Anzeige:
Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 15 von 16

Thema: VPN: SuSe (root) - Windows

  1. #1
    Registrierter Benutzer
    Registriert seit
    Aug 2009
    Beiträge
    31

    VPN: SuSe (root) - Windows

    Hallo,

    ich suche nach einem VPN das ich auf meinem SuSe-Root installieren kann und mit Windowsboardmitteln verbinden kann.

    So nach langem fragen hin und her bin ich nun bei openswan gelandet.

    gerade installiert mit ipsec
    so sample conf erstellt und einfach mal getestet.

    # /etc/ipsec.conf - Openswan IPsec configuration file
    # RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $

    # This file: /usr/share/doc/packages/openswan/ipsec.conf-sample
    #
    # Manual: ipsec.conf.5


    version 2.0 # conforms to second version of ipsec.conf specification

    # basic configuration
    config setup
    plutodebug="all"
    klipsdebug=all
    uniqueids=yes
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

    # Certificate Revocation List handling:
    #crlcheckinterval=600
    #strictcrlpolicy=yes

    # Change rp_filter setting? (default is 0, disabled)
    # See also setting in the /etc/sysctl.conf file!
    #rp_filter=%unchanged

    # Workaround to setup all tunnels immediately, since the new default
    # of "plutowait=no" causes "Resource temporarily unavailable" errors
    # for the first connect attempt over each tunnel, that is delayed to
    # be established later / on demand.
    # With "plutowait=yes" plutio waits for each negotiation attempt
    # that is part of startup to finish, before proceeding with the next.
    plutowait=yes
    #
    # enable this if you see "failed to find any available worker"
    #nhelpers=0

    # default settings for connections
    conn %default
    left=%defaultroute
    # keyingtries default to %forever
    #keyingtries=3
    # Sig keys (default: %dnsondemand)
    #leftrsasigkey=%cert
    #rightrsasigkey=%cert
    # Lifetimes, defaults are 1h/8hrs
    #ikelifetime=20m
    #keylife=1h
    #rekeymargin=8m

    #Disable Opportunistic Encryption
    include /etc/ipsec.d/examples/no_oe.conf

    # For sample VPN connections, see /etc/ipsec.d/examples/
    # Add connections here

    conn win
    authby=secret
    pfs=no
    auto=add
    rekey=no
    left=%defaultroute
    leftprotoport=17/0
    right=%any
    rightprotoport=17/1701
    rightsubnet=vhost:%priv,%no


    #
    # Sample /etc/ipsec.secrets file
    # The Openswan server has an IP address of 85.114.*.43#

    85.114.*.43 %any: PSK "test"
    85.114.*.43 : PSK "test"
    So und wie gesagt ppp und l2tpd installiert.

    barf spuckt folgedes aus:
    ipsec_setup: Starting Openswan IPsec 2.4.7...
    [17266]: Changing to directory '/etc/ipsec.d/cacerts'
    [17266]: Could not change to directory '/etc/ipsec.d/aacerts'
    [17266]: Could not change to directory '/etc/ipsec.d/ocspcerts'
    [17266]: Changing to directory '/etc/ipsec.d/crls'
    [17266]: Warning: empty directory
    [17266]: loading secrets from "/etc/ipsec.secrets"
    [17266]: added connection description "win"
    [17266]: listening for IKE messages
    [17266]: adding interface eth0/eth0 85.114.*.43:500
    [17266]: adding interface eth0/eth0 85.114.*.43:4500
    [17266]: adding interface lo/lo 127.0.0.2:500
    [17266]: adding interface lo/lo 127.0.0.2:4500
    [17266]: adding interface lo/lo 127.0.0.1:500
    [17266]: adding interface lo/lo 127.0.0.1:4500
    [17266]: adding interface lo/lo ::1:500
    [17266]: forgetting secrets
    [17266]: loading secrets from "/etc/ipsec.secrets"
    [17266]: attempt to redefine connection "win"
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
    [17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    [17266]: "win"[1] 217.232.27.155 #1: responding to Main Mode from unknown peer 217.232.27.155
    [17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    [17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R1: sent MR1, expecting MI2
    [17266]: "win"[1] 217.232.27.155 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
    [17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    [17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R2: sent MR2, expecting MI3
    [17266]: "win"[1] 217.232.27.155 #1: Main mode peer ID is ID_FQDN: '@c17'
    [17266]: "win"[1] 217.232.27.155 #1: switched from "win" to "win"
    [17266]: "win"[2] 217.232.27.155 #1: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
    [17266]: "win"[2] 217.232.27.155 #1: I did not send a certificate because I do not have one.
    [17266]: "win"[2] 217.232.27.155 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    [17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
    [17266]: "win"[2] 217.232.27.155 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
    [17266]: "win"[2] 217.232.27.155 #2: responding to Quick Mode {msgid:f1c03a90}
    [17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    [17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    [17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    [17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xa09d945b <0x37322689 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
    [17266]: "win"[2] 217.232.27.155 #1: received Delete SA(0xa09d945b) payload: deleting IPSEC State #2
    [17266]: "win"[2] 217.232.27.155 #1: received and ignored informational message
    [17266]: "win"[2] 217.232.27.155 #1: received Delete SA payload: deleting ISAKMP State #1
    [17266]: "win"[2] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
    [17266]: packet from 217.232.27.155:4500: received and ignored informational message
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
    [17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    [17266]: "win"[3] 217.232.27.155 #3: responding to Main Mode from unknown peer 217.232.27.155
    [17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    [17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R1: sent MR1, expecting MI2
    [17266]: "win"[3] 217.232.27.155 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
    [17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    [17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R2: sent MR2, expecting MI3
    [17266]: "win"[3] 217.232.27.155 #3: Main mode peer ID is ID_FQDN: '@c17'
    [17266]: "win"[3] 217.232.27.155 #3: switched from "win" to "win"
    [17266]: "win"[4] 217.232.27.155 #3: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
    [17266]: "win"[4] 217.232.27.155 #3: I did not send a certificate because I do not have one.
    [17266]: "win"[4] 217.232.27.155 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    [17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
    [17266]: "win"[4] 217.232.27.155 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
    [17266]: "win"[4] 217.232.27.155 #4: responding to Quick Mode {msgid:5c2b80e8}
    [17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    [17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    [17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    [17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R2: IPsec SA established {ESP=>0xebf9586e <0x41325766 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
    [17266]: "win"[4] 217.232.27.155 #3: received Delete SA(0xebf9586e) payload: deleting IPSEC State #4
    [17266]: "win"[4] 217.232.27.155 #3: received and ignored informational message
    [17266]: "win"[4] 217.232.27.155 #3: received Delete SA payload: deleting ISAKMP State #3
    [17266]: "win"[4] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
    [17266]: packet from 217.232.27.155:4500: received and ignored informational message
    [17266]: attempt to redefine connection "win"
    + _________________________ plog
    + sed -n '11106,$p' /var/log/messages
    + egrep -i pluto
    + case "$1" in
    + cat
    ipsec__plutorun: Starting Pluto subsystem...
    ipsec__plutorun: Unknown default RSA hostkey scheme, not generating a default hostkey
    [17266]: Starting Pluto (Openswan Version 2.4.7 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
    [17266]: Setting NAT-Traversal port-4500 floating to on
    [17266]: port floating activation criteria nat_t=1/port_fload=1
    [17266]: including NAT-Traversal patch (Version 0.6c)
    [17266]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
    [17266]: starting up 1 cryptographic helpers
    [17266]: started helper pid=17269 (fd:6)
    [17266]: Using NETKEY IPsec interface code on 2.6.25.5-1.1-pae
    [17266]: Changing to directory '/etc/ipsec.d/cacerts'
    [17266]: Could not change to directory '/etc/ipsec.d/aacerts'
    [17266]: Could not change to directory '/etc/ipsec.d/ocspcerts'
    [17266]: Changing to directory '/etc/ipsec.d/crls'
    [17266]: Warning: empty directory
    [17266]: loading secrets from "/etc/ipsec.secrets"
    [17266]: added connection description "win"
    [17266]: listening for IKE messages
    [17266]: adding interface eth0/eth0 85.114.*.43:500
    [17266]: adding interface eth0/eth0 85.114.*.43:4500
    [17266]: adding interface lo/lo 127.0.0.2:500
    [17266]: adding interface lo/lo 127.0.0.2:4500
    [17266]: adding interface lo/lo 127.0.0.1:500
    [17266]: adding interface lo/lo 127.0.0.1:4500
    [17266]: adding interface lo/lo ::1:500
    [17266]: forgetting secrets
    [17266]: loading secrets from "/etc/ipsec.secrets"
    [17266]: attempt to redefine connection "win"
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
    [17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    [17266]: "win"[1] 217.232.27.155 #1: responding to Main Mode from unknown peer 217.232.27.155
    [17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    [17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R1: sent MR1, expecting MI2
    [17266]: "win"[1] 217.232.27.155 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
    [17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    [17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R2: sent MR2, expecting MI3
    [17266]: "win"[1] 217.232.27.155 #1: Main mode peer ID is ID_FQDN: '@c17'
    [17266]: "win"[1] 217.232.27.155 #1: switched from "win" to "win"
    [17266]: "win"[2] 217.232.27.155 #1: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
    [17266]: "win"[2] 217.232.27.155 #1: I did not send a certificate because I do not have one.
    [17266]: "win"[2] 217.232.27.155 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    [17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
    [17266]: "win"[2] 217.232.27.155 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
    [17266]: "win"[2] 217.232.27.155 #2: responding to Quick Mode {msgid:f1c03a90}
    [17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    [17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    [17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    [17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xa09d945b <0x37322689 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
    [17266]: "win"[2] 217.232.27.155 #1: received Delete SA(0xa09d945b) payload: deleting IPSEC State #2
    [17266]: "win"[2] 217.232.27.155 #1: received and ignored informational message
    [17266]: "win"[2] 217.232.27.155 #1: received Delete SA payload: deleting ISAKMP State #1
    [17266]: "win"[2] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
    [17266]: packet from 217.232.27.155:4500: received and ignored informational message
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
    [17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
    [17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    [17266]: "win"[3] 217.232.27.155 #3: responding to Main Mode from unknown peer 217.232.27.155
    [17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    [17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R1: sent MR1, expecting MI2
    [17266]: "win"[3] 217.232.27.155 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
    [17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    [17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R2: sent MR2, expecting MI3
    [17266]: "win"[3] 217.232.27.155 #3: Main mode peer ID is ID_FQDN: '@c17'
    [17266]: "win"[3] 217.232.27.155 #3: switched from "win" to "win"
    [17266]: "win"[4] 217.232.27.155 #3: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
    [17266]: "win"[4] 217.232.27.155 #3: I did not send a certificate because I do not have one.
    [17266]: "win"[4] 217.232.27.155 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    [17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
    [17266]: "win"[4] 217.232.27.155 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
    [17266]: "win"[4] 217.232.27.155 #4: responding to Quick Mode {msgid:5c2b80e8}
    [17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    [17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    [17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    [17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R2: IPsec SA established {ESP=>0xebf9586e <0x41325766 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
    [17266]: "win"[4] 217.232.27.155 #3: received Delete SA(0xebf9586e) payload: deleting IPSEC State #4
    [17266]: "win"[4] 217.232.27.155 #3: received and ignored informational message
    [17266]: "win"[4] 217.232.27.155 #3: received Delete SA payload: deleting ISAKMP State #3
    [17266]: "win"[4] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
    [17266]: packet from 217.232.27.155:4500: received and ignored informational message
    [17266]: attempt to redefine connection "win"

    Wäre nett wenn ihr mir helfen könntet!
    Geändert von AllOnline (30.08.09 um 19:33 Uhr)

  2. #2
    Registrierter Benutzer
    Registriert seit
    Aug 2009
    Beiträge
    31
    Aufeinmal steht mit gleicher conf wieder:

    win": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
    Geändert von AllOnline (30.08.09 um 21:55 Uhr)

  3. #3
    Registrierter Benutzer Avatar von derRichard
    Registriert seit
    Nov 2001
    Beiträge
    5.069
    hi!

    wenn ich mich nicht irre dann kann openswan derzeit noch kein l2tp wenn der client hinter nat ist.
    (deine logs schauen so aus).

    ich habe so eins setup mit strongswan und xl2tpd laufen.
    geht 1a.
    wichtig ist, dass winxp >=sp2 hast. da sonst das windows mit dem nat-t nicht klar kommt.

    hth,
    //richard
    There are two factions of CS, the ones that hate computers, and the ones that hate science.

  4. #4
    Open-Xchange Avatar von cane
    Registriert seit
    Nov 2002
    Ort
    NRW
    Beiträge
    6.682
    Ich empfehle dir die Nutzung von OpenVPN, ist wesentlich stressfreier zu konfigurieren

    Der Client ist zwar bei XP nicht dabei, aber supereinfach zu installieren.

    mfg
    cane
    Es existiert kein Patch für die menschliche Dummheit.

  5. #5
    Registrierter Benutzer
    Registriert seit
    Aug 2009
    Beiträge
    31
    @cane; da viele ungeübte pc nutzer auf das vpn zugreifen müssen fällt das leider raus

    @derRichard; kann ich ohne weiteres von openswan auf strongswan ändern und die conf behalten?
    Oder wie geht das?
    Wo liegen die Unterschiede sonst noch?

    @all; danke für eure Meinung und Hilfe

  6. #6
    Registrierter Benutzer Avatar von derRichard
    Registriert seit
    Nov 2001
    Beiträge
    5.069
    Zitat Zitat von AllOnline Beitrag anzeigen
    @cane; da viele ungeübte pc nutzer auf das vpn zugreifen müssen fällt das leider raus

    @derRichard; kann ich ohne weiteres von openswan auf strongswan ändern und die conf behalten?
    Oder wie geht das?
    Wo liegen die Unterschiede sonst noch?
    wegen openvpn, das kann man einem 08/15 wirklich nur bedingt zumuten.
    ich habe schon einige windows-installationen gesehen, wo es massive probleme mit dem tun/tab-adapter gab.
    meist lag es an rottigen personal firewall oder sowas.

    da open- und strongswan beide auf freeswan basieren ist das config-format recht ähnlich.
    solang nur ikev1 verwendest, sogar ident.
    auf der strongswan webseite findst du zahlreiche infos.

    hth,
    //richard
    There are two factions of CS, the ones that hate computers, and the ones that hate science.

  7. #7
    Registrierter Benutzer
    Registriert seit
    Aug 2009
    Beiträge
    31
    Darf ich so frech sein und nach deiner conf Fragen.

    Weiterhin; was ist mit bzw was meinst du mit
    "nur ikev1 verwendest, sogar ident."

    Wie muss ich es dann einrichten damit ich mich ohne zertifikat mit windowsboardmitteln
    mit Name & Passwort einloggen kann?!?

  8. #8
    Registrierter Benutzer Avatar von derRichard
    Registriert seit
    Nov 2001
    Beiträge
    5.069
    guckst du:
    http://www.linuxforen.de/forums/show...03&postcount=2

    wegen ikev1, strongswan kann auch ikev2, da ist jedoch die konfiguration etwas anders.

    hth,
    //richard
    There are two factions of CS, the ones that hate computers, and the ones that hate science.

  9. #9
    Registrierter Benutzer
    Registriert seit
    Aug 2009
    Beiträge
    31
    Danach habe ich schon mal (gestern) gearbeitet^^

    die L2TP-PSK.conf: liegt in /etc/ipsec.d/*.conf und wird in der ipsec.conf includet

    muss es xl2tp sein oder reicht l2tp?

    beim starten von swan steht folgendes mit deinen confs:
    Starting strongSwan 4.2.1 IPsec [starter]...
    /etc/ipsec.d/L2TP-PSK.conf:1: syntax error, unexpected CONN, expecting EOL [conn]
    PS: DANKE für die hilfe, echt nett

  10. #10
    Registrierter Benutzer Avatar von derRichard
    Registriert seit
    Nov 2001
    Beiträge
    5.069
    hi!

    die datei muss mit einer leerzeile beginnen.
    ich würde auf jeden fall xl2tpd verwenden.
    l2tpd ist uralt...

    btw: die konfigfiles einfach abtippen wird nicht reichen. du musst sie verstehen.
    ebenso fehlt noch eine einstellung an der firewall, dass man den l2tp-port nur aus einem ipsec-tunnel erreichen kann...

    hth,
    //richard
    There are two factions of CS, the ones that hate computers, and the ones that hate science.

  11. #11
    Registrierter Benutzer
    Registriert seit
    Aug 2009
    Beiträge
    31
    verstehen tu ich sie

    ist das package für suse 11 ausreichend?
    http://rpm.pbone.net/index.php3/stat....i586.rpm.html
    (leider kann ich es gerade nicht downloaden, kennst du noch andere Quellen?)

  12. #12
    Registrierter Benutzer Avatar von derRichard
    Registriert seit
    Nov 2001
    Beiträge
    5.069
    hi!

    kompiliers dir lieber per hand.
    nicht von irgendwo irgendwas insatallieren.

    hth,
    //richard
    There are two factions of CS, the ones that hate computers, and the ones that hate science.

  13. #13
    Registrierter Benutzer
    Registriert seit
    Aug 2009
    Beiträge
    31
    Irgend wie bin ich zu dumm xl2tp zum laufen zubekomme, bzw zu installieren.

    Naja erstmal barf von ipsec:
    Code:
    packet from 217.232.35.4:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    Aug 31 15:20:58 p043 pluto[5341]: packet from 217.232.35.4:500: ignoring Vendor ID payload [FRAGMENTATION]
    Aug 31 15:20:58 p043 pluto[5341]: packet from 217.232.35.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
    Aug 31 15:20:58 p043 pluto[5341]: packet from 217.232.35.4:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    Aug 31 15:20:58 p043 pluto[5341]: packet from 217.232.35.4:500: initial Main Mode message received on 85.114.*.43:500 but no connection has been authorized
    Aug 31 15:20:59 p043 pluto[5341]: packet from 217.232.35.4:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    Aug 31 15:20:59 p043 pluto[5341]: packet from 217.232.35.4:500: ignoring Vendor ID payload [FRAGMENTATION]
    Aug 31 15:20:59 p043 pluto[5341]: packet from 217.232.35.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
    Aug 31 15:20:59 p043 pluto[5341]: packet from 217.232.35.4:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    Aug 31 15:20:59 p043 pluto[5341]: packet from 217.232.35.4:500: initial Main Mode message received on 85.114.*.43:500 but no connection has been authorized
    Code:
    Aug 31 15:22:00 p043 ipsec_starter[8971]: pluto has died -- restart scheduled (5sec)
    Aug 31 15:22:05 p043 pluto[10540]: Starting Pluto (strongSwan Version 4.2.1 THREADS LIBLDAP SMARTCARD VENDORID CISCO_QUIRKS)
    Aug 31 15:22:05 p043 pluto[10540]:   including NAT-Traversal patch (Version 0.6c)
    Aug 31 15:22:05 p043 pluto[10540]: no token present in slot 0
    Aug 31 15:22:05 p043 pluto[10540]: no token present in slot 1
    Aug 31 15:22:05 p043 pluto[10540]: no token present in slot 2
    Aug 31 15:22:05 p043 pluto[10540]: no token present in slot 3
    Aug 31 15:22:05 p043 pluto[10540]: no token present in slot 4
    Aug 31 15:22:05 p043 pluto[10540]: no token present in slot 5
    Aug 31 15:22:05 p043 pluto[10540]: no token present in slot 6
    Aug 31 15:22:05 p043 pluto[10540]: no token present in slot 7
    Aug 31 15:22:05 p043 pluto[10540]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
    Aug 31 15:22:05 p043 pluto[10540]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
    Aug 31 15:22:05 p043 pluto[10540]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
    Aug 31 15:22:05 p043 pluto[10540]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
    Aug 31 15:22:05 p043 pluto[10540]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
    Aug 31 15:22:05 p043 pluto[10540]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
    Aug 31 15:22:05 p043 pluto[10540]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
    Aug 31 15:22:05 p043 pluto[10540]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
    Aug 31 15:22:05 p043 pluto[10540]: Testing registered IKE encryption algorithms:
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_BLOWFISH_CBC self-test not available
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_3DES_CBC self-test not available
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_AES_CBC self-test not available
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_SERPENT_CBC self-test not available
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_TWOFISH_CBC self-test not available
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_TWOFISH_CBC_SSH self-test not available
    Aug 31 15:22:05 p043 pluto[10540]: Testing registered IKE hash algorithms:
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_MD5 hash self-test passed
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_MD5 hmac self-test passed
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_SHA hash self-test passed
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_SHA hmac self-test passed
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_SHA2_256 hash self-test passed
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_SHA2_256 hmac self-test passed
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_SHA2_384 hash self-test passed
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_SHA2_384 hmac self-test passed
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_SHA2_512 hash self-test passed
    Aug 31 15:22:05 p043 pluto[10540]:   OAKLEY_SHA2_512 hmac self-test passed
    Aug 31 15:22:05 p043 pluto[10540]: All crypto self-tests passed
    Aug 31 15:22:05 p043 pluto[10540]: Using Linux 2.6 IPsec interface code
    Aug 31 15:22:05 p043 pluto[10540]: unable to drop root privileges
    Aug 31 15:22:05 p043 ipsec_starter[8971]: pluto has died -- restart scheduled (5sec)
    Hier der lokale log des clienten:
    Code:
     8-31: 18:01:43:312:ed0 Initialization OK
     8-31: 18:02:23:890:50c QM PolicyName: L2TP Optional Encryption Quick Mode Policy dwFlags 0
     8-31: 18:02:23:890:50c QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[0] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC: MD5
     8-31: 18:02:23:890:50c QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[1] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC: SHA
     8-31: 18:02:23:890:50c QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[2] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:50c  Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC: 0
     8-31: 18:02:23:890:50c QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[3] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:50c  Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC: 0
     8-31: 18:02:23:890:50c QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[4] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:50c  Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC: SHA
     8-31: 18:02:23:890:50c QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[5] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:50c  Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC: MD5
     8-31: 18:02:23:890:50c QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[6] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
     8-31: 18:02:23:890:50c QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[7] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
     8-31: 18:02:23:890:50c QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[8] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:50c  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
     8-31: 18:02:23:890:50c QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[9] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:50c  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
     8-31: 18:02:23:890:50c QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[10] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:50c  Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
     8-31: 18:02:23:890:50c QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[11] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:50c  Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
     8-31: 18:02:23:890:50c QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[12] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
     8-31: 18:02:23:890:50c QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[13] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
     8-31: 18:02:23:890:50c QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[14] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:50c QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:50c QMOffer[15] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:50c  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:50c Internal Acquire: op=00000001 src=192.168.178.33.1701 dst=85.114.*.43.1701 proto = 17, SrcMask=255.255.255.255, DstMask=255.255.255.255, Tunnel 0, TunnelEndpt=0.0.0.0 Inbound TunnelEndpt=0.0.0.0, InitiateEvent=00000734, IKE SrcPort=500 IKE DstPort=500
     8-31: 18:02:23:890:bb0 Filter to match: Src 85.114.*.43 Dst 192.168.178.33
     8-31: 18:02:23:890:bb0 MM PolicyName: L2TP Main Mode Policy
     8-31: 18:02:23:890:bb0 MMPolicy dwFlags 8 SoftSAExpireTime 28800
     8-31: 18:02:23:890:bb0 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 268435457
     8-31: 18:02:23:890:bb0 MMOffer[0] Encrypt: Dreifach-DES CBC Hash: SHA
     8-31: 18:02:23:890:bb0 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
     8-31: 18:02:23:890:bb0 MMOffer[1] Encrypt: Dreifach-DES CBC Hash: SHA
     8-31: 18:02:23:890:bb0 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 2
     8-31: 18:02:23:890:bb0 MMOffer[2] Encrypt: Dreifach-DES CBC Hash: MD5
     8-31: 18:02:23:890:bb0 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
     8-31: 18:02:23:890:bb0 MMOffer[3] Encrypt: DES CBC Hash: SHA
     8-31: 18:02:23:890:bb0 MMOffer[4] LifetimeSec 28800 QMLimit 0 DHGroup 1
     8-31: 18:02:23:890:bb0 MMOffer[4] Encrypt: DES CBC Hash: MD5
     8-31: 18:02:23:890:bb0 Auth[0]:PresharedKey KeyLen 8
     8-31: 18:02:23:890:bb0 QM PolicyName: L2TP Optional Encryption Quick Mode Policy dwFlags 0
     8-31: 18:02:23:890:bb0 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[0] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC: MD5
     8-31: 18:02:23:890:bb0 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[1] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC: SHA
     8-31: 18:02:23:890:bb0 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[2] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:bb0  Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC: 0
     8-31: 18:02:23:890:bb0 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[3] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:bb0  Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC: 0
     8-31: 18:02:23:890:bb0 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[4] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:bb0  Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC: SHA
     8-31: 18:02:23:890:bb0 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[5] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:bb0  Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC: MD5
     8-31: 18:02:23:890:bb0 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[6] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
     8-31: 18:02:23:890:bb0 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[7] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
     8-31: 18:02:23:890:bb0 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[8] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:bb0  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
     8-31: 18:02:23:890:bb0 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[9] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:bb0  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
     8-31: 18:02:23:890:bb0 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[10] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:bb0  Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
     8-31: 18:02:23:890:bb0 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[11] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:bb0  Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
     8-31: 18:02:23:890:bb0 QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[12] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
     8-31: 18:02:23:890:bb0 QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[13] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
     8-31: 18:02:23:890:bb0 QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[14] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: SHA
     8-31: 18:02:23:890:bb0 QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
     8-31: 18:02:23:890:bb0 QMOffer[15] dwFlags 0 dwPFSGroup 0
     8-31: 18:02:23:890:bb0  Algo[0] Operation: AH Algo: MD5
     8-31: 18:02:23:890:bb0 Starting Negotiation: src = 192.168.178.33.0500, dst = 85.114.*.43.0500, proto = 17, context = 00000000, ProxySrc = 192.168.178.33.1701, ProxyDst = 85.114.*.43.1701 SrcMask = 0.0.0.0 DstMask = 0.0.0.0
     8-31: 18:02:23:890:bb0 constructing ISAKMP Header
     8-31: 18:02:23:890:bb0 constructing SA (ISAKMP)
     8-31: 18:02:23:890:bb0 Constructing Vendor MS NT5 ISAKMPOAKLEY
     8-31: 18:02:23:890:bb0 Constructing Vendor FRAGMENTATION
     8-31: 18:02:23:890:bb0 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
     8-31: 18:02:23:890:bb0 Constructing Vendor Vid-Initial-Contact
     8-31: 18:02:23:890:bb0 
     8-31: 18:02:23:890:bb0 Sending: SA = 0x000FC2D0 to 85.114.*.43:Type 2.500
     8-31: 18:02:23:890:bb0 ISAKMP Header: (V1.0), len = 312
     8-31: 18:02:23:890:bb0   I-COOKIE 3773b82cd34122cd
     8-31: 18:02:23:890:bb0   R-COOKIE 0000000000000000
     8-31: 18:02:23:890:bb0   exchange: Oakley Main Mode
     8-31: 18:02:23:890:bb0   flags: 0
     8-31: 18:02:23:890:bb0   next payload: SA
     8-31: 18:02:23:890:bb0   message ID: 00000000
     8-31: 18:02:23:890:bb0 Ports S:f401 D:f401
     8-31: 18:02:23:921:bb0 Activating InitiateEvent 00000734
     8-31: 18:02:25:312:328 retransmit: sa = 000FC2D0 centry 00000000 , count = 1
     8-31: 18:02:25:312:328 
     8-31: 18:02:25:312:328 Sending: SA = 0x000FC2D0 to 85.114.*.43:Type 2.500
     8-31: 18:02:25:312:328 ISAKMP Header: (V1.0), len = 312
     8-31: 18:02:25:312:328   I-COOKIE 3773b82cd34122cd
     8-31: 18:02:25:312:328   R-COOKIE 0000000000000000
     8-31: 18:02:25:312:328   exchange: Oakley Main Mode
     8-31: 18:02:25:312:328   flags: 0
     8-31: 18:02:25:312:328   next payload: SA
     8-31: 18:02:25:312:328   message ID: 00000000
     8-31: 18:02:25:312:328 Ports S:f401 D:f401
     8-31: 18:02:27:312:328 retransmit: sa = 000FC2D0 centry 00000000 , count = 2
     8-31: 18:02:27:312:328 
     8-31: 18:02:27:312:328 Sending: SA = 0x000FC2D0 to 85.114.*.43:Type 2.500
     8-31: 18:02:27:312:328 ISAKMP Header: (V1.0), len = 312
     8-31: 18:02:27:312:328   I-COOKIE 3773b82cd34122cd
     8-31: 18:02:27:312:328   R-COOKIE 0000000000000000
     8-31: 18:02:27:312:328   exchange: Oakley Main Mode
     8-31: 18:02:27:312:328   flags: 0
     8-31: 18:02:27:312:328   next payload: SA
     8-31: 18:02:27:312:328   message ID: 00000000
     8-31: 18:02:27:312:328 Ports S:f401 D:f401
     8-31: 18:02:31:312:328 retransmit: sa = 000FC2D0 centry 00000000 , count = 3
     8-31: 18:02:31:312:328 
     8-31: 18:02:31:312:328 Sending: SA = 0x000FC2D0 to 85.114.*.43:Type 2.500
     8-31: 18:02:31:312:328 ISAKMP Header: (V1.0), len = 312
     8-31: 18:02:31:312:328   I-COOKIE 3773b82cd34122cd
     8-31: 18:02:31:312:328   R-COOKIE 0000000000000000
     8-31: 18:02:31:312:328   exchange: Oakley Main Mode
     8-31: 18:02:31:312:328   flags: 0
     8-31: 18:02:31:312:328   next payload: SA
     8-31: 18:02:31:312:328   message ID: 00000000
     8-31: 18:02:31:312:328 Ports S:f401 D:f401
     8-31: 18:02:39:312:328 retransmit: sa = 000FC2D0 centry 00000000 , count = 4
     8-31: 18:02:39:312:328 
     8-31: 18:02:39:312:328 Sending: SA = 0x000FC2D0 to 85.114.*.43:Type 2.500
     8-31: 18:02:39:312:328 ISAKMP Header: (V1.0), len = 312
     8-31: 18:02:39:312:328   I-COOKIE 3773b82cd34122cd
     8-31: 18:02:39:312:328   R-COOKIE 0000000000000000
     8-31: 18:02:39:312:328   exchange: Oakley Main Mode
     8-31: 18:02:39:312:328   flags: 0
     8-31: 18:02:39:312:328   next payload: SA
     8-31: 18:02:39:312:328   message ID: 00000000
     8-31: 18:02:39:312:328 Ports S:f401 D:f401
     8-31: 18:02:55:312:328 retransmit: sa = 000FC2D0 centry 00000000 , count = 5
     8-31: 18:02:55:312:328 
     8-31: 18:02:55:312:328 Sending: SA = 0x000FC2D0 to 85.114.*.43:Type 2.500
     8-31: 18:02:55:312:328 ISAKMP Header: (V1.0), len = 312
     8-31: 18:02:55:312:328   I-COOKIE 3773b82cd34122cd
     8-31: 18:02:55:312:328   R-COOKIE 0000000000000000
     8-31: 18:02:55:312:328   exchange: Oakley Main Mode
     8-31: 18:02:55:312:328   flags: 0
     8-31: 18:02:55:312:328   next payload: SA
     8-31: 18:02:55:312:328   message ID: 00000000
     8-31: 18:02:55:312:328 Ports S:f401 D:f401
     8-31: 18:03:13:312:bb0 SA Dead. sa:000FC2D0 status:35f0
     8-31: 18:03:13:312:bb0 isadb_set_status sa:000FC2D0 centry:00000000 status 35f0
     8-31: 18:03:13:312:bb0 Schlüsselaustauschmodus (Hauptmodus)
     8-31: 18:03:13:312:bb0 Quell-IP-Adresse 192.168.178.33  Quell-IP-Adressmaske 255.255.255.255  Ziel-IP-Adresse 85.114.*.43  Ziel-IP-Adressmaske 255.255.255.255  Protokoll 0  Quellport 0  Zielport 0  Lokale IKE-Adresse 192.168.178.33  Peer-IKE-Adresse 85.114.*.43
     8-31: 18:03:13:312:bb0 
     8-31: 18:03:13:312:bb0 Benutzer
     8-31: 18:03:13:312:bb0 IKE-Sicherheitszuordnung wurde gelöscht, bevor Herstellung abgeschossen war.
     8-31: 18:03:13:312:bb0 0x0 0x0
     8-31: 18:03:13:312:bb0 isadb_set_status InitiateEvent 00000734: Setting Status 35f0
     8-31: 18:03:13:312:bb0 Clearing sa 000FC2D0 InitiateEvent 00000734
     8-31: 18:03:13:312:bb0 constructing ISAKMP Header
     8-31: 18:03:13:312:bb0 constructing DELETE. MM 000FC2D0
     8-31: 18:03:13:312:bb0 
     8-31: 18:03:13:312:bb0 Sending: SA = 0x000FC2D0 to 85.114.*.43:Type 1.500
     8-31: 18:03:13:312:bb0 ISAKMP Header: (V1.0), len = 56
     8-31: 18:03:13:312:bb0   I-COOKIE 3773b82cd34122cd
     8-31: 18:03:13:312:bb0   R-COOKIE 0000000000000000
     8-31: 18:03:13:312:bb0   exchange: ISAKMP Informational Exchange
     8-31: 18:03:13:312:50c CloseNegHandle 00000734
     8-31: 18:03:13:312:bb0   flags: 0
     8-31: 18:03:13:312:bb0   next payload: DELETE
     8-31: 18:03:13:312:bb0   message ID: 7637adab
     8-31: 18:03:13:312:bb0 Ports S:f401 D:f401
     8-31: 18:03:13:312:bb0 ClearFragList
     8-31: 18:03:13:312:50c SE cookie 3773b82cd34122cd
     8-31: 18:03:13:312:50c isadb_schedule_kill_oldPolicy_sas: 9e5e994f-bdf8-490e-9839048fe505fd68 4
     8-31: 18:03:13:312:404 isadb_schedule_kill_oldPolicy_sas: e8cf8c20-b722-4844-9016821d7d075c2d 3
     8-31: 18:03:13:312:418 isadb_schedule_kill_oldPolicy_sas: ce5b3719-ee07-4e39-9a9347015f911971 2
     8-31: 18:03:13:312:50c isadb_schedule_kill_oldPolicy_sas: 89876fad-7167-4c89-a21a149f307b4393 1
     8-31: 18:03:13:312:bb0 entered kill_old_policy_sas 4
     8-31: 18:03:13:312:bb0 entered kill_old_policy_sas 3
     8-31: 18:03:13:312:bb0 entered kill_old_policy_sas 2
     8-31: 18:03:13:312:bb0 entered kill_old_policy_sas 1
    Was hat das ganze mit SA etc zutun wenn ich mit PSK authentifizieren will?
    übrigens steht hier wie man den log unter xp anmacht, nur mal für nachfolger:
    http://support.linogate.de/de/ipsec/windows-log.html
    Geändert von AllOnline (31.08.09 um 18:11 Uhr)

  14. #14
    Registrierter Benutzer Avatar von derRichard
    Registriert seit
    Nov 2001
    Beiträge
    5.069
    hi!

    bevor dich mit l2tp ärgerst, schau erstmal, dass ipsec rennt.

    passen alle ip-adressen?
    auch alle netze?
    stimmt der psk-key?
    hast du im kernel netkey und alle cipher aktiv, die man braucht?
    (falls der kernel sebst gebaut oder sowas ist)
    kannst dich zum ipsec verbinden wenn du nicht hinter nat bist?
    passen alle netze bei der nat-t einstellung?

    aja, den pluto kannst du abstellen. den brauchst nur wenn ikev2 fährst.
    charon reicht.

    hth,
    //richard

    p.s: bitte keine echten ip-adressen posten.
    There are two factions of CS, the ones that hate computers, and the ones that hate science.

  15. #15
    Registrierter Benutzer
    Registriert seit
    Aug 2009
    Beiträge
    31
    oben den Beitrag geändert
    wo sehe ich den wodran er gescheitert ist?

    grundsätzlichaufbau ist doch ipsec zum verbindungsaufbau zertifkat = psk (sicherheitshalber, wo gib ich den bei xp an)
    weiterhin was gib ich bei win xp noch an (name/pw) ??

    ip adresse gibts ja nur die vom server in der ipsec.conf
    netze gibts soweit´ja auch keine
    psk-key kann ich ja hard eingeben was ich will
    : PSK "test"

    kernel ist Standard SuSe 11
    da ich egal wo hinter nat bin kann ich das nicht testen

    wie stell ich pluto ab un charon an?

    ps: jep
    Geändert von AllOnline (31.08.09 um 18:12 Uhr)

Ähnliche Themen

  1. Xine-Lib spielt kein Ogg Vorbis
    Von Toobles im Forum Musik
    Antworten: 1
    Letzter Beitrag: 26.06.07, 18:09
  2. Firefox 2.0 Installation
    Von voodoo_lab im Forum Anwendungen Allgemein, Software
    Antworten: 10
    Letzter Beitrag: 20.05.07, 11:45
  3. Keine Internetverbindung unter openSUSE 10.2
    Von Tobe84 im Forum Anbindung an die Aussenwelt
    Antworten: 39
    Letzter Beitrag: 18.05.07, 15:38
  4. Hama USB Card Reader 9 in 1 unter Suse 9.2
    Von rockpommel im Forum stationäre Hardware
    Antworten: 73
    Letzter Beitrag: 04.05.05, 16:59
  5. Problem, Mauszeiger und /etc
    Von xburner im Forum Linux Allgemein
    Antworten: 10
    Letzter Beitrag: 23.12.02, 18:43

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •