IPsec-VPN Windows 10 abbruch

neoblade

Hi zusammen,

ich habe erfolgreich ein IPSec VPN eingerichtet. Dazu habe ich u.a. auch ein vpn mit Windows 10 Boardmitteln erstellt. Die Verbindung kommt zustande und ich kann auch alles erreichen (was ich benötige).

Die Verbindung allerdings bleibt nach ca. 3-4 Minuten "hängen" und ich verliere die Verbindung. In W10 steht aber weiterhin, dass die Verbindung bestehen würde.
Da ich ja aktiv über die Verbindung arbeite, kann kein Timeout (Leerlauf) "greifen"…

Ich habe Knöppe auf den Augen und finde keinen Fehler.

Hat jemand vielleicht eine Idee?

Vielen Dank und Grüße

Frank

o2051867

Hallo,

du könntest ja schon mal einen Auszug aus dem IPSec Log hier posten.
Vielleicht findet sich da ein Hinweis darauf.

Viele Grüße

neoblade

Hallo, komischer Weise "hält" die Verbindung heute schon länger…

Ist immer ein doofer Fehler, wenn er sich nicht reproduzieren lässt :-(
Das ganze ist folgender Maßen aufgebaut Fritte (Telekom)-->pfsense-->intern

Hier mal der aktuelle Auszug:
Oct 30 11:29:56 charon 12[ENC] <con1|15>parsed INFORMATIONAL response 64 [ ]
Oct 30 11:29:56 charon 12[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:29:56 charon 12[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:29:56 charon 12[ENC] <con1|15>generating INFORMATIONAL request 64 [ ]
Oct 30 11:29:56 charon 12[IKE] <con1|15>sending DPD request
Oct 30 11:29:34 charon 11[ENC] <con1|15>parsed INFORMATIONAL response 63 [ ]
Oct 30 11:29:34 charon 11[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:29:34 charon 11[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:29:34 charon 11[ENC] <con1|15>generating INFORMATIONAL request 63 [ ]
Oct 30 11:29:34 charon 11[IKE] <con1|15>sending DPD request
Oct 30 11:29:24 charon 11[ENC] <con1|15>parsed INFORMATIONAL response 62 [ ]
Oct 30 11:29:24 charon 11[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:29:24 charon 11[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:29:24 charon 11[ENC] <con1|15>generating INFORMATIONAL request 62 [ ]
Oct 30 11:29:24 charon 11[IKE] <con1|15>sending DPD request
Oct 30 11:28:55 charon 11[ENC] <con1|15>parsed INFORMATIONAL response 61 [ ]
Oct 30 11:28:55 charon 11[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:28:55 charon 11[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:28:55 charon 11[ENC] <con1|15>generating INFORMATIONAL request 61 [ ]
Oct 30 11:28:55 charon 11[IKE] <con1|15>sending DPD request
Oct 30 11:28:44 charon 13[ENC] <con1|15>parsed INFORMATIONAL response 60 [ ]
Oct 30 11:28:44 charon 13[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:28:44 charon 13[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:28:44 charon 13[ENC] <con1|15>generating INFORMATIONAL request 60 [ ]
Oct 30 11:28:44 charon 13[IKE] <con1|15>sending DPD request
Oct 30 11:28:22 charon 13[ENC] <con1|15>parsed INFORMATIONAL response 59 [ ]
Oct 30 11:28:22 charon 13[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:28:22 charon 13[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:28:22 charon 13[ENC] <con1|15>generating INFORMATIONAL request 59 [ ]
Oct 30 11:28:22 charon 13[IKE] <con1|15>sending DPD request
Oct 30 11:28:12 charon 13[ENC] <con1|15>parsed INFORMATIONAL response 58 [ ]
Oct 30 11:28:12 charon 13[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:28:12 charon 13[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:28:12 charon 13[ENC] <con1|15>generating INFORMATIONAL request 58 [ ]
Oct 30 11:28:12 charon 13[IKE] <con1|15>sending DPD request
Oct 30 11:28:02 charon 13[ENC] <con1|15>parsed INFORMATIONAL response 57 [ ]
Oct 30 11:28:02 charon 13[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:28:02 charon 13[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:28:02 charon 13[ENC] <con1|15>generating INFORMATIONAL request 57 [ ]
Oct 30 11:28:02 charon 13[IKE] <con1|15>sending DPD request
Oct 30 11:27:52 charon 13[ENC] <con1|15>parsed INFORMATIONAL response 56 [ ]
Oct 30 11:27:52 charon 13[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:27:52 charon 13[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:27:52 charon 13[ENC] <con1|15>generating INFORMATIONAL request 56 [ ]
Oct 30 11:27:52 charon 13[IKE] <con1|15>sending DPD request
Oct 30 11:27:15 charon 16[ENC] <con1|15>parsed INFORMATIONAL response 55 [ ]
Oct 30 11:27:15 charon 16[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (80 bytes)
Oct 30 11:27:15 charon 16[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:27:15 charon 16[ENC] <con1|15>generating INFORMATIONAL request 55 [ ]
Oct 30 11:27:15 charon 16[IKE] <con1|15>sending DPD request</con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15>

neoblade

und just ist der Tunnel weg…
LOG:
Oct 30 11:58:59 charon 14[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:58:59 charon 14[ENC] <con1|15>generating CREATE_CHILD_SA response 74 [ N(TS_UNACCEPT) ]
Oct 30 11:58:59 charon 14[IKE] <con1|15>failed to establish CHILD_SA, keeping IKE_SA
Oct 30 11:58:59 charon 14[IKE] <con1|15>traffic selectors 0.0.0.0/0|/0 ::/0|/0 === 0.0.0.0/0|/0 ::/0|/0 inacceptable
Oct 30 11:58:59 charon 14[ENC] <con1|15>parsed CREATE_CHILD_SA request 74 [ SA No TSi TSr ]
Oct 30 11:58:59 charon 14[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (304 bytes)
Oct 30 11:58:56 charon 14[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:58:56 charon 14[ENC] <con1|15>generating CREATE_CHILD_SA response 73 [ N(TS_UNACCEPT) ]
Oct 30 11:58:56 charon 14[IKE] <con1|15>failed to establish CHILD_SA, keeping IKE_SA
Oct 30 11:58:56 charon 14[IKE] <con1|15>traffic selectors 0.0.0.0/0|/0 ::/0|/0 === 0.0.0.0/0|/0 ::/0|/0 inacceptable
Oct 30 11:58:56 charon 14[ENC] <con1|15>parsed CREATE_CHILD_SA request 73 [ SA No TSi TSr ]
Oct 30 11:58:56 charon 14[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (304 bytes)
Oct 30 11:58:56 charon 14[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:58:56 charon 14[ENC] <con1|15>generating CREATE_CHILD_SA response 72 [ N(TS_UNACCEPT) ]
Oct 30 11:58:56 charon 14[IKE] <con1|15>failed to establish CHILD_SA, keeping IKE_SA
Oct 30 11:58:56 charon 14[IKE] <con1|15>traffic selectors 0.0.0.0/0|/0 ::/0|/0 === 0.0.0.0/0|/0 ::/0|/0 inacceptable
Oct 30 11:58:56 charon 14[ENC] <con1|15>parsed CREATE_CHILD_SA request 72 [ SA No TSi TSr ]
Oct 30 11:58:56 charon 14[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (304 bytes)
Oct 30 11:58:56 charon 14[CFG] added configuration 'con1'
Oct 30 11:58:56 charon 14[CFG] loaded certificate "C=DE, ST=North-Rhine-Westphalen, L=cologne, O=IT, E=flyfrank@XXX.XX, CN=XXXXXXX.de, OU=IT" from '/var/etc/ipsec/ipsec.d/certs/cert-1.crt'
Oct 30 11:58:56 charon 14[CFG] reusing virtual IP address pool 10.98.1.0/24
Oct 30 11:58:56 charon 14[CFG] received stroke: add connection 'con1'
Oct 30 11:58:56 ipsec_starter 3990 'bypasslan' shunt PASS policy installed
Oct 30 11:58:56 charon 14[CFG] received stroke: route 'bypasslan'
Oct 30 11:58:56 charon 14[CFG] added configuration 'bypasslan'
Oct 30 11:58:56 charon 14[CFG] received stroke: add connection 'bypasslan'
Oct 30 11:58:56 charon 14[CFG] deleted connection 'con1'
Oct 30 11:58:56 charon 14[CFG] received stroke: delete connection 'con1'
Oct 30 11:58:56 charon 07[CFG] deleted connection 'bypasslan'
Oct 30 11:58:56 charon 07[CFG] received stroke: delete connection 'bypasslan'
Oct 30 11:58:56 ipsec_starter 3990 shunt policy 'bypasslan' uninstalled
Oct 30 11:58:56 charon 15[CFG] received stroke: unroute 'bypasslan'
Oct 30 11:58:56 charon 07[CFG] rereading crls from '/usr/local/etc/ipsec.d/crls'
Oct 30 11:58:56 charon 07[CFG] rereading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Oct 30 11:58:56 charon 07[CFG] rereading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Oct 30 11:58:56 charon 07[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Oct 30 11:58:56 charon 07[CFG] loaded ca certificate "C=DE, ST=North-Rhine-Westphalen, L=cologne, O=IT, E=flyfrank@XXX.XX, CN=vpnca, OU=IT" from '/usr/local/etc/ipsec.d/cacerts/2f1593d6.0.crt'
Oct 30 11:58:56 charon 07[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Oct 30 11:58:56 charon 07[CFG] loaded EAP secret for anderson@XXXXX.de
Oct 30 11:58:56 charon 07[CFG] loaded RSA private key from '/var/etc/ipsec/ipsec.d/private/cert-1.key'
Oct 30 11:58:56 charon 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Oct 30 11:58:56 charon 07[CFG] rereading secrets
Oct 30 11:58:55 charon 12[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:58:55 charon 12[ENC] <con1|15>generating CREATE_CHILD_SA response 71 [ N(NO_PROP) ]
Oct 30 11:58:55 charon 12[IKE] <con1|15>failed to establish CHILD_SA, keeping IKE_SA
Oct 30 11:58:55 charon 12[IKE] <con1|15>no acceptable proposal found
Oct 30 11:58:55 charon 12[CFG] <con1|15>configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_512_256/MODP_2048/NO_EXT_SEQ
Oct 30 11:58:55 charon 12[CFG] <con1|15>received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Oct 30 11:58:55 charon 12[ENC] <con1|15>parsed CREATE_CHILD_SA request 71 [ SA No TSi TSr ]
Oct 30 11:58:55 charon 12[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (304 bytes)</con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15>