Ich werde hier irgendwie nicht schlau heraus. Ich möchte ins VPN der FH Köln. Zugangsdaten habe ich und laufen auch prima unter Windows.
Im Log sieht es eigentlich schon ganz gut aus. Ich bekomme auch ne IP und so, aber dann geht irgendwas schief.
Hat jemand eine Idee was das sein könnte?
basti@verdandi:~$ sudo vpnc fhk --debug 2 Enter password for scohnen@vpn.fh-koeln.de: vpnc version 0.4.0 S1 S2 S3 using interface tun0 S4 S4.1 S4.2 S4.3 S4.4 got ike lifetime attributes: 2147483 seconds IKE SA selected psk+xauth-3des-md5 peer is NAT-T capable (draft-02) peer is using type 130 for NAT-Discovery payloads peer is using type 130 for NAT-Discovery payloads S4.5 NAT status: this end behind NAT? YES -- remote end behind NAT? no NAT-T mode, adding non-esp marker S4.6 S5 S5.1 S5.2 S5.3 S5.4 Enter Username and Password. S5.5 NAT-T mode, adding non-esp marker S5.2 S5.3 S5.6 NAT-T mode, adding non-esp marker S5.7 S6 NAT-T mode, adding non-esp marker Banner: Fachhochschule Koeln Cologne University of Applied Sciences ------------------------------------------------------------------------------- Zentrum fuer Informationstechnologie - VPN-Service ------------------------------------------------------------------------------- info: www.zi.fh-koeln.de email: vpn@fh-koeln.de got save password setting: 0 got pfs setting: 0 Remote Application Version: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.7.2.I built by vmurphy on Aug 03 2006 16:30:26 got address 139.6.220.69 S7 S7.1 S7.2 NAT-T mode, adding non-esp marker S7.3 S7.4 got ike lifetime attributes: 86400 seconds NAT-T mode, adding non-esp marker S7.3 S7.4 S7.5 ---!!!!!!!!! entering phase2_fatal !!!!!!!!!--- NAT-T mode, adding non-esp marker NAT-T mode, adding non-esp marker vpnc: quick mode response rejected: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1) this means the concentrator did not like what we had to offer. Possible reasons are: * concentrator configured to require a firewall this locks out even Cisco clients on any platform expect windows which is an obvious security improvment. There is no workaround (yet). * concentrator configured to require IP compression this is not yet supported by vpnc. Note: the Cisco Concentrator Documentation recommends against using compression, expect on low-bandwith (read: ISDN) links, because it uses much CPU-resources on the concentrator