Hallo, Ich möchte um aus öffentlichen Netzwerken in mein Heimnetzwerk zugreifen zu können einen VPN server betreiben. Ich habe dafür einen RaspberryPi und die Software Openswan mit Ipsec verwendet. Wenn ich mich im Heimnetzwerk mit der lokalen IP des servers auf den VPN server aufschalte (l2tpd mit PSK), funktioniert dies ohne Probleme. Jetzt habe ich an meinem Router (FritzBox 7050) die entsprechenden Ports für die VPN -weiterleitung freigegeben (VPN-passthrough gibt es nicht als einstellung) also ESP, UDP 500, UDP 4500 und (UDP/TCP 1701). Und wenn ich mich jetzt mit der Internet-IP der Fritzbox versuche auf den VPN server aufzuschalten, bekomme ich vom Client nur die Meldung "nicht verbunden". (Ich habe die Mobilendaten eines Android-gerätes verwendet) Das Log vom server (auth.log) hab ich mal beigefügt. Wie man da sehen kann befindet sich das Programm nach der "STATE_MAIN_R1" abfrage in einer Schleife. Meine Recherchen haben ergeben, dass es entweder an der Fritzbox, bzw an dem NAT-T liegen könnte. Ich habe aber leider nichts konkretes finden können.
Vielen Dank schonmal im vorraus,
Nik
P.S.: Meine Config sieht so ungefähr aus. http://www.sempervideo.de/rpi-vpn.txt
Sep 22 13:24:36 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [RFC 3947] method set to=109 Sep 22 13:24:36 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Sep 22 13:24:36 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109 Sep 22 13:24:36 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Sep 22 13:24:36 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: ignoring Vendor ID payload [FRAGMENTATION 80000000] Sep 22 13:24:36 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [Dead Peer Detection] Sep 22 13:24:36 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #51: responding to Main Mode from unknown peer 156.5.24.142 Sep 22 13:24:36 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #51: OAKLEY_SHA2_256 is not supported. Attribute OAKLEY_HASH_ALGORITHM Sep 22 13:24:36 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #51: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Sep 22 13:24:36 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #51: STATE_MAIN_R1: sent MR1, expecting MI2 Sep 22 13:24:40 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [RFC 3947] method set to=109 Sep 22 13:24:40 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Sep 22 13:24:40 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109 Sep 22 13:24:40 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Sep 22 13:24:40 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: ignoring Vendor ID payload [FRAGMENTATION 80000000] Sep 22 13:24:40 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [Dead Peer Detection] Sep 22 13:24:40 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #52: responding to Main Mode from unknown peer 156.5.24.142 Sep 22 13:24:40 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #52: OAKLEY_SHA2_256 is not supported. Attribute OAKLEY_HASH_ALGORITHM Sep 22 13:24:40 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #52: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Sep 22 13:24:40 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #52: STATE_MAIN_R1: sent MR1, expecting MI2 Sep 22 13:24:42 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [RFC 3947] method set to=109 Sep 22 13:24:42 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Sep 22 13:24:42 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109 Sep 22 13:24:42 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Sep 22 13:24:42 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: ignoring Vendor ID payload [FRAGMENTATION 80000000] Sep 22 13:24:42 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [Dead Peer Detection] Sep 22 13:24:42 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #53: responding to Main Mode from unknown peer 156.5.24.142 Sep 22 13:24:42 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #53: OAKLEY_SHA2_256 is not supported. Attribute OAKLEY_HASH_ALGORITHM Sep 22 13:24:42 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #53: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Sep 22 13:24:42 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #53: STATE_MAIN_R1: sent MR1, expecting MI2 Sep 22 13:24:44 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [RFC 3947] method set to=109 Sep 22 13:24:44 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Sep 22 13:24:44 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109 Sep 22 13:24:44 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Sep 22 13:24:44 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: ignoring Vendor ID payload [FRAGMENTATION 80000000] Sep 22 13:24:44 RaspberryPi pluto[2221]: packet from 156.5.24.142:500: received Vendor ID payload [Dead Peer Detection] Sep 22 13:24:44 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #54: responding to Main Mode from unknown peer 156.5.24.142 Sep 22 13:24:44 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #54: OAKLEY_SHA2_256 is not supported. Attribute OAKLEY_HASH_ALGORITHM Sep 22 13:24:44 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #54: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Sep 22 13:24:44 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #54: STATE_MAIN_R1: sent MR1, expecting MI2 Sep 22 13:24:46 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #53: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed Sep 22 13:24:46 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #53: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Sep 22 13:24:46 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #53: STATE_MAIN_R2: sent MR2, expecting MI3 Sep 22 13:25:07 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #51: ERROR: asynchronous network error report on eth0 (sport=500) for message to 156.5.24.142 port 500, complainant 156.5.24.142: Connection refused [errno 111$ Sep 22 13:25:16 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #54: ERROR: asynchronous network error report on eth0 (sport=500) for message to 156.5.24.142 port 500, complainant 156.5.24.142: Connection refused [errno 111$ Sep 22 13:25:46 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #51: max number of retransmissions (2) reached STATE_MAIN_R1 Sep 22 13:25:50 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #52: max number of retransmissions (2) reached STATE_MAIN_R1 Sep 22 13:25:54 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #54: max number of retransmissions (2) reached STATE_MAIN_R1 Sep 22 13:25:56 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142 #53: max number of retransmissions (2) reached STATE_MAIN_R2 Sep 22 13:25:56 RaspberryPi pluto[2221]: "L2TP-PSK-NAT"[15] 156.5.24.142: deleting connection "L2TP-PSK-NAT" instance with peer 156.5.24.142 {isakmp=#0/ipsec=#0}