Beiträge von steffen0377

steffen0377

Hallo Meisen,

die Kompression hatte ich abgeschaltet. Aber die Zeiten werde ich anpassen und den Fall beobachten. :waiting:

Gruß
Steffen

steffen0377

Ich habe heute früh gleich noch einmal auf die efw gesehen, da der Tunnerl erwartungsgemäß wieder nicht stand.

Scheinbar reagiert der bintec nicht auf die DPD. Im Anschluss wird der Tunnel von der Bintec-Seite aus aufgebaut. Ab diesem Moment kommen keine Daten mehr durch den Tunnel.

A.A.A.A ist die efw, X.X.X.X der Bintec auf der Gegenseite.

Code

System	2015-08-27 07:45:28	ipsec: 01[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:28	ipsec 01[IKE] received retransmit of request with ID 3288768890, but no response to retransmit
System	2015-08-27 07:45:29	ipsec: 11[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:29	ipsec 11[IKE] received retransmit of request with ID 3288768890, but no response to retransmit
System	2015-08-27 07:45:30	ipsec: 03[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:30	ipsec 03[ENC] parsed QUICK_MODE request 1764191377 [ HASH SA No KE ID ID ]
System	2015-08-27 07:45:30	ipsec 03[IKE] no matching CHILD_SA config found
System	2015-08-27 07:45:30	ipsec 03[ENC] generating INFORMATIONAL_V1 request 3936902030 [ HASH N(INVAL_ID) ]
System	2015-08-27 07:45:30	ipsec: 03[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:45:31	ipsec: 07[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:31	ipsec 07[IKE] received retransmit of request with ID 1764191377, but no response to retransmit
System	2015-08-27 07:45:31	ipsec: 06[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:31	ipsec 06[ENC] parsed QUICK_MODE request 3288768890 [ HASH SA No KE ID ID ]
System	2015-08-27 07:45:31	ipsec 06[ENC] received HASH payload does not match
System	2015-08-27 07:45:31	ipsec 06[IKE] integrity check failed
System	2015-08-27 07:45:31	ipsec 06[ENC] generating INFORMATIONAL_V1 request 4208133382 [ HASH N(INVAL_HASH) ]
System	2015-08-27 07:45:31	ipsec: 06[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:45:31	ipsec 06[IKE] QUICK_MODE request with message ID 3288768890 processing failed
System	2015-08-27 07:45:33	ipsec: 08[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (256 bytes)
System	2015-08-27 07:45:33	ipsec 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ]
System	2015-08-27 07:45:33	ipsec: 08[ENC] received unknown vendor ID 00:48:e2:27:0b:ea:83:95:ed:77:8d:34:3c:c2:a0:76
System	2015-08-27 07:45:33	ipsec: 08[ENC] received unknown vendor ID 5c:be:b3:99:eb:83:5a:7d:7a:2e:b4:95:90:5d:b0:61
System	2015-08-27 07:45:33	ipsec: 08[ENC] received unknown vendor ID 81:0f:a5:65:f8:ab:14:36:91:05:d7:06:fb:d5:72:79
System	2015-08-27 07:45:33	ipsec 08[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
System	2015-08-27 07:45:33	ipsec 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
System	2015-08-27 07:45:33	ipsec 08[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
System	2015-08-27 07:45:33	ipsec 08[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
System	2015-08-27 07:45:33	ipsec 08[IKE] received XAuth vendor ID
System	2015-08-27 07:45:33	ipsec 08[IKE] received DPD vendor ID
System	2015-08-27 07:45:33	ipsec 08[IKE] X.X.X.X is initiating a Main Mode IKE_SA
System	2015-08-27 07:45:33	ipsec 08[ENC] generating ID_PROT response 0 [ SA V V V V ]
System	2015-08-27 07:45:33	ipsec: 08[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (156 bytes)
System	2015-08-27 07:45:34	ipsec: 01[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (228 bytes)
System	2015-08-27 07:45:34	ipsec 01[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
System	2015-08-27 07:45:34	ipsec 01[IKE] remote host is behind NAT
System	2015-08-27 07:45:34	ipsec 01[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
System	2015-08-27 07:45:34	ipsec: 01[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (244 bytes)
System	2015-08-27 07:45:34	ipsec: 09[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (76 bytes)
System	2015-08-27 07:45:34	ipsec 09[ENC] parsed ID_PROT request 0 [ ID HASH ]
System	2015-08-27 07:45:34	ipsec 09[CFG] looking for pre-shared key peer configs matching A.A.A.A...X.X.X.X[X.X.X.X]
System	2015-08-27 07:45:34	ipsec 09[CFG] selected peer config "GUELDW2"
System	2015-08-27 07:45:34	ipsec 09[IKE] IKE_SA GUELDW2[711] established between A.A.A.A[A.A.A.A]...X.X.X.X[X.X.X.X]
System	2015-08-27 07:45:34	ipsec 09[IKE] scheduling reauthentication in 13573s
System	2015-08-27 07:45:34	ipsec 09[IKE] maximum IKE_SA lifetime 14113s
System	2015-08-27 07:45:34	ipsec 09[ENC] generating ID_PROT response 0 [ ID HASH ]
System	2015-08-27 07:45:34	ipsec: 09[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:45:34	ipsec: 11[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:34	ipsec 11[ENC] parsed QUICK_MODE request 697013768 [ HASH SA No KE ID ID ]
System	2015-08-27 07:45:34	ipsec 11[IKE] no matching CHILD_SA config found
System	2015-08-27 07:45:34	ipsec 11[ENC] generating INFORMATIONAL_V1 request 2504355801 [ HASH N(INVAL_ID) ]
System	2015-08-27 07:45:34	ipsec: 11[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:45:34	ipsec: 03[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:34	ipsec 03[IKE] received retransmit of request with ID 697013768, but no response to retransmit
System	2015-08-27 07:45:35	ipsec: 06[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:35	ipsec 06[IKE] received retransmit of request with ID 697013768, but no response to retransmit
System	2015-08-27 07:45:36	ipsec: 04[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:36	ipsec 04[ENC] parsed QUICK_MODE request 3244606214 [ HASH SA No KE ID ID ]
System	2015-08-27 07:45:36	ipsec 04[IKE] no matching CHILD_SA config found
System	2015-08-27 07:45:36	ipsec 04[ENC] generating INFORMATIONAL_V1 request 2894777724 [ HASH N(INVAL_ID) ]
System	2015-08-27 07:45:36	ipsec: 04[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:45:37	ipsec: 12[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:37	ipsec 12[IKE] received retransmit of request with ID 3244606214, but no response to retransmit
System	2015-08-27 07:45:37	ipsec: 08[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:37	ipsec 08[ENC] parsed QUICK_MODE request 697013768 [ HASH SA No KE ID ID ]
System	2015-08-27 07:45:37	ipsec 08[ENC] received HASH payload does not match
System	2015-08-27 07:45:37	ipsec 08[IKE] integrity check failed
System	2015-08-27 07:45:37	ipsec 08[ENC] generating INFORMATIONAL_V1 request 851237298 [ HASH N(INVAL_HASH) ]
System	2015-08-27 07:45:37	ipsec: 08[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:45:37	ipsec 08[IKE] QUICK_MODE request with message ID 697013768 processing failed
System	2015-08-27 07:45:39	ipsec: 05[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (256 bytes)
System	2015-08-27 07:45:39	ipsec 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ]
System	2015-08-27 07:45:39	ipsec: 05[ENC] received unknown vendor ID 00:48:e2:27:0b:ea:83:95:ed:77:8d:34:3c:c2:a0:76
System	2015-08-27 07:45:39	ipsec: 05[ENC] received unknown vendor ID 5c:be:b3:99:eb:83:5a:7d:7a:2e:b4:95:90:5d:b0:61
System	2015-08-27 07:45:39	ipsec: 05[ENC] received unknown vendor ID 81:0f:a5:65:f8:ab:14:36:91:05:d7:06:fb:d5:72:79
System	2015-08-27 07:45:39	ipsec 05[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
System	2015-08-27 07:45:39	ipsec 05[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
System	2015-08-27 07:45:39	ipsec 05[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
System	2015-08-27 07:45:39	ipsec 05[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
System	2015-08-27 07:45:39	ipsec 05[IKE] received XAuth vendor ID
System	2015-08-27 07:45:39	ipsec 05[IKE] received DPD vendor ID
System	2015-08-27 07:45:39	ipsec 05[IKE] X.X.X.X is initiating a Main Mode IKE_SA
System	2015-08-27 07:45:39	ipsec 05[ENC] generating ID_PROT response 0 [ SA V V V V ]
System	2015-08-27 07:45:39	ipsec: 05[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (156 bytes)
System	2015-08-27 07:45:40	ipsec: 03[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (228 bytes)
System	2015-08-27 07:45:40	ipsec 03[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
System	2015-08-27 07:45:40	ipsec 03[IKE] remote host is behind NAT
System	2015-08-27 07:45:40	ipsec 03[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
System	2015-08-27 07:45:40	ipsec: 03[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (244 bytes)
System	2015-08-27 07:45:40	ipsec: 07[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (76 bytes)
System	2015-08-27 07:45:40	ipsec 07[ENC] parsed ID_PROT request 0 [ ID HASH ]
System	2015-08-27 07:45:40	ipsec 07[CFG] looking for pre-shared key peer configs matching A.A.A.A...X.X.X.X[X.X.X.X]
System	2015-08-27 07:45:40	ipsec 07[CFG] selected peer config "GUELDW2"
System	2015-08-27 07:45:40	ipsec 07[IKE] IKE_SA GUELDW2[712] established between A.A.A.A[A.A.A.A]...X.X.X.X[X.X.X.X]
System	2015-08-27 07:45:40	ipsec 07[IKE] scheduling reauthentication in 13375s
System	2015-08-27 07:45:40	ipsec 07[IKE] maximum IKE_SA lifetime 13915s
System	2015-08-27 07:45:40	ipsec 07[ENC] generating ID_PROT response 0 [ ID HASH ]
System	2015-08-27 07:45:40	ipsec: 07[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:45:40	ipsec: 04[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:40	ipsec 04[ENC] parsed QUICK_MODE request 3293311146 [ HASH SA No KE ID ID ]
System	2015-08-27 07:45:40	ipsec 04[IKE] no matching CHILD_SA config found
System	2015-08-27 07:45:40	ipsec 04[ENC] generating INFORMATIONAL_V1 request 2771698527 [ HASH N(INVAL_ID) ]
System	2015-08-27 07:45:40	ipsec: 04[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:45:40	ipsec: 02[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:40	ipsec 02[IKE] received retransmit of request with ID 3293311146, but no response to retransmit
System	2015-08-27 07:45:41	ipsec: 08[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:41	ipsec 08[IKE] received retransmit of request with ID 3293311146, but no response to retransmit
System	2015-08-27 07:45:43	ipsec: 09[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:43	ipsec 09[IKE] received retransmit of request with ID 3293311146, but no response to retransmit
System	2015-08-27 07:45:47	ipsec: 06[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:47	ipsec 06[IKE] received retransmit of request with ID 3293311146, but no response to retransmit
System	2015-08-27 07:45:55	ipsec: 11[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:45:55	ipsec 11[IKE] received retransmit of request with ID 3293311146, but no response to retransmit
System	2015-08-27 07:46:10	ipsec 06[IKE] sending DPD request
System	2015-08-27 07:46:10	ipsec 06[ENC] generating INFORMATIONAL_V1 request 4263936954 [ HASH N(DPD) ]
System	2015-08-27 07:46:10	ipsec: 06[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (92 bytes)
System	2015-08-27 07:46:10	ipsec: 07[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (92 bytes)
System	2015-08-27 07:46:10	ipsec 07[ENC] parsed INFORMATIONAL_V1 request 1194036752 [ HASH N(DPD_ACK) ]
System	2015-08-27 07:46:11	ipsec: 04[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:46:11	ipsec 04[ENC] parsed QUICK_MODE request 3293311146 [ HASH SA No KE ID ID ]
System	2015-08-27 07:46:11	ipsec 04[ENC] received HASH payload does not match
System	2015-08-27 07:46:11	ipsec 04[IKE] integrity check failed
System	2015-08-27 07:46:11	ipsec 04[ENC] generating INFORMATIONAL_V1 request 1157757242 [ HASH N(INVAL_HASH) ]
System	2015-08-27 07:46:11	ipsec: 04[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:46:11	ipsec 04[IKE] QUICK_MODE request with message ID 3293311146 processing failed
System	2015-08-27 07:46:29	ipsec: 04[NET] received packet from 80.153.165.239[712] to A.A.A.A[500] (288 bytes)
System	2015-08-27 07:46:29	ipsec 04[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ]
System	2015-08-27 07:46:29	ipsec 04[IKE] no IKE config found for A.A.A.A...80.153.165.239, sending NO_PROPOSAL_CHOSEN
System	2015-08-27 07:46:29	ipsec 04[ENC] generating INFORMATIONAL_V1 request 440743050 [ N(NO_PROP) ]
System	2015-08-27 07:46:29	ipsec: 04[NET] sending packet from A.A.A.A[500] to 80.153.165.239[712] (40 bytes)
System	2015-08-27 07:46:29	ipsec: 12[NET] received packet from 80.153.165.239[712] to A.A.A.A[500] (288 bytes)
System	2015-08-27 07:46:29	ipsec 12[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ]
System	2015-08-27 07:46:29	ipsec 12[IKE] no IKE config found for A.A.A.A...80.153.165.239, sending NO_PROPOSAL_CHOSEN
System	2015-08-27 07:46:29	ipsec 12[ENC] generating INFORMATIONAL_V1 request 147406078 [ N(NO_PROP) ]
System	2015-08-27 07:46:29	ipsec: 12[NET] sending packet from A.A.A.A[500] to 80.153.165.239[712] (40 bytes)
System	2015-08-27 07:46:40	ipsec 11[IKE] sending DPD request
System	2015-08-27 07:46:40	ipsec 11[ENC] generating INFORMATIONAL_V1 request 2749440453 [ HASH N(DPD) ]
System	2015-08-27 07:46:40	ipsec: 11[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (92 bytes)
System	2015-08-27 07:47:10	ipsec 05[IKE] sending DPD request
System	2015-08-27 07:47:10	ipsec 05[ENC] generating INFORMATIONAL_V1 request 1216644764 [ HASH N(DPD) ]
System	2015-08-27 07:47:10	ipsec: 05[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (92 bytes)
System	2015-08-27 07:47:40	ipsec 10[IKE] sending DPD request
System	2015-08-27 07:47:40	ipsec 10[ENC] generating INFORMATIONAL_V1 request 4285596061 [ HASH N(DPD) ]
System	2015-08-27 07:47:40	ipsec: 10[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (92 bytes)
System	2015-08-27 07:48:10	ipsec 10[IKE] sending DPD request
System	2015-08-27 07:48:10	ipsec 10[ENC] generating INFORMATIONAL_V1 request 979423541 [ HASH N(DPD) ]
System	2015-08-27 07:48:10	ipsec: 10[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (92 bytes)
System	2015-08-27 07:48:40	ipsec 04[JOB] DPD check timed out, enforcing DPD action
System	2015-08-27 07:48:58	ipsec: 02[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (256 bytes)
System	2015-08-27 07:48:58	ipsec 02[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ]
System	2015-08-27 07:48:58	ipsec: 02[ENC] received unknown vendor ID 00:48:e2:27:0b:ea:83:95:ed:77:8d:34:3c:c2:a0:76
System	2015-08-27 07:48:58	ipsec: 02[ENC] received unknown vendor ID 5c:be:b3:99:eb:83:5a:7d:7a:2e:b4:95:90:5d:b0:61
System	2015-08-27 07:48:58	ipsec: 02[ENC] received unknown vendor ID 81:0f:a5:65:f8:ab:14:36:91:05:d7:06:fb:d5:72:79
System	2015-08-27 07:48:58	ipsec 02[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
System	2015-08-27 07:48:58	ipsec 02[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
System	2015-08-27 07:48:58	ipsec 02[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
System	2015-08-27 07:48:58	ipsec 02[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
System	2015-08-27 07:48:58	ipsec 02[IKE] received XAuth vendor ID
System	2015-08-27 07:48:58	ipsec 02[IKE] received DPD vendor ID
System	2015-08-27 07:48:58	ipsec 02[IKE] X.X.X.X is initiating a Main Mode IKE_SA
System	2015-08-27 07:48:58	ipsec 02[ENC] generating ID_PROT response 0 [ SA V V V V ]
System	2015-08-27 07:48:58	ipsec: 02[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (156 bytes)
System	2015-08-27 07:48:58	ipsec: 04[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (228 bytes)
System	2015-08-27 07:48:58	ipsec 04[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
System	2015-08-27 07:48:58	ipsec 04[IKE] remote host is behind NAT
System	2015-08-27 07:48:58	ipsec 04[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
System	2015-08-27 07:48:58	ipsec: 04[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (244 bytes)
System	2015-08-27 07:48:58	ipsec: 08[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (76 bytes)
System	2015-08-27 07:48:58	ipsec 08[ENC] parsed ID_PROT request 0 [ ID HASH ]
System	2015-08-27 07:48:58	ipsec 08[CFG] looking for pre-shared key peer configs matching A.A.A.A...X.X.X.X[X.X.X.X]
System	2015-08-27 07:48:58	ipsec 08[CFG] selected peer config "GUELDW2"
System	2015-08-27 07:48:58	ipsec 08[IKE] IKE_SA GUELDW2[715] established between A.A.A.A[A.A.A.A]...X.X.X.X[X.X.X.X]
System	2015-08-27 07:48:58	ipsec 08[IKE] scheduling reauthentication in 13472s
System	2015-08-27 07:48:58	ipsec 08[IKE] maximum IKE_SA lifetime 14012s
System	2015-08-27 07:48:58	ipsec 08[ENC] generating ID_PROT response 0 [ ID HASH ]
System	2015-08-27 07:48:58	ipsec: 08[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:48:58	ipsec: 10[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:48:58	ipsec 10[ENC] parsed QUICK_MODE request 3116633062 [ HASH SA No KE ID ID ]
System	2015-08-27 07:48:58	ipsec 10[IKE] no matching CHILD_SA config found
System	2015-08-27 07:48:58	ipsec 10[ENC] generating INFORMATIONAL_V1 request 360654194 [ HASH N(INVAL_ID) ]
System	2015-08-27 07:48:58	ipsec: 10[NET] sending packet from A.A.A.A[4500] to X.X.X.X[64981] (76 bytes)
System	2015-08-27 07:48:59	ipsec: 09[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:48:59	ipsec 09[IKE] received retransmit of request with ID 3116633062, but no response to retransmit
System	2015-08-27 07:49:00	ipsec: 05[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:49:00	ipsec 05[IKE] received retransmit of request with ID 3116633062, but no response to retransmit
System	2015-08-27 07:49:02	ipsec: 07[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:49:02	ipsec 07[IKE] received retransmit of request with ID 3116633062, but no response to retransmit
System	2015-08-27 07:49:06	ipsec: 12[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:49:06	ipsec 12[IKE] received retransmit of request with ID 3116633062, but no response to retransmit
System	2015-08-27 07:49:14	ipsec: 05[NET] received packet from X.X.X.X[64981] to A.A.A.A[4500] (380 bytes)
System	2015-08-27 07:49:14	ipsec 05[IKE] received retransmit of request with ID 3116633062, but no response to retransmit

Alles anzeigen

steffen0377

Hallo!

ich bin gerade dabei, meinen HW-Router (Bintec R1200) gegen eine efw auszutauschen. Mein größtes Problem hierbei sind die VPN-Tunnel, die ich benötige. Ich habe erstmal nur 2 Tunnel eingerichtet (auf dem Bintec waren es 6), die mir aber immer wieder zusammenbrechen. Ich habe sie schon auf minimalst-Konfiguration eingestellt (nur 1 Subnet pro Seite).
Der Tunnel steht einige Zeit (mal wenige Minuten, mal gefühlt eine Stunde), dann bricht der Tunnel weg. Egal, ob Traffic ist oder der Tunnel im Leerlauf ist.

Die Uhrzeiten auf den beiden Seiten sollten identisch sein, da beide mit derselben Zeitquelle synchronisieren (de.pool.ntp.org)
Mit dem Bintec-Router gab es mit den Tunneln keine Probleme. Das schließt schon mal Probleme mit dem ISP (T-Systems) aus.
Die Konfiguration:
Endpunkte und die dazugehörenden IDs sind die Öffentlichen IP-Adressen
Phase 1:
- IKEv1
- AES256/SHA1
- Lifetime 4h
- PSK
Phase 2:
- AES256/SHA1
- Lifetime 2h
- Kompression

Bin für jeden Tipp dankbar.

MfG
Steffen

steffen0377

Hallo zusammen!

ich hoffe einfach mal, das die Entwickler hier auch mitlesen bzw. jemand einen guten Draht zu den Entwicklern hat.
Ich weiß, das das Thema hier schon einmal angesprochen wurde und von einigen als überflüssig abgetan wurde, aber ich möchte das vielleicht doch noch einmal aufwärmen, da ich mir vorstellen kann, das es viele Nutzern dankbar annehmen würden.

Die IPCop bzw. die IPFire haben diese wunderbare Funktionalität, Updates von MS und Co mit dem Update-Accelerator zwischenzuspeichern. Diese Funktion hält mich im Moment noch davon ab, auf die Endian umzusteigen.
Der WSUS ist aus mehreren Gründen keine Alternative in meinen Szenarien.
1. IT-Dienstleister. Ich habe immer wieder Geräte zur Neuinstallation da. Ich kann die nicht erstmal auf einen anderen Update-Server verbiegen und dann im Anschluss wieder zurückstellen. Zu fehleranfällig, extra-Aufwand, geht mit Update-Accelerator transparent.
2. Mehrere Standorte. Ich möchte ja nicht, das die Mitarbeiter an anderen Standorten sich die Updates über die VPN-Tunnel aus dem Mutter-Standort holen. Also müsste das als Standort-Richtlinie definiert werden. Was ist dann aber mit den Geräten, die ich nicht in die Domäne bringen möchte oder kann? (zB. BYOD)
3. Schulungsräume. Die Schulungsräume möchte ich auch nicht verbiegen, da die Technik auch mal an anderen Standorten eingesetzt wird.

Sicherlich kann man diese Szenarien mit entsprechendem Aufwand auch anders realisieren (mehrere WSUS, Endian mit vorgeschalteter IPFire etc.), aber die eleganteste Lösung wäre es, die Updates gleich in der Endian zwischenzuparken. Mir istklar, das es hierbei zu Platzproblemen in den Appliances kommen kann, wenn dort keine HDDs verbaut sind. Aber dafür wird es auch Lösungen geben.
Und um die Frage aus diesem Beitrag zu beantworten, warum sie das soll: weil sie es (theoretisch) kann. Und es eine Aufgabe eines Proxys ist, Dateies zwischenzuspeichern. Gut, hier sind es etwas mehr...

Steffen

Ups... kann das mal ein Administrator in die Wunschliste verschieben? Danke!

Beiträge von steffen0377

Immer wieder Abbrüche

Immer wieder Abbrüche

Immer wieder Abbrüche

Feature-Request Update-Accelerator