debianforum.de - Eintrag ansehen

NoPaste

ipsec up ike

von thunder11

SNIPPET_TEXT:

root@XFCE:~# ipsec up ike
initiating IKE_SA ike[13] to 146.70.111.134
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 192.168.0.40[500] to 146.70.111.134[500] (940 bytes)
received packet: from 146.70.111.134[500] to 192.168.0.40[500] (38 bytes)
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
peer didn't accept DH group CURVE_25519, it requested MODP_2048
initiating IKE_SA ike[13] to 146.70.111.134
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 192.168.0.40[500] to 146.70.111.134[500] (1164 bytes)
received packet: from 146.70.111.134[500] to 192.168.0.40[500] (460 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
local host is behind NAT, sending keep alives
remote host is behind NAT
no IDi configured, fall back on IP address
establishing CHILD_SA ike{10}
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (380 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (1248 bytes)
parsed IKE_AUTH response 1 [ EF(1/4) ]
received fragment #1 of 4, waiting for complete IKE message
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (1248 bytes)
parsed IKE_AUTH response 1 [ EF(2/4) ]
received fragment #2 of 4, waiting for complete IKE message
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (1248 bytes)
parsed IKE_AUTH response 1 [ EF(3/4) ]
received fragment #3 of 4, waiting for complete IKE message
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (664 bytes)
parsed IKE_AUTH response 1 [ EF(4/4) ]
received fragment #4 of 4, reassembled fragmented IKE message (4236 bytes)
parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
received end entity cert "CN=rs2-auto-ikev.ptoserver.com"
received issuer cert "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
using certificate "CN=rs2-auto-ikev.ptoserver.com"
using untrusted intermediate certificate "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
using trusted ca certificate "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
certificate policy 1.3.6.1.4.1.6449.1.2.2.7 for 'CN=rs2-auto-ikev.ptoserver.com' not allowed by trustchain, ignored
certificate policy 2.23.140.1.2.1 for 'CN=rs2-auto-ikev.ptoserver.com' not allowed by trustchain, ignored
reached self-signed root ca with a path length of 1
checking certificate status of "CN=rs2-auto-ikev.ptoserver.com"
requesting ocsp status from 'http://ocsp.sectigo.com' ...
unable to fetch from http://ocsp.sectigo.com, no capable fetcher found
ocsp request to http://ocsp.sectigo.com failed
ocsp check failed, fallback to crl
certificate status is not available
checking certificate status of "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
requesting ocsp status from 'http://ocsp.usertrust.com' ...
unable to fetch from http://ocsp.usertrust.com, no capable fetcher found
ocsp request to http://ocsp.usertrust.com failed
ocsp check failed, fallback to crl
fetching crl from 'http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl' ...
unable to fetch from http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl, no capable fetcher found
crl fetching failed
certificate status is not available
authentication of 'pointtoserver.com' with RSA_EMSA_PKCS1_SHA2_384 successful
server requested EAP_IDENTITY (id 0x00), sending 'purevpnxxxxxxx'
generating IKE_AUTH request 2 [ EAP/RES/ID ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (84 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (92 bytes)
parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
server requested EAP_MSCHAPV2 authentication (id 0x01)
generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (140 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (108 bytes)
parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
EAP-MS-CHAPv2 succeeded: '(null)'
generating IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (68 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (68 bytes)
parsed IKE_AUTH response 4 [ EAP/SUCC ]
EAP method EAP_MSCHAPV2 succeeded, MSK established
authentication of '192.168.0.40' (myself) with EAP
generating IKE_AUTH request 5 [ AUTH ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (84 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (316 bytes)
parsed IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
authentication of 'pointtoserver.com' with EAP successful
installing DNS server 146.70.111.131 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.131' from 'lo.inet.ipsec.146.70.111.131'. Using 'lo' (ifindex=1).
resolvconf: Failed to set DNS configuration: Unit dbus-org.freedesktop.network1.service not found.
removing DNS server 146.70.111.131 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.131' from 'lo.inet.ipsec.146.70.111.131'. Using 'lo' (ifindex=1).
resolvconf: Failed to revert interface configuration: Unit dbus-org.freedesktop.network1.service not found.
adding DNS server failed
installing DNS server 146.70.111.131 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.131' from 'lo.inet.ipsec.146.70.111.131'. Using 'lo' (ifindex=1).
resolvconf: Failed to set DNS configuration: Unit dbus-org.freedesktop.network1.service not found.
removing DNS server 146.70.111.131 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.131' from 'lo.inet.ipsec.146.70.111.131'. Using 'lo' (ifindex=1).
resolvconf: Failed to revert interface configuration: Unit dbus-org.freedesktop.network1.service not found.
adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed
installing DNS server 146.70.111.133 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.133' from 'lo.inet.ipsec.146.70.111.133'. Using 'lo' (ifindex=1).
resolvconf: Failed to set DNS configuration: Unit dbus-org.freedesktop.network1.service not found.
removing DNS server 146.70.111.133 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.133' from 'lo.inet.ipsec.146.70.111.133'. Using 'lo' (ifindex=1).
resolvconf: Failed to revert interface configuration: Unit dbus-org.freedesktop.network1.service not found.
adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed
installing new virtual IP 10.69.5.191
peer supports MOBIKE
IKE_SA ike[13] established between 192.168.0.40[192.168.0.40]...146.70.111.134[pointtoserver.com]
scheduling reauthentication in 9730s
maximum IKE_SA lifetime 10270s
selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
CHILD_SA ike{10} established with SPIs cfc72bf2_i c46ae05b_o and TS 10.69.5.191/32 === 0.0.0.0/0
connection 'ike' established successfully
root@XFCE:~#

Quellcode

Hier kannst du den Code kopieren und ihn in deinen bevorzugten Editor einfügen. PASTEBIN_DOWNLOAD_SNIPPET_EXPLAIN

root@XFCE:~# ipsec up ike
initiating IKE_SA ike[13] to 146.70.111.134
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 192.168.0.40[500] to 146.70.111.134[500] (940 bytes)
received packet: from 146.70.111.134[500] to 192.168.0.40[500] (38 bytes)
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
peer didn't accept DH group CURVE_25519, it requested MODP_2048
initiating IKE_SA ike[13] to 146.70.111.134
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 192.168.0.40[500] to 146.70.111.134[500] (1164 bytes)
received packet: from 146.70.111.134[500] to 192.168.0.40[500] (460 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
local host is behind NAT, sending keep alives
remote host is behind NAT
no IDi configured, fall back on IP address
establishing CHILD_SA ike{10}
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (380 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (1248 bytes)
parsed IKE_AUTH response 1 [ EF(1/4) ]
received fragment #1 of 4, waiting for complete IKE message
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (1248 bytes)
parsed IKE_AUTH response 1 [ EF(2/4) ]
received fragment #2 of 4, waiting for complete IKE message
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (1248 bytes)
parsed IKE_AUTH response 1 [ EF(3/4) ]
received fragment #3 of 4, waiting for complete IKE message
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (664 bytes)
parsed IKE_AUTH response 1 [ EF(4/4) ]
received fragment #4 of 4, reassembled fragmented IKE message (4236 bytes)
parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
received end entity cert "CN=rs2-auto-ikev.ptoserver.com"
received issuer cert "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
  using certificate "CN=rs2-auto-ikev.ptoserver.com"
  using untrusted intermediate certificate "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
  using trusted ca certificate "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
certificate policy 1.3.6.1.4.1.6449.1.2.2.7 for 'CN=rs2-auto-ikev.ptoserver.com' not allowed by trustchain, ignored
certificate policy 2.23.140.1.2.1 for 'CN=rs2-auto-ikev.ptoserver.com' not allowed by trustchain, ignored
  reached self-signed root ca with a path length of 1
checking certificate status of "CN=rs2-auto-ikev.ptoserver.com"
  requesting ocsp status from 'http://ocsp.sectigo.com' ...
unable to fetch from http://ocsp.sectigo.com, no capable fetcher found
ocsp request to http://ocsp.sectigo.com failed
ocsp check failed, fallback to crl
certificate status is not available
checking certificate status of "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
  requesting ocsp status from 'http://ocsp.usertrust.com' ...
unable to fetch from http://ocsp.usertrust.com, no capable fetcher found
ocsp request to http://ocsp.usertrust.com failed
ocsp check failed, fallback to crl
  fetching crl from 'http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl' ...
unable to fetch from http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl, no capable fetcher found
crl fetching failed
certificate status is not available
authentication of 'pointtoserver.com' with RSA_EMSA_PKCS1_SHA2_384 successful
server requested EAP_IDENTITY (id 0x00), sending 'purevpnxxxxxxx'
generating IKE_AUTH request 2 [ EAP/RES/ID ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (84 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (92 bytes)
parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
server requested EAP_MSCHAPV2 authentication (id 0x01)
generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (140 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (108 bytes)
parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
EAP-MS-CHAPv2 succeeded: '(null)'
generating IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (68 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (68 bytes)
parsed IKE_AUTH response 4 [ EAP/SUCC ]
EAP method EAP_MSCHAPV2 succeeded, MSK established
authentication of '192.168.0.40' (myself) with EAP
generating IKE_AUTH request 5 [ AUTH ]
sending packet: from 192.168.0.40[4500] to 146.70.111.134[4500] (84 bytes)
received packet: from 146.70.111.134[4500] to 192.168.0.40[4500] (316 bytes)
parsed IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
authentication of 'pointtoserver.com' with EAP successful
installing DNS server 146.70.111.131 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.131' from 'lo.inet.ipsec.146.70.111.131'. Using 'lo' (ifindex=1).
resolvconf: Failed to set DNS configuration: Unit dbus-org.freedesktop.network1.service not found.
removing DNS server 146.70.111.131 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.131' from 'lo.inet.ipsec.146.70.111.131'. Using 'lo' (ifindex=1).
resolvconf: Failed to revert interface configuration: Unit dbus-org.freedesktop.network1.service not found.
adding DNS server failed
installing DNS server 146.70.111.131 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.131' from 'lo.inet.ipsec.146.70.111.131'. Using 'lo' (ifindex=1).
resolvconf: Failed to set DNS configuration: Unit dbus-org.freedesktop.network1.service not found.
removing DNS server 146.70.111.131 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.131' from 'lo.inet.ipsec.146.70.111.131'. Using 'lo' (ifindex=1).
resolvconf: Failed to revert interface configuration: Unit dbus-org.freedesktop.network1.service not found.
adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed
installing DNS server 146.70.111.133 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.133' from 'lo.inet.ipsec.146.70.111.133'. Using 'lo' (ifindex=1).
resolvconf: Failed to set DNS configuration: Unit dbus-org.freedesktop.network1.service not found.
removing DNS server 146.70.111.133 via resolvconf
resolvconf: Dropped protocol specifier '.inet.ipsec.146.70.111.133' from 'lo.inet.ipsec.146.70.111.133'. Using 'lo' (ifindex=1).
resolvconf: Failed to revert interface configuration: Unit dbus-org.freedesktop.network1.service not found.
adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed
installing new virtual IP 10.69.5.191
peer supports MOBIKE
IKE_SA ike[13] established between 192.168.0.40[192.168.0.40]...146.70.111.134[pointtoserver.com]
scheduling reauthentication in 9730s
maximum IKE_SA lifetime 10270s
selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
CHILD_SA ike{10} established with SPIs cfc72bf2_i c46ae05b_o and TS 10.69.5.191/32 === 0.0.0.0/0
connection 'ike' established successfully
root@XFCE:~#

LATEST_SNIPPETS

dmesg (28.05.2023 14:55:35, Manuel22022018)
dmesg (28.05.2023 14:54:53, Manuel22022018)
make.log (28.05.2023 14:53:49, Manuel22022018)
dmesg (28.05.2023 14:51:29, Manuel22022018)
Linkdown (20.05.2023 20:51:23, unix1988)
lsmod (20.05.2023 20:50:39, unix1988)
lspci -v -v -v -s 09:00.0 (20.05.2023 20:47:10, unix1988)
plymouth output II (20.05.2023 12:30:40, exotourist)
plymouth output (19.05.2023 13:45:02, exotourist)
Script zur Ermittlung kri… (16.05.2023 09:58:31, uname)
vpn.sh (14.05.2023 10:17:27, swirlen)
garten-subtraktiv.py (11.05.2023 19:28:01, chrbr)
ipsec up ike (09.05.2023 12:01:46, thunder11)
/etc/strongswan.d/charon.… (09.05.2023 08:42:36, thunder11)
Komplettes Buildlof FF (29.04.2023 09:04:52, schorsch_76)
sbuild buster armhf firef… (29.04.2023 08:16:27, schorsch_76)
NAS.Info (23.04.2023 09:33:34, schorsch_76)
Aktualisierte enemies 70 … (20.04.2023 22:09:05, chrbr)
Aktualisierte friends 70 … (20.04.2023 22:07:13, chrbr)
Enemies 72 Pflanzen (20.04.2023 16:08:53, chrbr)

NoPaste

NoPaste

ipsec up ike

Quellcode

Verlinken

LATEST_SNIPPETS