AllOnline
30.08.09, 13:38
Hallo,
ich suche nach einem VPN das ich auf meinem SuSe-Root installieren kann und mit Windowsboardmitteln verbinden kann.
So nach langem fragen hin und her bin ich nun bei openswan gelandet.
gerade installiert mit ipsec
so sample conf erstellt und einfach mal getestet.
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $
# This file: /usr/share/doc/packages/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
plutodebug="all"
klipsdebug=all
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
# Certificate Revocation List handling:
#crlcheckinterval=600
#strictcrlpolicy=yes
# Change rp_filter setting? (default is 0, disabled)
# See also setting in the /etc/sysctl.conf file!
#rp_filter=%unchanged
# Workaround to setup all tunnels immediately, since the new default
# of "plutowait=no" causes "Resource temporarily unavailable" errors
# for the first connect attempt over each tunnel, that is delayed to
# be established later / on demand.
# With "plutowait=yes" plutio waits for each negotiation attempt
# that is part of startup to finish, before proceeding with the next.
plutowait=yes
#
# enable this if you see "failed to find any available worker"
#nhelpers=0
# default settings for connections
conn %default
left=%defaultroute
# keyingtries default to %forever
#keyingtries=3
# Sig keys (default: %dnsondemand)
#leftrsasigkey=%cert
#rightrsasigkey=%cert
# Lifetimes, defaults are 1h/8hrs
#ikelifetime=20m
#keylife=1h
#rekeymargin=8m
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
# For sample VPN connections, see /etc/ipsec.d/examples/
# Add connections here
conn win
authby=secret
pfs=no
auto=add
rekey=no
left=%defaultroute
leftprotoport=17/0
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%priv,%no
#
# Sample /etc/ipsec.secrets file
# The Openswan server has an IP address of 85.114.*.43#
85.114.*.43 %any: PSK "test"
85.114.*.43 : PSK "test"
So und wie gesagt ppp und l2tpd installiert.
barf spuckt folgedes aus:
ipsec_setup: Starting Openswan IPsec 2.4.7...
[17266]: Changing to directory '/etc/ipsec.d/cacerts'
[17266]: Could not change to directory '/etc/ipsec.d/aacerts'
[17266]: Could not change to directory '/etc/ipsec.d/ocspcerts'
[17266]: Changing to directory '/etc/ipsec.d/crls'
[17266]: Warning: empty directory
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: added connection description "win"
[17266]: listening for IKE messages
[17266]: adding interface eth0/eth0 85.114.*.43:500
[17266]: adding interface eth0/eth0 85.114.*.43:4500
[17266]: adding interface lo/lo 127.0.0.2:500
[17266]: adding interface lo/lo 127.0.0.2:4500
[17266]: adding interface lo/lo 127.0.0.1:500
[17266]: adding interface lo/lo 127.0.0.1:4500
[17266]: adding interface lo/lo ::1:500
[17266]: forgetting secrets
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: attempt to redefine connection "win"
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[1] 217.232.27.155 #1: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[1] 217.232.27.155 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[1] 217.232.27.155 #1: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[1] 217.232.27.155 #1: switched from "win" to "win"
[17266]: "win"[2] 217.232.27.155 #1: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[2] 217.232.27.155 #1: I did not send a certificate because I do not have one.
[17266]: "win"[2] 217.232.27.155 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[2] 217.232.27.155 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[2] 217.232.27.155 #2: responding to Quick Mode {msgid:f1c03a90}
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xa09d945b <0x37322689 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA(0xa09d945b) payload: deleting IPSEC State #2
[17266]: "win"[2] 217.232.27.155 #1: received and ignored informational message
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA payload: deleting ISAKMP State #1
[17266]: "win"[2] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[3] 217.232.27.155 #3: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[3] 217.232.27.155 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[3] 217.232.27.155 #3: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[3] 217.232.27.155 #3: switched from "win" to "win"
[17266]: "win"[4] 217.232.27.155 #3: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[4] 217.232.27.155 #3: I did not send a certificate because I do not have one.
[17266]: "win"[4] 217.232.27.155 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[4] 217.232.27.155 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[4] 217.232.27.155 #4: responding to Quick Mode {msgid:5c2b80e8}
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R2: IPsec SA established {ESP=>0xebf9586e <0x41325766 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA(0xebf9586e) payload: deleting IPSEC State #4
[17266]: "win"[4] 217.232.27.155 #3: received and ignored informational message
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA payload: deleting ISAKMP State #3
[17266]: "win"[4] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: attempt to redefine connection "win"
+ _________________________ plog
+ sed -n '11106,$p' /var/log/messages
+ egrep -i pluto
+ case "$1" in
+ cat
ipsec__plutorun: Starting Pluto subsystem...
ipsec__plutorun: Unknown default RSA hostkey scheme, not generating a default hostkey
[17266]: Starting Pluto (Openswan Version 2.4.7 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
[17266]: Setting NAT-Traversal port-4500 floating to on
[17266]: port floating activation criteria nat_t=1/port_fload=1
[17266]: including NAT-Traversal patch (Version 0.6c)
[17266]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
[17266]: starting up 1 cryptographic helpers
[17266]: started helper pid=17269 (fd:6)
[17266]: Using NETKEY IPsec interface code on 2.6.25.5-1.1-pae
[17266]: Changing to directory '/etc/ipsec.d/cacerts'
[17266]: Could not change to directory '/etc/ipsec.d/aacerts'
[17266]: Could not change to directory '/etc/ipsec.d/ocspcerts'
[17266]: Changing to directory '/etc/ipsec.d/crls'
[17266]: Warning: empty directory
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: added connection description "win"
[17266]: listening for IKE messages
[17266]: adding interface eth0/eth0 85.114.*.43:500
[17266]: adding interface eth0/eth0 85.114.*.43:4500
[17266]: adding interface lo/lo 127.0.0.2:500
[17266]: adding interface lo/lo 127.0.0.2:4500
[17266]: adding interface lo/lo 127.0.0.1:500
[17266]: adding interface lo/lo 127.0.0.1:4500
[17266]: adding interface lo/lo ::1:500
[17266]: forgetting secrets
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: attempt to redefine connection "win"
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[1] 217.232.27.155 #1: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[1] 217.232.27.155 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[1] 217.232.27.155 #1: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[1] 217.232.27.155 #1: switched from "win" to "win"
[17266]: "win"[2] 217.232.27.155 #1: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[2] 217.232.27.155 #1: I did not send a certificate because I do not have one.
[17266]: "win"[2] 217.232.27.155 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[2] 217.232.27.155 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[2] 217.232.27.155 #2: responding to Quick Mode {msgid:f1c03a90}
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xa09d945b <0x37322689 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA(0xa09d945b) payload: deleting IPSEC State #2
[17266]: "win"[2] 217.232.27.155 #1: received and ignored informational message
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA payload: deleting ISAKMP State #1
[17266]: "win"[2] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[3] 217.232.27.155 #3: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[3] 217.232.27.155 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[3] 217.232.27.155 #3: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[3] 217.232.27.155 #3: switched from "win" to "win"
[17266]: "win"[4] 217.232.27.155 #3: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[4] 217.232.27.155 #3: I did not send a certificate because I do not have one.
[17266]: "win"[4] 217.232.27.155 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[4] 217.232.27.155 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[4] 217.232.27.155 #4: responding to Quick Mode {msgid:5c2b80e8}
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R2: IPsec SA established {ESP=>0xebf9586e <0x41325766 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA(0xebf9586e) payload: deleting IPSEC State #4
[17266]: "win"[4] 217.232.27.155 #3: received and ignored informational message
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA payload: deleting ISAKMP State #3
[17266]: "win"[4] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: attempt to redefine connection "win"
Wäre nett wenn ihr mir helfen könntet!
ich suche nach einem VPN das ich auf meinem SuSe-Root installieren kann und mit Windowsboardmitteln verbinden kann.
So nach langem fragen hin und her bin ich nun bei openswan gelandet.
gerade installiert mit ipsec
so sample conf erstellt und einfach mal getestet.
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $
# This file: /usr/share/doc/packages/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
plutodebug="all"
klipsdebug=all
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
# Certificate Revocation List handling:
#crlcheckinterval=600
#strictcrlpolicy=yes
# Change rp_filter setting? (default is 0, disabled)
# See also setting in the /etc/sysctl.conf file!
#rp_filter=%unchanged
# Workaround to setup all tunnels immediately, since the new default
# of "plutowait=no" causes "Resource temporarily unavailable" errors
# for the first connect attempt over each tunnel, that is delayed to
# be established later / on demand.
# With "plutowait=yes" plutio waits for each negotiation attempt
# that is part of startup to finish, before proceeding with the next.
plutowait=yes
#
# enable this if you see "failed to find any available worker"
#nhelpers=0
# default settings for connections
conn %default
left=%defaultroute
# keyingtries default to %forever
#keyingtries=3
# Sig keys (default: %dnsondemand)
#leftrsasigkey=%cert
#rightrsasigkey=%cert
# Lifetimes, defaults are 1h/8hrs
#ikelifetime=20m
#keylife=1h
#rekeymargin=8m
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
# For sample VPN connections, see /etc/ipsec.d/examples/
# Add connections here
conn win
authby=secret
pfs=no
auto=add
rekey=no
left=%defaultroute
leftprotoport=17/0
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%priv,%no
#
# Sample /etc/ipsec.secrets file
# The Openswan server has an IP address of 85.114.*.43#
85.114.*.43 %any: PSK "test"
85.114.*.43 : PSK "test"
So und wie gesagt ppp und l2tpd installiert.
barf spuckt folgedes aus:
ipsec_setup: Starting Openswan IPsec 2.4.7...
[17266]: Changing to directory '/etc/ipsec.d/cacerts'
[17266]: Could not change to directory '/etc/ipsec.d/aacerts'
[17266]: Could not change to directory '/etc/ipsec.d/ocspcerts'
[17266]: Changing to directory '/etc/ipsec.d/crls'
[17266]: Warning: empty directory
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: added connection description "win"
[17266]: listening for IKE messages
[17266]: adding interface eth0/eth0 85.114.*.43:500
[17266]: adding interface eth0/eth0 85.114.*.43:4500
[17266]: adding interface lo/lo 127.0.0.2:500
[17266]: adding interface lo/lo 127.0.0.2:4500
[17266]: adding interface lo/lo 127.0.0.1:500
[17266]: adding interface lo/lo 127.0.0.1:4500
[17266]: adding interface lo/lo ::1:500
[17266]: forgetting secrets
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: attempt to redefine connection "win"
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[1] 217.232.27.155 #1: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[1] 217.232.27.155 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[1] 217.232.27.155 #1: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[1] 217.232.27.155 #1: switched from "win" to "win"
[17266]: "win"[2] 217.232.27.155 #1: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[2] 217.232.27.155 #1: I did not send a certificate because I do not have one.
[17266]: "win"[2] 217.232.27.155 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[2] 217.232.27.155 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[2] 217.232.27.155 #2: responding to Quick Mode {msgid:f1c03a90}
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xa09d945b <0x37322689 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA(0xa09d945b) payload: deleting IPSEC State #2
[17266]: "win"[2] 217.232.27.155 #1: received and ignored informational message
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA payload: deleting ISAKMP State #1
[17266]: "win"[2] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[3] 217.232.27.155 #3: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[3] 217.232.27.155 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[3] 217.232.27.155 #3: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[3] 217.232.27.155 #3: switched from "win" to "win"
[17266]: "win"[4] 217.232.27.155 #3: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[4] 217.232.27.155 #3: I did not send a certificate because I do not have one.
[17266]: "win"[4] 217.232.27.155 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[4] 217.232.27.155 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[4] 217.232.27.155 #4: responding to Quick Mode {msgid:5c2b80e8}
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R2: IPsec SA established {ESP=>0xebf9586e <0x41325766 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA(0xebf9586e) payload: deleting IPSEC State #4
[17266]: "win"[4] 217.232.27.155 #3: received and ignored informational message
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA payload: deleting ISAKMP State #3
[17266]: "win"[4] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: attempt to redefine connection "win"
+ _________________________ plog
+ sed -n '11106,$p' /var/log/messages
+ egrep -i pluto
+ case "$1" in
+ cat
ipsec__plutorun: Starting Pluto subsystem...
ipsec__plutorun: Unknown default RSA hostkey scheme, not generating a default hostkey
[17266]: Starting Pluto (Openswan Version 2.4.7 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
[17266]: Setting NAT-Traversal port-4500 floating to on
[17266]: port floating activation criteria nat_t=1/port_fload=1
[17266]: including NAT-Traversal patch (Version 0.6c)
[17266]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
[17266]: starting up 1 cryptographic helpers
[17266]: started helper pid=17269 (fd:6)
[17266]: Using NETKEY IPsec interface code on 2.6.25.5-1.1-pae
[17266]: Changing to directory '/etc/ipsec.d/cacerts'
[17266]: Could not change to directory '/etc/ipsec.d/aacerts'
[17266]: Could not change to directory '/etc/ipsec.d/ocspcerts'
[17266]: Changing to directory '/etc/ipsec.d/crls'
[17266]: Warning: empty directory
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: added connection description "win"
[17266]: listening for IKE messages
[17266]: adding interface eth0/eth0 85.114.*.43:500
[17266]: adding interface eth0/eth0 85.114.*.43:4500
[17266]: adding interface lo/lo 127.0.0.2:500
[17266]: adding interface lo/lo 127.0.0.2:4500
[17266]: adding interface lo/lo 127.0.0.1:500
[17266]: adding interface lo/lo 127.0.0.1:4500
[17266]: adding interface lo/lo ::1:500
[17266]: forgetting secrets
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: attempt to redefine connection "win"
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[1] 217.232.27.155 #1: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[1] 217.232.27.155 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[1] 217.232.27.155 #1: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[1] 217.232.27.155 #1: switched from "win" to "win"
[17266]: "win"[2] 217.232.27.155 #1: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[2] 217.232.27.155 #1: I did not send a certificate because I do not have one.
[17266]: "win"[2] 217.232.27.155 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[2] 217.232.27.155 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[2] 217.232.27.155 #2: responding to Quick Mode {msgid:f1c03a90}
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xa09d945b <0x37322689 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA(0xa09d945b) payload: deleting IPSEC State #2
[17266]: "win"[2] 217.232.27.155 #1: received and ignored informational message
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA payload: deleting ISAKMP State #1
[17266]: "win"[2] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[3] 217.232.27.155 #3: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[3] 217.232.27.155 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[3] 217.232.27.155 #3: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[3] 217.232.27.155 #3: switched from "win" to "win"
[17266]: "win"[4] 217.232.27.155 #3: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[4] 217.232.27.155 #3: I did not send a certificate because I do not have one.
[17266]: "win"[4] 217.232.27.155 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[4] 217.232.27.155 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[4] 217.232.27.155 #4: responding to Quick Mode {msgid:5c2b80e8}
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R2: IPsec SA established {ESP=>0xebf9586e <0x41325766 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA(0xebf9586e) payload: deleting IPSEC State #4
[17266]: "win"[4] 217.232.27.155 #3: received and ignored informational message
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA payload: deleting ISAKMP State #3
[17266]: "win"[4] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: attempt to redefine connection "win"
Wäre nett wenn ihr mir helfen könntet!