VPN looft nicht und FW Regel korrekt?


  • Rebel Alliance

    Hallo.

    Nach einigen Wochen mit der pfSense komme ich an einigen Punkten nicht weiter. Versuche gerade eine VPN-Verbindung aufzubauen. Bin nach der Anleitung von IPsec Road Warrior/Mobile Client How-To gegangen. Es klappt nicht, Verbindung wird durch ein Timeout abgebrochen https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

    Hier der Log:

    Nov 15 13:56:40 	charon: 16[JOB] <con1|50> deleting half open IKE_SA after timeout
    Nov 15 13:56:36 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:36 	charon: 16[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
    Nov 15 13:56:36 	charon: 16[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
    Nov 15 13:56:34 	charon: 10[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:34 	charon: 10[IKE] <con1|50> sending retransmit 3 of response message ID 0, seq 1
    Nov 15 13:56:34 	charon: 14[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:34 	charon: 14[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
    Nov 15 13:56:34 	charon: 14[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
    Nov 15 13:56:30 	charon: 10[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:30 	charon: 10[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
    Nov 15 13:56:30 	charon: 10[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
    Nov 15 13:56:27 	charon: 10[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:27 	charon: 10[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
    Nov 15 13:56:27 	charon: 10[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
    Nov 15 13:56:25 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:25 	charon: 16[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
    Nov 15 13:56:25 	charon: 16[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
    Nov 15 13:56:21 	charon: 14[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:21 	charon: 14[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
    Nov 15 13:56:21 	charon: 14[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
    Nov 15 13:56:21 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:21 	charon: 16[IKE] <con1|50> sending retransmit 2 of response message ID 0, seq 1
    Nov 15 13:56:19 	charon: 14[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:19 	charon: 14[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
    Nov 15 13:56:19 	charon: 14[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
    Nov 15 13:56:16 	charon: 13[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:16 	charon: 13[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
    Nov 15 13:56:16 	charon: 13[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
    Nov 15 13:56:14 	charon: 04[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:14 	charon: 04[IKE] <con1|50> sending retransmit 1 of response message ID 0, seq 1
    Nov 15 13:56:12 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:12 	charon: 16[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
    Nov 15 13:56:12 	charon: 16[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
    Nov 15 13:56:10 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
    Nov 15 13:56:10 	charon: 16[ENC] <con1|50> generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ]
    Nov 15 13:56:10 	charon: 16[CFG] <50> selected peer config "con1"
    Nov 15 13:56:10 	charon: 16[CFG] <50> looking for XAuthInitPSK peer configs matching 79.198.26.236...109.47.2.246[vpn@pfsense.home]
    Nov 15 13:56:10 	charon: 16[IKE] <50> 109.47.2.246 is initiating a Aggressive Mode IKE_SA
    Nov 15 13:56:10 	charon: 16[IKE] <50> received DPD vendor ID
    Nov 15 13:56:10 	charon: 16[IKE] <50> received Cisco Unity vendor ID
    Nov 15 13:56:10 	charon: 16[IKE] <50> received XAuth vendor ID
    Nov 15 13:56:10 	charon: 16[IKE] <50> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Nov 15 13:56:10 	charon: 16[IKE] <50> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Nov 15 13:56:10 	charon: 16[IKE] <50> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Nov 15 13:56:10 	charon: 16[IKE] <50> received NAT-T (RFC 3947) vendor ID
    Nov 15 13:56:10 	charon: 16[IKE] <50> received FRAGMENTATION vendor ID
    Nov 15 13:56:10 	charon: 16[ENC] <50> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V ]</con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50>
    

    Und paar Screenshots im Anhang:

    Korrektur. VPN steht mit Debian 8 und installierten vpnc Paket.  ;D ;D ;D

    Und noch eine Korrektur. Win 7 mit Shrew Soft rennt auch.

    Also scheitert es an den Androiden hier. Wer hat es hier am laufen? Irgendwelche Tipps?

    Phase 1
    http://www.directupload.net/file/d/4175/i4kjolbh_jpg.htm

    Phase 2
    http://www.directupload.net/file/d/4175/apn9i7pk_jpg.htm

    User Manager
    http://www.directupload.net/file/d/4175/4l4fgt4h_jpg.htm

    FW Regel
    http://www.directupload.net/file/d/4175/fdtdmzh2_jpg.htm

    Android Config
    http://www.directupload.net/file/d/4175/7gzi22vv_jpg.htm

    Zum zweiten. Möchte zwei Netzwerkbereiche trennen, GAMING für die Spielkonsolen am LAN-Port re2 und LAN für den Rest am LAN-Port re1 an einer apu1d4.
    Der IP-Bereich lautet 192.168.3.0/24 für LAN, 192.168.9.0/24 für GAMING.

    Da wird dem LANnet alles erlaubt außer GAMINGnet zu nutzen. Kann man das so machen oder hat es Nachteile? Eine andereRegel  block IPv4 LANnet any GAMINGnet any any hatte zur Folge, daß der Gateway nicht mehr erreichbar war.

    Hier ein Screenshot
    http://www.directupload.net/file/d/4175/7gzi22vv_jpg.htm

    Danke schon mal für die Antworten.

    Mike













  • Rebel Alliance

    Moin.

    Habe die Bilder hochgeladen, sind jetzt besser einzusehen.


Log in to reply