Moin,
ich versuche zur Zeit ein VPN zu meiner FritzBox per Shrew aufzubauen, was aber einfach nicht klappt, der Verbindungsaufbau scheitert immer mit:
negotiation timout occurred
Hier die Facts:
Per Windows 7 und Shrew funktionierts
Per Windows 7 und Fritz Programm funktionierts
Die /var/log/iked.log sieht so aus:
1 2 3 4 | 11/12/21 21:37:13 ## : IKE Daemon, ver 2.1.7 11/12/21 21:37:13 ## : Copyright 2010 Shrew Soft Inc. 11/12/21 21:37:13 ## : This product linked OpenSSL 1.0.0e 6 Sep 2011 11/12/21 21:37:14 K! : recv X_SPDDUMP message failure ( errno = 2 ) |
ifconfig zeigt nie ein "tap"-Device an
rp_filter wurde in /etc/sysctl.conf und /etc/sysctl.d/10-networking-security.conf auf 0 gesetzt
Was kann ich noch versuchen, alles was ich per Google gefunden hat, hat keinen Erfolg gebracht ?!
~/ike/sites/name.dyndns.info
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | n:version:2 s:network-host:name.dyndns.info n:network-ike-port:500 s:client-auto-mode:pull s:client-iface:virtual n:network-mtu-size:1380 n:client-addr-auto:1 s:network-natt-mode:enable n:network-natt-port:4500 n:network-natt-rate:15 s:network-frag-mode:enable n:network-frag-size:540 n:network-dpd-enable:1 n:network-notify-enable:1 n:client-banner-enable:1 n:client-dns-used:0 s:auth-method:mutual-psk s:ident-client-type:ufqdn s:ident-client-data:name@mail.de s:ident-server-type:address b:auth-mutual-psk:RjNHODE0QzNUajhycVMwWnhmZXBIdXJHWWkyUjhKRU4K s:phase1-exchange:aggressive n:phase1-dhgroup:2 s:phase1-cipher:aes n:phase1-keylen:256 s:phase1-hash:sha1 n:phase1-life-secs:3600 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 s:phase2-transform:aes n:phase2-keylen:256 s:phase2-hmac:sha1 n:phase2-pfsgroup:2 n:phase2-life-secs:3600 n:phase2-life-kbytes:0 s:ipcomp-transform:deflate s:policy-level:auto n:policy-nailed:0 n:policy-list-auto:0 s:policy-list-include:192.168.1.0 / 255.255.255.0 |
fritzbox.cfg
/* * C:\Users\User\AppData\Roaming\AVM\FRITZ!Fernzugang\name_dyndns_info\fritzbox_name_dyndns_info.cfg * Wed Dec 21 20:12:59 2011 */ vpncfg { connections { enabled = yes; conn_type = conntype_user; name = "name@mail.de"; always_renew = no; reject_not_encrypted = no; dont_filter_netbios = yes; localip = 0.0.0.0; local_virtualip = 0.0.0.0; remoteip = 0.0.0.0; remote_virtualip = 192.168.1.201; remoteid { user_fqdn = "name@mail.de"; } mode = phase1_mode_aggressive; phase1ss = "all/all/all"; keytype = connkeytype_pre_shared; key = "F3G814C3Tj8rqS0ZxfepHurGYi2R8JEN"; cert_do_server_auth = no; use_nat_t = yes; use_xauth = no; use_cfgmode = no; phase2localid { ipnet { ipaddr = 192.168.1.0; mask = 255.255.255.0; } } phase2remoteid { ipaddr = 192.168.1.201; } phase2ss = "esp-all-all/ah-none/comp-all/pfs"; accesslist = "permit ip 192.168.1.0 255.255.255.0 192.168.1.201 255.255.255.255"; } ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500"; } // EOF