UTM v10: IPsec bricht sporadisch ab / kein Reconnect

Moderator: Securepoint

Gesperrt
itsec_user
Beiträge: 1
Registriert: Fr 28.03.2014, 15:19

UTM v10: IPsec bricht sporadisch ab / kein Reconnect

Beitrag von itsec_user »

Hallo,

ich habe eine UTM (BlackDWarf)v10 im Einsatz und betreibe diese Router-Firewall hinter einem Cisco RV180.
Der IPsec Tunnel wird erfolgreich das erste mal aufgebaut. Nach ca. einem Tag bricht die Verbindung zusammen und der IPsecTunnel kann nicht erneut aufgebaut werden. Erst nachdem der Cisco RV180 Router neu gestartet wird, wird die Verbindung automatisch wieder aufgebaut.

Ich weiß nicht, woran das Problem liegen könnte.
Anbei ein aktuelles Log das beim versuchten Reconnect gezogen wurde:

Code: Alles auswählen

<84>Mar 28 13:01:55 pluto[6649]: "fw.blackdwarf_01323" #7: ignoring informational payload, type 

INVALID_KEY_INFORMATION
<84>Mar 28 13:01:54 pluto[6649]: "fw.blackdwarf_01323" #7: we don't have a cert
<84>Mar 28 13:01:54 pluto[6649]: "fw.blackdwarf_01323" #7: NAT-Traversal: Result using RFC 3947: i am NATed
<84>Mar 28 13:01:53 pluto[6649]: "fw.blackdwarf_01323" #7: enabling possible NAT-traversal with method 3
<84>Mar 28 13:01:53 pluto[6649]: "fw.blackdwarf_01323" #7: received Vendor ID payload [RFC 3947]
<84>Mar 28 13:01:53 pluto[6649]: "fw.blackdwarf_01323" #7: received Vendor ID payload [Dead Peer Detection]
<84>Mar 28 13:01:53 pluto[6649]: "fw.blackdwarf_01323" #7: received Vendor ID payload [XAUTH]
<84>Mar 28 13:01:53 pluto[6649]: "fw.blackdwarf_01323" #7: received Vendor ID payload [strongSwan]
<84>Mar 28 13:01:53 pluto[6649]: "fw.blackdwarf_01323" #7: initiating Main Mode to replace #6
<84>Mar 28 13:01:53 pluto[6649]: "fw.blackdwarf_01323" #6: starting keying attempt 7 of an unlimited number
<84>Mar 28 13:01:53 pluto[6649]: "fw.blackdwarf_01323" #6: max number of retransmissions (2) reached 

STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message
<84>Mar 28 13:01:13 pluto[6649]: "fw.blackdwarf_01323" #6: malformed payload in packet
<84>Mar 28 13:01:13 pluto[6649]: "fw.blackdwarf_01323" #6: next payload type of ISAKMP Hash Payload has an 

unknown value: 229
<84>Mar 28 13:01:12 pluto[6649]: "fw.blackdwarf_01323" #6: discarding duplicate packet; already 

STATE_MAIN_I3
<4>Mar 28 13:01:08 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=23473 PROTO=UDP SPT=137 DPT=137 LEN=58 
<4>Mar 28 13:01:07 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=23466 PROTO=UDP SPT=137 DPT=137 LEN=58 
<84>Mar 28 13:00:53 pluto[6649]: "fw.blackdwarf_01323" #6: malformed payload in packet
<84>Mar 28 13:00:53 pluto[6649]: "fw.blackdwarf_01323" #6: next payload type of ISAKMP Hash Payload has an 

unknown value: 166
<84>Mar 28 13:00:52 pluto[6649]: "fw.blackdwarf_01323" #6: discarding duplicate packet; already 

STATE_MAIN_I3
<4>Mar 28 13:00:47 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=22657 PROTO=UDP SPT=137 DPT=137 LEN=58 
<4>Mar 28 13:00:46 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=22653 PROTO=UDP SPT=137 DPT=137 LEN=58 
<4>Mar 28 13:00:45 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=22648 PROTO=UDP SPT=137 DPT=137 LEN=58 
<84>Mar 28 13:00:43 pluto[6649]: "fw.blackdwarf_01323" #6: ignoring informational payload, type 

INVALID_KEY_INFORMATION
<84>Mar 28 13:00:43 pluto[6649]: "fw.blackdwarf_01323" #6: we don't have a cert
<84>Mar 28 13:00:43 pluto[6649]: "fw.blackdwarf_01323" #6: NAT-Traversal: Result using RFC 3947: i am NATed
<84>Mar 28 13:00:42 pluto[6649]: "fw.blackdwarf_01323" #6: enabling possible NAT-traversal with method 3
<84>Mar 28 13:00:42 pluto[6649]: "fw.blackdwarf_01323" #6: received Vendor ID payload [RFC 3947]
<84>Mar 28 13:00:42 pluto[6649]: "fw.blackdwarf_01323" #6: received Vendor ID payload [Dead Peer Detection]
<84>Mar 28 13:00:42 pluto[6649]: "fw.blackdwarf_01323" #6: received Vendor ID payload [XAUTH]
<84>Mar 28 13:00:42 pluto[6649]: "fw.blackdwarf_01323" #6: received Vendor ID payload [strongSwan]
<84>Mar 28 13:00:42 pluto[6649]: "fw.blackdwarf_01323" #6: initiating Main Mode to replace #5
<84>Mar 28 13:00:42 pluto[6649]: "fw.blackdwarf_01323" #5: starting keying attempt 6 of an unlimited number
<84>Mar 28 13:00:42 pluto[6649]: "fw.blackdwarf_01323" #5: max number of retransmissions (2) reached 

STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message
<4>Mar 28 13:00:04 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=237 TOS=0x00 PREC=0x00 TTL=128 ID=21167 PROTO=UDP SPT=138 DPT=138 LEN=217 
<84>Mar 28 13:00:02 pluto[6649]: "fw.blackdwarf_01323" #5: malformed payload in packet
<84>Mar 28 13:00:02 pluto[6649]: "fw.blackdwarf_01323" #5: next payload type of ISAKMP Hash Payload has an 

unknown value: 204
<84>Mar 28 13:00:01 pluto[6649]: "fw.blackdwarf_01323" #5: discarding duplicate packet; already 

STATE_MAIN_I3
<84>Mar 28 12:59:42 pluto[6649]: "fw.blackdwarf_01323" #5: malformed payload in packet
<84>Mar 28 12:59:42 pluto[6649]: "fw.blackdwarf_01323" #5: next payload type of ISAKMP Hash Payload has an 

unknown value: 155
<84>Mar 28 12:59:41 pluto[6649]: "fw.blackdwarf_01323" #5: discarding duplicate packet; already 

STATE_MAIN_I3
<84>Mar 28 12:59:32 pluto[6649]: "fw.blackdwarf_01323" #5: ignoring informational payload, type 

INVALID_KEY_INFORMATION
<84>Mar 28 12:59:32 pluto[6649]: "fw.blackdwarf_01323" #5: we don't have a cert
<84>Mar 28 12:59:32 pluto[6649]: "fw.blackdwarf_01323" #5: NAT-Traversal: Result using RFC 3947: i am NATed
<84>Mar 28 12:59:31 pluto[6649]: "fw.blackdwarf_01323" #5: enabling possible NAT-traversal with method 3
<84>Mar 28 12:59:31 pluto[6649]: "fw.blackdwarf_01323" #5: received Vendor ID payload [RFC 3947]
<84>Mar 28 12:59:31 pluto[6649]: "fw.blackdwarf_01323" #5: received Vendor ID payload [Dead Peer Detection]
<84>Mar 28 12:59:31 pluto[6649]: "fw.blackdwarf_01323" #5: received Vendor ID payload [XAUTH]
<84>Mar 28 12:59:31 pluto[6649]: "fw.blackdwarf_01323" #5: received Vendor ID payload [strongSwan]
<84>Mar 28 12:59:31 pluto[6649]: "fw.blackdwarf_01323" #5: initiating Main Mode to replace #4
<84>Mar 28 12:59:31 pluto[6649]: "fw.blackdwarf_01323" #4: starting keying attempt 5 of an unlimited number
<84>Mar 28 12:59:31 pluto[6649]: "fw.blackdwarf_01323" #4: max number of retransmissions (2) reached 

STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message
<4>Mar 28 12:59:08 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=20473 PROTO=UDP SPT=137 DPT=137 LEN=58 
<4>Mar 28 12:59:07 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=20464 PROTO=UDP SPT=137 DPT=137 LEN=58 
<84>Mar 28 12:58:51 pluto[6649]: "fw.blackdwarf_01323" #4: malformed payload in packet
<84>Mar 28 12:58:51 pluto[6649]: "fw.blackdwarf_01323" #4: next payload type of ISAKMP Hash Payload has an 

unknown value: 186
<84>Mar 28 12:58:50 pluto[6649]: "fw.blackdwarf_01323" #4: discarding duplicate packet; already 

STATE_MAIN_I3
<4>Mar 28 12:58:47 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=20248 PROTO=UDP SPT=137 DPT=137 LEN=58 
<4>Mar 28 12:58:46 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=20244 PROTO=UDP SPT=137 DPT=137 LEN=58 
<4>Mar 28 12:58:45 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=20230 PROTO=UDP SPT=137 DPT=137 LEN=58 
<4>Mar 28 12:58:35 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=20113 PROTO=UDP SPT=138 DPT=138 LEN=209 
<84>Mar 28 12:58:31 pluto[6649]: "fw.blackdwarf_01323" #4: malformed payload in packet
<84>Mar 28 12:58:31 pluto[6649]: "fw.blackdwarf_01323" #4: next payload type of ISAKMP Hash Payload has an 

unknown value: 205
<84>Mar 28 12:58:30 pluto[6649]: "fw.blackdwarf_01323" #4: discarding duplicate packet; already 

STATE_MAIN_I3
<84>Mar 28 12:58:21 pluto[6649]: "fw.blackdwarf_01323" #4: ignoring informational payload, type 

INVALID_KEY_INFORMATION
<84>Mar 28 12:58:21 pluto[6649]: "fw.blackdwarf_01323" #4: we don't have a cert
<84>Mar 28 12:58:21 pluto[6649]: "fw.blackdwarf_01323" #4: NAT-Traversal: Result using RFC 3947: i am NATed
<84>Mar 28 12:58:20 pluto[6649]: "fw.blackdwarf_01323" #4: enabling possible NAT-traversal with method 3
<84>Mar 28 12:58:20 pluto[6649]: "fw.blackdwarf_01323" #4: received Vendor ID payload [RFC 3947]
<84>Mar 28 12:58:20 pluto[6649]: "fw.blackdwarf_01323" #4: received Vendor ID payload [Dead Peer Detection]
<84>Mar 28 12:58:20 pluto[6649]: "fw.blackdwarf_01323" #4: received Vendor ID payload [XAUTH]
<84>Mar 28 12:58:20 pluto[6649]: "fw.blackdwarf_01323" #4: received Vendor ID payload [strongSwan]
<84>Mar 28 12:58:20 pluto[6649]: "fw.blackdwarf_01323" #4: initiating Main Mode to replace #3
<84>Mar 28 12:58:20 pluto[6649]: "fw.blackdwarf_01323" #3: starting keying attempt 4 of an unlimited number
<84>Mar 28 12:58:20 pluto[6649]: "fw.blackdwarf_01323" #3: max number of retransmissions (2) reached 

STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message
<15>Mar 28 12:58:02 server: idle: 88.54
<15>Mar 28 12:58:02 server: traffic: tun0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Mar 28 12:58:02 server: traffic: tunl0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Mar 28 12:58:02 server: traffic: teql0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Mar 28 12:58:02 server: traffic: eth2: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Mar 28 12:58:02 server: traffic: eth1: rx bytes: 125307 tx bytes 92199 collisions: 0 errors: 0
<15>Mar 28 12:58:02 server: traffic: eth0: rx bytes: 10611 tx bytes 10368 collisions: 0 errors: 0
<15>Mar 28 12:58:02 server: traffic: lo: rx bytes: 15050 tx bytes 15050 collisions: 0 errors: 0
<84>Mar 28 12:57:40 pluto[6649]: "fw.blackdwarf_01323" #3: malformed payload in packet
<84>Mar 28 12:57:40 pluto[6649]: "fw.blackdwarf_01323" #3: next payload type of ISAKMP Hash Payload has an 

unknown value: 132
<84>Mar 28 12:57:39 pluto[6649]: "fw.blackdwarf_01323" #3: discarding duplicate packet; already 

STATE_MAIN_I3
<84>Mar 28 12:57:20 pluto[6649]: "fw.blackdwarf_01323" #3: malformed payload in packet
<84>Mar 28 12:57:20 pluto[6649]: "fw.blackdwarf_01323" #3: next payload type of ISAKMP Hash Payload has an 

unknown value: 139
<84>Mar 28 12:57:19 pluto[6649]: "fw.blackdwarf_01323" #3: discarding duplicate packet; already 

STATE_MAIN_I3
<84>Mar 28 12:57:10 pluto[6649]: "fw.blackdwarf_01323" #3: ignoring informational payload, type 

INVALID_KEY_INFORMATION
<84>Mar 28 12:57:10 pluto[6649]: "fw.blackdwarf_01323" #3: we don't have a cert
<84>Mar 28 12:57:10 pluto[6649]: "fw.blackdwarf_01323" #3: NAT-Traversal: Result using RFC 3947: i am NATed
<84>Mar 28 12:57:09 pluto[6649]: "fw.blackdwarf_01323" #3: enabling possible NAT-traversal with method 3
<84>Mar 28 12:57:09 pluto[6649]: "fw.blackdwarf_01323" #3: received Vendor ID payload [RFC 3947]
<84>Mar 28 12:57:09 pluto[6649]: "fw.blackdwarf_01323" #3: received Vendor ID payload [Dead Peer Detection]
<84>Mar 28 12:57:09 pluto[6649]: "fw.blackdwarf_01323" #3: received Vendor ID payload [XAUTH]
<84>Mar 28 12:57:09 pluto[6649]: "fw.blackdwarf_01323" #3: received Vendor ID payload [strongSwan]
<84>Mar 28 12:57:09 pluto[6649]: "fw.blackdwarf_01323" #3: initiating Main Mode to replace #2
<84>Mar 28 12:57:09 pluto[6649]: "fw.blackdwarf_01323" #2: starting keying attempt 3 of an unlimited number
<84>Mar 28 12:57:09 pluto[6649]: "fw.blackdwarf_01323" #2: max number of retransmissions (2) reached 

STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message
<4>Mar 28 12:57:08 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:90:f5:c9:2e:1c:08:00 SRC=192.168.0.105 

DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=18576 PROTO=UDP SPT=137 DPT=137 LEN=58 

Doch was sind die Logaussagen vom pluto-Dienst?
Wäre super, wenn mir jmnd. weiterhelfen könnte!

Vielen Dank im Voraus...

VG Stefan

Gesperrt