Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN looft nicht und FW Regel korrekt?

    Scheduled Pinned Locked Moved Deutsch
    2 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mike69M
      mike69 Rebel Alliance
      last edited by

      Hallo.

      Nach einigen Wochen mit der pfSense komme ich an einigen Punkten nicht weiter. Versuche gerade eine VPN-Verbindung aufzubauen. Bin nach der Anleitung von IPsec Road Warrior/Mobile Client How-To gegangen. Es klappt nicht, Verbindung wird durch ein Timeout abgebrochen https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

      Hier der Log:

      Nov 15 13:56:40 	charon: 16[JOB] <con1|50> deleting half open IKE_SA after timeout
      Nov 15 13:56:36 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:36 	charon: 16[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
      Nov 15 13:56:36 	charon: 16[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
      Nov 15 13:56:34 	charon: 10[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:34 	charon: 10[IKE] <con1|50> sending retransmit 3 of response message ID 0, seq 1
      Nov 15 13:56:34 	charon: 14[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:34 	charon: 14[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
      Nov 15 13:56:34 	charon: 14[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
      Nov 15 13:56:30 	charon: 10[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:30 	charon: 10[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
      Nov 15 13:56:30 	charon: 10[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
      Nov 15 13:56:27 	charon: 10[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:27 	charon: 10[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
      Nov 15 13:56:27 	charon: 10[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
      Nov 15 13:56:25 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:25 	charon: 16[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
      Nov 15 13:56:25 	charon: 16[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
      Nov 15 13:56:21 	charon: 14[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:21 	charon: 14[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
      Nov 15 13:56:21 	charon: 14[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
      Nov 15 13:56:21 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:21 	charon: 16[IKE] <con1|50> sending retransmit 2 of response message ID 0, seq 1
      Nov 15 13:56:19 	charon: 14[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:19 	charon: 14[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
      Nov 15 13:56:19 	charon: 14[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
      Nov 15 13:56:16 	charon: 13[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:16 	charon: 13[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
      Nov 15 13:56:16 	charon: 13[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
      Nov 15 13:56:14 	charon: 04[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:14 	charon: 04[IKE] <con1|50> sending retransmit 1 of response message ID 0, seq 1
      Nov 15 13:56:12 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:12 	charon: 16[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
      Nov 15 13:56:12 	charon: 16[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
      Nov 15 13:56:10 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
      Nov 15 13:56:10 	charon: 16[ENC] <con1|50> generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ]
      Nov 15 13:56:10 	charon: 16[CFG] <50> selected peer config "con1"
      Nov 15 13:56:10 	charon: 16[CFG] <50> looking for XAuthInitPSK peer configs matching 79.198.26.236...109.47.2.246[vpn@pfsense.home]
      Nov 15 13:56:10 	charon: 16[IKE] <50> 109.47.2.246 is initiating a Aggressive Mode IKE_SA
      Nov 15 13:56:10 	charon: 16[IKE] <50> received DPD vendor ID
      Nov 15 13:56:10 	charon: 16[IKE] <50> received Cisco Unity vendor ID
      Nov 15 13:56:10 	charon: 16[IKE] <50> received XAuth vendor ID
      Nov 15 13:56:10 	charon: 16[IKE] <50> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
      Nov 15 13:56:10 	charon: 16[IKE] <50> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Nov 15 13:56:10 	charon: 16[IKE] <50> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Nov 15 13:56:10 	charon: 16[IKE] <50> received NAT-T (RFC 3947) vendor ID
      Nov 15 13:56:10 	charon: 16[IKE] <50> received FRAGMENTATION vendor ID
      Nov 15 13:56:10 	charon: 16[ENC] <50> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V ]</con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50>
      

      Und paar Screenshots im Anhang:

      Korrektur. VPN steht mit Debian 8 und installierten vpnc Paket.  ;D ;D ;D

      Und noch eine Korrektur. Win 7 mit Shrew Soft rennt auch.

      Also scheitert es an den Androiden hier. Wer hat es hier am laufen? Irgendwelche Tipps?

      Phase 1
      http://www.directupload.net/file/d/4175/i4kjolbh_jpg.htm

      Phase 2
      http://www.directupload.net/file/d/4175/apn9i7pk_jpg.htm

      User Manager
      http://www.directupload.net/file/d/4175/4l4fgt4h_jpg.htm

      FW Regel
      http://www.directupload.net/file/d/4175/fdtdmzh2_jpg.htm

      Android Config
      http://www.directupload.net/file/d/4175/7gzi22vv_jpg.htm

      Zum zweiten. Möchte zwei Netzwerkbereiche trennen, GAMING für die Spielkonsolen am LAN-Port re2 und LAN für den Rest am LAN-Port re1 an einer apu1d4.
      Der IP-Bereich lautet 192.168.3.0/24 für LAN, 192.168.9.0/24 für GAMING.

      Da wird dem LANnet alles erlaubt außer GAMINGnet zu nutzen. Kann man das so machen oder hat es Nachteile? Eine andereRegel  block IPv4 LANnet any GAMINGnet any any hatte zur Folge, daß der Gateway nicht mehr erreichbar war.

      Hier ein Screenshot
      http://www.directupload.net/file/d/4175/7gzi22vv_jpg.htm

      Danke schon mal für die Antworten.

      Mike

      pfs2.jpg
      pfs2.jpg_thumb
      pfs1.jpg
      pfs1.jpg_thumb
      pfs3.jpg
      pfs3.jpg_thumb
      pfs4.jpg
      pfs4.jpg_thumb
      pfs5.jpg
      pfs5.jpg_thumb
      pfs6.jpg
      pfs6.jpg_thumb

      DG FTTH 400/200
      Supermicro A2SDi-4C-HLN4F with pfSense 2.7.2

      1 Reply Last reply Reply Quote 0
      • mike69M
        mike69 Rebel Alliance
        last edited by

        Moin.

        Habe die Bilder hochgeladen, sind jetzt besser einzusehen.

        DG FTTH 400/200
        Supermicro A2SDi-4C-HLN4F with pfSense 2.7.2

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.