ComputerBase Menü
Aktuelles

VPN zwischen Asus und Fritzbox

D

dmazurek00

Newbie
Registriert
Feb. 2024
Beiträge
6
Hallo,

ich versuche, meine Fritzbox als Client mit einem Asus-Router über IPSec zu verbinden.Ich habe die folgende Konfiguration für die Fritzbox erstellt.
Code: 
vpncfg {
  connections
    {
    enabled = yes;
    editable = yes;
    conn_type = conntype_lan;
    name = "asus";
    always_renew = yes;
    reject_not_encrypted = no;
    dont_filter_netbios = yes;
    localip = 0.0.0.0;
    local_virtualip = 10.10.10.1;
    remotehostname = "xxx.asuscomm.com";
    remote_virtualip = 10.10.10.1;
    localid {
      fqdn = "xxx.myfritz.net";
    }
    remoteid {
     fqdn = "xxx.asuscomm.com";
    }
    mode = phase1_mode_idp;
    phase1ss = "alt/aes/sha";
    keytype = connkeytype_pre_shared;
    key = "xxx";
    cert_do_server_auth = no;
    use_nat_t = yes;
    use_xauth = yes;
    xauth {
                        valid = yes;
                        username = "xxx";
                        passwd = "xxx";
                };
    use_cfgmode = no;
    phase2localid {
      ipnet {
        ipaddr = 192.168.188.1;
        mask = 255.255.255.0;
      }
    }
    phase2remoteid {
      ipnet {
        ipaddr = 192.168.50.1;
        mask = 255.255.255.0;
      }
    }
    phase2ss = "esp-all-all/ah-all/comp-all/pfs";
    accesslist = "permit ip any 192.168.50.1 255.255.255.0", "permit ip any 192.168.188.1 255.255.255.0";
  }
  ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                      "udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
Leider gibt die Fritzbox einen Timeout-Fehler zurück, während der Asus-Router anzeigt, dass die Verbindung hergestellt wurde, aber es gibt Meldungen, die ich nicht verstehe.

Code: 
Feb 17 08:40:38 06[NET] received packet: from xxx[500] to xxx[500] (904 bytes)
Feb 17 08:40:38 06[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Feb 17 08:40:38 06[IKE] received XAuth vendor ID
Feb 17 08:40:38 06[IKE] received DPD vendor ID
Feb 17 08:40:38 06[IKE] received NAT-T (RFC 3947) vendor ID
Feb 17 08:40:38 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 17 08:40:38 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 17 08:40:38 06[ENC] received unknown vendor ID: xxx
Feb 17 08:40:38 06[IKE] xxx is initiating a Main Mode IKE_SA
Feb 17 08:40:38 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 17 08:40:38 06[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 17 08:40:38 06[NET] sending packet: from xxx[500] to xxx[500] (156 bytes)
Feb 17 08:40:39 05[NET] received packet: from xxx[500] to xxx[500] (228 bytes)
Feb 17 08:40:39 05[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 17 08:40:39 05[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 17 08:40:39 05[NET] sending packet: from xxx[500] to xxx[500] (244 bytes)
Feb 17 08:40:39 06[NET] received packet: from xxx[500] to xxx[500] (124 bytes)
Feb 17 08:40:39 06[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Feb 17 08:40:39 06[CFG] looking for XAuthInitPSK peer configs matching xxx...xxx[xxx.myfritz.net]
Feb 17 08:40:39 06[CFG] selected peer config "Host-to-Net"
Feb 17 08:40:39 06[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 17 08:40:39 06[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:40:39 06[ENC] generating TRANSACTION request 3353162671 [ HASH CPRQ(X_USER X_PWD) ]
Feb 17 08:40:39 06[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:40:39 05[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:40:39 05[ENC] parsed INFORMATIONAL_V1 request 314484000 [ HASH N(INITIAL_CONTACT) ]
Feb 17 08:40:39 07[NET] received packet: from xxx[500] to xxx[500] (108 bytes)
Feb 17 08:40:39 07[ENC] parsed TRANSACTION response 3353162671 [ HASH CPRP(X_TYPE X_USER X_PWD) ]
Feb 17 08:40:39 07[IKE] XAuth authentication of 'fritzbox' successful
Feb 17 08:40:39 07[ENC] generating TRANSACTION request 3779228076 [ HASH CPS(X_STATUS) ]
Feb 17 08:40:39 07[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:40:40 08[NET] received packet: from xxx[500] to xxx[500] (60 bytes)
Feb 17 08:40:40 08[ENC] parsed TRANSACTION response 3779228076 [ HASH CP ]
Feb 17 08:40:40 08[IKE] IKE_SA Host-to-Net[1] established between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:40:40 08[IKE] scheduling reauthentication in 10187s
Feb 17 08:40:40 08[IKE] maximum IKE_SA lifetime 10727s
Feb 17 08:40:40 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:40:40 05[ENC] parsed QUICK_MODE request 3709229530 [ HASH SA No KE ID ID ]
Feb 17 08:40:40 05[IKE] no matching CHILD_SA config found for 192.168.188.1..192.168.188.255 === 192.168.50.1..192.168.50.255
Feb 17 08:40:40 05[ENC] generating INFORMATIONAL_V1 request 1661635877 [ HASH N(INVAL_ID) ]
Feb 17 08:40:40 05[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:40:42 07[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:40:42 07[IKE] received retransmit of request with ID 3709229530, but no response to retransmit
Feb 17 08:40:46 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:40:46 05[IKE] received retransmit of request with ID 3709229530, but no response to retransmit
Feb 17 08:40:51 05[IKE] sending DPD request
Feb 17 08:40:51 05[ENC] generating INFORMATIONAL_V1 request 1487355878 [ HASH N(DPD) ]
Feb 17 08:40:51 05[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:40:51 07[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:40:51 07[ENC] parsed INFORMATIONAL_V1 response 1487355878 [ HASH N(DPD_ACK) ]
Feb 17 08:40:54 05[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:40:54 05[ENC] parsed INFORMATIONAL_V1 request 2747731623 [ HASH D ]
Feb 17 08:40:54 05[IKE] received DELETE for IKE_SA Host-to-Net[1]
Feb 17 08:40:54 05[IKE] deleting IKE_SA Host-to-Net[1] between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:40:54 07[NET] received packet: from xxx[500] to xxx[500] (904 bytes)
Feb 17 08:40:54 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Feb 17 08:40:54 07[IKE] received XAuth vendor ID
Feb 17 08:40:54 07[IKE] received DPD vendor ID
Feb 17 08:40:54 07[IKE] received NAT-T (RFC 3947) vendor ID
Feb 17 08:40:54 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 17 08:40:54 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 17 08:40:54 07[ENC] received unknown vendor ID: xxx
Feb 17 08:40:54 07[IKE] xxx is initiating a Main Mode IKE_SA
Feb 17 08:40:54 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 17 08:40:54 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 17 08:40:54 07[NET] sending packet: from xxx[500] to xxx[500] (156 bytes)
Feb 17 08:40:55 05[NET] received packet: from xxx[500] to xxx[500] (228 bytes)
Feb 17 08:40:55 05[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 17 08:40:55 05[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 17 08:40:55 05[NET] sending packet: from xxx[500] to xxx[500] (244 bytes)
Feb 17 08:40:55 07[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:40:55 07[ENC] parsed ID_PROT request 0 [ ID HASH ]
Feb 17 08:40:55 07[CFG] looking for XAuthInitPSK peer configs matching xxx...xxx[xxx.myfritz.net]
Feb 17 08:40:55 07[CFG] selected peer config "Host-to-Net"
Feb 17 08:40:55 07[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 17 08:40:55 07[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:40:55 07[ENC] generating TRANSACTION request 1085449259 [ HASH CPRQ(X_USER X_PWD) ]
Feb 17 08:40:55 07[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:40:55 06[NET] received packet: from xxx[500] to xxx[500] (108 bytes)
Feb 17 08:40:55 06[ENC] parsed TRANSACTION response 1085449259 [ HASH CPRP(X_TYPE X_USER X_PWD) ]
Feb 17 08:40:55 06[IKE] XAuth authentication of 'fritzbox' successful
Feb 17 08:40:55 06[ENC] generating TRANSACTION request 1568730785 [ HASH CPS(X_STATUS) ]
Feb 17 08:40:55 06[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:40:55 08[NET] received packet: from xxx[500] to xxx[500] (60 bytes)
Feb 17 08:40:55 08[ENC] parsed TRANSACTION response 1568730785 [ HASH CP ]
Feb 17 08:40:55 08[IKE] IKE_SA Host-to-Net[2] established between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:40:55 08[IKE] scheduling reauthentication in 9950s
Feb 17 08:40:55 08[IKE] maximum IKE_SA lifetime 10490s
Feb 17 08:41:05 07[IKE] sending DPD request
Feb 17 08:41:05 07[ENC] generating INFORMATIONAL_V1 request 3340610179 [ HASH N(DPD) ]
Feb 17 08:41:05 07[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:41:05 08[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:41:05 08[ENC] parsed INFORMATIONAL_V1 response 3340610179 [ HASH N(DPD_ACK) ]
Feb 17 08:41:13 05[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:41:13 05[ENC] parsed INFORMATIONAL_V1 request 4007319260 [ HASH D ]
Feb 17 08:41:13 05[IKE] received DELETE for IKE_SA Host-to-Net[2]
Feb 17 08:41:13 05[IKE] deleting IKE_SA Host-to-Net[2] between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:41:13 06[NET] received packet: from xxx[500] to xxx[500] (904 bytes)
Feb 17 08:41:13 06[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Feb 17 08:41:13 06[IKE] received XAuth vendor ID
Feb 17 08:41:13 06[IKE] received DPD vendor ID
Feb 17 08:41:13 06[IKE] received NAT-T (RFC 3947) vendor ID
Feb 17 08:41:13 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 17 08:41:13 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 17 08:41:13 06[ENC] received unknown vendor ID: xxx
Feb 17 08:41:13 06[IKE] xxx is initiating a Main Mode IKE_SA
Feb 17 08:41:13 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 17 08:41:13 06[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 17 08:41:13 06[NET] sending packet: from xxx[500] to xxx[500] (156 bytes)
Feb 17 08:41:14 07[NET] received packet: from xxx[500] to xxx[500] (228 bytes)
Feb 17 08:41:14 07[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 17 08:41:14 07[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 17 08:41:14 07[NET] sending packet: from xxx[500] to xxx[500] (244 bytes)
Feb 17 08:41:15 08[NET] received packet: from xxx[500] to xxx[500] (124 bytes)
Feb 17 08:41:15 08[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Feb 17 08:41:15 08[CFG] looking for XAuthInitPSK peer configs matching xxx...xxx[xxx.myfritz.net]
Feb 17 08:41:15 08[CFG] selected peer config "Host-to-Net"
Feb 17 08:41:15 08[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 17 08:41:15 08[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:41:15 08[ENC] generating TRANSACTION request 3662103569 [ HASH CPRQ(X_USER X_PWD) ]
Feb 17 08:41:15 08[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:41:15 05[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:41:15 05[ENC] parsed INFORMATIONAL_V1 request 4185397064 [ HASH N(INITIAL_CONTACT) ]
Feb 17 08:41:15 06[NET] received packet: from xxx[500] to xxx[500] (108 bytes)
Feb 17 08:41:15 06[ENC] parsed TRANSACTION response 3662103569 [ HASH CPRP(X_TYPE X_USER X_PWD) ]
Feb 17 08:41:15 06[IKE] XAuth authentication of 'fritzbox' successful
Feb 17 08:41:15 06[ENC] generating TRANSACTION request 2739220202 [ HASH CPS(X_STATUS) ]
Feb 17 08:41:15 06[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:41:15 05[NET] received packet: from xxx[500] to xxx[500] (60 bytes)
Feb 17 08:41:15 05[ENC] parsed TRANSACTION response 2739220202 [ HASH CP ]
Feb 17 08:41:15 05[IKE] IKE_SA Host-to-Net[3] established between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:41:15 05[IKE] scheduling reauthentication in 10108s
Feb 17 08:41:15 05[IKE] maximum IKE_SA lifetime 10648s
Feb 17 08:41:16 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:41:16 05[ENC] parsed QUICK_MODE request 1629760856 [ HASH SA No KE ID ID ]
Feb 17 08:41:16 05[IKE] no matching CHILD_SA config found for 192.168.188.0/24 === 192.168.50.1..192.168.50.255
Feb 17 08:41:16 05[ENC] generating INFORMATIONAL_V1 request 4051119710 [ HASH N(INVAL_ID) ]
Feb 17 08:41:16 05[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:41:25 06[IKE] sending DPD request
Feb 17 08:41:25 06[ENC] generating INFORMATIONAL_V1 request 2905348034 [ HASH N(DPD) ]
Feb 17 08:41:25 06[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:41:35 07[IKE] sending DPD request
Feb 17 08:41:35 07[ENC] generating INFORMATIONAL_V1 request 2875680137 [ HASH N(DPD) ]
Feb 17 08:41:35 07[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:41:45 07[JOB] DPD check timed out, enforcing DPD action
Feb 17 08:43:42 06[CFG] rereading secrets
Feb 17 08:43:42 06[CFG] loading secrets from '/etc/ipsec.secrets'
Feb 17 08:43:42 06[CFG]   loaded IKE secret for %any
Feb 17 08:43:42 06[CFG]   loaded EAP secret for fritzbox
Feb 17 08:43:42 06[CFG]   loaded RSA private key from '/etc/ipsec.d/private/svrKey.pem'
Feb 17 08:43:42 06[CFG]   loaded EAP secret for fritzbox
Feb 17 08:43:42 06[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts'
Feb 17 08:43:42 06[CFG]   loaded ca certificate "C=TW, O=ASUS, CN=ASUS RT-AX5400-3FE8 Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Feb 17 08:43:42 06[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'
Feb 17 08:43:42 06[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Feb 17 08:43:42 06[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'
Feb 17 08:43:42 06[CFG] rereading crls from '/etc/ipsec.d/crls'
Feb 17 08:43:43 06[CFG] received stroke: delete connection 'Host-to-Net'
Feb 17 08:43:43 06[CFG] deleted connection 'Host-to-Net'
Feb 17 08:43:43 08[CFG] received stroke: delete connection 'Host-to-Netv2'
Feb 17 08:43:43 08[CFG] deleted connection 'Host-to-Netv2'
Feb 17 08:43:43 06[CFG] received stroke: add connection 'Host-to-Net'
Feb 17 08:43:43 06[CFG] reusing virtual IP address pool 10.10.10.0/24
Feb 17 08:43:43 06[CFG] added configuration 'Host-to-Net'
Feb 17 08:43:43 08[CFG] received stroke: add connection 'Host-to-Netv2'
Feb 17 08:43:43 08[CFG] reusing virtual IP address pool 10.10.10.0/24
Feb 17 08:43:43 08[CFG]   loaded certificate "C=TW, O=ASUS, CN=xxx.asuscomm.com" from 'svrCert.pem'
Feb 17 08:43:43 08[CFG] added configuration 'Host-to-Netv2'
Feb 17 08:44:39 05[CFG] rereading secrets
Feb 17 08:44:39 05[CFG] loading secrets from '/etc/ipsec.secrets'
Feb 17 08:44:39 05[CFG]   loaded IKE secret for %any
Feb 17 08:44:39 05[CFG]   loaded EAP secret for fritzbox
Feb 17 08:44:39 05[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts'
Feb 17 08:44:39 05[CFG]   loaded ca certificate "C=TW, O=ASUS, CN=ASUS RT-AX5400-3FE8 Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Feb 17 08:44:39 05[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'
Feb 17 08:44:39 05[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Feb 17 08:44:39 05[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'
Feb 17 08:44:39 05[CFG] rereading crls from '/etc/ipsec.d/crls'
Feb 17 08:44:40 05[CFG] received stroke: delete connection 'Host-to-Net'
Feb 17 08:44:40 05[CFG] deleted connection 'Host-to-Net'
Feb 17 08:44:40 06[CFG] received stroke: delete connection 'Host-to-Netv2'
Feb 17 08:44:40 06[CFG] deleted connection 'Host-to-Netv2'
Feb 17 08:44:40 05[CFG] received stroke: add connection 'Host-to-Net'
Feb 17 08:44:40 05[CFG] reusing virtual IP address pool 10.10.10.0/24
Feb 17 08:44:40 05[CFG] added configuration 'Host-to-Net'
Feb 17 08:44:40 06[CFG] received stroke: add connection 'Host-to-Netv2'
Feb 17 08:44:40 06[CFG] reusing virtual IP address pool 10.10.10.0/24
Feb 17 08:44:40 06[CFG]   loaded certificate "C=TW, O=ASUS, CN=xxx.asuscomm.com" from 'svrCert.pem'
Feb 17 08:44:40 06[CFG] added configuration 'Host-to-Netv2'
Feb 17 08:46:37 06[NET] received packet: from xxx[500] to xxx[500] (904 bytes)
Feb 17 08:46:37 06[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Feb 17 08:46:37 06[IKE] received XAuth vendor ID
Feb 17 08:46:37 06[IKE] received DPD vendor ID
Feb 17 08:46:37 06[IKE] received NAT-T (RFC 3947) vendor ID
Feb 17 08:46:37 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 17 08:46:37 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 17 08:46:37 06[ENC] received unknown vendor ID: xxx
Feb 17 08:46:37 06[IKE] xxx is initiating a Main Mode IKE_SA
Feb 17 08:46:37 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 17 08:46:37 06[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 17 08:46:37 06[NET] sending packet: from xxx[500] to xxx[500] (156 bytes)
Feb 17 08:46:38 05[NET] received packet: from xxx[500] to xxx[500] (228 bytes)
Feb 17 08:46:38 05[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 17 08:46:38 05[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 17 08:46:38 05[NET] sending packet: from xxx[500] to xxx[500] (244 bytes)
Feb 17 08:46:39 06[NET] received packet: from xxx[500] to xxx[500] (124 bytes)
Feb 17 08:46:39 06[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Feb 17 08:46:39 06[CFG] looking for XAuthInitPSK peer configs matching xxx...xxx[xxx.myfritz.net]
Feb 17 08:46:39 06[CFG] selected peer config "Host-to-Net"
Feb 17 08:46:39 06[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 17 08:46:39 06[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:39 06[ENC] generating TRANSACTION request 1019943078 [ HASH CPRQ(X_USER X_PWD) ]
Feb 17 08:46:39 06[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:40 05[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:40 05[ENC] parsed INFORMATIONAL_V1 request 4176420332 [ HASH N(INITIAL_CONTACT) ]
Feb 17 08:46:40 06[NET] received packet: from xxx[500] to xxx[500] (108 bytes)
Feb 17 08:46:40 06[ENC] parsed TRANSACTION response 1019943078 [ HASH CPRP(X_TYPE X_USER X_PWD) ]
Feb 17 08:46:40 06[IKE] XAuth authentication of 'fritzbox' successful
Feb 17 08:46:40 06[ENC] generating TRANSACTION request 2969906761 [ HASH CPS(X_STATUS) ]
Feb 17 08:46:40 06[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:41 08[NET] received packet: from xxx[500] to xxx[500] (60 bytes)
Feb 17 08:46:41 08[ENC] parsed TRANSACTION response 2969906761 [ HASH CP ]
Feb 17 08:46:41 08[IKE] IKE_SA Host-to-Net[4] established between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:46:41 08[IKE] scheduling reauthentication in 9753s
Feb 17 08:46:41 08[IKE] maximum IKE_SA lifetime 10293s
Feb 17 08:46:42 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:46:42 05[ENC] parsed QUICK_MODE request 1182859716 [ HASH SA No KE ID ID ]
Feb 17 08:46:42 05[IKE] no matching CHILD_SA config found for 192.168.188.0/24 === 192.168.50.1..192.168.50.255
Feb 17 08:46:42 05[ENC] generating INFORMATIONAL_V1 request 3439557106 [ HASH N(INVAL_ID) ]
Feb 17 08:46:42 05[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:43 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:46:43 05[IKE] received retransmit of request with ID 1182859716, but no response to retransmit
Feb 17 08:46:47 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:46:47 05[IKE] received retransmit of request with ID 1182859716, but no response to retransmit
Feb 17 08:46:55 06[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:55 06[ENC] parsed INFORMATIONAL_V1 request 1561383136 [ HASH D ]
Feb 17 08:46:55 06[IKE] received DELETE for IKE_SA Host-to-Net[4]
Feb 17 08:46:55 06[IKE] deleting IKE_SA Host-to-Net[4] between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:46:55 07[NET] received packet: from xxx[500] to xxx[500] (904 bytes)
Feb 17 08:46:55 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Feb 17 08:46:55 07[IKE] received XAuth vendor ID
Feb 17 08:46:55 07[IKE] received DPD vendor ID
Feb 17 08:46:55 07[IKE] received NAT-T (RFC 3947) vendor ID
Feb 17 08:46:55 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 17 08:46:55 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 17 08:46:55 07[ENC] received unknown vendor ID: xxx
Feb 17 08:46:55 07[IKE] xxx is initiating a Main Mode IKE_SA
Feb 17 08:46:55 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 17 08:46:55 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 17 08:46:55 07[NET] sending packet: from xxx[500] to xxx[500] (156 bytes)
Feb 17 08:46:56 06[NET] received packet: from xxx[500] to xxx[500] (228 bytes)
Feb 17 08:46:56 06[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 17 08:46:56 06[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 17 08:46:56 06[NET] sending packet: from xxx[500] to xxx[500] (244 bytes)
Feb 17 08:46:58 07[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:58 07[ENC] parsed ID_PROT request 0 [ ID HASH ]
Feb 17 08:46:58 07[CFG] looking for XAuthInitPSK peer configs matching xxx...xxx[xxx.myfritz.net]
Feb 17 08:46:58 07[CFG] selected peer config "Host-to-Net"
Feb 17 08:46:58 07[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 17 08:46:58 07[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:58 07[ENC] generating TRANSACTION request 3358068321 [ HASH CPRQ(X_USER X_PWD) ]
Feb 17 08:46:58 07[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:58 08[NET] received packet: from xxx[500] to xxx[500] (108 bytes)
Feb 17 08:46:58 08[ENC] parsed TRANSACTION response 3358068321 [ HASH CPRP(X_TYPE X_USER X_PWD) ]
Feb 17 08:46:58 08[IKE] XAuth authentication of 'fritzbox' successful
Feb 17 08:46:58 08[ENC] generating TRANSACTION request 544349541 [ HASH CPS(X_STATUS) ]
Feb 17 08:46:58 08[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:58 05[NET] received packet: from xxx[500] to xxx[500] (60 bytes)
Feb 17 08:46:58 05[ENC] parsed TRANSACTION response 544349541 [ HASH CP ]
Feb 17 08:46:58 05[IKE] IKE_SA Host-to-Net[5] established between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:46:58 05[IKE] scheduling reauthentication in 9904s
Feb 17 08:46:58 05[IKE] maximum IKE_SA lifetime 10444s

Ich habe keine Ahnung, was ich in der Fritzbox-Konfiguration ändern kann...
 
Ich möchte, dass die Fritzbox eine IP-Adresse erhält, die der des Asus-Routers entspricht, und gleichzeitig Zugriff auf das Heimnetzwerk erhält, in dem der Asus-Router als Router fungiert.
 
wieder IKE-Error 2027
Und Asus zeigt:
Code: 
Feb 17 09:34:38 06[NET] received packet: from xxx[500] to xxx[500] (904 bytes)
Feb 17 09:34:38 06[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Feb 17 09:34:38 06[IKE] received XAuth vendor ID
Feb 17 09:34:38 06[IKE] received DPD vendor ID
Feb 17 09:34:38 06[IKE] received NAT-T (RFC 3947) vendor ID
Feb 17 09:34:38 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 17 09:34:38 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 17 09:34:38 06[ENC] received unknown vendor ID: a2:22:6f:c3:64:50:0f:56:34:ff:77:db:3b:74:f4:1b
Feb 17 09:34:38 06[IKE] xxx is initiating a Main Mode IKE_SA
Feb 17 09:34:38 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 17 09:34:38 06[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 17 09:34:38 06[NET] sending packet: from xxx[500] to xxx[500] (156 bytes)
Feb 17 09:34:39 07[NET] received packet: from xxx[500] to xxx[500] (228 bytes)
Feb 17 09:34:39 07[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 17 09:34:39 07[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 17 09:34:39 07[NET] sending packet: from xxx[500] to xxx[500] (244 bytes)
Feb 17 09:34:39 08[NET] received packet: from xxx[500] to xxx[500] (124 bytes)
Feb 17 09:34:39 08[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Feb 17 09:34:39 08[CFG] looking for XAuthInitPSK peer configs matching xxx...xxx[xxx.myfritz.net]
Feb 17 09:34:39 08[CFG] selected peer config "Host-to-Net"
Feb 17 09:34:39 08[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 17 09:34:39 08[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 09:34:39 08[ENC] generating TRANSACTION request 1727781249 [ HASH CPRQ(X_USER X_PWD) ]
Feb 17 09:34:39 08[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 09:34:39 05[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 09:34:39 05[ENC] parsed INFORMATIONAL_V1 request 3902633341 [ HASH N(INITIAL_CONTACT) ]
Feb 17 09:34:39 06[NET] received packet: from xxx[500] to xxx[500] (108 bytes)
Feb 17 09:34:39 06[ENC] parsed TRANSACTION response 1727781249 [ HASH CPRP(X_TYPE X_USER X_PWD) ]
Feb 17 09:34:39 06[IKE] XAuth authentication of 'fritzbox' successful
Feb 17 09:34:39 06[ENC] generating TRANSACTION request 3540320327 [ HASH CPS(X_STATUS) ]
Feb 17 09:34:39 06[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 09:34:40 07[NET] received packet: from xxx[500] to xxx[500] (60 bytes)
Feb 17 09:34:40 07[ENC] parsed TRANSACTION response 3540320327 [ HASH CP ]
Feb 17 09:34:40 07[IKE] IKE_SA Host-to-Net[7] established between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 09:34:40 07[IKE] scheduling reauthentication in 9858s
Feb 17 09:34:40 07[IKE] maximum IKE_SA lifetime 10398s
Feb 17 09:34:40 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 09:34:40 05[ENC] parsed QUICK_MODE request 100750610 [ HASH SA No KE ID ID ]
Feb 17 09:34:40 05[IKE] no matching CHILD_SA config found for 192.168.188.0/24 === 192.168.50.0/24
Feb 17 09:34:40 05[ENC] generating INFORMATIONAL_V1 request 2315697509 [ HASH N(INVAL_ID) ]
Feb 17 09:34:40 05[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 09:34:42 08[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 09:34:42 08[IKE] received retransmit of request with ID 100750610, but no response to retransmit
Feb 17 09:34:46 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 09:34:46 05[IKE] received retransmit of request with ID 100750610, but no response to retransmit
Feb 17 09:34:54 08[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 09:34:54 08[ENC] parsed INFORMATIONAL_V1 request 3684491905 [ HASH D ]
Feb 17 09:34:54 08[IKE] received DELETE for IKE_SA Host-to-Net[7]
Feb 17 09:34:54 08[IKE] deleting IKE_SA Host-to-Net[7] between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 09:34:54 05[NET] received packet: from xxx[500] to xxx[500] (904 bytes)
Feb 17 09:34:54 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Feb 17 09:34:54 05[IKE] received XAuth vendor ID
Feb 17 09:34:54 05[IKE] received DPD vendor ID
Feb 17 09:34:54 05[IKE] received NAT-T (RFC 3947) vendor ID
Feb 17 09:34:54 05[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 17 09:34:54 05[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 17 09:34:54 05[ENC] received unknown vendor ID: a2:22:6f:c3:64:50:0f:56:34:ff:77:db:3b:74:f4:1b
Feb 17 09:34:54 05[IKE] xxx is initiating a Main Mode IKE_SA
Feb 17 09:34:54 05[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 17 09:34:54 05[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 17 09:34:54 05[NET] sending packet: from xxx[500] to xxx[500] (156 bytes)
Feb 17 09:34:55 06[NET] received packet: from xxx[500] to xxx[500] (228 bytes)
Feb 17 09:34:55 06[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 17 09:34:55 06[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 17 09:34:55 06[NET] sending packet: from xxx[500] to xxx[500] (244 bytes)
Feb 17 09:34:55 07[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 09:34:55 07[ENC] parsed ID_PROT request 0 [ ID HASH ]
Feb 17 09:34:55 07[CFG] looking for XAuthInitPSK peer configs matching xxx...xxx[xxx.myfritz.net]
Feb 17 09:34:55 07[CFG] selected peer config "Host-to-Net"
Feb 17 09:34:55 07[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 17 09:34:55 07[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 09:34:55 07[ENC] generating TRANSACTION request 2011538704 [ HASH CPRQ(X_USER X_PWD) ]
Feb 17 09:34:55 07[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 09:34:55 08[NET] received packet: from xxx[500] to xxx[500] (108 bytes)
Feb 17 09:34:55 08[ENC] parsed TRANSACTION response 2011538704 [ HASH CPRP(X_TYPE X_USER X_PWD) ]
Feb 17 09:34:55 08[IKE] XAuth authentication of 'fritzbox' successful
Feb 17 09:34:55 08[ENC] generating TRANSACTION request 1625299927 [ HASH CPS(X_STATUS) ]
Feb 17 09:34:55 08[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 09:34:55 07[NET] received packet: from xxx[500] to xxx[500] (60 bytes)
Feb 17 09:34:55 07[ENC] parsed TRANSACTION response 1625299927 [ HASH CP ]
Feb 17 09:34:55 07[IKE] IKE_SA Host-to-Net[8] established between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 09:34:55 07[IKE] scheduling reauthentication in 9792s
Feb 17 09:34:55 07[IKE] maximum IKE_SA lifetime 10332s
 
Ja, der Asusr Wireguard unterstützt, habe ich jedoch eine FritzBox 7490, die leider Einschränkungen hat. Ich kann die Wireguard-Konfiguration leider nicht importieren...
Ergänzung ()

till69 schrieb:
Die FB Config ist eine Net-to-Net
Zum Vergrößern anklicken....
Kann man in der FritzBox config etwas zu ändern, damit der Asus-Router Net-to-Net anstelle von Host-to-Net auswählt?
 
Zuletzt bearbeitet:
Hast du auf der fritzboxseite, also die Box auf die du Connectest, ds-lite/cgn?
 
Das sollte im Asus einstellbar sein
Zum Vergrößern anklicken....
Leider gibt es in der Benutzeroberfläche der Asus keine Option dafür. Vielleicht kann man es auf andere Weise machen? Zum Beispiel über SSH? Ich habe versucht, mich über SSH und Telnet anzumelden, aber ich erhalte die Meldung 'Zugriff verweigert'. Ich habe mich mit meinen normalen Anmeldedaten angemeldet. Das Passwort für 'root' kenne ich nicht, und Google hat keine Ergebnisse dazu geliefert
Ergänzung ()

chrigu schrieb:
ds-lite/cgn
Zum Vergrößern anklicken....
keine Ahnung..
 
Zuletzt bearbeitet:
Versuch es mal andersrum zu verbinden. Wenn es so geht ist die Fritze an einem Kabel/faser Anschluss mit einer nicht öffentlich zugänglichen IPv4. Dann musst du mit wireguard versuchen über ipv6
 
dmazurek00 schrieb:
Ja, der Asusr Wireguard unterstützt, habe ich jedoch eine FritzBox 7490, die leider Einschränkungen hat.
Zum Vergrößern anklicken....
Die Einschränkungen betreffen dich aber nicht, wenn deine Anforderungen oben vollständig sind.

dmazurek00 schrieb:
Ich kann die Wireguard-Konfiguration leider nicht importieren...
Zum Vergrößern anklicken....
Dann löst sie einen Konflikt mit einer vorhandenen Konfiguration aus. Lösche zunächst alle vorhandenen VPN Verbindungen und versuche es dann noch mal. Sollte das nicht helfen, dann kannst du einen Reset auf Werkseinstellungen durchführen und es dann importieren.
 
Die Einschränkungen betreffen dich aber nicht, wenn deine Anforderungen oben vollständig sind.
Zum Vergrößern anklicken....
Aber ich habe gelesen, dass die FritzBox 7490 nicht den gesamten Netzwerkverkehr über WireGuard unterstützt, richtig?
 
Ja, aber das willst du ja nicht. Du willst eine IP aus dem Netz des Asus und Zugriff aufs Heimnetz des Asus.
 
Du musst dich einloggen oder registrieren, um hier zu antworten.

Ähnliche Themen

Photon
PowerLAN (TP-Link TL-PA4020PT) hat sporadische Verbindungsabbrüche
Antworten
19
Aufrufe
603
Photon
Photon
K
Heruntergefallene 2.5'' HDD noch verwenden?
Antworten
10
Aufrufe
830
Kurt Blahovec
K
Haggis
Verbindungsabbrüche bei Deutsche Glasfaser
Antworten
6
Aufrufe
1.397
Haggis
Haggis
B
System sprunghaft unerträglich langsam
Antworten
16
Aufrufe
1.131
Brakus
B
Grappo
Zu viele Verbindungsabbrüche
Antworten
8
Aufrufe
1.009
Telekom hilft
Telekom hilft
Zurück
Oben

Willkommen auf ComputerBase!

Mit Werbung weiterlesen

Besuche ComputerBase wie gewohnt mit Werbung und Tracking. Die Zustimmung ist jederzeit widerrufbar.

Details im Privacy Center und in der Liste unserer Partner. Ein Widerruf ist möglich in der Datenschutzerklärung.

… oder ComputerBase Pro bestellen

Nutze ComputerBase ohne Werbebanner, Video-Ads und Werbetracking schon für 4 €/Monat oder 36 €/Jahr.

Mehr zu ComputerBase Pro

Bereits Pro-Nutzer? Hier anmelden.

Tracking: Wir und unsere 165 Partner verarbeiten personenbezogene Daten, indem wir mit auf Ihrem Gerät gespeicherten Informationen (z. B. eindeutige Kennungen in Cookies) ein Nutzungsprofil erstellen, um z. B. Anzeigen zu personalisieren. Verarbeitungszwecke: Genaue Standortdaten und Abfrage von Geräteeigenschaften zur Identifikation, Informationen auf einem Gerät speichern und/oder abrufen, Personalisierte Anzeigen und Inhalte, Anzeigen- und Inhaltsmessungen, Erkenntnisse über Zielgruppen und Produktentwicklungen.

Impressum Kontakt Datenschutz