Mac Book Pro und VPN

Moderator: Securepoint

Gesperrt
glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Mac Book Pro und VPN

Beitrag von glohr »

Hallo,

bisher hatte ich ein Windows Laptop und bin mit der NCP Software in meine Netz gegangen.
Nun bin ich gerade am testen mit einem MacBook Pro.
Dort habe ich die Möglichkeit per Cisco IPSEC, PPTP oder L2TP eine Verbindung aufzubauen.

Über L2TP bekomme ich das auch hin. Der rechner wird verbunden aber ein Zugriff auf das Netzwerk ist nicht möglich.

Auszug aus dem LOG:
Oct 1 15:28:24 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=7193 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 1 15:28:09 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=7158 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 1 15:27:59 kernel: DROP(default) IN=ppp0 OUT=ppp0 MAC= SRC=192.168.0.1 DST=192.168.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=22566 PROTO=ICMP TYPE=8 CODE=0 ID=46337 SEQ=11 MARK=0x1
Oct 1 15:27:58 kernel: DROP(default) IN=ppp0 OUT=ppp0 MAC= SRC=192.168.0.1 DST=192.168.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=24927 PROTO=ICMP TYPE=8 CODE=0 ID=46337 SEQ=10 MARK=0x1
Oct 1 15:27:57 server: idle: 93.91
Oct 1 15:27:57 server: traffic: ppp0: rx bytes: 628 tx bytes 38 collisions: 0 errors: 0
Oct 1 15:27:57 server: traffic: tunl0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 1 15:27:57 server: traffic: teql0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 1 15:27:57 server: traffic: eth3: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 1 15:27:57 server: traffic: eth2: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 1 15:27:57 server: traffic: eth1: rx bytes: 234754 tx bytes 252265 collisions: 0 errors: 0
Oct 1 15:27:57 server: traffic: eth0: rx bytes: 190199 tx bytes 153717 collisions: 0 errors: 0
Oct 1 15:27:57 server: traffic: lo: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 1 15:27:49 kernel: DROP(default) IN=ppp0 OUT=ppp0 MAC= SRC=192.168.0.1 DST=192.168.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=42863 PROTO=ICMP TYPE=8 CODE=0 ID=46337 SEQ=0 MARK=0x1
Oct 1 15:27:29 kernel: DROP(default) IN=ppp0 OUT= MAC= SRC=192.168.0.1 DST=255.255.255.255 LEN=290 TOS=0x00 PREC=0x00 TTL=64 ID=8 PROTO=UDP SPT=68 DPT=67 LEN=270 MARK=0x1
Oct 1 15:27:27 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.1 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=63 ID=38460 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Oct 1 15:27:26 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.1 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=63 ID=44631 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Oct 1 15:27:26 kernel: DROP(default) IN=ppp0 OUT= MAC= SRC=192.168.0.1 DST=255.255.255.255 LEN=290 TOS=0x00 PREC=0x00 TTL=64 ID=6 PROTO=UDP SPT=68 DPT=67 LEN=270 MARK=0x1
Oct 1 15:27:25 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.1 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=63 ID=64615 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Oct 1 15:27:24 server: /etc/post_rules.sh: empty
Oct 1 15:27:24 server: /etc/post_rules.sh: empty
Oct 1 15:27:23 server: DEBUG: 'ip route add 192.168.250.0/24 nexthop dev tun0 weight 1' = FAILED
Oct 1 15:27:23 server: DEBUG: delete old_route = 2
Oct 1 15:27:23 server: DEBUG: changes on ppp0: -address +address (tunnel)
Oct 1 15:27:22 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.1 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=23607 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 1 15:27:21 l2tpd[25474]: network_thread: unable to find call or tunnel to handle packet. call = 59141, tunnel = 31655 Dumping.
Oct 1 15:27:21 l2tpd[25474]: get_call:can't find tunnel 31655
Oct 1 15:27:21 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=7091 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 1 15:27:21 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.1 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=806 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 1 15:27:21 kernel: DROP(default) IN=ppp0 OUT= MAC= SRC=192.168.0.1 DST=255.255.255.255 LEN=290 TOS=0x00 PREC=0x00 TTL=64 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=270
Oct 1 15:27:20 pppd[31416]: remote IP address 192.168.0.1
Oct 1 15:27:20 pppd[31416]: local IP address 192.168.0.0
Oct 1 15:27:20 pluto[25346]: interface ppp0 activated
Oct 1 15:27:20 pluto[25346]: 192.168.0.0 appeared on ppp0
Oct 1 15:27:20 pluto[25346]: 192.168.0.0 disappeared from ppp0
Oct 1 15:27:20 pluto[25346]: 192.168.0.0 appeared on ppp0
Oct 1 15:27:20 charon: 06[KNL] interface ppp0 activated
Oct 1 15:27:20 charon: 06[KNL] 192.168.0.0 appeared on ppp0
Oct 1 15:27:20 charon: 06[KNL] 192.168.0.0 disappeared from ppp0
Oct 1 15:27:20 charon: 06[KNL] 192.168.0.0 appeared on ppp0
Oct 1 15:27:20 pppd[31416]: Cannot determine ethernet address for proxy ARP
Oct 1 15:27:17 l2tpd[25474]: network_thread: unable to find call or tunnel to handle packet. call = 59141, tunnel = 31655 Dumping.
Oct 1 15:27:17 l2tpd[25474]: get_call:can't find tunnel 31655
Oct 1 15:27:17 kernel: ACCEPT(rule:35) IN=eth0 OUT= MAC=00:06:4f:66:89:85:00:30:b8:ca:9e:01:08:00 SRC=109.43.0.91 DST=46.5.74.39 LEN=70 TOS=0x00 PREC=0x00 TTL=52 ID=57699 PROTO=UDP SPT=47879 DPT=1701 LEN=50 MARK=0x1
Oct 1 15:27:13 pppd[31416]: Connect: ppp0 /dev/ttyp0
Oct 1 15:27:13 pppd[31416]: Using interface ppp0
Oct 1 15:27:13 pppd[31416]: pppd 2.4.5 started by root, uid 0
Oct 1 15:27:13 l2tpd[25474]: control_finish: Call established with 109.43.0.91, Local: 2958, Remote: 433, Serial: 1
Oct 1 15:27:13 l2tpd[25474]: frame_type_avp: peer uses: async frames
Oct 1 15:27:13 l2tpd[25474]: tx_speed_avp: transmit baud rate is 1000000
Oct 1 15:27:13 l2tpd[25474]: message_type_avp: message type 12 (Incoming-Call-Connected)
Oct 1 15:27:13 l2tpd[25474]: handle_avps: handling avp's for tunnel 40005, call 2958
Oct 1 15:27:13 l2tpd[25474]: call_serno_avp: serial number is 1
Oct 1 15:27:13 l2tpd[25474]: assigned_call_avp: using peer's call 433
Oct 1 15:27:13 l2tpd[25474]: message_type_avp: new incoming call
Oct 1 15:27:13 l2tpd[25474]: message_type_avp: message type 10 (Incoming-Call-Request)
Oct 1 15:27:13 l2tpd[25474]: handle_avps: handling avp's for tunnel 40005, call 775043377
Oct 1 15:27:13 l2tpd[25474]: control_finish: Connection established to 109.43.0.91, 55664. Local: 40005, Remote: 8. LNS session is 'default'
Oct 1 15:27:13 l2tpd[25474]: message_type_avp: message type 3 (Start-Control-Connection-Connected)
Oct 1 15:27:13 l2tpd[25474]: handle_avps: handling avp's for tunnel 40005, call 775043377
Oct 1 15:27:13 pluto[25346]: "firewall.glohr.local__GT__mac_vpn_2_0"[5] 109.43.0.91:41597 #8: IPsec SA established {ESP=>0x0608a93c Oct 1 15:27:13 l2tpd[25474]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.
Oct 1 15:27:13 l2tpd[25474]: assigned_tunnel_avp: using peer's tunnel 8
Oct 1 15:27:13 l2tpd[25474]: hostname_avp: peer reports hostname 'Heikos-MacBook-Pro.local'
Oct 1 15:27:13 l2tpd[25474]: framing_caps_avp: supported peer frames: async sync
Oct 1 15:27:13 l2tpd[25474]: protocol_version_avp: peer is using version 1, revision 0.
Oct 1 15:27:13 l2tpd[25474]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Oct 1 15:27:13 l2tpd[25474]: handle_avps: handling avp's for tunnel 40005, call 775043377
Oct 1 15:27:13 l2tpd[25474]: network_thread: unable to find call or tunnel to handle packet. call = 59141, tunnel = 31655 Dumping.
Oct 1 15:27:13 l2tpd[25474]: get_call:can't find tunnel 31655
Oct 1 15:27:13 kernel: ACCEPT(rule:35) IN=eth0 OUT= MAC=00:06:4f:66:89:85:00:30:b8:ca:9e:01:08:00 SRC=109.43.0.91 DST=46.5.74.39 LEN=70 TOS=0x00 PREC=0x00 TTL=52 ID=4450 PROTO=UDP SPT=47879 DPT=1701 LEN=50 MARK=0x1
Oct 1 15:27:12 pluto[25346]: "firewall.glohr.local__GT__mac_vpn_2_0"[5] 109.43.0.91:41597 #8: responding to Quick Mode
Oct 1 15:27:12 pluto[25346]: "firewall.glohr.local__GT__mac_vpn_2_0"[5] 109.43.0.91:41597 #8: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Oct 1 15:27:12 pluto[25346]: "firewall.glohr.local__GT__mac_27"[6] 109.43.0.91:41597 #7: sent MR3, ISAKMP SA established
Oct 1 15:27:12 pluto[25346]: | NAT-T: new mapping 109.43.0.91:500/41597)
Oct 1 15:27:12 pluto[25346]: "firewall.glohr.local__GT__mac_27"[6] 109.43.0.91 #7: deleting connection "firewall.glohr.local__GT__mac_27" instance with peer 109.43.0.91 {isakmp=#0/ipsec=#0}
Oct 1 15:27:12 pluto[25346]: "firewall.glohr.local__GT__mac_27"[5] 109.43.0.91 #7: Peer ID is ID_IPV4_ADDR: '172.20.10.2'
Oct 1 15:27:12 pluto[25346]: "firewall.glohr.local__GT__mac_27"[5] 109.43.0.91 #7: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Oct 1 15:27:11 pluto[25346]: "firewall.glohr.local__GT__mac_27"[5] 109.43.0.91 #7: NAT-Traversal: Result using RFC 3947: peer is NATed
Oct 1 15:27:11 l2tpd[25474]: network_thread: unable to find call or tunnel to handle packet. call = 59141, tunnel = 31655 Dumping.
Oct 1 15:27:11 l2tpd[25474]: get_call:can't find tunnel 31655
Oct 1 15:27:11 kernel: ACCEPT(rule:35) IN=eth0 OUT= MAC=00:06:4f:66:89:85:00:30:b8:ca:9e:01:08:00 SRC=109.43.0.91 DST=46.5.74.39 LEN=70 TOS=0x00 PREC=0x00 TTL=52 ID=12344 PROTO=UDP SPT=47879 DPT=1701 LEN=50 MARK=0x1
Oct 1 15:27:10 pluto[25346]: "firewall.glohr.local__GT__mac_27"[5] 109.43.0.91 #7: responding to Main Mode from unknown peer 109.43.0.91
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: received Vendor ID payload [Dead Peer Detection]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Oct 1 15:27:10 pluto[25346]: packet from 109.43.0.91:500: received Vendor ID payload [RFC 3947]
Oct 1 15:27:10 l2tpd[25474]: network_thread: unable to find call or tunnel to handle packet. call = 59141, tunnel = 31655 Dumping.
Oct 1 15:27:10 l2tpd[25474]: get_call:can't find tunnel 31655
Oct 1 15:27:10 kernel: ACCEPT(rule:35) IN=eth0 OUT= MAC=00:06:4f:66:89:85:00:30:b8:ca:9e:01:08:00 SRC=109.43.0.91 DST=46.5.74.39 LEN=70 TOS=0x00 PREC=0x00 TTL=52 ID=64039 PROTO=UDP SPT=47879 DPT=1701 LEN=50 MARK=0x1
Oct 1 15:27:09 l2tpd[25474]: network_thread: unable to find call or tunnel to handle packet. call = 59141, tunnel = 31655 Dumping.
Oct 1 15:27:09 l2tpd[25474]: get_call:can't find tunnel 31655

carsten
Beiträge: 644
Registriert: Fr 05.10.2007, 12:56

Beitrag von carsten »

Hallo,

Code: Alles auswählen

<4>Oct 1 15:27:49 kernel: DROP(default) IN=ppp0 OUT=ppp0
 MAC= SRC=192.168.0.1 DST=192.168.0.1 LEN=84 TOS=0x00
 PREC=0x00 TTL=63 ID=42863 PROTO=ICMP TYPE=8 CODE=0 
ID=46337 SEQ=0 MARK=0x1 


Das sieht ziemlich ungut aus.

Welche IP haben Sie lokal auf eth1?
Welche IP hat ihr Client bekommen?
Welche IP hat das L2TP-Interface?

Welche Regel haben Sie angelegt?
Zuletzt geändert von carsten am Di 02.10.2012, 16:24, insgesamt 1-mal geändert.
There are 10 types of people in the world... those who understand binary and those who don\'t.

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

Hallo,

IP auf eth1 ist die 10.10.1.10 u. 172.16.0.1
Client bekommt die 192.168.0.2
Lokale L2TP IP: 192.168.0.0 Pool: 192.168.0.1 -3

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

Sorry die Regeln:

Internet - External Interface - VPN
VPN - internal Network - any

carsten
Beiträge: 644
Registriert: Fr 05.10.2007, 12:56

Beitrag von carsten »

Geben Sie dem L2TP-Interface mal die 192.168.0.1 nicht 0.0 und setzen den Pool auf 192.168.0.2 -5
There are 10 types of people in the world... those who understand binary and those who don\'t.

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

Hallo,

ich habe jetzt die L2TP Adresse zu 192.168.0.1 geändert und den Pool aud 2-5.

Mein Mac Book bekommt beim anmelden die 192.168.0.2 zugewiesen.
Netzwerkzugriff ist nicht möglich.

hier der LOG:

Oct 2 14:07:54 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=13685 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 14:07:41 kernel: DROP(default) IN=ppp0 OUT= MAC= SRC=192.168.0.2 DST=255.255.255.255 LEN=290 TOS=0x00 PREC=0x00 TTL=64 ID=10 PROTO=UDP SPT=68 DPT=67 LEN=270 MARK=0x1
Oct 2 14:07:38 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=13658 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 14:07:37 kernel: DROP(default) IN=ppp0 OUT= MAC= SRC=192.168.0.2 DST=255.255.255.255 LEN=290 TOS=0x00 PREC=0x00 TTL=64 ID=8 PROTO=UDP SPT=68 DPT=67 LEN=270 MARK=0x1
Oct 2 14:07:34 kernel: DROP(default) IN=ppp0 OUT= MAC= SRC=192.168.0.2 DST=255.255.255.255 LEN=290 TOS=0x00 PREC=0x00 TTL=64 ID=6 PROTO=UDP SPT=68 DPT=67 LEN=270 MARK=0x1
Oct 2 14:07:32 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=63 ID=38001 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Oct 2 14:07:31 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=63 ID=28672 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Oct 2 14:07:31 kernel: DROP(default) IN=ppp0 OUT= MAC= SRC=192.168.0.2 DST=255.255.255.255 LEN=290 TOS=0x00 PREC=0x00 TTL=64 ID=4 PROTO=UDP SPT=68 DPT=67 LEN=270
Oct 2 14:07:31 server: /etc/post_rules.sh: empty
Oct 2 14:07:30 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=3137 PROTO=UDP SPT=137 DPT=137 LEN=58 MARK=0x1
Oct 2 14:07:30 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=63 ID=33624 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Oct 2 14:07:30 server: /etc/post_rules.sh: empty
Oct 2 14:07:30 server: DEBUG: 'ip route add /32 nexthop dev tun0 weight 1' = FAILED
Oct 2 14:07:30 server: DEBUG: delete old_route = 2
Oct 2 14:07:30 server: DEBUG: changes on ppp0: -address +address (tunnel)
Oct 2 14:07:29 kernel: DROP(default) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=55 TOS=0x00 PREC=0x00 TTL=254 ID=41032 PROTO=UDP SPT=63279 DPT=53 LEN=35
Oct 2 14:07:29 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=65061 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 14:07:29 kernel: DROP(default) IN=ppp0 OUT= MAC= SRC=192.168.0.2 DST=255.255.255.255 LEN=290 TOS=0x00 PREC=0x00 TTL=64 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=270
Oct 2 14:07:27 kernel: DROP(default) IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:b8:ca:9e:01:08:00 SRC=10.104.0.1 DST=255.255.255.255 LEN=306 TOS=0x00 PREC=0x00 TTL=255 ID=18860 PROTO=UDP SPT=67 DPT=68 LEN=286
Oct 2 14:07:26 pppd[9384]: remote IP address 192.168.0.2
Oct 2 14:07:26 pppd[9384]: local IP address 192.168.0.1
Oct 2 14:07:26 pluto[6925]: interface ppp0 activated
Oct 2 14:07:26 pluto[6925]: 192.168.0.1 appeared on ppp0
Oct 2 14:07:26 pluto[6925]: 192.168.0.1 disappeared from ppp0
Oct 2 14:07:26 pluto[6925]: 192.168.0.1 appeared on ppp0
Oct 2 14:07:26 charon: 08[KNL] interface ppp0 activated
Oct 2 14:07:26 charon: 08[KNL] 192.168.0.1 appeared on ppp0
Oct 2 14:07:26 charon: 08[KNL] 192.168.0.1 disappeared from ppp0
Oct 2 14:07:26 charon: 08[KNL] 192.168.0.1 appeared on ppp0
Oct 2 14:07:26 pppd[9384]: Cannot determine ethernet address for proxy ARP
Oct 2 14:07:22 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=13654 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 14:07:14 l2tpd[7051]: handle_packet: bad control packet!
Oct 2 14:07:14 l2tpd[7051]: check_control: Received out of order control packet on tunnel 4 (3 != 4)
Oct 2 14:07:13 pppd[9384]: Connect: ppp0 /dev/ttyp0
Oct 2 14:07:13 pppd[9384]: Using interface ppp0
Oct 2 14:07:13 pppd[9384]: pppd 2.4.5 started by root, uid 0
Oct 2 14:07:13 l2tpd[7051]: control_finish: Call established with 109.43.0.33, Local: 11317, Remote: 377, Serial: 1
Oct 2 14:07:13 l2tpd[7051]: frame_type_avp: peer uses: async frames
Oct 2 14:07:13 l2tpd[7051]: tx_speed_avp: transmit baud rate is 1000000
Oct 2 14:07:13 l2tpd[7051]: message_type_avp: message type 12 (Incoming-Call-Connected)
Oct 2 14:07:13 l2tpd[7051]: handle_avps: handling avp's for tunnel 44578, call 11317
Oct 2 14:07:12 server: idle: 91.96
Oct 2 14:07:12 server: traffic: tunl0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 14:07:12 server: traffic: teql0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 14:07:12 server: traffic: eth3: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 14:07:12 server: traffic: eth2: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 14:07:12 server: traffic: eth1: rx bytes: 255165 tx bytes 229160 collisions: 0 errors: 0
Oct 2 14:07:12 server: traffic: eth0: rx bytes: 180658 tx bytes 121955 collisions: 0 errors: 0
Oct 2 14:07:12 server: traffic: lo: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 14:07:12 l2tpd[7051]: handle_packet: bad control packet!
Oct 2 14:07:12 l2tpd[7051]: check_control: Received out of order control packet on tunnel 4 (1 != 3)
Oct 2 14:07:11 l2tpd[7051]: call_serno_avp: serial number is 1
Oct 2 14:07:11 l2tpd[7051]: assigned_call_avp: using peer's call 377
Oct 2 14:07:11 l2tpd[7051]: message_type_avp: new incoming call
Oct 2 14:07:11 l2tpd[7051]: message_type_avp: message type 10 (Incoming-Call-Request)
Oct 2 14:07:11 l2tpd[7051]: handle_avps: handling avp's for tunnel 44578, call 0
Oct 2 14:07:11 l2tpd[7051]: control_finish: Connection established to 109.43.0.33, 49777. Local: 44578, Remote: 4. LNS session is 'default'
Oct 2 14:07:11 l2tpd[7051]: message_type_avp: message type 3 (Start-Control-Connection-Connected)
Oct 2 14:07:11 l2tpd[7051]: handle_avps: handling avp's for tunnel 44578, call 0
Oct 2 14:07:10 l2tpd[7051]: control_finish: Peer requested tunnel 4 twice, ignoring second one.
Oct 2 14:07:10 l2tpd[7051]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.
Oct 2 14:07:10 l2tpd[7051]: assigned_tunnel_avp: using peer's tunnel 4
Oct 2 14:07:10 l2tpd[7051]: hostname_avp: peer reports hostname 'Heikos-MacBook-Pro.local'
Oct 2 14:07:10 l2tpd[7051]: framing_caps_avp: supported peer frames: async sync
Oct 2 14:07:10 l2tpd[7051]: protocol_version_avp: peer is using version 1, revision 0.
Oct 2 14:07:10 l2tpd[7051]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Oct 2 14:07:10 l2tpd[7051]: handle_avps: handling avp's for tunnel 3847, call 1869636978
Oct 2 14:07:09 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[4] 109.43.0.33:47454 #4: IPsec SA established {ESP=>0x0dd9f1f2 Oct 2 14:07:09 l2tpd[7051]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.
Oct 2 14:07:09 l2tpd[7051]: assigned_tunnel_avp: using peer's tunnel 4
Oct 2 14:07:09 l2tpd[7051]: hostname_avp: peer reports hostname 'Heikos-MacBook-Pro.local'
Oct 2 14:07:09 l2tpd[7051]: framing_caps_avp: supported peer frames: async sync
Oct 2 14:07:09 l2tpd[7051]: protocol_version_avp: peer is using version 1, revision 0.
Oct 2 14:07:09 l2tpd[7051]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Oct 2 14:07:09 l2tpd[7051]: handle_avps: handling avp's for tunnel 44578, call 0
Oct 2 14:07:08 l2tpd[7051]: network_thread: unable to find call or tunnel to handle packet. call = 63887, tunnel = 15385 Dumping.
Oct 2 14:07:08 l2tpd[7051]: get_call:can't find tunnel 15385
Oct 2 14:07:07 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[4] 109.43.0.33:47454 #4: responding to Quick Mode
Oct 2 14:07:07 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[4] 109.43.0.33:47454 #4: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Oct 2 14:07:07 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=13604 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 14:07:04 l2tpd[7051]: network_thread: unable to find call or tunnel to handle packet. call = 63887, tunnel = 15385 Dumping.
Oct 2 14:07:04 l2tpd[7051]: get_call:can't find tunnel 15385
Oct 2 14:07:03 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[4] 109.43.0.33:47454 #3: sent MR3, ISAKMP SA established
Oct 2 14:07:03 pluto[6925]: | NAT-T: new mapping 109.43.0.33:500/47454)
Oct 2 14:07:03 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[4] 109.43.0.33 #3: deleting connection "firewall.glohr.local__GT__mac_vpn_2_0" instance with peer 109.43.0.33 {isakmp=#0/ipsec=#0}
Oct 2 14:07:03 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[3] 109.43.0.33 #3: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
Oct 2 14:07:03 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[3] 109.43.0.33 #3: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
Oct 2 14:07:03 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[3] 109.43.0.33 #3: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
Oct 2 14:07:03 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[3] 109.43.0.33 #3: Peer ID is ID_IPV4_ADDR: '172.20.10.2'
Oct 2 14:07:03 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[3] 109.43.0.33 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Oct 2 14:07:01 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[3] 109.43.0.33 #3: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
Oct 2 14:07:01 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[3] 109.43.0.33 #3: NAT-Traversal: Result using RFC 3947: peer is NATed
Oct 2 14:07:00 l2tpd[7051]: network_thread: unable to find call or tunnel to handle packet. call = 63887, tunnel = 15385 Dumping.
Oct 2 14:07:00 l2tpd[7051]: get_call:can't find tunnel 15385
Oct 2 14:07:00 kernel: ACCEPT(rule:35) IN=eth0 OUT= MAC=00:06:4f:66:89:85:00:30:b8:ca:9e:01:08:00 SRC=109.43.0.33 DST=46.223.207.239 LEN=70 TOS=0x00 PREC=0x00 TTL=52 ID=27183 PROTO=UDP SPT=35183 DPT=1701 LEN=50 MARK=0x1
Oct 2 14:06:59 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[3] 109.43.0.33 #3: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
Oct 2 14:06:59 pluto[6925]: "firewall.glohr.local__GT__mac_vpn_2_0"[3] 109.43.0.33 #3: responding to Main Mode from unknown peer 109.43.0.33
Oct 2 14:06:59 pluto[6925]: packet from 109.43.0.33:500: received Vendor ID payload [Dead Peer Detection]
Oct 2 14:06:59 pluto[6925]: packet from 109.43.0.33:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Oct 2 14:06:59 pluto[6925]: packet from 109.43.0.33:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

Ich habe das logging noch verschärft um mehr ergebnisse zu erhalten


4>Oct 2 15:39:54 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=24239 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:39:46 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=254 ID=30802 PROTO=UDP SPT=53042 DPT=53 LEN=48 MARK=0x1
Oct 2 15:39:22 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=24193 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:39:19 kernel: DROP(default) IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:b8:ca:9e:01:08:00 SRC=10.104.0.1 DST=255.255.255.255 LEN=321 TOS=0x00 PREC=0x00 TTL=255 ID=33432 PROTO=UDP SPT=67 DPT=68 LEN=301
Oct 2 15:39:06 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23928 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:38:50 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23925 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:38:49 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=54 TOS=0x00 PREC=0x00 TTL=254 ID=64112 PROTO=UDP SPT=61019 DPT=53 LEN=34 MARK=0x1
Oct 2 15:38:49 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=54 TOS=0x00 PREC=0x00 TTL=254 ID=16999 PROTO=UDP SPT=61341 DPT=53 LEN=34 MARK=0x1
Oct 2 15:38:34 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:33:ea:6a:eb:08:00 SRC=10.10.1.20 DST=10.255.255.255 LEN=232 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=212
Oct 2 15:38:34 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:33:ea:6a:eb:08:00 SRC=10.10.1.20 DST=10.255.255.255 LEN=232 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=212
Oct 2 15:38:34 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23895 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:38:18 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23868 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:38:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=89 TOS=0x00 PREC=0x00 TTL=254 ID=6928 PROTO=UDP SPT=64728 DPT=53 LEN=69 MARK=0x1
Oct 2 15:38:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=81 TOS=0x00 PREC=0x00 TTL=254 ID=51988 PROTO=UDP SPT=59641 DPT=53 LEN=61 MARK=0x1
Oct 2 15:38:02 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23829 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:38:01 server: idle: 91.19
Oct 2 15:38:01 server: traffic: ppp0: rx bytes: 170 tx bytes 426 collisions: 0 errors: 0
Oct 2 15:38:01 server: traffic: tunl0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:38:01 server: traffic: teql0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:38:01 server: traffic: eth3: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:38:01 server: traffic: eth2: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:38:01 server: traffic: eth1: rx bytes: 317574 tx bytes 296344 collisions: 0 errors: 0
Oct 2 15:38:01 server: traffic: eth0: rx bytes: 170350 tx bytes 172455 collisions: 0 errors: 0
Oct 2 15:38:01 server: traffic: lo: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:37:46 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23813 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:37:36 server: /etc/post_rules.sh: empty
Oct 2 15:37:35 server: 0 applications created, 0 templates updated and 0 variables added
Oct 2 15:37:35 server: update extc_template notice: /etc/filter_template handled as user template
Oct 2 15:37:35 server: update extc_template notice: /etc/vscan_template handled as user template
Oct 2 15:37:33 mountd: remount-ro filesystem / (0)
Oct 2 15:37:33 kernel: EXT2-fs (sda2): warning: maximal mount count reached, running e2fsck is recommended
Oct 2 15:37:33 mountd: remount-rw filesystem / (0)
Oct 2 15:37:30 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23796 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:37:14 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23748 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:36:58 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23728 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:36:42 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23701 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:36:36 kernel: DROP(default) IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:b8:ca:9e:01:08:00 SRC=10.104.0.1 DST=255.255.255.255 LEN=306 TOS=0x00 PREC=0x00 TTL=255 ID=30129 PROTO=UDP SPT=67 DPT=68 LEN=286
Oct 2 15:36:36 kernel: DROP(default) IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:b8:ca:9e:01:08:00 SRC=10.104.0.1 DST=255.255.255.255 LEN=306 TOS=0x00 PREC=0x00 TTL=255 ID=30126 PROTO=UDP SPT=67 DPT=68 LEN=286
Oct 2 15:36:26 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23697 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:36:10 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23645 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:35:54 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23625 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:35:53 server: 0 applications created, 0 templates updated and 0 variables added
Oct 2 15:35:53 server: update extc_template notice: /etc/filter_template handled as user template
Oct 2 15:35:53 server: update extc_template notice: /etc/vscan_template handled as user template
Oct 2 15:35:50 mountd: remount-ro filesystem / (0)
Oct 2 15:35:50 kernel: EXT2-fs (sda2): warning: maximal mount count reached, running e2fsck is recommended
Oct 2 15:35:50 mountd: remount-rw filesystem / (0)
Oct 2 15:35:50 server: /etc/post_rules.sh: empty
Oct 2 15:35:43 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:5d:8f:60:00:08:00 SRC=10.10.1.2 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=3372 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:35:40 server: 0 applications created, 0 templates updated and 0 variables added
Oct 2 15:35:40 server: update extc_template notice: /etc/filter_template handled as user template
Oct 2 15:35:40 server: update extc_template notice: /etc/vscan_template handled as user template
Oct 2 15:35:38 mountd: remount-ro filesystem / (0)
Oct 2 15:35:38 kernel: EXT2-fs (sda2): warning: maximal mount count reached, running e2fsck is recommended
Oct 2 15:35:38 mountd: remount-rw filesystem / (0)
Oct 2 15:35:38 server: /etc/post_rules.sh: empty
Oct 2 15:35:38 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23598 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:35:22 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23581 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:34:54 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:5d:8f:60:00:08:00 SRC=10.10.1.2 DST=10.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2874 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 15:34:34 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23490 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:34:18 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23463 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:34:01 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:5d:8f:60:00:08:00 SRC=10.10.1.2 DST=10.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2391 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 15:33:37 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:5d:8f:60:00:08:00 SRC=10.10.1.2 DST=10.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=1988 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 15:33:37 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:5d:8f:60:00:08:00 SRC=10.10.1.2 DST=10.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=1987 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 15:33:36 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:5d:8f:60:00:08:00 SRC=10.10.1.2 DST=10.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=1986 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 15:33:35 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:5d:8f:60:00:08:00 SRC=10.10.1.2 DST=10.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=1985 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 15:33:30 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23179 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:33:14 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23129 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:32:58 server: idle: 96.29
Oct 2 15:32:58 server: traffic: ppp0: rx bytes: 494 tx bytes 776 collisions: 0 errors: 0
Oct 2 15:32:58 server: traffic: tunl0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:32:58 server: traffic: teql0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:32:58 server: traffic: eth3: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:32:58 server: traffic: eth2: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:32:58 server: traffic: eth1: rx bytes: 225750 tx bytes 224644 collisions: 0 errors: 0
Oct 2 15:32:58 server: traffic: eth0: rx bytes: 169531 tx bytes 146059 collisions: 0 errors: 0
Oct 2 15:32:58 server: traffic: lo: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
Oct 2 15:32:57 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23111 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:32:41 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23084 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:32:09 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23026 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:31:53 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22997 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:31:37 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22970 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:31:10 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:5d:8f:60:00:08:00 SRC=10.10.1.2 DST=10.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=872 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 15:30:47 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:5d:8f:60:00:08:00 SRC=10.10.1.2 DST=10.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=579 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 15:30:34 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22865 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:30:18 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22838 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:29:50 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=22770 PROTO=UDP SPT=137 DPT=137 LEN=58
Oct 2 15:29:46 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22756 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:29:30 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22737 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:29:27 kernel: DROP(default) IN=eth0 OUT= MAC=00:06:4f:66:89:85:00:30:b8:ca:9e:01:08:00 SRC=83.169.48.38 DST=46.223.207.239 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=23626 DF PROTO=TCP SPT=443 DPT=51105 WINDOW=73 RES=0x00 ACK FIN URGP=0
Oct 2 15:29:14 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22689 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:28:58 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22457 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:28:42 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22383 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:28:26 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22379 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:28:10 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22331 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 2 15:28:06 kernel: DROP(default) IN=eth0 OUT= MAC=00:06:4f:66:89:85:00:30:b8:ca:9e:01:08:00 SRC=121.14.71.24 DST=46.223.207.239 LEN=40 TOS=0x00 PREC=0x00 TTL=107 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0

Benutzeravatar
Erik
Securepoint
Beiträge: 1480
Registriert: Fr 07.11.2008, 11:50

Beitrag von Erik »

Code: Alles auswählen

<4>Oct 2 15:38:02 kernel: ACCEPT(rule:47) IN=ppp0
 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=89
 TOS=0x00 PREC=0x00 TTL=254 ID=6928 PROTO=UDP SPT=64728 DPT=53 LEN=69 MARK=0x1
Das sieht mal danach aus, als würde das Paket schonmal "hin" gehen. Die Frage ist: kommt es auch zurück?

Login als root auf der Konsole und dann:

Code: Alles auswählen

# tcpdump -i eth1 -np host 192.168.0.2
Sehen Sie da auch Pakete, die ZU der IP 192.168.0.2 gehen?
Zuletzt geändert von Erik am Di 02.10.2012, 16:23, insgesamt 1-mal geändert.

carsten
Beiträge: 644
Registriert: Fr 05.10.2007, 12:56

Beitrag von carsten »

Können Sie mal Netzwerkzugriff näher beschreiben? Was versuchen Sie?

Das sieht doch ganz gut aus!

Code: Alles auswählen

<4>Oct 2 15:39:46 kernel: ACCEPT(rule:47) IN=ppp0
 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=68
 TOS=0x00 PREC=0x00 TTL=254 ID=30802 PROTO=UDP SPT=53042 DPT=53 LEN=48 MARK=0x1
Zuletzt geändert von carsten am Di 02.10.2012, 16:23, insgesamt 1-mal geändert.
There are 10 types of people in the world... those who understand binary and those who don\'t.

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

Ich versuche von dem verbundenen Mac Book einen PING auf den Server 10.10.1.1
Im Mac Book kommt dann aber im terminalprogrammRequast Time Out

Also Ping wird verworfen

Benutzeravatar
Erik
Securepoint
Beiträge: 1480
Registriert: Fr 07.11.2008, 11:50

Beitrag von Erik »

Davon ist in Ihrem 2ten und 3ten Log-Ausschnitt nichts zu sehen. Dort sieht man nur DNS-Anfragen, die vom Regelwerk zugelassen werden.
Deswegen die Sache mit dem tcpdump...

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

Sorry,

das hatte ich total überlesen mit dem tspdump.
HAb mich mit putty eingeloggt als root. Da kommt gar nix an?

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

ich konnte dem tcpdump doch noch etwas entlocken. nachdem ich in der benutzer Authentifizierung die IP Adresse entfert hatte

# tcpdump -i eth1 -np host 192.168.0.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
18:13:21.885702 IP 192.168.0.2.60338 > 10.10.1.1.53: 25392+[|domain]
18:13:21.923828 IP 10.10.1.1.53 > 192.168.0.2.60338: 25392 NXDomain 0/1/0 (135)
18:13:25.510531 IP 192.168.0.2.63808 > 10.10.1.1.53: 19924+ A? e3191.c.akamaiedge.net. (40)
18:13:25.528645 IP 10.10.1.1.53 > 192.168.0.2.63808: 19924 1/0/0 A[|domain]
18:13:49.542306 IP 192.168.0.2.63808 > 10.10.1.1.53: 19924+ A? e3191.c.akamaiedge.net. (40)
18:13:49.564120 IP 10.10.1.1.53 > 192.168.0.2.63808: 19924 1/0/0 A[|domain]
18:14:14.247978 IP 192.168.0.2.63808 > 10.10.1.1.53: 19924+ A? e3191.c.akamaiedge.net. (40)

Benutzeravatar
Erik
Securepoint
Beiträge: 1480
Registriert: Fr 07.11.2008, 11:50

Beitrag von Erik »

Und da passt die Ausgabe vom tcpdump nicht zum Log...
Im Log sieht man akzeptierte Pings, im tcpdump nicht. Machen Sie doch mal tcpdump an und pingen dann in den Tunnel. Den Ping sehen Sie dann als "icmp echo request" an eth1 rausgehen. Im Idealfall kommt dann auch ein "icmp echo reply" von angepingten Host zurück. Ist das der Fall oder nicht?

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

Hallo,

ich habe jetzt nochmal ein Log erstellt und mit tcpdump die 192.168.0.2 gepingt. Anbei die Logs:


Oct 4 10:14:22 kernel: DROP(default) IN=ppp0 OUT=ppp0 MAC= SRC=192.168.0.2 DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=33764 PROTO=ICMP TYPE=8 CODE=0 ID=38666 SEQ=75 MARK=0x1
Oct 4 10:14:19 named[27913]: listening on IPv4 interface ppp0, 192.168.0.1#53
Oct 4 10:14:18 ntpd[27923]: Listening on interface #9 ppp0, 192.168.0.1#123 Enabled
Oct 4 10:14:02 kernel: DROP(default) IN=ppp0 OUT=ppp0 MAC= SRC=192.168.0.2 DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=52772 PROTO=ICMP TYPE=8 CODE=0 ID=38666 SEQ=55 MARK=0x1
Oct 4 10:13:50 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=79 TOS=0x00 PREC=0x00 TTL=254 ID=57118 PROTO=UDP SPT=51423 DPT=53 LEN=59 MARK=0x1
Oct 4 10:13:42 kernel: DROP(default) IN=ppp0 OUT=ppp0 MAC= SRC=192.168.0.2 DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=49728 PROTO=ICMP TYPE=8 CODE=0 ID=38666 SEQ=35 MARK=0x1
Oct 4 10:13:37 sm-mta[21311]: q912QPdx028017: to=postmaster@glohr.de, delay=3+05:47:12, xdelay=00:00:00, mailer=esmtp, pri=28423104, relay=[10.10.1.5], dsn=4.0.0, stat=Deferred: Connection refused by [10.10.1.5]
Oct 4 10:13:37 sm-mta[21311]: q912QPe1028017: to=postmaster@glohr.de, delay=3+05:47:12, xdelay=00:00:00, mailer=esmtp, pri=28423104, relay=[10.10.1.5], dsn=4.0.0, stat=Deferred: Connection refused by [10.10.1.5]
Oct 4 10:13:37 sm-mta[21311]: q912QPe0028017: to=postmaster@glohr.de, delay=3+05:47:12, xdelay=00:00:00, mailer=esmtp, pri=28423104, relay=[10.10.1.5], dsn=4.0.0, stat=Deferred: Connection refused by [10.10.1.5]
Oct 4 10:13:37 sm-mta[21311]: q913BPdx011248: to=postmaster@glohr.de, delay=3+05:02:12, xdelay=00:00:00, mailer=esmtp, pri=28153118, relay=[10.10.1.5] [10.10.1.5], dsn=4.0.0, stat=Deferred: Connection refused by [10.10.1.5]
Oct 4 10:13:22 kernel: DROP(default) IN=ppp0 OUT=ppp0 MAC= SRC=192.168.0.2 DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=40812 PROTO=ICMP TYPE=8 CODE=0 ID=38666 SEQ=15 MARK=0x1
Oct 4 10:13:21 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=58 TOS=0x00 PREC=0x00 TTL=254 ID=46647 PROTO=UDP SPT=64366 DPT=53 LEN=38 MARK=0x1
Oct 4 10:13:07 kernel: DROP(default) IN=ppp0 OUT=ppp0 MAC= SRC=192.168.0.2 DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=38928 PROTO=ICMP TYPE=8 CODE=0 ID=38666 SEQ=0 MARK=0x1
Oct 4 10:12:44 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=28280 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 4 10:12:28 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=28230 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 4 10:12:06 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=67 TOS=0x00 PREC=0x00 TTL=254 ID=24098 PROTO=UDP SPT=56156 DPT=53 LEN=47 MARK=0x1
Oct 4 10:12:05 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=25862 PROTO=UDP SPT=137 DPT=137 LEN=58 MARK=0x1
Oct 4 10:12:05 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=1127 PROTO=UDP SPT=137 DPT=137 LEN=58 MARK=0x1
Oct 4 10:12:05 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=63 ID=38657 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Oct 4 10:12:04 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=14674 PROTO=UDP SPT=50516 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:04 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=38746 PROTO=UDP SPT=60476 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:04 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=66 TOS=0x00 PREC=0x00 TTL=254 ID=45677 PROTO=UDP SPT=50336 DPT=53 LEN=46 MARK=0x1
Oct 4 10:12:04 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=24417 PROTO=UDP SPT=55019 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:04 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=37692 PROTO=UDP SPT=64823 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=85 TOS=0x00 PREC=0x00 TTL=254 ID=34066 PROTO=UDP SPT=61667 DPT=53 LEN=65 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=32032 PROTO=UDP SPT=58027 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=85 TOS=0x00 PREC=0x00 TTL=254 ID=62747 PROTO=UDP SPT=52496 DPT=53 LEN=65 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=36972 PROTO=UDP SPT=58002 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=33047 PROTO=UDP SPT=64566 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=85 TOS=0x00 PREC=0x00 TTL=254 ID=9276 PROTO=UDP SPT=49216 DPT=53 LEN=65 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=34081 PROTO=UDP SPT=55516 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=85 TOS=0x00 PREC=0x00 TTL=254 ID=7997 PROTO=UDP SPT=60107 DPT=53 LEN=65 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=13888 PROTO=UDP SPT=58994 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:03 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=13593 PROTO=UDP SPT=51111 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=85 TOS=0x00 PREC=0x00 TTL=254 ID=46704 PROTO=UDP SPT=52946 DPT=53 LEN=65 MARK=0x1
Oct 4 10:12:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=56191 PROTO=UDP SPT=57375 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=85 TOS=0x00 PREC=0x00 TTL=254 ID=30229 PROTO=UDP SPT=60933 DPT=53 LEN=65 MARK=0x1
Oct 4 10:12:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=79 TOS=0x00 PREC=0x00 TTL=254 ID=24148 PROTO=UDP SPT=53448 DPT=53 LEN=59 MARK=0x1
Oct 4 10:12:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=89 TOS=0x00 PREC=0x00 TTL=254 ID=21622 PROTO=UDP SPT=56415 DPT=53 LEN=69 MARK=0x1
Oct 4 10:12:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=81 TOS=0x00 PREC=0x00 TTL=254 ID=61555 PROTO=UDP SPT=60977 DPT=53 LEN=61 MARK=0x1
Oct 4 10:12:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=68 TOS=0x00 PREC=0x00 TTL=254 ID=2603 PROTO=UDP SPT=55739 DPT=53 LEN=48 MARK=0x1
Oct 4 10:12:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=55 TOS=0x00 PREC=0x00 TTL=254 ID=23858 PROTO=UDP SPT=57731 DPT=53 LEN=35 MARK=0x1
Oct 4 10:12:02 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=57713 PROTO=UDP SPT=137 DPT=137 LEN=58 MARK=0x1
Oct 4 10:12:02 kernel: DROP(default) IN=ppp0 OUT=eth0 MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=7489 PROTO=UDP SPT=137 DPT=137 LEN=58 MARK=0x1
Oct 4 10:12:02 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=54 TOS=0x00 PREC=0x00 TTL=254 ID=23579 PROTO=UDP SPT=58552 DPT=53 LEN=34 MARK=0x1
Oct 4 10:12:01 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=59 TOS=0x00 PREC=0x00 TTL=254 ID=18784 PROTO=UDP SPT=52721 DPT=53 LEN=39 MARK=0x1
Oct 4 10:12:01 named[27913]: client 10.10.1.1#62530: RFC 1918 response from Internet for 2.10.20.172.in-addr.arpa
Oct 4 10:12:01 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=71 TOS=0x00 PREC=0x00 TTL=254 ID=61027 PROTO=UDP SPT=56992 DPT=53 LEN=51 MARK=0x1
Oct 4 10:12:01 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=70 TOS=0x00 PREC=0x00 TTL=254 ID=3441 PROTO=UDP SPT=53809 DPT=53 LEN=50 MARK=0x1
Oct 4 10:12:01 kernel: DROP(default) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=3086 PROTO=UDP SPT=50516 DPT=53 LEN=66
Oct 4 10:12:01 kernel: DROP(default) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=59932 PROTO=UDP SPT=60476 DPT=53 LEN=66
Oct 4 10:12:01 server: /etc/post_rules.sh: empty
Oct 4 10:12:00 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=85 TOS=0x00 PREC=0x00 TTL=254 ID=27679 PROTO=UDP SPT=64783 DPT=53 LEN=65 MARK=0x1
Oct 4 10:12:00 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=86 TOS=0x00 PREC=0x00 TTL=254 ID=39258 PROTO=UDP SPT=54102 DPT=53 LEN=66 MARK=0x1
Oct 4 10:12:00 kernel: ACCEPT(rule:47) IN=ppp0 OUT=eth1 MAC= SRC=192.168.0.2 DST=10.10.1.1 LEN=85 TOS=0x00 PREC=0x00 TTL=254 ID=22071 PROTO=UDP SPT=62738 DPT=53 LEN=65 MARK=0x1
Oct 4 10:12:00 server: /etc/post_rules.sh: empty
Oct 4 10:11:59 server: DEBUG: 'ip route add /32 nexthop dev tun0 weight 1' = FAILED
Oct 4 10:11:59 server: DEBUG: delete old_route = 2
Oct 4 10:11:59 server: DEBUG: changes on ppp0: -address +address (tunnel)
Oct 4 10:11:56 pppd[20475]: remote IP address 192.168.0.2
Oct 4 10:11:56 pppd[20475]: local IP address 192.168.0.1
Oct 4 10:11:56 pppd[20475]: Cannot determine ethernet address for proxy ARP
Oct 4 10:11:56 pluto[32471]: interface ppp0 activated
Oct 4 10:11:56 charon: 08[KNL] interface ppp0 activated
Oct 4 10:11:56 pluto[32471]: 192.168.0.1 appeared on ppp0
Oct 4 10:11:56 charon: 08[KNL] 192.168.0.1 appeared on ppp0
Oct 4 10:11:56 pluto[32471]: 192.168.0.1 disappeared from ppp0
Oct 4 10:11:56 charon: 08[KNL] 192.168.0.1 disappeared from ppp0
Oct 4 10:11:56 pluto[32471]: 192.168.0.1 appeared on ppp0
Oct 4 10:11:56 charon: 08[KNL] 192.168.0.1 appeared on ppp0
Oct 4 10:11:56 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:4a:f6:81:08:00 SRC=10.10.1.5 DST=10.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=28180 PROTO=UDP SPT=138 DPT=138 LEN=209
Oct 4 10:11:54 pppd[20475]: Connect: ppp0 /dev/ttyp0
Oct 4 10:11:54 pppd[20475]: Using interface ppp0
Oct 4 10:11:54 pppd[20475]: pppd 2.4.5 started by root, uid 0
Oct 4 10:11:54 l2tpd[23127]: control_finish: Call established with 109.43.0.39, Local: 27106, Remote: 2696, Serial: 1
Oct 4 10:11:54 l2tpd[23127]: frame_type_avp: peer uses: async frames
Oct 4 10:11:54 l2tpd[23127]: tx_speed_avp: transmit baud rate is 1000000
Oct 4 10:11:54 l2tpd[23127]: message_type_avp: message type 12 (Incoming-Call-Connected)
Oct 4 10:11:54 l2tpd[23127]: handle_avps: handling avp's for tunnel 17647, call 27106
Oct 4 10:11:54 l2tpd[23127]: handle_packet: bad control packet!
Oct 4 10:11:54 l2tpd[23127]: check_control: Received out of order control packet on tunnel 22 (1 != 3)
Oct 4 10:11:53 l2tpd[23127]: call_serno_avp: serial number is 1
Oct 4 10:11:53 l2tpd[23127]: assigned_call_avp: using peer's call 2696
Oct 4 10:11:53 l2tpd[23127]: message_type_avp: new incoming call
Oct 4 10:11:53 l2tpd[23127]: message_type_avp: message type 10 (Incoming-Call-Request)
Oct 4 10:11:53 l2tpd[23127]: handle_avps: handling avp's for tunnel 17647, call 0
Oct 4 10:11:53 l2tpd[23127]: control_finish: Connection established to 109.43.0.39, 64163. Local: 17647, Remote: 22. LNS session is 'default'
Oct 4 10:11:53 l2tpd[23127]: message_type_avp: message type 3 (Start-Control-Connection-Connected)
Oct 4 10:11:53 l2tpd[23127]: handle_avps: handling avp's for tunnel 17647, call 0
Oct 4 10:11:53 pluto[32471]: "firewall.glohr.local__GT__Mac_vpn_2_0"[16] 109.43.0.39:47944 #16: IPsec SA established {ESP=>0x04b3f6ef Oct 4 10:11:53 l2tpd[23127]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.
Oct 4 10:11:53 l2tpd[23127]: assigned_tunnel_avp: using peer's tunnel 22
Oct 4 10:11:53 l2tpd[23127]: hostname_avp: peer reports hostname 'Heikos-MacBook-Pro.local'
Oct 4 10:11:53 l2tpd[23127]: framing_caps_avp: supported peer frames: async sync
Oct 4 10:11:53 l2tpd[23127]: protocol_version_avp: peer is using version 1, revision 0.
Oct 4 10:11:53 l2tpd[23127]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Oct 4 10:11:53 l2tpd[23127]: handle_avps: handling avp's for tunnel 17647, call 0
Oct 4 10:11:52 pluto[32471]: "firewall.glohr.local__GT__Mac_vpn_2_0"[16] 109.43.0.39:47944 #16: responding to Quick Mode
Oct 4 10:11:52 kernel: DROP(default) IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:b8:ca:9e:01:08:00 SRC=10.104.0.1 DST=255.255.255.255 LEN=306 TOS=0x00 PREC=0x00 TTL=255 ID=14176 PROTO=UDP SPT=67 DPT=68 LEN=286
Oct 4 10:11:52 kernel: DROP(default) IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:b8:ca:9e:01:08:00 SRC=10.104.0.1 DST=255.255.255.255 LEN=306 TOS=0x00 PREC=0x00 TTL=255 ID=14167 PROTO=UDP SPT=67 DPT=68 LEN=286



tcpdump:

# tcpdump -i eth1 -np host 192.168.0.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
10:13:21.193426 IP 192.168.0.2.64366 > 10.10.1.1.53: 51689+ A? owa.glohr.de. (30)
10:13:21.193838 IP 10.10.1.1.53 > 192.168.0.2.64366: 51689 1/0/0 A 46.223.207.239 (46)
10:13:50.477631 IP 192.168.0.2.51423 > 10.10.1.1.53: 13134+ A? autodiscover.ex-glohr.glohr.local. (51)
10:13:50.478103 IP 10.10.1.1.53 > 192.168.0.2.51423: 13134 NXDomain* 0/1/0 (118)
10:13:50.815460 IP 192.168.0.2.51423 > 10.10.1.1.53: 13134+ A? autodiscover.ex-glohr.glohr.local. (51)
10:13:50.815865 IP 10.10.1.1.53 > 192.168.0.2.51423: 13134 NXDomain* 0/1/0 (118)
10:15:04.856312 IP 192.168.0.2.49517 > 10.10.1.1.53: 17200+ A? autodiscover.ex-glohr.glohr.local. (51)
10:15:04.856886 IP 10.10.1.1.53 > 192.168.0.2.49517: 17200 NXDomain* 0/1/0 (118)
10:16:20.895166 IP 192.168.0.2.61078 > 10.10.1.1.53: 23900+ A? autodiscover.ex-glohr.glohr.local. (51)
10:16:20.895624 IP 10.10.1.1.53 > 192.168.0.2.61078: 23900 NXDomain* 0/1/0 (118)

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

TCPDUMP war wohl nicht ganz vollständig:

# tcpdump -i eth1 -np host 192.168.0.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
10:13:21.193426 IP 192.168.0.2.64366 > 10.10.1.1.53: 51689+ A? owa.glohr.de. (30)
10:13:21.193838 IP 10.10.1.1.53 > 192.168.0.2.64366: 51689 1/0/0 A 46.223.207.239 (46)
10:13:50.477631 IP 192.168.0.2.51423 > 10.10.1.1.53: 13134+ A? autodiscover.ex-glohr.glohr.local. (51)
10:13:50.478103 IP 10.10.1.1.53 > 192.168.0.2.51423: 13134 NXDomain* 0/1/0 (118)
10:13:50.815460 IP 192.168.0.2.51423 > 10.10.1.1.53: 13134+ A? autodiscover.ex-glohr.glohr.local. (51)
10:13:50.815865 IP 10.10.1.1.53 > 192.168.0.2.51423: 13134 NXDomain* 0/1/0 (118)
10:15:04.856312 IP 192.168.0.2.49517 > 10.10.1.1.53: 17200+ A? autodiscover.ex-glohr.glohr.local. (51)
10:15:04.856886 IP 10.10.1.1.53 > 192.168.0.2.49517: 17200 NXDomain* 0/1/0 (118)
10:16:20.895166 IP 192.168.0.2.61078 > 10.10.1.1.53: 23900+ A? autodiscover.ex-glohr.glohr.local. (51)
10:16:20.895624 IP 10.10.1.1.53 > 192.168.0.2.61078: 23900 NXDomain* 0/1/0 (118)
# tcpdump -i eth1 -np host 192.168.0.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
10:13:21.193426 IP 192.168.0.2.64366 > 10.10.1.1.53: 51689+ A? owa.glohr.de. (30)
10:13:21.193838 IP 10.10.1.1.53 > 192.168.0.2.64366: 51689 1/0/0 A 46.223.207.239 (46)
10:13:50.477631 IP 192.168.0.2.51423 > 10.10.1.1.53: 13134+ A? autodiscover.ex-glohr.glohr.local. (51)
10:13:50.478103 IP 10.10.1.1.53 > 192.168.0.2.51423: 13134 NXDomain* 0/1/0 (118)
10:13:50.815460 IP 192.168.0.2.51423 > 10.10.1.1.53: 13134+ A? autodiscover.ex-glohr.glohr.local. (51)
10:13:50.815865 IP 10.10.1.1.53 > 192.168.0.2.51423: 13134 NXDomain* 0/1/0 (118)
10:15:04.856312 IP 192.168.0.2.49517 > 10.10.1.1.53: 17200+ A? autodiscover.ex-glohr.glohr.local. (51)
10:15:04.856886 IP 10.10.1.1.53 > 192.168.0.2.49517: 17200 NXDomain* 0/1/0 (118)
10:16:20.895166 IP 192.168.0.2.61078 > 10.10.1.1.53: 23900+ A? autodiscover.ex-glohr.glohr.local. (51)
10:16:20.895624 IP 10.10.1.1.53 > 192.168.0.2.61078: 23900 NXDomain* 0/1/0 (118)
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel
#

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

Hallo,

keine Idee mehr warum das nicht geht. Ich buín in der nächsten Woche wieder unterwegs und brauche da eigentlich dringend Zugang zu meinem Netz. Muss dann wohl auf meinen Windows Laptop zurückgreifen und meinen Mac zuhause lassen

carsten
Beiträge: 644
Registriert: Fr 05.10.2007, 12:56

Beitrag von carsten »

Haben Sie denn auch mal nen Ping auf die IP 10.10.1.1 geschickt? Die IP nicht den Namen.
There are 10 types of people in the world... those who understand binary and those who don\'t.

glohr
Beiträge: 98
Registriert: Mi 03.03.2010, 18:34

Beitrag von glohr »

hab ich gemcht.
Selbes ergebnis.

Benutzeravatar
Erik
Securepoint
Beiträge: 1480
Registriert: Fr 07.11.2008, 11:50

Beitrag von Erik »

Nuja das Problem, was ich grad habe:
Sie sollten den grünen Knopf drücken... Das haben Sie auch gemacht. Dazu aber auch den gelben, roten und blauen :/
Und jetzt sind Sie wieder bei exakt dem gleichen Log, wie in Ihrem ersten Post. Das ist irgendwie... ineffektiv.
Desweiteren passen Ihre Aussagen, was Sie da tun nicht wirklich zu dem, was Log und tcpdump sagen:

Sie wollten einen Host im internen Netz pingen, man sieht im Log aber, dass da ein Ping von der 192.168.0.2 an die 192.168.0.2 geht - was verständlicherweise verworfen wird.
Um das Problem zu finden wäre es verdammt hilfreich, wenn man immer das gleiche Szenario verwendet.

Also:
- Sie machen das Log auf
- Sie starten tcpdump auf eth1 (tcpdump -i eth1 -np host 192.168.0.2 or host 10.10.1.1)
- Sie pingen 10.10.1.1
- Sie posten das komplette Log, inkl L2TP-Verbindungsaufbau und Ihren Pings (ACCEPT oder DROP)
- Sie posten den Output des tcpdump. und zwar bitte vom gleichen Versuch

Sorry, dass das jetzt bisschen wie der Herr Oberlehrer klingt, aber mit Volldampf mehrfach gegen die selbe Wand zu rennen ist irgendwie unkool :roll:

Sie können natürlich am Montag auch mal anrufen, das funktioniert vmtl am besten.
Zuletzt geändert von Erik am Sa 06.10.2012, 09:47, insgesamt 1-mal geändert.

Gesperrt