VPN looft nicht und FW Regel korrekt?

mike69

Hallo.

Nach einigen Wochen mit der pfSense komme ich an einigen Punkten nicht weiter. Versuche gerade eine VPN-Verbindung aufzubauen. Bin nach der Anleitung von IPsec Road Warrior/Mobile Client How-To gegangen. Es klappt nicht, Verbindung wird durch ein Timeout abgebrochen https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

Hier der Log:

Nov 15 13:56:40 	charon: 16[JOB] <con1|50> deleting half open IKE_SA after timeout
Nov 15 13:56:36 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:36 	charon: 16[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
Nov 15 13:56:36 	charon: 16[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
Nov 15 13:56:34 	charon: 10[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:34 	charon: 10[IKE] <con1|50> sending retransmit 3 of response message ID 0, seq 1
Nov 15 13:56:34 	charon: 14[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:34 	charon: 14[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
Nov 15 13:56:34 	charon: 14[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
Nov 15 13:56:30 	charon: 10[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:30 	charon: 10[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
Nov 15 13:56:30 	charon: 10[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
Nov 15 13:56:27 	charon: 10[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:27 	charon: 10[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
Nov 15 13:56:27 	charon: 10[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
Nov 15 13:56:25 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:25 	charon: 16[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
Nov 15 13:56:25 	charon: 16[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
Nov 15 13:56:21 	charon: 14[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:21 	charon: 14[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
Nov 15 13:56:21 	charon: 14[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
Nov 15 13:56:21 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:21 	charon: 16[IKE] <con1|50> sending retransmit 2 of response message ID 0, seq 1
Nov 15 13:56:19 	charon: 14[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:19 	charon: 14[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
Nov 15 13:56:19 	charon: 14[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
Nov 15 13:56:16 	charon: 13[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:16 	charon: 13[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
Nov 15 13:56:16 	charon: 13[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
Nov 15 13:56:14 	charon: 04[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:14 	charon: 04[IKE] <con1|50> sending retransmit 1 of response message ID 0, seq 1
Nov 15 13:56:12 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:12 	charon: 16[IKE] <con1|50> received retransmit of request with ID 0, retransmitting response
Nov 15 13:56:12 	charon: 16[NET] <con1|50> received packet: from 109.47.2.246[36784] to 79.198.26.236[500] (896 bytes)
Nov 15 13:56:10 	charon: 16[NET] <con1|50> sending packet: from 79.198.26.236[500] to 109.47.2.246[36784] (432 bytes)
Nov 15 13:56:10 	charon: 16[ENC] <con1|50> generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ]
Nov 15 13:56:10 	charon: 16[CFG] <50> selected peer config "con1"
Nov 15 13:56:10 	charon: 16[CFG] <50> looking for XAuthInitPSK peer configs matching 79.198.26.236...109.47.2.246[vpn@pfsense.home]
Nov 15 13:56:10 	charon: 16[IKE] <50> 109.47.2.246 is initiating a Aggressive Mode IKE_SA
Nov 15 13:56:10 	charon: 16[IKE] <50> received DPD vendor ID
Nov 15 13:56:10 	charon: 16[IKE] <50> received Cisco Unity vendor ID
Nov 15 13:56:10 	charon: 16[IKE] <50> received XAuth vendor ID
Nov 15 13:56:10 	charon: 16[IKE] <50> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Nov 15 13:56:10 	charon: 16[IKE] <50> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Nov 15 13:56:10 	charon: 16[IKE] <50> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Nov 15 13:56:10 	charon: 16[IKE] <50> received NAT-T (RFC 3947) vendor ID
Nov 15 13:56:10 	charon: 16[IKE] <50> received FRAGMENTATION vendor ID
Nov 15 13:56:10 	charon: 16[ENC] <50> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V ]</con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50></con1|50>

Und paar Screenshots im Anhang:

Korrektur. VPN steht mit Debian 8 und installierten vpnc Paket. ;D ;D ;D

Und noch eine Korrektur. Win 7 mit Shrew Soft rennt auch.

Also scheitert es an den Androiden hier. Wer hat es hier am laufen? Irgendwelche Tipps?

Phase 1
http://www.directupload.net/file/d/4175/i4kjolbh_jpg.htm

Phase 2
http://www.directupload.net/file/d/4175/apn9i7pk_jpg.htm

User Manager
http://www.directupload.net/file/d/4175/4l4fgt4h_jpg.htm

FW Regel
http://www.directupload.net/file/d/4175/fdtdmzh2_jpg.htm

Android Config
http://www.directupload.net/file/d/4175/7gzi22vv_jpg.htm

Zum zweiten. Möchte zwei Netzwerkbereiche trennen, GAMING für die Spielkonsolen am LAN-Port re2 und LAN für den Rest am LAN-Port re1 an einer apu1d4.
Der IP-Bereich lautet 192.168.3.0/24 für LAN, 192.168.9.0/24 für GAMING.

Da wird dem LANnet alles erlaubt außer GAMINGnet zu nutzen. Kann man das so machen oder hat es Nachteile? Eine andereRegel block IPv4 LANnet any GAMINGnet any any hatte zur Folge, daß der Gateway nicht mehr erreichbar war.

Hier ein Screenshot
http://www.directupload.net/file/d/4175/7gzi22vv_jpg.htm

Danke schon mal für die Antworten.

Mike

mike69

Moin.

Habe die Bilder hochgeladen, sind jetzt besser einzusehen.

VPN looft nicht und FW Regel korrekt?

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter