts = 10.10.200.1
remote_ts = 10.10.110.0/24
esp_proposals = aes256-sha256-modp2048
}
}
proposals = aes256-sha256-modp2048
}
}
Code: Alles auswählen
Status of IKE charon daemon (strongSwan 5.9.5, Linux 5.15.0-76-generic, x86_64):
uptime: 2 hours, since Jul 19 09:22:06 2023
malloc: sbrk 3436544, mmap 0, used 1853920, free 1582624
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 118
loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default bypass-lan connmark stroke vici updown eap-mschapv2 xauth-generic counters
Listening IP addresses:
<ip cloud server>
Connections:
gwfwsfi: <ip cloud server>...<dns lancom> IKEv1/2
gwfwsfi: local: [a@b.de] uses pre-shared key authentication
gwfwsfi: remote: [b@c.de] uses pre-shared key authentication
netz2: child: 10.10.200.1/32 === 10.10.108.0/24 TUNNEL
netz1: child: 10.10.200.1/32 === 10.10.110.0/24 TUNNEL
Shunted Connections:
Bypass LAN <ip cloud server>/24: <ip cloud server>/24 === <ip cloud server>/24 PASS
Bypass LAN ::1/128: ::1/128 === ::1/128 PASS
Bypass LAN fe80::/64: fe80::/64 === fe80::/64 PASS
Security Associations (1 up, 0 connecting):
gwfwsfi[75]: ESTABLISHED 9 minutes ago, <ip cloud server>[a@b.de]...<ip lancom>[b@c.de]
gwfwsfi[75]: IKEv2 SPIs: ca72545cd22ae31a_i df2556f48a308ab8_r*, rekeying in 3 hours
gwfwsfi[75]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
netz1{26}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: cac7c1a4_i 3a37b197_o
netz1{26}: AES_CBC_256/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes
netz1{26}: 10.10.200.1/32 === 10.10.110.0/24
netz2{27}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c6e11fd9_i 500f25a8_o
netz2{27}: AES_CBC_256/HMAC_SHA2_256_128/MODP_2048, 0 bytes_i, 0 bytes_o, rekeying in 44 minutes
netz2{27}: 10.10.200.1/32 === 10.10.108.0/24
Woran könnte es liegen, dass der Ping nicht ankommt?