-----Ursprüngliche Nachricht----- Von: Dennis Bendowski [mailto:dennis@dbendowski.de] Gesendet: Mittwoch, 2. April 2003 23:09
Hallo zusammen, Ich habe jetzt folgendes gemacht: /etc/ipsec.conf bei mir und Kollegem: router01:/etc # cat ipsec.conf # basic configuration config setup interfaces=%defaultroute klipsdebug=all plutodebug=all plutoload=%search plutostart=%search uniqueids=no conn %default keyingtries=0 compress=yes disablearrivalcheck=no authby=secret #authby=rsakey #leftrsasigkey=%cert #rightrsasigkey=%cert #leftid="xxxxmail" #rightid="xxxxport" conn vpn left=sid67.compress.to leftsubnet=192.168.1.0/24 leftnexthop=%defaultroute (bei Kollege geändert) leftfirewall=yes right=silencer.ddns.info rightsubnet=192.168.2.0/24 rightnexthop=217.5.98.67 (bei Kollege geändert) rightfirewall=yes type=tunnel auto=add #authby=rsasig authby=secret #leftcert=mail.xxx.de.pem #rightcert=port.xxx.de.pem #keyexchange=ike rcipsec startet auch soweit und zeigt mir als bekannte Verbindung an: router01 pluto[8202]: | *received whack message router01 pluto[8202]: added connection description "vpn" router01 pluto[8202]: | 192.168.1.0/24===80.135.xxx.xxx---217.5.xxx.xxx....... .......217.5.xxx.xxx---217.81.xxx.xxx===192.168.2.0/24 Nach einem ipsec auto --up vpn auf einer der Seiten passiert folgendes: (Allerdings kann ich meinen Router jetzt noch per ssh ansprechen, das ging ja vorher nicht...) 104 "vpn" #1: STATE_MAIN_I1: initiate 106 "vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2 108 "vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3 004 "vpn" #1: STATE_MAIN_I4: ISAKMP SA established 112 "vpn" #2: STATE_QUICK_I1: initiate 003 "vpn" #2: up-client command exited with status 127 032 "vpn" #2: STATE_QUICK_I1: internal error 010 "vpn" #2: STATE_QUICK_I1: retransmission; will wait 20s for response 003 "vpn" #2: up-client command exited with status 127 032 "vpn" #2: STATE_QUICK_I1: internal error << dann hab ich mit Strg-C abgebrochen :) >> Und in den Logs: Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_sendmsg: . Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=13, errno=0, satype=10(COMP), len=13, res=0, seq=30, pid=11995. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c2effe68. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=c534b800. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_interp: satype 10 lookups to proto=108. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_interp: processing ext 1 c6591bd0 with processor c0dcbfb0. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_sa_process: . Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_interp: processing ext 6 c6591be0 with processor c0dcc280. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 80.135.xxx.xxx. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: found dst address. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: tdb_said.dst set to 80.135.xxx.xxx. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: successful. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_interp: processing ext 18 c6591bf8 with processor c0dccb00. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_x_satype_process: . Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c2effe6c. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_x_satype_process: protocol==50 decoded from satype==3(ESP). Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_interp: processing ext 19 c6591c00 with processor c0dcbfb0. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_sa_process: . Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_alloc_ipsec_sa: tdb struct already allocated Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_interp: processing ext 20 c6591c10 with processor c0dcc280. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 80.135.xxx.xxx. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: found 2nd dst address. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_alloc_ipsec_sa: tdb struct already allocated Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: tdb_said.dst set to 80.135.xxx.xxx. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_process: successful. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_interp: parsing message type 13 with msg_parser c0dcfc10. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_x_grpsa_parse: . Apr 2 23:27:18 fslx01 kernel: klips_debug:gettdb: linked entry in tdb table for hash=147 of SA:comp0x4dea@80.135.xxx.xxx requested. Apr 2 23:27:18 fslx01 kernel: klips_debug:gettdb: linked entry in tdb table for hash=196 of SA:esp0xdbc257a2@80.135.xxx.xxx requested. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_hdr_build: Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=c2effd48 pfkey_ext=c2effdd8 *pfkey_ext=00000000. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=c2effd48 pfkey_ext=c2effdd8 *pfkey_ext=c8237ae0. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build: error=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build:success. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_sa_build: spi=00004dea replay=0 sa_state=0 auth=0 encrypt=0 flags=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build: error=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build:success. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_build: exttype=6 proto=0 prefixlen=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_build: found address family AF_INET. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_build: found address=80.135.xxx.xxx:500. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_build: successful. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build: error=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build:success. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_x_satype_build: Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build: error=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build:success. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_sa_build: spi=dbc257a2 replay=0 sa_state=0 auth=0 encrypt=0 flags=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build: error=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build:success. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_build: exttype=20 proto=0 prefixlen=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_build: found address family AF_INET. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_build: found address=80.135.xxx.xxx:500. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_address_build: successful. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build: error=0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_safe_build:success. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_build: pfkey_msg=c6591ec0 allocated 104 bytes, &(extensions[0])=c2effdd8 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[1]=c8237d80 to=c6591ed0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[6]=c8237ea0 to=c6591ee0 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_build: copying 8 bytes from extensions[18]=c8237f60 to=c6591ef8 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[19]=c8237fa0 to=c6591f00 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[20]=c8237ee0 to=c6591f10 Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_msg_build: extensions permitted=001c0043, seen=001c0043, required=00000043. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_upmsg: allocating 104 bytes... Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_upmsg: ...allocated at d1dac0c0. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_x_grpsa_parse: sending up x_grpsa reply message for satype=10(COMP) to socket=da989554 succeeded. Apr 2 23:27:18 fslx01 kernel: klips_debug:pfkey_x_grpsa_parse: succeeded in sending x_grpsa reply message. Apr 2 23:27:18 fslx01 pluto[11995]: | 02 00 01 f4 50 87 61 66 00 00 00 00 00 00 00 00 Apr 2 23:27:18 fslx01 pluto[11995]: | 03 00 15 00 00 00 00 00 02 00 00 00 c0 a8 02 00 Apr 2 23:27:18 fslx01 pluto[11995]: | 78 d7 ff bf 83 6d 0d 40 03 00 16 00 00 00 00 00 Apr 2 23:27:18 fslx01 pluto[11995]: | 02 00 00 00 c0 a8 01 00 78 d7 ff bf 83 6d 0d 40 Apr 2 23:27:18 fslx01 pluto[11995]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff 00 Apr 2 23:27:18 fslx01 pluto[11995]: | 00 00 00 00 00 00 00 00 03 00 18 00 00 00 00 00 Apr 2 23:27:18 fslx01 pluto[11995]: | 02 00 00 00 ff ff ff 00 40 38 30 2e 31 33 35 2e Apr 2 23:27:18 fslx01 pluto[11995]: | pfkey_get: SADB_X_ADDFLOW message 31 Any Ideas? Dennis