ich habe gerade mal mein Glück mit IPSEC-XAUTH versucht.
Leider ohne Erfolg.
Auf dem Tablet ist Android 4.0.4 installiert.
Die SP ist wie im Wiki beschrieben eingerichtet (nur andere IPs).
Hier der Auszug aus dem Live Log:
Pre-Shared Key: test | Android-Meldung: Nicht erfolgreich
Code: Alles auswählen
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: received Vendor ID payload [RFC 3947]
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: received Vendor ID payload [XAUTH]
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [Cisco-Unity]
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: received Vendor ID payload [Dead Peer Detection]
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: responding to Main Mode from unknown peer 192.168.0.220
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: NAT-Traversal: Result using RFC 3947: no NAT detected
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: Peer ID is ID_IPV4_ADDR: '192.168.0.220'
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: sent MR3, ISAKMP SA established
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: sending XAUTH request
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: Informational Exchange is for an unknown (expired?) SA
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: parsing XAUTH reply
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: extended authentication was successful
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: sending XAUTH status
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: parsing XAUTH ack
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: received XAUTH ack, established
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: sending ModeCfg set
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: assigning virtual IP 192.168.200.1 to peer
2012-11-26T22:54:49+01:00 pluto packet from 192.168.0.220:500: ModeCfg message is for a non-existent (expired?) ISAKMP SA
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: parsing ModeCfg ack
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: received ModeCfg ack, established
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: parsing ModeCfg request
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: peer requested virtual IP %any
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: assigning virtual IP 192.168.200.1 to peer
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: sending ModeCfg reply
2012-11-26T22:54:49+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #2: sent ModeCfg reply, established
Auch wenn das Log sagt, das möglicherweise die PSKs nicht identisch sind, Sie sind es. Ich habe es mehrfach neu eingegeben. Die Anmeldedaten funktionieren bei ClientlessVPN ohne Probleme.
Code: Alles auswählen
2012-11-26T23:02:37+01:00 pluto packet from 192.168.0.220:500: received Vendor ID payload [RFC 3947]
2012-11-26T23:02:37+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2012-11-26T23:02:37+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2012-11-26T23:02:37+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2012-11-26T23:02:37+01:00 pluto packet from 192.168.0.220:500: received Vendor ID payload [XAUTH]
2012-11-26T23:02:37+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [Cisco-Unity]
2012-11-26T23:02:37+01:00 pluto packet from 192.168.0.220:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2012-11-26T23:02:37+01:00 pluto packet from 192.168.0.220:500: received Vendor ID payload [Dead Peer Detection]
2012-11-26T23:02:37+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: responding to Main Mode from unknown peer 192.168.0.220
2012-11-26T23:02:37+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: NAT-Traversal: Result using RFC 3947: no NAT detected
2012-11-26T23:02:37+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:02:37+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:02:37+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:02:40+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:02:40+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:02:40+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:02:44+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:02:44+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:02:44+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:02:47+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:02:47+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:02:47+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:02:48+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:02:48+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:02:48+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:02:50+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:02:50+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:02:50+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:02:53+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:02:53+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:02:53+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:02:56+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:02:56+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:02:56+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:02:59+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:02:59+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:02:59+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:03:02+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:03:02+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:03:02+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:03:05+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:03:05+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:03:05+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:03:08+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: next payload type of ISAKMP Identification Payload has an unknown value: 102
2012-11-26T23:03:08+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
2012-11-26T23:03:08+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: sending encrypted notification PAYLOAD_MALFORMED to 192.168.0.220:500
2012-11-26T23:03:48+01:00 pluto "ipsec-xauth_1"[1] 192.168.0.220 #5: max number of retransmissions (2) reached STATE_MAIN_R2