Hi, Do you have check the logs of FritzBox ?
Regards, On Wed, Sep 4, 2013 at 2:44 PM, F. Schmitt <[email protected]>wrote: > Hi, > > i'm trying to connect from a linux client (Mint MATE 14, 64bit, Kernel > 3.5.0-39) to a FritzBox (6360 Cable) using VPN. Connecting from within > Win7 to the FritzBox works perfectly, but using linux, i receive a > "negotiation timeout". I've followed the guide mentioned in the FritzBox > howto: > > https://www.shrew.net/support/Howto_Fritzbox > > but it doesn't work: > > --------------------------------------------------------------------- > config loaded for site 'xyz' > attached to key daemon ... > peer configured > iskamp proposal configured > esp proposal configured > ipcomp proposal configured > client configured > local id configured > remote id configured > pre-shared key configured > bringing up tunnel ... > negotiation timout occurred > tunnel disabled > detached from key daemon > ------------------------------------------------------------------- > > Maybe anyone can tell me how to connect successfully? I've tried to set > the net.ipv4.conf.default.rp_filter and net.ipv4.conf.all.rp_filter in > /etc/sysctl.conf to 0, but that didn't change anything. > > Output of uname -a: > > -------------------------------------------------------------------- > Linux <hostname> 3.5.0-39-generic #60-Ubuntu SMP Tue Aug 13 18:33:05 UTC > 2013 x86_64 x86_64 x86_64 GNU/Linux > -------------------------------------------------------------------- > > Content of /var/log/iked.log: (yyy and zzz are the correct IP adresses > of the linux client and the FritzBox respectively) > -------------------------------------------------------------------- > 13/09/04 14:10:00 ## : IKE Daemon, ver 2.2.1 > 13/09/04 14:10:00 ## : Copyright 2013 Shrew Soft Inc. > 13/09/04 14:10:00 ## : This product linked OpenSSL 1.0.1c 10 May 2012 > 13/09/04 14:10:00 ii : opened '/var/log/iked.log' > 13/09/04 14:10:00 ii : opened '/var/log/ike-encrypt.pcap' > 13/09/04 14:10:00 ii : opened '/var/log/ike-decrypt.pcap' > 13/09/04 14:10:00 ii : network process thread begin ... > 13/09/04 14:10:00 ii : pfkey process thread begin ... > 13/09/04 14:10:00 ii : ipc server process thread begin ... > 13/09/04 14:10:00 K< : recv pfkey REGISTER AH message > 13/09/04 14:10:00 K< : recv pfkey REGISTER ESP message > 13/09/04 14:10:00 K< : recv pfkey REGISTER IPCOMP message > 13/09/04 14:10:00 K! : recv X_SPDDUMP message failure ( errno = 2 ) > 13/09/04 14:10:21 ii : ipc client process thread begin ... > 13/09/04 14:10:21 <A : peer config add message > 13/09/04 14:10:21 <A : proposal config message > 13/09/04 14:10:21 <A : proposal config message > 13/09/04 14:10:21 <A : proposal config message > 13/09/04 14:10:21 <A : client config message > 13/09/04 14:10:21 <A : local id '<localid removed>' message > 13/09/04 14:10:21 <A : preshared key message > 13/09/04 14:10:21 <A : remote resource message > 13/09/04 14:10:21 <A : peer tunnel enable message > 13/09/04 14:10:21 DB : peer ref increment ( ref count = 1, obj count = 0 ) > 13/09/04 14:10:21 DB : peer added ( obj count = 1 ) > 13/09/04 14:10:21 ii : local address yyy.yyy.yyy.yyy selected for peer > 13/09/04 14:10:21 DB : peer ref increment ( ref count = 2, obj count = 1 ) > 13/09/04 14:10:21 DB : tunnel ref increment ( ref count = 1, obj count = 0 > ) > 13/09/04 14:10:21 DB : tunnel added ( obj count = 1 ) > 13/09/04 14:10:21 DB : tunnel ref increment ( ref count = 2, obj count = 1 > ) > 13/09/04 14:10:21 DB : new phase1 ( ISAKMP initiator ) > 13/09/04 14:10:21 DB : exchange type is aggressive > 13/09/04 14:10:21 DB : yyy.yyy.yyy.yyy:500 <-> zzz.zzz.zzz.zzz:500 > 13/09/04 14:10:21 DB : 346e917cd24fe0e3:0000000000000000 > 13/09/04 14:10:21 DB : phase1 ref increment ( ref count = 1, obj count = 0 > ) > 13/09/04 14:10:21 DB : phase1 added ( obj count = 1 ) > 13/09/04 14:10:21 >> : security association payload > 13/09/04 14:10:21 >> : - proposal #1 payload > 13/09/04 14:10:21 >> : -- transform #1 payload > 13/09/04 14:10:21 >> : -- transform #2 payload > 13/09/04 14:10:21 >> : -- transform #3 payload > 13/09/04 14:10:21 >> : -- transform #4 payload > 13/09/04 14:10:21 >> : -- transform #5 payload > 13/09/04 14:10:21 >> : -- transform #6 payload > 13/09/04 14:10:21 >> : key exchange payload > 13/09/04 14:10:21 >> : nonce payload > 13/09/04 14:10:21 >> : identification payload > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local supports nat-t ( draft v00 ) > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local supports nat-t ( draft v01 ) > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local supports nat-t ( draft v02 ) > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local supports nat-t ( draft v03 ) > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local supports nat-t ( rfc ) > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local supports FRAGMENTATION > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local supports DPDv1 > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local is SHREW SOFT compatible > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local is NETSCREEN compatible > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local is SIDEWINDER compatible > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local is CISCO UNITY compatible > 13/09/04 14:10:21 >> : vendor id payload > 13/09/04 14:10:21 ii : local is CHECKPOINT compatible > 13/09/04 14:10:21 >= : cookies 346e917cd24fe0e3:0000000000000000 > 13/09/04 14:10:21 >= : message 00000000 > 13/09/04 14:10:21 -> : send IKE packet yyy.yyy.yyy.yyy:500 -> > zzz.zzz.zzz.zzz:500 ( 796 bytes ) > 13/09/04 14:10:21 DB : phase1 resend event scheduled ( ref count = 2 ) > 13/09/04 14:10:21 DB : phase1 ref decrement ( ref count = 1, obj count = 1 > ) > 13/09/04 14:10:31 -> : resend 1 phase1 packet(s) [0/2] > yyy.yyy.yyy.yyy:500 -> zzz.zzz.zzz.zzz:500 > 13/09/04 14:10:41 -> : resend 1 phase1 packet(s) [1/2] > yyy.yyy.yyy.yyy:500 -> zzz.zzz.zzz.zzz:500 > 13/09/04 14:10:51 -> : resend 1 phase1 packet(s) [2/2] > yyy.yyy.yyy.yyy:500 -> zzz.zzz.zzz.zzz:500 > 13/09/04 14:11:01 ii : resend limit exceeded for phase1 exchange > 13/09/04 14:11:01 ii : phase1 removal before expire time > 13/09/04 14:11:01 DB : phase1 deleted ( obj count = 0 ) > 13/09/04 14:11:01 DB : policy not found > 13/09/04 14:11:01 DB : tunnel ref decrement ( ref count = 1, obj count = 1 > ) > 13/09/04 14:11:01 DB : policy not found > 13/09/04 14:11:01 DB : policy not found > 13/09/04 14:11:01 DB : policy not found > 13/09/04 14:11:01 DB : removing tunnel config references > 13/09/04 14:11:01 DB : removing tunnel phase2 references > 13/09/04 14:11:01 DB : removing tunnel phase1 references > 13/09/04 14:11:01 DB : tunnel deleted ( obj count = 0 ) > 13/09/04 14:11:01 DB : peer ref decrement ( ref count = 1, obj count = 1 ) > 13/09/04 14:11:01 DB : removing all peer tunnel references > 13/09/04 14:11:01 DB : peer deleted ( obj count = 0 ) > 13/09/04 14:11:01 ii : ipc client process thread exit ... > -------------------------------------------------------------------- > > My iked.conf file has the default values: > -------------------------------------------------------------------- > daemon > { > # bind to ports > socket ike 500; > socket natt 4500; > > # log output > log_level loud; > log_file "/var/log/iked.log"; > pcap_decrypt "/var/log/ike-decrypt.pcap"; > pcap_encrypt "/var/log/ike-encrypt.pcap"; > > # retry settings > retry_delay 10; > retry_count 2; > } > -------------------------------------------------------------------- > > The file /var/log/ike-decrypt.pcap is empty. > > Any help would be greatly appreciated! > > > Thanks in advance > florian > _______________________________________________ > vpn-help mailing list > [email protected] > https://lists.shrew.net/mailman/listinfo/vpn-help >
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
