Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2991 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bintec VPN Access 5 and Astaro V7 - Site-to-Site won't work

Seelbreaker
Hello there [:)]

We have an Astaro V7 Appliance and one of our new customers has an Bintec VPN Access 5. I wanted to create a site-to-site vpn between them but it failed to connect. I only get from my debug logs (no proposal choosen)... i'm also wondering why i cannot enter a fully qualified username as the vpn-id...

Since it would be better for the understanding i made some screenshots. Hopefully someone could help me because in the near future we get more customers with these bintec gateways...

VPN Access 5 Screenshots:
Peer Config:
/cfs-file/__key/communityserver-discussions-components-files/58/VPN-Peer-Config.png

Phase 1
/cfs-file/__key/communityserver-discussions-components-files/58/VPN-Phase-1.png

Phase 2
/cfs-file/__key/communityserver-discussions-components-files/58/VPN-Phase-2.png



Astaro V7 Screenshots:
Gateway config:
/cfs-file/__key/communityserver-discussions-components-files/58/Gateway-WIBA.png

IPsec Policy
/cfs-file/__key/communityserver-discussions-components-files/58/IPsec-Policy-Wiba.png

IPsec Settings
http://img823.imageshack.us/img823/1781/ipsecwiba.png


Our network is: 192.168.10.0/24

The customers network is: 192.168.12.0/24

NAT is enabled on the Router. The Virtual Interface which is shown at the Bintec-Screenshot has the IP 192.168.13.17/32

Thank you in advance for reading it and for your answers!


:Edit: Forget to mention that i could open the VPN to our customer with the Bintec-IPSec Client.

Regards
Seelbreaker


This thread was automatically locked due to age.
Parents
  • 0
    Hello Bob!

    Thank you [:)]

    Here you have the log made from the astaro Live-Protokoll after enabling the VPN. The numbers which are standing before the alghoryhtm is just an index-number wich the bintec uses.

    Here you have the logfile (without special loggin functions):


    Live-Protokoll: IPSec-VPN 
    Filter: 
    Autoscroll
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: "S_WIBA" #1: deleting state (STATE_MAIN_I1)
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: forgetting secrets
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: loading secrets from "/etc/ipsec.secrets"
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: loaded shared key for 0.0.0.0 88.217.155.151
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: loaded shared key for 0.0.0.0 88.217.155.151
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/cacerts'
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: loaded CA cert file 'VPN Signing CA.pem' (3113 bytes)
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/aacerts'
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/ocspcerts'
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/crls'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: added connection description "S_WIBA"
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: "S_WIBA" #2: initiating Main Mode
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: forgetting secrets
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loading secrets from "/etc/ipsec.secrets"
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loaded shared key for 84.151.148.166 88.217.155.151
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loaded shared key for 0.0.0.0 88.217.155.151
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loaded shared key for 0.0.0.0 88.217.155.151
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/cacerts'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loaded CA cert file 'VPN Signing CA.pem' (3113 bytes)
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/aacerts'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/ocspcerts'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/crls'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: packet from 84.151.148.166:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
    2010:11:11-13:53:49 LIB-AST-01 pluto[24112]: packet from 84.151.148.166:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
    2010:11:11-13:54:09 LIB-AST-01 pluto[24112]: packet from 84.151.148.166:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
    2010:11:11-13:54:49 LIB-AST-01 pluto[24112]: packet from 84.151.148.166:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN


    If you wish a more detailed log please tell me which error-functions i should enable.

    Thanks and Regards
    Seelbreaker
Reply
  • 0
    Hello Bob!

    Thank you [:)]

    Here you have the log made from the astaro Live-Protokoll after enabling the VPN. The numbers which are standing before the alghoryhtm is just an index-number wich the bintec uses.

    Here you have the logfile (without special loggin functions):


    Live-Protokoll: IPSec-VPN 
    Filter: 
    Autoscroll
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: "S_WIBA" #1: deleting state (STATE_MAIN_I1)
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: forgetting secrets
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: loading secrets from "/etc/ipsec.secrets"
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: loaded shared key for 0.0.0.0 88.217.155.151
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: loaded shared key for 0.0.0.0 88.217.155.151
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/cacerts'
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: loaded CA cert file 'VPN Signing CA.pem' (3113 bytes)
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/aacerts'
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/ocspcerts'
    2010:11:11-13:53:35 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/crls'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: added connection description "S_WIBA"
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: "S_WIBA" #2: initiating Main Mode
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: forgetting secrets
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loading secrets from "/etc/ipsec.secrets"
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loaded shared key for 84.151.148.166 88.217.155.151
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loaded shared key for 0.0.0.0 88.217.155.151
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loaded shared key for 0.0.0.0 88.217.155.151
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/cacerts'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: loaded CA cert file 'VPN Signing CA.pem' (3113 bytes)
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/aacerts'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/ocspcerts'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: Changing to directory '/etc/ipsec.d/crls'
    2010:11:11-13:53:39 LIB-AST-01 pluto[24112]: packet from 84.151.148.166:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
    2010:11:11-13:53:49 LIB-AST-01 pluto[24112]: packet from 84.151.148.166:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
    2010:11:11-13:54:09 LIB-AST-01 pluto[24112]: packet from 84.151.148.166:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
    2010:11:11-13:54:49 LIB-AST-01 pluto[24112]: packet from 84.151.148.166:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN


    If you wish a more detailed log please tell me which error-functions i should enable.

    Thanks and Regards
    Seelbreaker
Children