Hallo liebes Intranator Team
leider bekomme ich mit dem NCP client keine Verbindung zustande. Sieht irgendwie aus als würde mit den Zertifikaten etwas nicht stimmen?! Für den Fall wäre es schön zu erfahren was genau nicht stimmt. Ich komme leider nicht dahinter. Unter XP war die Welt noch in ordnung (=
Schönes Wochenende
client:
31.10.2008 14:37:31 IPSDIALCHAN::start building connection
31.10.2008 14:37:35 IPSDIALCHAN::start building connection
31.10.2008 14:37:35 NCPIKE-phase1:name(*****) - outgoing connect request - main mode.
31.10.2008 14:37:35 XMIT_MSG1_MAIN - *****
31.10.2008 14:37:35 RECV_MSG2_MAIN - *****
31.10.2008 14:37:35 IPSDIAL->FINAL_TUNNEL_ENDPOINT:***.***.***.***
31.10.2008 14:37:35 IKE phase I: Setting LifeTime to 28800 seconds
31.10.2008 14:37:35 ***** ->Support for NAT-T version - 9
31.10.2008 14:37:35 XMIT_MSG3_MAIN - *****
31.10.2008 14:37:36 RECV_MSG4_MAIN - *****
31.10.2008 14:37:36 XMIT_MSG5_MAIN - *****
31.10.2008 14:37:36 XMIT_MSG5_MAIN_RESUME - *****
31.10.2008 14:37:36 RECV_MSG6_MAIN - *****
31.10.2008 14:37:36 RECV_MSG6_MAIN_RESUME - *****
31.10.2008 14:37:36 Turning on DPD mode - *****
31.10.2008 14:37:36 NCPIKE-phase1:name(*****) - connected
31.10.2008 14:37:36 Phase1 is Ready: IkeIndex = 00000006
31.10.2008 14:37:36 Quick Mode is Ready: IkeIndex = 00000006 , VpnSrcPort = 500
31.10.2008 14:37:36 Assigned IP Address: 192.168.168.1
31.10.2008 14:37:36 XMIT_MSG1_QUICK - *****
31.10.2008 14:37:37 NOTIFY : ***** : RECEIVED : INVALID_ID_INFORMATION : 18
31.10.2008 14:37:41 NOTIFY : ***** : RECEIVED : INVALID_MESSAGE_ID : 9
31.10.2008 14:37:44 NOTIFY : ***** : RECEIVED : INVALID_MESSAGE_ID : 9
31.10.2008 14:37:47 NOTIFY : ***** : RECEIVED : INVALID_MESSAGE_ID : 9
31.10.2008 14:37:50 NCPIKE-phase2:name(*****) - error - retry timeout - max retries
31.10.2008 14:37:50 IPSDIAL - disconnected from ***** on channel 1.
intranator:
Oct 31 14:35:41 intranator pluto[2226]: packet from 89.50.82.112:500: ignoring Vendor ID payload [da8e937880010000]
Oct 31 14:35:41 intranator pluto[2226]: packet from 89.50.82.112:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Oct 31 14:35:41 intranator pluto[2226]: packet from 89.50.82.112:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 31 14:35:41 intranator pluto[2226]: packet from 89.50.82.112:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 31 14:35:41 intranator pluto[2226]: packet from 89.50.82.112:500: received Vendor ID payload [RFC 3947]
Oct 31 14:35:41 intranator pluto[2226]: packet from 89.50.82.112:500: received Vendor ID payload [Dead Peer Detection]
Oct 31 14:35:41 intranator pluto[2226]: packet from 89.50.82.112:500: ignoring Vendor ID payload [NCP Client]
Oct 31 14:35:41 intranator pluto[2226]: packet from 89.50.82.112:500: ignoring Vendor ID payload [c61baca1f1a60cc10800000000000000]
Oct 31 14:35:41 intranator pluto[2226]: packet from 89.50.82.112:500: ignoring Vendor ID payload [FRAGMENTATION c0000000]
Oct 31 14:35:41 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: responding to Main Mode from unknown peer 89.50.82.112
Oct 31 14:35:41 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: NAT-Traversal: Result using RFC 3947: no NAT detected
Oct 31 14:35:42 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Oct 31 14:35:42 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: Peer ID is ID_DER_ASN1_DN: 'C=de, O=*****, CN=euloc'
Oct 31 14:35:42 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: issuer cacert not found
Oct 31 14:35:42 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: X.509 certificate rejected
Oct 31 14:35:42 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: we have a cert and are sending it
Oct 31 14:35:42 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: sent MR3, ISAKMP SA established
Oct 31 14:35:42 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===**.***.**.***[C=de, O=*****, CN=eu]...89.50.82.112[C=de, O=eutect, CN=euloc]===192.168.168.1/32
Oct 31 14:35:42 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: sending encrypted notification INVALID_ID_INFORMATION to 89.50.82.112:500
Oct 31 14:35:47 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xe5fb2de5 (perhaps this is a duplicated packet)
Oct 31 14:35:47 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: sending encrypted notification INVALID_MESSAGE_ID to 89.50.82.112:500
Oct 31 14:35:50 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xe5fb2de5 (perhaps this is a duplicated packet)
Oct 31 14:35:50 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: sending encrypted notification INVALID_MESSAGE_ID to 89.50.82.112:500
Oct 31 14:35:53 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xe5fb2de5 (perhaps this is a duplicated packet)
Oct 31 14:35:53 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: sending encrypted notification INVALID_MESSAGE_ID to 89.50.82.112:500
Oct 31 14:35:56 intranator pluto[2226]: "C17"[6] 89.50.82.112 #7: received Delete SA payload: deleting ISAKMP State #7
Oct 31 14:35:56 intranator pluto[2226]: "C17"[6] 89.50.82.112: deleting connection "C17" instance with peer 89.50.82.112 {isakmp=#0/ipsec=#0}
Zitieren
Zitat von Dorn
