Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2081 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

More problems connecting to a Fritz!Box

lduesing
Had wrong settings in fritz!box - I should read more carefully...

But now I get:

2014:04:12-15:54:12 gw pluto[15778]: | next payload type: ISAKMP_NEXT_VID
2014:04:12-15:54:12 gw pluto[15778]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:04:12-15:54:12 gw pluto[15778]: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
2014:04:12-15:54:12 gw pluto[15778]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:04:12-15:54:12 gw pluto[15778]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]
2014:04:12-15:54:12 gw pluto[15778]: | ***emit ISAKMP Vendor ID Payload:
2014:04:12-15:54:12 gw pluto[15778]: | next payload type: ISAKMP_NEXT_NONE
2014:04:12-15:54:12 gw pluto[15778]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:04:12-15:54:12 gw pluto[15778]: | V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
2014:04:12-15:54:12 gw pluto[15778]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:04:12-15:54:12 gw pluto[15778]: | emitting length of ISAKMP Message: 252
2014:04:12-15:54:12 gw pluto[15778]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
2014:04:12-15:54:12 gw pluto[15778]: | next event EVENT_RETRANSMIT in 10 seconds for #1

and then it retransmits forever... (first 10sec pause, then 20, and all subsquent ones 40sec)

What information do you need?


This thread was automatically locked due to age.
  • 0
    It's easier to figure these things out without Debug enabled.  Please disable that and then show up to about 60 lines from a single connection attempt.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Doesn't say anything much. Sorry. 
    hq.xyz.de (217.x.y.z) is astaro gw 9.201-23
    boss.cyz.de (188.a.b.c) is fritzbox OS 6.03

    2014:04:13-12:46:35 gw pluto[17854]: listening for IKE messages
    2014:04:13-12:46:35 gw pluto[17854]: forgetting secrets
    2014:04:13-12:46:35 gw pluto[17854]: loading secrets from "/etc/ipsec.secrets"
    2014:04:13-12:46:35 gw pluto[17854]: loaded private key from 'Local X509 Cert.pem'
    2014:04:13-12:46:35 gw pluto[17854]: loaded PSK secret for 217.x.y.z 188.a.b.c
    2014:04:13-12:46:35 gw pluto[17854]: forgetting secrets
    2014:04:13-12:46:35 gw pluto[17854]: loading secrets from "/etc/ipsec.secrets"
    2014:04:13-12:46:35 gw pluto[17854]: loaded private key from 'Local X509 Cert.pem'
    2014:04:13-12:46:35 gw pluto[17854]: loaded PSK secret for 217.x.y.z 188.a.b.c
    2014:04:13-12:46:35 gw pluto[17854]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2014:04:13-12:46:35 gw pluto[17854]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2014:04:13-12:46:35 gw pluto[17854]: loaded ca certificate from '/etc/ipsec.d/cacerts/*.hq.xyz.de Verification CA 1.pem'
    2014:04:13-12:46:35 gw pluto[17854]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2014:04:13-12:46:35 gw pluto[17854]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2014:04:13-12:46:35 gw pluto[17854]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2014:04:13-12:46:35 gw pluto[17854]: Changing to directory '/etc/ipsec.d/crls'
    2014:04:13-12:46:35 gw pluto[17854]: added connection description "S_boss.xyz.de"
    2014:04:13-12:46:35 gw pluto[17854]: "S_boss.xyz.de" #1: initiating Main Mode
    2014:04:13-12:59:45 gw pluto[17854]: "S_boss.xyz.de" #1: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
    2014:04:13-12:59:45 gw pluto[17854]: "S_boss.xyz.de" #1: starting keying attempt 2 of an unlimited number
    2014:04:13-12:59:45 gw pluto[17854]: "S_boss.xyz.de" #2: initiating Main Mode to replace #1
  • 0
    Actually, that tells us that the problem is early in the attempt to establish a connection, and it looks like it might be trying to reconnect after having connected earlier.

    First, check #1 in Rulz.  

    If that doesn't reveal anything, please press the [Go Advanced] button below and attach pictures of the IPsec Connection, Remote Gateway, IPsec Policy and of the Phase 1 configuration and IPsec Policy on the Fritz!Box.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML