Wer kennt sich mit racoon aus?

03/08/2010 - 18:05 von Heiko Nocon | Report spam
Hi,

ich habe so einen Scheiß-Consumer-Router (Alice 1121). Der kann aber
immerhin IPSEC-VPNs. Dazu wird racoon benutzt, was mir persönlich höchst
suspekt ist, denn ich habe zwar umfangreiche Erfahrungen mit *swan, aber
eben keine mit racoon.

Beim Start von racoon passiert folgendes:


Foreground mode.
2010-08-03 17:24:25: INFO: @(#)ipsec-tools 0.5.1 (http://ipsec-tools.sourceforge.net)
2010-08-03 17:24:25: INFO: @(#)This product linked OpenSSL 0.9.7f 22 Mar 2005 (http://www.openssl.org/)
2010-08-03 17:24:25: DEBUG: call pfkey_send_register for AH
2010-08-03 17:24:25: DEBUG: call pfkey_send_register for ESP
2010-08-03 17:24:25: DEBUG: call pfkey_send_register for IPCOMP
2010-08-03 17:24:25: DEBUG: reading config file /var/racoon.conf
2010-08-03 17:24:25: DEBUG2: lifetime = 3600
2010-08-03 17:24:25: DEBUG2: lifebyte = 0
2010-08-03 17:24:25: DEBUG2: encklen8
2010-08-03 17:24:25: DEBUG2: p:1 t:1
2010-08-03 17:24:25: DEBUG2: 7(7)
2010-08-03 17:24:25: DEBUG2: SHA(2)
2010-08-03 17:24:25: DEBUG2: 2048-bit MODP group(14)
2010-08-03 17:24:25: DEBUG2: RSA signatures(3)
2010-08-03 17:24:25: DEBUG2:
2010-08-03 17:24:25: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2010-08-03 17:24:25: DEBUG2: parse successed.
2010-08-03 17:24:25: DEBUG: my interface: 78.53.202.132 (ppp_0_1_32_1)
2010-08-03 17:24:25: DEBUG: my interface: 192.168.10.254 (br0)
2010-08-03 17:24:26: DEBUG: my interface: 192.168.0.254 (br0)
2010-08-03 17:24:26: DEBUG: my interface: 127.0.0.1 (lo)
2010-08-03 17:24:26: DEBUG: configuring default isakmp port.
2010-08-03 17:24:26: DEBUG: 4 addrs are configured successfully
2010-08-03 17:24:26: INFO: 127.0.0.1[500] used as isakmp port (fd=6)
2010-08-03 17:24:26: INFO: 127.0.0.1[500] used for NAT-T
2010-08-03 17:24:26: INFO: 192.168.0.254[500] used as isakmp port (fd=7)
2010-08-03 17:24:26: INFO: 192.168.0.254[500] used for NAT-T
2010-08-03 17:24:26: INFO: 192.168.10.254[500] used as isakmp port (fd=8)
2010-08-03 17:24:26: INFO: 192.168.10.254[500] used for NAT-T
2010-08-03 17:24:26: INFO: 78.53.202.132[500] used as isakmp port (fd=9)
2010-08-03 17:24:26: INFO: 78.53.202.132[500] used for NAT-T
2010-08-03 17:24:26: DEBUG: get pfkey X_SPDDUMP message
2010-08-03 17:24:26: DEBUG2:
02120000 001c0001 00000002 00000764 00030005 ff200000 00020000 ac100001
00000000 00000000 00030006 ff180000 00020000 c0a80000 00000000 00000000
00040003 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00040004 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00040002 00000000 00000000 00000000 00000000 4c583ccd 00000000 00000000
00080012 00020100 00000308 00000000 00300032 02020000 00000000 00000000
00020000 00000000 00000000 00000000 00020000 4e35ca84 00000000 00000000
2010-08-03 17:24:26: DEBUG: get pfkey X_SPDDUMP message
2010-08-03 17:24:26: DEBUG2:
02120000 001c0001 00000001 00000764 00030005 ff180000 00020000 c0a80000
00000000 00000000 00030006 ff200000 00020000 ac100001 00000000 00000000
00040003 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00040004 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00040002 00000000 00000000 00000000 00000000 4c583ccd 00000000 00000000
00080012 00020200 00000301 00000000 00300032 02020000 00000000 00000000
00020000 4e35ca84 00000000 00000000 00020000 00000000 00000000 00000000
2010-08-03 17:24:26: DEBUG: sub:0x7fff7ab8: 192.168.0.0/24[0] 172.16.0.1/32[0] proto=any dir=out
2010-08-03 17:24:26: DEBUG: db :0x10008788: 172.16.0.1/32[0] 192.168.0.0/24[0] proto=any dir=in
2010-08-03 17:24:26: DEBUG: get pfkey X_SPDDUMP message
2010-08-03 17:24:26: DEBUG2:
02120000 001c0001 00000000 00000764 00030005 ff200000 00020000 ac100001
00000000 00000000 00030006 ff180000 00020000 c0a80000 00000000 00000000
00040003 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00040004 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00040002 00000000 00000000 00000000 00000000 4c583ccd 00000000 00000000
00080012 00020300 00000312 00000000 00300032 02020000 00000000 00000000
00020000 00000000 00000000 00000000 00020000 4e35ca84 00000000 00000000
2010-08-03 17:24:26: DEBUG: sub:0x7fff7ab8: 172.16.0.1/32[0] 192.168.0.0/24[0] proto=any dir=fwd
2010-08-03 17:24:26: DEBUG: db :0x10008788: 172.16.0.1/32[0] 192.168.0.0/24[0] proto=any dir=in
2010-08-03 17:24:26: DEBUG: sub:0x7fff7ab8: 172.16.0.1/32[0] 192.168.0.0/24[0] proto=any dir=fwd
2010-08-03 17:24:26: DEBUG: db :0x10008d40: 192.168.0.0/24[0] 172.16.0.1/32[0] proto=any dir=out



Das sieht IMHO soweit ziemlich OK aus. Mein Problem ist, daß racoon dann
beim Empfang des ersten IKEv1-Paket's vom Peer selbst bei maximalem
Debug-Level nur folgende, wenig hilfreiche Meldung produziert:


2010-08-03 15:53:50: DEBUG: 288 bytes message received from 192.168.10.1[500] to 78.53.202.132[500]
2010-08-03 15:53:50: DEBUG:
715049f3 11333dcd 00000000 00000000 01100200 00000000 00000120 0d000058
00000001 00000001 0000004c 00010002 03000024 00010000 800b0001 800c2a30
80010007 80020002 800e0080 80030003 8004000e 00000020 01010000 800b0001
800c2a30 80010005 80020002 80030003 80040005 0d000014 d6263956 ac790961
a9c8409b 393724bf 0d000014 12f5f28c 457168a9 702d9fe2 74cc0100 0d00000c
09002689 dfd6b712 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 0d000014
4a131c81 07035845 5c5728f2 0e95452f 0d000014 7d9419a6 5310ca6f 2c179d92
15529d56 0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091
3ebb696e 086381b5 ec427b1f 00000014 4485152d 18b6bbcd 0be8a846 9579ddcc
2010-08-03 15:53:50: DEBUG: no remote configuration found.
2010-08-03 15:53:50: ERROR: couldn't find configuration.



Ja, spinnen die? Erwarten die, daß ich den Kram von Hand dekodiere, um
rauszufinden, was ihm daran genau nicht paßt? Können die nicht so wie
bei *swan den Kram aufdröseln und anzeigen, was genau nicht paßt?

Als zusàtzliches Erschwernis kann ich nichtmal direkt die racoon.conf
beeinflussen, sondern muß mit dem Vorlieb nehmen, was das Web-GUI dieses
Scheißteils produziert. Immerhin kann ich aber das Ergebnis anzeigen
(Kommentare sind von mir nachtràglich eingefügt):


# kein PSK, Datei leer
path pre_shared_key "/var/psk.txt";
# Zertifikate liegen tatsàchlich hier
path certificate "/var/cert";

remote 0.0.0.0 {
exchange_mode main;
lifetime time 3600 sec;
proposal_check obey;
verify_cert on;
my_identifier asn1dn;
peers_identifier asn1dn;
#GW-Cert und GW-Key, Namen von mir anonymisiert, im Original aber
#korrekte Namen und auch tatsàchlich vorhanden)
certificate_type x509 "xxx.cert" "xxx.priv";
proposal {
encryption_algorithm aes128;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp2048;
}
}

sainfo address 192.168.0.0/24 any address 172.16.0.1/32 any {
pfs_group modp2048;
lifetime time 3600 sec;
encryption_algorithm aes128;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}




Das StrongSwan-Config-Gegenstück beim Peer sieht so aus (teilweise
anonymisiert):


config setup
virtual_private2.168.0.0/24,172.16.0.0/12
plutodebug=all
plutostderrlog=/var/log/pluto.log
# crlcheckinterval`0
strictcrlpolicy=no
# cachecrls=yes
nat_traversal=yes
charonstart=no
plutostart=yes

ca heikos
cacert=cacert.pem

conn phonehome
left=%defaultroute
leftcert=yyy.pem
leftsubnet2.16.0.1/32
leftsourceip2.16.0.1
right=xxx
rightsubnet2.168.0.0/24
rightcert=xxx.pem
rightid=@xxx
type=tunnel
authby=rsasig
pfs=yes
auto=add



xxx steht für einen DynDNS-Namen, der von beiden Peers korrekt aufgelöst
wird. Der Peer hàngt allerdings derzeit nicht im Internet, sondern über
ein zusàtzlich gebundenes Netz (192.168.10.0/24) im LAN. Das kann aber
wohl (zumindest hier noch nicht) das Problem sein, denn das Paket
erreicht ja offensichtlich mit korrektem Absender das korrekte Ziel.

Beim Aktivieren der Verbindung liefert pluto dann folgendes (letzter
Versuch von dreien):


"phonehome" #2: starting keying attempt 3 of at most 3
| creating state object #3 at 0x20dc9c10
| ICOOKIE: b2 92 37 bc e2 6b 1e 05
| RCOOKIE: 00 00 00 00 00 00 00 00
| peer: 4e 35 ca 84
| state hash entry 6
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #3
"phonehome" #3: initiating Main Mode to replace #2
| **emit ISAKMP Message:
| initiator cookie:
| b2 92 37 bc e2 6b 1e 05
| responder cookie:
| 00 00 00 00 00 00 00 00
| next payload type: ISAKMP_NEXT_SA
| ISAKMP version: ISAKMP Version 1.0
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| ***emit ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID
| DOI: ISAKMP_DOI_IPSEC
| ****emit IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ike proposal: AES_CBC_128/HMAC_SHA1/MODP_2048, 3DES_CBC/HMAC_SHA1/MODP_1536,
| ****emit ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| proposal number: 0
| protocol ID: PROTO_ISAKMP
| SPI size: 0
| number of transforms: 2
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| transform number: 0
| transform ID: KEY_IKE
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_TYPE
| length/value: 1
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_DURATION
| length/value: 10800
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is HMAC_SHA1]
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 128
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_AUTHENTICATION_METHOD
| length/value: 3
| [3 is RSA signature]
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 14
| [14 is MODP_2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_NONE
| transform number: 1
| transform ID: KEY_IKE
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_TYPE
| length/value: 1
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_DURATION
| length/value: 10800
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 5
| [5 is 3DES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is HMAC_SHA1]
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_AUTHENTICATION_METHOD
| length/value: 3
| [3 is RSA signature]
| ******emit ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 5
| [5 is MODP_1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| emitting length of ISAKMP Proposal Payload: 76
| emitting length of ISAKMP Security Association Payload: 88
| out_vendorid(): sending [strongSwan 4.3.2]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID d6 26 39 56 ac 79 09 61 a9 c8 40 9b 39 37 24 bf
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vendorid(): sending [Cisco-Unity]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vendorid(): sending [XAUTH]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 09 00 26 89 df d6 b7 12
| emitting length of ISAKMP Vendor ID Payload: 12
| out_vendorid(): sending [Dead Peer Detection]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vendorid(): sending [RFC 3947]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
| emitting length of ISAKMP Vendor ID Payload: 20
| emitting length of ISAKMP Message: 288
| sending 288 bytes for main_outI1 through wlan0 to 78.53.202.132:500:
| b2 92 37 bc e2 6b 1e 05 00 00 00 00 00 00 00 00
| 01 10 02 00 00 00 00 00 00 00 01 20 0d 00 00 58
| 00 00 00 01 00 00 00 01 00 00 00 4c 00 01 00 02
| 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
| 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
| 80 04 00 0e 00 00 00 20 01 01 00 00 80 0b 00 01
| 80 0c 2a 30 80 01 00 05 80 02 00 02 80 03 00 03
| 80 04 00 05 0d 00 00 14 d6 26 39 56 ac 79 09 61
| a9 c8 40 9b 39 37 24 bf 0d 00 00 14 12 f5 f2 8c
| 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
| 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
| 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
| 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
| 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
| 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #3
| ICOOKIE: c7 63 1f ba 2b d1 ec 56
| RCOOKIE: 00 00 00 00 00 00 00 00
| peer: 4e 35 ca 84
| state hash entry 8
| next event EVENT_RETRANSMIT in 10 seconds for #3
|
| *time to handle event
| event after this is EVENT_REINIT_SECRET in 3352 seconds
| handling event EVENT_RETRANSMIT for 78.53.202.132 "phonehome" #3
| sending 288 bytes for EVENT_RETRANSMIT through wlan0 to 78.53.202.132:500:
| b2 92 37 bc e2 6b 1e 05 00 00 00 00 00 00 00 00
| 01 10 02 00 00 00 00 00 00 00 01 20 0d 00 00 58
| 00 00 00 01 00 00 00 01 00 00 00 4c 00 01 00 02
| 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
| 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
| 80 04 00 0e 00 00 00 20 01 01 00 00 80 0b 00 01
| 80 0c 2a 30 80 01 00 05 80 02 00 02 80 03 00 03
| 80 04 00 05 0d 00 00 14 d6 26 39 56 ac 79 09 61
| a9 c8 40 9b 39 37 24 bf 0d 00 00 14 12 f5 f2 8c
| 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
| 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
| 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
| 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
| 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
| 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
| inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #3
| next event EVENT_RETRANSMIT in 20 seconds for #3
|
| *time to handle event
| event after this is EVENT_REINIT_SECRET in 3332 seconds
| handling event EVENT_RETRANSMIT for 78.53.202.132 "phonehome" #3
| sending 288 bytes for EVENT_RETRANSMIT through wlan0 to 78.53.202.132:500:
| b2 92 37 bc e2 6b 1e 05 00 00 00 00 00 00 00 00
| 01 10 02 00 00 00 00 00 00 00 01 20 0d 00 00 58
| 00 00 00 01 00 00 00 01 00 00 00 4c 00 01 00 02
| 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
| 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
| 80 04 00 0e 00 00 00 20 01 01 00 00 80 0b 00 01
| 80 0c 2a 30 80 01 00 05 80 02 00 02 80 03 00 03
| 80 04 00 05 0d 00 00 14 d6 26 39 56 ac 79 09 61
| a9 c8 40 9b 39 37 24 bf 0d 00 00 14 12 f5 f2 8c
| 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
| 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
| 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
| 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
| 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
| 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
| inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #3
| next event EVENT_RETRANSMIT in 40 seconds for #3
|
| *time to handle event
| event after this is EVENT_REINIT_SECRET in 3292 seconds
| handling event EVENT_RETRANSMIT for 78.53.202.132 "phonehome" #3
"phonehome" #3: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message




Irgendwelche Tips?
 

Lesen sie die antworten

#1 Stefan Kanthak
03/08/2010 - 22:21 | Warnen spam
"Heiko Nocon" schrieb:

Hi,

ich habe so einen Scheiß-Consumer-Router (Alice 1121). Der kann aber
immerhin IPSEC-VPNs. Dazu wird racoon benutzt, was mir persönlich höchst
suspekt ist, denn ich habe zwar umfangreiche Erfahrungen mit *swan, aber
eben keine mit racoon.

Beim Start von racoon passiert folgendes:

>Foreground mode.
>2010-08-03 17:24:25: INFO: @(#)ipsec-tools 0.5.1 (http://ipsec-tools.sourceforge.net)
>2010-08-03 17:24:25: INFO: @(#)This product linked OpenSSL 0.9.7f 22 Mar 2005 (http://www.openssl.org/)


~~~~~~~~~~~~~~~~~~~~~~~~~~
Danke, das genuegt!

Stefan
[
Die unaufgeforderte Zusendung werbender E-Mails verstoesst gegen §823
Abs. 1 sowie §1004 Abs. 1 BGB und begruendet Anspruch auf Unterlassung.
Beschluss des OLG Bamberg vom 12.05.2005 (AZ: 1 U 143/04)

Ähnliche fragen