Hi, i'm trying to connect from a linux client (Mint MATE 14, 64bit, Kernel 3.5.0-39) to a FritzBox (6360 Cable) using VPN. Connecting from within Win7 to the FritzBox works perfectly, but using linux, i receive a "negotiation timeout". I've followed the guide mentioned in the FritzBox howto:
https://www.shrew.net/support/Howto_Fritzbox but it doesn't work: --------------------------------------------------------------------- config loaded for site 'xyz' attached to key daemon ... peer configured iskamp proposal configured esp proposal configured ipcomp proposal configured client configured local id configured remote id configured pre-shared key configured bringing up tunnel ... negotiation timout occurred tunnel disabled detached from key daemon ------------------------------------------------------------------- Maybe anyone can tell me how to connect successfully? I've tried to set the net.ipv4.conf.default.rp_filter and net.ipv4.conf.all.rp_filter in /etc/sysctl.conf to 0, but that didn't change anything. Output of uname -a: -------------------------------------------------------------------- Linux <hostname> 3.5.0-39-generic #60-Ubuntu SMP Tue Aug 13 18:33:05 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux -------------------------------------------------------------------- Content of /var/log/iked.log: (yyy and zzz are the correct IP adresses of the linux client and the FritzBox respectively) -------------------------------------------------------------------- 13/09/04 14:10:00 ## : IKE Daemon, ver 2.2.1 13/09/04 14:10:00 ## : Copyright 2013 Shrew Soft Inc. 13/09/04 14:10:00 ## : This product linked OpenSSL 1.0.1c 10 May 2012 13/09/04 14:10:00 ii : opened '/var/log/iked.log' 13/09/04 14:10:00 ii : opened '/var/log/ike-encrypt.pcap' 13/09/04 14:10:00 ii : opened '/var/log/ike-decrypt.pcap' 13/09/04 14:10:00 ii : network process thread begin ... 13/09/04 14:10:00 ii : pfkey process thread begin ... 13/09/04 14:10:00 ii : ipc server process thread begin ... 13/09/04 14:10:00 K< : recv pfkey REGISTER AH message 13/09/04 14:10:00 K< : recv pfkey REGISTER ESP message 13/09/04 14:10:00 K< : recv pfkey REGISTER IPCOMP message 13/09/04 14:10:00 K! : recv X_SPDDUMP message failure ( errno = 2 ) 13/09/04 14:10:21 ii : ipc client process thread begin ... 13/09/04 14:10:21 <A : peer config add message 13/09/04 14:10:21 <A : proposal config message 13/09/04 14:10:21 <A : proposal config message 13/09/04 14:10:21 <A : proposal config message 13/09/04 14:10:21 <A : client config message 13/09/04 14:10:21 <A : local id '<localid removed>' message 13/09/04 14:10:21 <A : preshared key message 13/09/04 14:10:21 <A : remote resource message 13/09/04 14:10:21 <A : peer tunnel enable message 13/09/04 14:10:21 DB : peer ref increment ( ref count = 1, obj count = 0 ) 13/09/04 14:10:21 DB : peer added ( obj count = 1 ) 13/09/04 14:10:21 ii : local address yyy.yyy.yyy.yyy selected for peer 13/09/04 14:10:21 DB : peer ref increment ( ref count = 2, obj count = 1 ) 13/09/04 14:10:21 DB : tunnel ref increment ( ref count = 1, obj count = 0 ) 13/09/04 14:10:21 DB : tunnel added ( obj count = 1 ) 13/09/04 14:10:21 DB : tunnel ref increment ( ref count = 2, obj count = 1 ) 13/09/04 14:10:21 DB : new phase1 ( ISAKMP initiator ) 13/09/04 14:10:21 DB : exchange type is aggressive 13/09/04 14:10:21 DB : yyy.yyy.yyy.yyy:500 <-> zzz.zzz.zzz.zzz:500 13/09/04 14:10:21 DB : 346e917cd24fe0e3:0000000000000000 13/09/04 14:10:21 DB : phase1 ref increment ( ref count = 1, obj count = 0 ) 13/09/04 14:10:21 DB : phase1 added ( obj count = 1 ) 13/09/04 14:10:21 >> : security association payload 13/09/04 14:10:21 >> : - proposal #1 payload 13/09/04 14:10:21 >> : -- transform #1 payload 13/09/04 14:10:21 >> : -- transform #2 payload 13/09/04 14:10:21 >> : -- transform #3 payload 13/09/04 14:10:21 >> : -- transform #4 payload 13/09/04 14:10:21 >> : -- transform #5 payload 13/09/04 14:10:21 >> : -- transform #6 payload 13/09/04 14:10:21 >> : key exchange payload 13/09/04 14:10:21 >> : nonce payload 13/09/04 14:10:21 >> : identification payload 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local supports nat-t ( draft v00 ) 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local supports nat-t ( draft v01 ) 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local supports nat-t ( draft v02 ) 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local supports nat-t ( draft v03 ) 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local supports nat-t ( rfc ) 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local supports FRAGMENTATION 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local supports DPDv1 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local is SHREW SOFT compatible 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local is NETSCREEN compatible 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local is SIDEWINDER compatible 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local is CISCO UNITY compatible 13/09/04 14:10:21 >> : vendor id payload 13/09/04 14:10:21 ii : local is CHECKPOINT compatible 13/09/04 14:10:21 >= : cookies 346e917cd24fe0e3:0000000000000000 13/09/04 14:10:21 >= : message 00000000 13/09/04 14:10:21 -> : send IKE packet yyy.yyy.yyy.yyy:500 -> zzz.zzz.zzz.zzz:500 ( 796 bytes ) 13/09/04 14:10:21 DB : phase1 resend event scheduled ( ref count = 2 ) 13/09/04 14:10:21 DB : phase1 ref decrement ( ref count = 1, obj count = 1 ) 13/09/04 14:10:31 -> : resend 1 phase1 packet(s) [0/2] yyy.yyy.yyy.yyy:500 -> zzz.zzz.zzz.zzz:500 13/09/04 14:10:41 -> : resend 1 phase1 packet(s) [1/2] yyy.yyy.yyy.yyy:500 -> zzz.zzz.zzz.zzz:500 13/09/04 14:10:51 -> : resend 1 phase1 packet(s) [2/2] yyy.yyy.yyy.yyy:500 -> zzz.zzz.zzz.zzz:500 13/09/04 14:11:01 ii : resend limit exceeded for phase1 exchange 13/09/04 14:11:01 ii : phase1 removal before expire time 13/09/04 14:11:01 DB : phase1 deleted ( obj count = 0 ) 13/09/04 14:11:01 DB : policy not found 13/09/04 14:11:01 DB : tunnel ref decrement ( ref count = 1, obj count = 1 ) 13/09/04 14:11:01 DB : policy not found 13/09/04 14:11:01 DB : policy not found 13/09/04 14:11:01 DB : policy not found 13/09/04 14:11:01 DB : removing tunnel config references 13/09/04 14:11:01 DB : removing tunnel phase2 references 13/09/04 14:11:01 DB : removing tunnel phase1 references 13/09/04 14:11:01 DB : tunnel deleted ( obj count = 0 ) 13/09/04 14:11:01 DB : peer ref decrement ( ref count = 1, obj count = 1 ) 13/09/04 14:11:01 DB : removing all peer tunnel references 13/09/04 14:11:01 DB : peer deleted ( obj count = 0 ) 13/09/04 14:11:01 ii : ipc client process thread exit ... -------------------------------------------------------------------- My iked.conf file has the default values: -------------------------------------------------------------------- daemon { # bind to ports socket ike 500; socket natt 4500; # log output log_level loud; log_file "/var/log/iked.log"; pcap_decrypt "/var/log/ike-decrypt.pcap"; pcap_encrypt "/var/log/ike-encrypt.pcap"; # retry settings retry_delay 10; retry_count 2; } -------------------------------------------------------------------- The file /var/log/ike-decrypt.pcap is empty. Any help would be greatly appreciated! Thanks in advance florian _______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
