ipsec racoon tunnel
Hallo NG,
ich habe mit einem 2.6er Kernel und ipsec-Tools einen Racoon-Server laufen.
Bei der Verbindung mit einem anderen Rechner für einen Tunnel bringt er
jedoch folgenden Fehler:
Jun 3 19:26:09 test01 racoon: ERROR: phase1 negotiation failed due to time
up. 31e7af22cc20d683:b98f601bdc7aee59
Kennt jemand den Fehler? Ich habe mich nun einige Zeit mit IP-Sec
beschäftigt und so langsam raucht mir der Kopf... vielleicht übersehe ich
ja etwas einfaches... Mir scheint er kommt nie über Phase 1 hinaus.
Vielen Dank für jede Art von Hilfe oder Tipps wo ich wissenswertes finde.
Viele Grüße
Ralf
-------- racoon.conf ---------
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
# timer for waiting to complete each phase.
phase1 30 sec;
phase2 15 sec;
}
remote anonymous
{
exchange_mode main,aggressive;
doi ipsec_doi;
#situation identity_only;
my_identifier address 195.243.27.122;
peers_identifier address 194.25.154.194;
nonce_size 16;
lifetime time 6000 sec; # sec,min,hour
initial_contact on;
support_proxy on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous
{
#pfs_group 2;
pfs_group modp1024;
lifetime time 6000 sec;
encryption_algorithm des,3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
-----------------------------------
Jun 3 19:25:29 test01 racoon: DEBUG: begin.
Jun 3 19:25:29 test01 racoon: DEBUG: seen nptype=5(id)
Jun 3 19:25:29 test01 racoon: DEBUG: invalid length of payload
Jun 3 19:25:39 test01 racoon: DEBUG: ===
Jun 3 19:25:39 test01 racoon: DEBUG: 60 bytes message received from
194.25.154.194[500] to 10.0.1.1[500]
Jun 3 19:25:39 test01 racoon: DEBUG: 31e7af22 cc20d683 b98f601b dc7aee59
05100201 00000000 0000003c b5f37e38 4bc3542d ae8eab8e 925f716e fce85134
0241c38c d8911f53 20a8d659
Jun 3 19:25:39 test01 racoon: DEBUG: begin decryption.
Jun 3 19:25:39 test01 racoon: DEBUG: encription(3des)
Jun 3 19:25:39 test01 racoon: DEBUG: IV was saved for next processing:
Jun 3 19:25:39 test01 racoon: DEBUG: d8911f53 20a8d659
Jun 3 19:25:39 test01 racoon: DEBUG: encription(3des)
Jun 3 19:25:39 test01 racoon: DEBUG: with key:
Jun 3 19:25:39 test01 racoon: DEBUG: 30b65bec 23fb830c 6b54ea2c fff84374
4b14099b 46d4b467
Jun 3 19:25:39 test01 racoon: DEBUG: decrypted payload by IV:
Jun 3 19:25:39 test01 racoon: DEBUG: d8911f53 20a8d659
Jun 3 19:25:39 test01 racoon: DEBUG: decrypted payload, but not trimed.
Jun 3 19:25:39 test01 racoon: DEBUG: 0d8f1ebf 580d2e9e 87e2e5b9 15001ac2
e3af69f9 645e7f07 841b54c9 2dd603d6
Jun 3 19:25:39 test01 racoon: DEBUG: padding len=214
Jun 3 19:25:39 test01 racoon: DEBUG: skip to trim padding.
Jun 3 19:25:39 test01 racoon: DEBUG: decrypted.
Jun 3 19:25:39 test01 racoon: DEBUG: 31e7af22 cc20d683 b98f601b dc7aee59
05100201 00000000 0000003c 0d8f1ebf 580d2e9e 87e2e5b9 15001ac2 e3af69f9
645e7f07 841b54c9 2dd603d6
Jun 3 19:25:39 test01 racoon: DEBUG: begin.
Jun 3 19:25:39 test01 racoon: DEBUG: seen nptype=5(id)
Jun 3 19:25:39 test01 racoon: DEBUG: invalid length of payload
Jun 3 19:25:49 test01 racoon: DEBUG: 180 bytes from 10.0.1.1[500] to
194.25.154.194[500]
Jun 3 19:25:49 test01 racoon: DEBUG: sockname 10.0.1.1[500]
Jun 3 19:25:49 test01 racoon: DEBUG: send packet from 10.0.1.1[500]
Jun 3 19:25:49 test01 racoon: DEBUG: send packet to 194.25.154.194[500]
Jun 3 19:25:49 test01 racoon: DEBUG: src4 10.0.1.1[500]
Jun 3 19:25:49 test01 racoon: DEBUG: dst4 194.25.154.194[500]
Jun 3 19:25:49 test01 racoon: DEBUG: 1 times of 180 bytes message will be
sent to 10.0.1.1[500]
Jun 3 19:25:49 test01 racoon: DEBUG: 31e7af22 cc20d683 b98f601b dc7aee59
04100200 00000000 000000b4 0a000084 a074bac4 36a9d1a9 287b3eab 3148ec6b
ddad71cc ceb0f091 378f38cf 3db7ca45 badf1833 92806ed7 26f33c2c d412c680
ae687bc4 716aa4bb 6c7ce739 8244fcd9 42c5c229 bdeaaece 4686bc46 a671ece4
a65cf949 072e85ce 22db118e 980bc0bf 3e1e5473 0c9de4d7 b5b4a7b4 c98802e6
eb44403f 36d62411 867e2b07 bcfdc8d6 00000014 ca4afee1 b5d6f688 b05a194a
8f0a3ce0
Jun 3 19:25:49 test01 racoon: DEBUG: resend phase1 packet
31e7af22cc20d683:b98f601bdc7aee59
Jun 3 19:25:52 test01 racoon: DEBUG: ===
Jun 3 19:25:52 test01 racoon: DEBUG: 60 bytes message received from
10.0.2.1[500] to 10.0.1.1[500]
Jun 3 19:25:52 test01 racoon: DEBUG: 31e7af22 cc20d683 b98f601b dc7aee59
05100201 00000000 0000003c b5f37e38 4bc3542d ae8eab8e 925f716e fce85134
0241c38c d8911f53 20a8d659
Jun 3 19:25:52 test01 racoon: DEBUG: begin decryption.
Jun 3 19:25:52 test01 racoon: DEBUG: encription(3des)
Jun 3 19:25:52 test01 racoon: DEBUG: IV was saved for next processing:
Jun 3 19:25:52 test01 racoon: DEBUG: d8911f53 20a8d659
Jun 3 19:25:52 test01 racoon: DEBUG: encription(3des)
Jun 3 19:25:52 test01 racoon: DEBUG: with key:
Jun 3 19:25:52 test01 racoon: DEBUG: 30b65bec 23fb830c 6b54ea2c fff84374
4b14099b 46d4b467
Jun 3 19:25:52 test01 racoon: DEBUG: decrypted payload by IV:
Jun 3 19:25:52 test01 racoon: DEBUG: d8911f53 20a8d659
Jun 3 19:25:52 test01 racoon: DEBUG: decrypted payload, but not trimed.
Jun 3 19:25:52 test01 racoon: DEBUG: 0d8f1ebf 580d2e9e 87e2e5b9 15001ac2
e3af69f9 645e7f07 841b54c9 2dd603d6
Jun 3 19:25:52 test01 racoon: DEBUG: padding len=214
Jun 3 19:25:52 test01 racoon: DEBUG: skip to trim padding.
Jun 3 19:25:52 test01 racoon: DEBUG: decrypted.
Jun 3 19:25:52 test01 racoon: DEBUG: 31e7af22 cc20d683 b98f601b dc7aee59
05100201 00000000 0000003c 0d8f1ebf 580d2e9e 87e2e5b9 15001ac2 e3af69f9
645e7f07 841b54c9 2dd603d6
Jun 3 19:25:52 test01 racoon: DEBUG: begin.
Jun 3 19:25:52 test01 racoon: DEBUG: seen nptype=5(id)
Jun 3 19:25:52 test01 racoon: DEBUG: invalid length of payload
Jun 3 19:26:09 test01 racoon: ERROR: phase1 negotiation failed due to time
up. 31e7af22cc20d683:b98f601bdc7aee59
Reply to: