Securepoint Support Forum

Securepoint Security Solutions Support Forum
https://support.securepoint.de/

VPN L2TP Windows XP Client

https://support.securepoint.de/viewtopic.php?t=1294

Seite 1 von 1

VPN L2TP Windows XP Client

Verfasst: So 03.04.2011, 10:12
von Grisu74
Hallo.

Ich möchte gerne einen VPN Zugang mit einem Windows XP Client anlegen.
Das ganze soll mit IPSEC laufen.

Leider klappt das nicht so.
Kann mir jemand helfen oder wo bekomme ich eine StepByStep Anleitung her?

MfG Grisu

VPN L2TP Windows XP Client

Verfasst: So 03.04.2011, 11:02
von Erik
Hier oder hier zum Beispiel.

VPN L2TP Windows XP Client

Verfasst: So 03.04.2011, 16:32
von Grisu74
Hallo,

ich bin nach den Anleitungen vorgegangen.
Leider klappt die Verbindung nicht.

PPTP funktioniert.
Nur L2PT mit IPSec leider nicht.

Ich bekomme immer Fehler 792 Sicherheitsaushandlung Zeitüberschreibung.

MfG Grisu

VPN L2TP Windows XP Client

Verfasst: So 03.04.2011, 23:38
von Erik
Haben Sie schon mal auf der anderen Seite (lies: Firewall) ins Log geschaut?

VPN L2TP Windows XP Client

Verfasst: Mo 04.04.2011, 18:45
von Grisu74
Hallo.

Ja das habe ich.
Nur leider kann ich damit wenig anfangen.

Code: Alles auswählen

<4>Apr  5 02:45:14 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=14021 PROTO=UDP SPT=138 DPT=138 LEN=222 
<84>Apr  5 02:45:09 pluto[19756]: packet from 91.15.251.24:63260: ignoring Delete SA payload: not encrypted
<84>Apr  5 02:44:45 ipsec_starter[19755]: can't reload config file due to errors -- keeping old one
<84>Apr  5 02:44:45 ipsec_starter[19755]: ### 4 parsing errors (0 fatal) ###
<84>Apr  5 02:44:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
<84>Apr  5 02:44:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
<84>Apr  5 02:44:45 ipsec_starter[19755]:   bad argument value in conn 'firewall.foo.local__GT__Administration_2_0'
<84>Apr  5 02:44:45 ipsec_starter[19755]: # default route not known: left=%defaultroute
<84>Apr  5 02:44:45 ipsec_starter[19755]:   bad argument value in conn 'firewall.foo.local__GT__Administration_0'
<84>Apr  5 02:44:45 ipsec_starter[19755]: # default route not known: left=%defaultroute
<84>Apr  5 02:44:45 ipsec_starter[19755]: no default route - cannot cope with %defaultroute!!!
<84>Apr  5 02:44:37 pluto[19756]: packet from 91.15.251.24:63260: initial Main Mode message received on 192.168.1.254:500 but no connection has been authorized with policy=PSK
<84>Apr  5 02:44:37 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 02:44:37 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 02:44:37 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 02:44:37 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
<84>Apr  5 02:44:21 pluto[19756]: packet from 91.15.251.24:63260: initial Main Mode message received on 192.168.1.254:500 but no connection has been authorized with policy=PSK
<84>Apr  5 02:44:21 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 02:44:21 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 02:44:21 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 02:44:21 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
<4>Apr  5 02:44:14 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=14020 PROTO=UDP SPT=138 DPT=138 LEN=222 
<84>Apr  5 02:44:13 pluto[19756]: packet from 91.15.251.24:63260: initial Main Mode message received on 192.168.1.254:500 but no connection has been authorized with policy=PSK
<84>Apr  5 02:44:13 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 02:44:13 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 02:44:13 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 02:44:13 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
<4>Apr  5 02:44:12 kernel: DROP(default) IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:19:5b:fd:a5:dc:08:00 SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=30124 PROTO=2 
<84>Apr  5 02:44:09 pluto[19756]: packet from 91.15.251.24:63260: initial Main Mode message received on 192.168.1.254:500 but no connection has been authorized with policy=PSK
<84>Apr  5 02:44:09 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 02:44:09 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 02:44:09 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 02:44:09 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: initial Main Mode message received on 192.168.1.254:500 but no connection has been authorized with policy=PSK
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: initial Main Mode message received on 192.168.1.254:500 but no connection has been authorized with policy=PSK
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 02:44:07 pluto[19756]: packet from 91.15.251.24:63260: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
<15>Apr  5 02:43:55 server: idle: 89.67
<15>Apr  5 02:43:55 server: traffic: tun0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 02:43:55 server: traffic: tunl0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 02:43:55 server: traffic: teql0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 02:43:55 server: traffic: eth2: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 02:43:55 server: traffic: eth1: rx bytes: 213585 tx bytes 635541 collisions: 0 errors: 0
<15>Apr  5 02:43:55 server: traffic: eth0: rx bytes: 360 tx bytes 60 collisions: 0 errors: 0
<15>Apr  5 02:43:55 server: traffic: lo: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<4>Apr  5 02:43:27 kernel: DROP(default) IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1c:4a:9f:bd:2c:08:00 SRC=192.168.1.253 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=262 DF PROTO=2 
<4>Apr  5 02:43:15 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=14019 PROTO=UDP SPT=138 DPT=138 LEN=222 
<86>Apr  5 02:42:48 sshd[3908]: pam_unix(sshd:session): session closed for user admin
<84>Apr  5 02:42:45 ipsec_starter[19755]: can't reload config file due to errors -- keeping old one
<84>Apr  5 02:42:45 ipsec_starter[19755]: ### 4 parsing errors (0 fatal) ###
<84>Apr  5 02:42:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
<84>Apr  5 02:42:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
<84>Apr  5 02:42:45 ipsec_starter[19755]:   bad argument value in conn 'firewall.foo.local__GT__Administration_2_0'
<84>Apr  5 02:42:45 ipsec_starter[19755]: # default route not known: left=%defaultroute
<84>Apr  5 02:42:45 ipsec_starter[19755]:   bad argument value in conn 'firewall.foo.local__GT__Administration_0'
<84>Apr  5 02:42:45 ipsec_starter[19755]: # default route not known: left=%defaultroute
<84>Apr  5 02:42:45 ipsec_starter[19755]: no default route - cannot cope with %defaultroute!!!
<4>Apr  5 02:42:22 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:99:36:3b:22:08:00 SRC=192.168.0.14 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=7126 PROTO=UDP SPT=138 DPT=138 LEN=209 
<4>Apr  5 02:42:15 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=14018 PROTO=UDP SPT=138 DPT=138 LEN=222 
<4>Apr  5 02:42:10 kernel: DROP(default) IN=eth0 OUT= MAC=00:06:4f:67:47:d7:00:1c:4a:9f:bd:2c:08:00 SRC=50.23.229.104 DST=192.168.1.254 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=80 DPT=40462 WINDOW=5840 RES=0x00 ACK SYN URGP=0 
<4>Apr  5 02:42:07 kernel: DROP(default) IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:19:5b:fd:a5:dc:08:00 SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=28236 PROTO=2 
<4>Apr  5 02:41:22 kernel: DROP(default) IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1c:4a:9f:bd:2c:08:00 SRC=192.168.1.253 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=261 DF PROTO=2 
<4>Apr  5 02:41:15 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=14017 PROTO=UDP SPT=138 DPT=138 LEN=222 
<84>Apr  5 02:40:45 ipsec_starter[19755]: can't reload config file due to errors -- keeping old one
<84>Apr  5 02:40:45 ipsec_starter[19755]: ### 4 parsing errors (0 fatal) ###
<84>Apr  5 02:40:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
<84>Apr  5 02:40:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
<84>Apr  5 02:40:45 ipsec_starter[19755]:   bad argument value in conn 'firewall.foo.local__GT__Administration_2_0'
<84>Apr  5 02:40:45 ipsec_starter[19755]: # default route not known: left=%defaultroute
<84>Apr  5 02:40:45 ipsec_starter[19755]:   bad argument value in conn 'firewall.foo.local__GT__Administration_0'
<84>Apr  5 02:40:45 ipsec_starter[19755]: # default route not known: left=%defaultroute
<84>Apr  5 02:40:45 ipsec_starter[19755]: no default route - cannot cope with %defaultroute!!!
<4>Apr  5 02:40:15 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=14016 PROTO=UDP SPT=138 DPT=138 LEN=222 
<4>Apr  5 02:40:03 kernel: DROP(default) IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:19:5b:fd:a5:dc:08:00 SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=25954 PROTO=2 
<4>Apr  5 02:39:17 kernel: DROP(default) IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1c:4a:9f:bd:2c:08:00 SRC=192.168.1.253 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=260 DF PROTO=2 
<4>Apr  5 02:39:15 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=14015 PROTO=UDP SPT=138 DPT=138 LEN=222 
<15>Apr  5 02:38:51 server: idle: 83.47
<15>Apr  5 02:38:51 server: traffic: tun0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 02:38:51 server: traffic: tunl0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 02:38:51 server: traffic: teql0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 02:38:51 server: traffic: eth2: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 02:38:51 server: traffic: eth1: rx bytes: 90706 tx bytes 65936 collisions: 0 errors: 0
<15>Apr  5 02:38:51 server: traffic: eth0: rx bytes: 608 tx bytes 180 collisions: 0 errors: 0
<15>Apr  5 02:38:51 server: traffic: lo: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<84>Apr  5 02:38:45 ipsec_starter[19755]: can't reload config file due to errors -- keeping old one
<84>Apr  5 02:38:45 ipsec_starter[19755]: ### 4 parsing errors (0 fatal) ###
<84>Apr  5 02:38:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
<84>Apr  5 02:38:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
<84>Apr  5 02:38:45 ipsec_starter[19755]:   bad argument value in conn 'firewall.foo.local__GT__Administration_2_0'
<84>Apr  5 02:38:45 ipsec_starter[19755]: # default route not known: left=%defaultroute
<84>Apr  5 02:38:45 ipsec_starter[19755]:   bad argument value in conn 'firewall.foo.local__GT__Administration_0'
<84>Apr  5 02:38:45 ipsec_starter[19755]: # default route not known: left=%defaultroute
<84>Apr  5 02:38:45 ipsec_starter[19755]: no default route - cannot cope with %defaultroute!!!
<4>Apr  5 02:38:36 kernel: DROP(default) IN=eth0 OUT= MAC=00:06:4f:67:47:d7:00:1c:4a:9f:bd:2c:08:00 SRC=95.27.181.155 DST=192.168.1.254 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=61341 DF PROTO=TCP SPT=3323 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
Gruß Grisu

VPN L2TP Windows XP Client

Verfasst: Mo 04.04.2011, 19:33
von Erik

Code: Alles auswählen

<84>Apr  5 02:38:45 ipsec_starter[19755]: ### 4 parsing errors (0 fatal) ###
<84>Apr  5 02:38:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
<84>Apr  5 02:38:45 ipsec_starter[19755]: # bad addr: right=any [does not look numeric and name lookup failed]
Stellen Sie sicher, dass das Häkchen "DynDNS-Name" in Phase 1 der VPN-Verbindung NICHT gesetzt ist.

Code: Alles auswählen

<84>Apr  5 02:38:45 ipsec_starter[19755]:   bad argument value in conn 'firewall.foo.local__GT__Administration_2_0'
<84>Apr  5 02:38:45 ipsec_starter[19755]: # default route not known: left=%defaultroute
Hat die Firewall mehrere Default-Routen? Wenn ja, müssen Sie bei "Lokales Gateway" das externe Interface auswählen, bei "Route over" den Router vor diesem Interface und bei "lokale Gateway-ID" wieder das ausgehende Interface.

VPN L2TP Windows XP Client

Verfasst: Di 05.04.2011, 09:49
von Grisu74
Hallo.

Klappt leider immer noch nicht.

Code: Alles auswählen

<4>Apr  5 17:49:03 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=15346 PROTO=UDP SPT=138 DPT=138 LEN=222 
<84>Apr  5 17:49:00 ipsec_starter[13791]: no default route - cannot cope with %defaultroute!!!
<84>Apr  5 17:48:30 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[8] 88.67.204.32:61904: deleting connection "firewall.foo.local__GT__VPN-Netz_2_0" instance with peer 88.67.204.32 {isakmp=#0/ipsec=#0}
<84>Apr  5 17:48:30 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[8] 88.67.204.32:61904 #8: sending notification NO_PROPOSAL_CHOSEN to 88.67.204.32:61904
<84>Apr  5 17:48:30 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[8] 88.67.204.32:61904 #8: no acceptable Oakley Transform
<84>Apr  5 17:48:30 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[8] 88.67.204.32:61904 #8: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:30 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[8] 88.67.204.32:61904 #8: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:30 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[8] 88.67.204.32:61904 #8: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:30 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[8] 88.67.204.32:61904 #8: ECP_256 is not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
<84>Apr  5 17:48:30 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[8] 88.67.204.32:61904 #8: ECP_384 is not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
<84>Apr  5 17:48:30 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[8] 88.67.204.32:61904 #8: responding to Main Mode from unknown peer 88.67.204.32:61904
<84>Apr  5 17:48:30 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [IKE CGA version 1]
<84>Apr  5 17:48:30 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 17:48:30 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
<84>Apr  5 17:48:30 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 17:48:30 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 17:48:30 pluto[13792]: packet from 88.67.204.32:61904: received Vendor ID payload [RFC 3947]
<84>Apr  5 17:48:30 pluto[13792]: packet from 88.67.204.32:61904: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
<84>Apr  5 17:48:26 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[7] 88.67.204.32:61904: deleting connection "firewall.foo.local__GT__VPN-Netz_2_0" instance with peer 88.67.204.32 {isakmp=#0/ipsec=#0}
<84>Apr  5 17:48:26 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[7] 88.67.204.32:61904 #7: sending notification NO_PROPOSAL_CHOSEN to 88.67.204.32:61904
<84>Apr  5 17:48:26 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[7] 88.67.204.32:61904 #7: no acceptable Oakley Transform
<84>Apr  5 17:48:26 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[7] 88.67.204.32:61904 #7: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:26 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[7] 88.67.204.32:61904 #7: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:26 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[7] 88.67.204.32:61904 #7: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:26 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[7] 88.67.204.32:61904 #7: ECP_256 is not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
<84>Apr  5 17:48:26 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[7] 88.67.204.32:61904 #7: ECP_384 is not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
<84>Apr  5 17:48:26 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[7] 88.67.204.32:61904 #7: responding to Main Mode from unknown peer 88.67.204.32:61904
<84>Apr  5 17:48:26 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [IKE CGA version 1]
<84>Apr  5 17:48:26 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 17:48:26 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
<84>Apr  5 17:48:26 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 17:48:26 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 17:48:26 pluto[13792]: packet from 88.67.204.32:61904: received Vendor ID payload [RFC 3947]
<84>Apr  5 17:48:26 pluto[13792]: packet from 88.67.204.32:61904: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
<4>Apr  5 17:48:26 kernel: DROP(default) IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:19:5b:fd:a5:dc:08:00 SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=22349 PROTO=2 
<84>Apr  5 17:48:23 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[6] 88.67.204.32:61904: deleting connection "firewall.foo.local__GT__VPN-Netz_2_0" instance with peer 88.67.204.32 {isakmp=#0/ipsec=#0}
<84>Apr  5 17:48:23 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[6] 88.67.204.32:61904 #6: sending notification NO_PROPOSAL_CHOSEN to 88.67.204.32:61904
<84>Apr  5 17:48:23 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[6] 88.67.204.32:61904 #6: no acceptable Oakley Transform
<84>Apr  5 17:48:23 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[6] 88.67.204.32:61904 #6: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:23 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[6] 88.67.204.32:61904 #6: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:23 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[6] 88.67.204.32:61904 #6: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:23 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[6] 88.67.204.32:61904 #6: ECP_256 is not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
<84>Apr  5 17:48:23 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[6] 88.67.204.32:61904 #6: ECP_384 is not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
<84>Apr  5 17:48:23 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[6] 88.67.204.32:61904 #6: responding to Main Mode from unknown peer 88.67.204.32:61904
<84>Apr  5 17:48:23 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [IKE CGA version 1]
<84>Apr  5 17:48:23 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 17:48:23 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
<84>Apr  5 17:48:23 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 17:48:23 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 17:48:23 pluto[13792]: packet from 88.67.204.32:61904: received Vendor ID payload [RFC 3947]
<84>Apr  5 17:48:23 pluto[13792]: packet from 88.67.204.32:61904: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
<84>Apr  5 17:48:21 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[5] 88.67.204.32:61904: deleting connection "firewall.foo.local__GT__VPN-Netz_2_0" instance with peer 88.67.204.32 {isakmp=#0/ipsec=#0}
<84>Apr  5 17:48:21 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[5] 88.67.204.32:61904 #5: sending notification NO_PROPOSAL_CHOSEN to 88.67.204.32:61904
<84>Apr  5 17:48:21 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[5] 88.67.204.32:61904 #5: no acceptable Oakley Transform
<84>Apr  5 17:48:21 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[5] 88.67.204.32:61904 #5: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:21 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[5] 88.67.204.32:61904 #5: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:21 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[5] 88.67.204.32:61904 #5: Can't authenticate: no preshared key found for '192.168.1.254' and '%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
<84>Apr  5 17:48:21 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[5] 88.67.204.32:61904 #5: ECP_256 is not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
<84>Apr  5 17:48:21 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[5] 88.67.204.32:61904 #5: ECP_384 is not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
<84>Apr  5 17:48:21 pluto[13792]: "firewall.foo.local__GT__VPN-Netz_2_0"[5] 88.67.204.32:61904 #5: responding to Main Mode from unknown peer 88.67.204.32:61904
<84>Apr  5 17:48:21 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [IKE CGA version 1]
<84>Apr  5 17:48:21 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [Vid-Initial-Contact]
<84>Apr  5 17:48:21 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
<84>Apr  5 17:48:21 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [FRAGMENTATION]
<84>Apr  5 17:48:21 pluto[13792]: packet from 88.67.204.32:61904: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
<84>Apr  5 17:48:21 pluto[13792]: packet from 88.67.204.32:61904: received Vendor ID payload [RFC 3947]
<84>Apr  5 17:48:21 pluto[13792]: packet from 88.67.204.32:61904: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
<4>Apr  5 17:48:02 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=15345 PROTO=UDP SPT=138 DPT=138 LEN=222 
<4>Apr  5 17:47:52 kernel: DROP(default) IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1c:4a:9f:bd:2c:08:00 SRC=192.168.1.253 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=696 DF PROTO=2 
<4>Apr  5 17:47:49 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:5b:fd:a5:dc:08:00 SRC=192.168.0.1 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=8154 PROTO=UDP SPT=138 DPT=138 LEN=209 
<4>Apr  5 17:47:02 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=15344 PROTO=UDP SPT=138 DPT=138 LEN=222 
<84>Apr  5 17:46:59 ipsec_starter[13791]: no default route - cannot cope with %defaultroute!!!
<15>Apr  5 17:46:50 server: idle: 75.68
<15>Apr  5 17:46:50 server: traffic: tun0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 17:46:50 server: traffic: tunl0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 17:46:50 server: traffic: teql0: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 17:46:50 server: traffic: eth2: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<15>Apr  5 17:46:50 server: traffic: eth1: rx bytes: 233322 tx bytes 640224 collisions: 0 errors: 0
<15>Apr  5 17:46:50 server: traffic: eth0: rx bytes: 304683 tx bytes 1249104 collisions: 0 errors: 0
<15>Apr  5 17:46:50 server: traffic: lo: rx bytes: 0 tx bytes 0 collisions: 0 errors: 0
<4>Apr  5 17:46:22 kernel: DROP(default) IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:19:5b:fd:a5:dc:08:00 SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=16381 PROTO=2 
<14>Apr  5 17:46:20 spcli.cgi: Administrator: Logout from Webinterface: admin@192.168.0.1
<4>Apr  5 17:46:03 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=15343 PROTO=UDP SPT=138 DPT=138 LEN=222 
<14>Apr  5 17:45:57 spcli.cgi: Administrator: Logon at Webinterface: admin@88.67.204.32
<4>Apr  5 17:45:47 kernel: DROP(default) IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1c:4a:9f:bd:2c:08:00 SRC=192.168.1.253 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=695 DF PROTO=2 
<4>Apr  5 17:45:23 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:99:27:f7:21:08:00 SRC=192.168.0.13 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=63471 PROTO=UDP SPT=138 DPT=138 LEN=209 
<4>Apr  5 17:45:11 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:90:37:14:e6:08:00 SRC=192.168.0.15 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=22281 PROTO=UDP SPT=138 DPT=138 LEN=209 
<4>Apr  5 17:45:03 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=15342 PROTO=UDP SPT=138 DPT=138 LEN=222 
<4>Apr  5 17:45:02 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1c:25:54:94:2a:08:00 SRC=192.168.0.12 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=63486 PROTO=UDP SPT=138 DPT=138 LEN=209 
<84>Apr  5 17:44:59 ipsec_starter[13791]: no default route - cannot cope with %defaultroute!!!
<4>Apr  5 17:44:17 kernel: DROP(default) IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:19:5b:fd:a5:dc:08:00 SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=12417 PROTO=2 
<4>Apr  5 17:44:16 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:99:27:dd:c7:08:00 SRC=192.168.0.11 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=17437 PROTO=UDP SPT=138 DPT=138 LEN=209 
<4>Apr  5 17:44:16 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:5b:fd:a5:dc:08:00 SRC=192.168.0.1 DST=192.168.0.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64 ID=12367 PROTO=UDP SPT=138 DPT=138 LEN=215 
<4>Apr  5 17:44:03 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=15341 PROTO=UDP SPT=138 DPT=138 LEN=222 
<4>Apr  5 17:43:42 kernel: DROP(default) IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1c:4a:9f:bd:2c:08:00 SRC=192.168.1.253 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=694 DF PROTO=2 
<4>Apr  5 17:43:03 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:40:39:c0:08:00 SRC=192.168.0.100 DST=255.255.255.255 LEN=242 TOS=0x00 PREC=0x00 TTL=32 ID=15340 PROTO=UDP SPT=138 DPT=138 LEN=222 
<84>Apr  5 17:42:59 ipsec_starter[13791]: no default route - cannot cope with %defaultroute!!!
<4>Apr  5 17:42:49 kernel: DROP(default) IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:99:36:3b:22:08:00 SRC=192.168.0.14 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=43797 PROTO=UDP SPT=138 DPT=138 LEN=209 
<4>Apr  5 17:42:46 kernel: DROP(default) IN=eth0 OUT= MAC=00:06:4f:67:47:d7:00:1c:4a:9f:bd:2c:08:00 SRC=50.23.229.104 DST=192.168.1.254 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=80 DPT=7864 WINDOW=5840 RES=0x00 ACK SYN URGP=0 
<4>Apr  5 17:42:13 kernel: DROP(default) IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:19:5b:fd:a5:dc:08:00 SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=7034 PROTO=2

Jetzt kommt folgende Meldung
Can't authenticate: no preshared key found for '192.168.1.254' and '%any'. Attribute OAKLEY_AUTHENTICATION_METHOD

Gruß Grisu

VPN L2TP Windows XP Client

Verfasst: Di 05.04.2011, 10:13
von carsten
Hallo,

die FW steht hinter einem Router der NAT macht? Dann können Sie keinen Tunnel mit einem PSK aufbauen nur Zertifikate werden funktionieren.

Ich empfehle hier SSL-VPN zu benutzen.
Alle Zeiten sind UTC+02:00
Seite 1 von 1

Powered by phpBB® Forum Software © phpBB Limited

Deutsche Übersetzung durch phpBB.de