Im Lancom Router 1803 ist ein VPN Zugang eingerichtet, der mit Samsung Handy Android 15 gut funktioniert hat. Jetzt ist ein Morola Handy mit Android 15 hinzugekommen. Hier funktioniert die Einwahl nicht mehr. Fehlermeldung vom Router ist: ( IKE-DISCONNECT-RESPONSE: could not be sent for peer DEFAULT on message free (empty handle).
Kann es sein das ich im Router etwas verändern muss?
VPN Tunnel vom Mobiltelefon nicht möglich
Moderator: Lancom-Systems Moderatoren
-
Dr.Einstein
- Beiträge: 3418
- Registriert: 12 Jan 2010, 14:10
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Hey,
hier im Forum gibt es dazu einige Beiträge. Zwischen den Geräten unterscheiden sich meist die unterstützen Verschlüsselungsalgorithmen und/oder der Umgang mit der Lokalen/Entfernten Identität.
Mach am besten einen vpn-status vpn-ike und vpn-debug Trace. Anonymisiere deine WAN IPs und ggf. die IDs und poste die Ausgabe hier, falls du selbst den Fehler daraus nicht erkennen kannst.
hier im Forum gibt es dazu einige Beiträge. Zwischen den Geräten unterscheiden sich meist die unterstützen Verschlüsselungsalgorithmen und/oder der Umgang mit der Lokalen/Entfernten Identität.
Mach am besten einen vpn-status vpn-ike und vpn-debug Trace. Anonymisiere deine WAN IPs und ggf. die IDs und poste die Ausgabe hier, falls du selbst den Fehler daraus nicht erkennen kannst.
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Vielen Dank, doch das hilft mir nicht weiter, da kein Satus vorhanden ist, da das Mobiltel. keine Verbindung aufbauen kann. So kann ich dann keinen Status auslesen.
Die Verbindung wird abgelehnt. Mit den identischen Zugangsdaten hat die Verbindung von einem Samsung Tel. geklappt und von dem Motorola nicht. Beide haben Android. Was kann da der Unterschied sein?
Die Verbindung wird abgelehnt. Mit den identischen Zugangsdaten hat die Verbindung von einem Samsung Tel. geklappt und von dem Motorola nicht. Beide haben Android. Was kann da der Unterschied sein?
-
Dr.Einstein
- Beiträge: 3418
- Registriert: 12 Jan 2010, 14:10
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Zur Sicherheit nochmal:
Gehe auf den Lancom-Router via SSH (Putty) rauf und starte dort mittels Befehl
den Trace. Nach Start versuchst du einen Verbindungsaufbau. Du siehst dann jede Menge Meldungen. Vielleicht bist du in der Lage, die Meldung direkt zuzuordnen und den Fehler zu lösen. Wenn nicht, die Traceausgabe hier posten. Alternativ nutzt du LanConfig -> Rechtsklick auf Gerät und LanTracer starten und dort bei den 3 genannten Tracen das Häkchen setzen.
Woran es liegen kann habe ich dir oben bereits geschrieben. Geänderte Algorithmen und/oder ID Prüfung.
Den Trace kannst du auch über die WAN IP ohne VPN starten, falls du nicht vor Ort bist. Dazu muss der Zugriff aber aus WAN freigeschaltet werden.
Gehe auf den Lancom-Router via SSH (Putty) rauf und starte dort mittels Befehl
Code: Alles auswählen
trace # vpn-status vpn-ike vpn-debugWoran es liegen kann habe ich dir oben bereits geschrieben. Geänderte Algorithmen und/oder ID Prüfung.
Den Trace kannst du auch über die WAN IP ohne VPN starten, falls du nicht vor Ort bist. Dazu muss der Zugriff aber aus WAN freigeschaltet werden.
Re: VPN Tunnel vom Mobiltelefon nicht möglich
So sieht das aus
[VPN-IKE] 2025/11/10 15:22:22,051 Devicetime: 2025/11/10 15:22:17,014
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port : 193.170.254.90:58432
Destination/Port : 217.91.122.169:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : CB 6C EF 13 BD 9F 1A BA
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 0
| Length : 1072 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 408 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 200 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 21
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-384 (13)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-XCBC-96 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CMAC-96 (8)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 204 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 20
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 520 Bytes
| DH Group : 16
| Reserved2 : 0x0000
| DH-Key(4096 bits) : 6D C8 D9 58 B1 66 3B 4C 8C 56 3A 22 3B AE 26 C8
| 75 AE A2 D8 3F 91 1C FD 8B 13 23 55 A3 55 EE E5
| 23 17 AF BE FB C4 28 38 0B 1F EA ED 9E 6E 31 AD
| E6 BD 55 31 58 73 4E DE 06 56 0C 93 15 55 A7 F1
| 82 4C C7 B6 E6 F6 74 D0 83 9D 18 6E F1 EE 17 F5
| 79 2A 4B 82 BB 9E 9F FE F8 CD C8 90 56 C4 CF C4
| 2C D0 7B 18 FD FF D7 34 6C 08 6D E4 3E 75 36 41
| 5D 08 4C 3F 4A 2F CC 94 A1 31 6E CF 6B D8 8A 60
| 9F CF 9B 81 62 02 70 C9 77 B8 3E C2 3E 7D 59 45
| 9B 30 9D 50 A4 EA 0B BD 05 C9 B6 61 37 F5 D5 C9
| CB 23 8D 72 7D BD A9 80 E6 B1 0F 61 DD A5 B7 DD
| D4 D5 A4 55 32 6C 2F AB 59 36 52 38 A0 22 69 EE
| D6 5C E9 69 DB D1 B2 97 C4 4E D7 7D 30 15 2B 78
| DC 74 E4 F1 0F FB 2D 88 E4 DA A6 26 F8 4C 12 F2
| E5 6A B3 68 C3 1B 3C E1 08 21 FB 33 ED 9B BC 57
| E0 71 4D 41 3E AD 46 71 89 E6 9E B4 5E 3A 21 2C
| F5 D6 54 7D BB 69 38 19 98 EB 07 5D CB AC 8B 3F
| B1 E8 C5 0A B3 09 52 A3 F8 77 5F B2 06 28 6A B7
| C7 D8 18 00 A6 4C FE 94 20 0D 3D 6A E5 EA C9 09
| 92 B9 F1 BE E9 6E C1 43 27 6C 27 37 94 F3 AE 9D
| 6C 70 85 8A 5C 4D F6 F7 0C 52 6B 78 C7 78 57 BC
| C3 4A C5 4A 06 40 B8 B6 8C CA 7C 98 C1 A6 7C AF
| 6C C2 4E 3C E7 8F 54 E4 F5 44 1B D7 47 D4 CF A4
| 49 F5 7E C2 6D E3 C5 74 87 22 E5 01 71 1B B3 2C
| 3A 77 10 82 A3 14 28 4C FE F0 0A AF 04 E9 72 09
| 26 90 36 42 87 64 12 A3 BD D2 28 B4 E3 AD 7A 8B
| BD F1 7A 05 22 D1 9B E3 5A F3 F1 86 BD 2E CC CE
| 0C 49 C9 09 2D 12 59 25 11 7E E6 30 97 6D 79 9E
| 52 7E 25 49 CD 36 E2 A6 7B 06 7B BA 87 82 10 CA
| 23 31 1C E4 14 1C 1B BF 4C 3C 13 19 5A CE E7 FE
| 74 4F 88 68 7A EB D7 5E C0 A9 BF 7F DE D5 5F 26
| 71 CA C8 36 39 C5 D0 E3 DC B6 6E CF F9 05 6E E1
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 36 Bytes
| Nonce(256 bits) : 6A 48 63 B6 94 6A B1 94 25 5A 8D 47 76 A1 C7 16
| BD 4D C6 57 35 0F 2A 1B 9B 51 81 15 73 5D 15 51
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : A6 F5 86 DF B7 04 D1 A2 05 9C 41 F2 EE C2 92 29
| 94 29 FF EC
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : 99 BC 85 27 E7 94 CF 7C B3 C1 5A 45 B6 2F BD 51
| 8B 7C 20 25
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 16 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs. : SHA1, SHA-256, SHA-384, SHA-512
[VPN-IKE] 2025/11/10 15:22:22,051 Devicetime: 2025/11/10 15:22:17,014
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port : 193.170.254.90:58432
Destination/Port : 217.91.122.169:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : CB 6C EF 13 BD 9F 1A BA
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 0
| Length : 1072 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 408 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 200 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 21
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-384 (13)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-XCBC-96 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CMAC-96 (8)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 204 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 20
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 520 Bytes
| DH Group : 16
| Reserved2 : 0x0000
| DH-Key(4096 bits) : 6D C8 D9 58 B1 66 3B 4C 8C 56 3A 22 3B AE 26 C8
| 75 AE A2 D8 3F 91 1C FD 8B 13 23 55 A3 55 EE E5
| 23 17 AF BE FB C4 28 38 0B 1F EA ED 9E 6E 31 AD
| E6 BD 55 31 58 73 4E DE 06 56 0C 93 15 55 A7 F1
| 82 4C C7 B6 E6 F6 74 D0 83 9D 18 6E F1 EE 17 F5
| 79 2A 4B 82 BB 9E 9F FE F8 CD C8 90 56 C4 CF C4
| 2C D0 7B 18 FD FF D7 34 6C 08 6D E4 3E 75 36 41
| 5D 08 4C 3F 4A 2F CC 94 A1 31 6E CF 6B D8 8A 60
| 9F CF 9B 81 62 02 70 C9 77 B8 3E C2 3E 7D 59 45
| 9B 30 9D 50 A4 EA 0B BD 05 C9 B6 61 37 F5 D5 C9
| CB 23 8D 72 7D BD A9 80 E6 B1 0F 61 DD A5 B7 DD
| D4 D5 A4 55 32 6C 2F AB 59 36 52 38 A0 22 69 EE
| D6 5C E9 69 DB D1 B2 97 C4 4E D7 7D 30 15 2B 78
| DC 74 E4 F1 0F FB 2D 88 E4 DA A6 26 F8 4C 12 F2
| E5 6A B3 68 C3 1B 3C E1 08 21 FB 33 ED 9B BC 57
| E0 71 4D 41 3E AD 46 71 89 E6 9E B4 5E 3A 21 2C
| F5 D6 54 7D BB 69 38 19 98 EB 07 5D CB AC 8B 3F
| B1 E8 C5 0A B3 09 52 A3 F8 77 5F B2 06 28 6A B7
| C7 D8 18 00 A6 4C FE 94 20 0D 3D 6A E5 EA C9 09
| 92 B9 F1 BE E9 6E C1 43 27 6C 27 37 94 F3 AE 9D
| 6C 70 85 8A 5C 4D F6 F7 0C 52 6B 78 C7 78 57 BC
| C3 4A C5 4A 06 40 B8 B6 8C CA 7C 98 C1 A6 7C AF
| 6C C2 4E 3C E7 8F 54 E4 F5 44 1B D7 47 D4 CF A4
| 49 F5 7E C2 6D E3 C5 74 87 22 E5 01 71 1B B3 2C
| 3A 77 10 82 A3 14 28 4C FE F0 0A AF 04 E9 72 09
| 26 90 36 42 87 64 12 A3 BD D2 28 B4 E3 AD 7A 8B
| BD F1 7A 05 22 D1 9B E3 5A F3 F1 86 BD 2E CC CE
| 0C 49 C9 09 2D 12 59 25 11 7E E6 30 97 6D 79 9E
| 52 7E 25 49 CD 36 E2 A6 7B 06 7B BA 87 82 10 CA
| 23 31 1C E4 14 1C 1B BF 4C 3C 13 19 5A CE E7 FE
| 74 4F 88 68 7A EB D7 5E C0 A9 BF 7F DE D5 5F 26
| 71 CA C8 36 39 C5 D0 E3 DC B6 6E CF F9 05 6E E1
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 36 Bytes
| Nonce(256 bits) : 6A 48 63 B6 94 6A B1 94 25 5A 8D 47 76 A1 C7 16
| BD 4D C6 57 35 0F 2A 1B 9B 51 81 15 73 5D 15 51
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : A6 F5 86 DF B7 04 D1 A2 05 9C 41 F2 EE C2 92 29
| 94 29 FF EC
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : 99 BC 85 27 E7 94 CF 7C B3 C1 5A 45 B6 2F BD 51
| 8B 7C 20 25
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 16 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs. : SHA1, SHA-256, SHA-384, SHA-512
Re: VPN Tunnel vom Mobiltelefon nicht möglich
[[VPN-Debug[/b]] 2025/11/10 15:22:22,052 Devicetime: 2025/11/10 15:22:17,017
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1072 bytes
Gateways: 217.91.122.169:500<--193.170.254.90:58432
SPIs: 0xCB6CEF13BD9F1ABA0000000000000000, Message-ID 0
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
QUB-DATA: 217.91.122.169:500<---193.170.254.90:58432 rtg_tag 0 physical-channel LAN
transport: [id: 55361, UDP (17) {incoming unicast, fixed source address}, dst: 193.170.254.90, tag 0 (U), src: 217.91.122.169, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INTRANET (2), mac address: ca:64:81:54:c0:1d, port 3], local port: 500, remote port: 58432
+No IKE_SA found
Counting consumed licenses by active channels...
Consumed connected licenses : 0
Negotiating connections : 0
IKE negotiations : 0
MPPE connections : 0
LTA licenses : 0
Licenses in use : 0 < 5
+Passive connection request accepted (42 micro seconds)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0xCB6CEF13BD9F1ABADDEEFD8C1DAB18F500000000, P1, RESPONDER): Setting Negotiation SA
Referencing (IKE_SA, 0xCB6CEF13BD9F1ABADDEEFD8C1DAB18F500000000, responder): use_count 3
Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
+Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
+Computing SHA1(0xCB6CEF13BD9F1ABA0000000000000000|193.170.254.90:58432)
+Computing SHA1(0xCB6CEF13BD9F1ABA0000000000000000C1AAFE5AE440)
+Computed: 0xE103FBAD36011BFAEDCD7576193731374318C667
+Received: 0xA6F586DFB704D1A2059C41F2EEC292299429FFEC
+Not equal => NAT-T enabled => switching on port 4500
Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
+Computing SHA1(0xCB6CEF13BD9F1ABA0000000000000000|217.91.122.169:500)
+Computing SHA1(0xCB6CEF13BD9F1ABA0000000000000000D95B7AA901F4)
+Computed: 0x99BC8527E794CF7CB3C15A45B62FBD518B7C2025
+Received: 0x99BC8527E794CF7CB3C15A45B62FBD518B7C2025
+Equal => NAT-T is already enabled
Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
Looking for payload IKE_SA (33)...Found 1 payload.
+Config ENCR transform(s): AES-CBC-256
+Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
+Best intersection: AES-CBC-256
+Config PRF transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
+Received PRF transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
+Best intersection: PRF-HMAC-SHA-256
+Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
+Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
+Best intersection: HMAC-SHA-256
+Config DH transform(s): 14
+Received DH transform(s): 16 31 15 14
+Best intersection: 14
[VPN-Status] 2025/11/10 15:22:22,056 Devicetime: 2025/11/10 15:22:17,017
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1072 bytes
Gateways: 217.91.122.169:500<--193.170.254.90:58432
SPIs: 0xCB6CEF13BD9F1ABA0000000000000000, Message-ID 0
Peer identified: DEFAULT
IKE_SA ('', '' IPSEC_IKE SPIs 0xCB6CEF13BD9F1ABADDEEFD8C1DAB18F5) entered to SADB
Received 4 notifications:
+NAT_DETECTION_SOURCE_IP(0xA6F586DFB704D1A2059C41F2EEC292299429FFEC) (STATUS)
+NAT_DETECTION_DESTINATION_IP(0x99BC8527E794CF7CB3C15A45B62FBD518B7C2025) (STATUS)
+IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
+SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
Peer (initiator) is behind a NAT
NAT-T enabled => switching on port 4500
We (responder) are not behind a NAT. NAT-T is already enabled
+IKE-SA:
IKE-Proposal-1 (21 transforms)
ENCR : AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
DH : 16 31 15 14
IKE-Proposal-2 (20 transforms)
ENCR : ENCR-CHACHA20-POLY1305 AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
DH : 16 31 15 14
-Agreed on DH-Group 14 but received KE-DH-Group 16 => responding with INVALID_KE_PAYLOAD(14)
[VPN-IKE] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,017
[DEFAULT] Sending packet:
IKE 2.0 Header:
Source/Port : 217.91.122.169:500
Destination/Port : 193.170.254.90:58432
Routing-tag : 0
Com-channel : 0
| Initiator cookie : CB 6C EF 13 BD 9F 1A BA
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : NOTIFY
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x20 Response
| Msg-ID : 0
| Length : 38 Bytes
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 10 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : INVALID_KE_PAYLOAD
| Notif. data : 00 0E
[VPN-Debug] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,017
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
+(request, response) pair inserted into retransmission map
Sending an IKE_SA_INIT-RESPONSE of 38 bytes (responder)
Gateways: 217.91.122.169:500-->193.170.254.90:58432, tag 0 (UDP)
SPIs: 0xCB6CEF13BD9F1ABA0000000000000000, Message-ID 0
Payloads: NOTIFY(INVALID_KE_PAYLOAD[0x000E])
[VPN-Status] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,017
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
NOTIFY(INVALID_KE_PAYLOAD[3584])
Sending an IKE_SA_INIT-RESPONSE of 38 bytes (responder)
Gateways: 217.91.122.169:500-->193.170.254.90:58432, tag 0 (UDP)
SPIs: 0xCB6CEF13BD9F1ABA0000000000000000, Message-ID 0
[VPN-Debug] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,018
IKE-TRANSPORT freed
[VPN-Status] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,018
IKE_SA ('', '' IPSEC_IKE SPIs 0xCB6CEF13BD9F1ABA0000000000000000) removed from SADB
IKE_SA ('', '' IPSEC_IKE SPIs 0xCB6CEF13BD9F1ABA0000000000000000) freed
[VPN-IKE] 2025/11/10 15:22:22,115 Devicetime: 2025/11/10 15:22:17,036
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port : 193.170.254.90:50242
Destination/Port : 217.91.122.169:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 04 F3 0A 46 3C A6 77 E9
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 0
| Length : 816 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 408 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 200 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 21
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-384 (13)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-XCBC-96 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CMAC-96 (8)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 204 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 20
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 264 Bytes
| DH Group : 14
| Reserved2 : 0x0000
| DH-Key(2048 bits) : 3E 48 F7 23 D5 30 F2 67 22 ED D2 66 C4 27 54 17
| 6B 2B 1C 7A 28 12 3E 4B 07 D8 40 E7 E5 A0 B4 DB
| 0B 5C B5 80 98 3F 32 42 4B 5C BD 86 44 E9 0C 7D
| 9D 56 74 93 AE 9A 43 2F 06 60 68 F3 05 40 85 AB
| AE 96 14 74 42 E2 86 0D 0E 65 16 91 19 12 E0 10
| B3 39 49 DF 9C 5C C8 7F 62 11 80 62 12 FC EB 27
| FB 08 A5 92 32 D8 8F E0 AF 2E C2 3E 13 B4 96 2F
| F9 7A B3 C7 35 BA 52 2B 8B 18 16 FE E1 C4 95 16
| D8 16 EF 7B FF 90 A8 A0 E3 84 CB 26 C8 51 86 CF
| 66 A2 7A 74 11 AD 06 F3 AD 48 45 84 0A 31 D6 14
| B1 06 DB 58 05 7F C7 7C 41 2B 77 AF 95 28 74 FC
| 17 9E CE 67 D9 E7 AD 9C 49 80 24 6C 55 D3 D0 3C
| B5 72 A2 96 CD 6B 26 26 41 F8 05 A5 70 87 DE 19
| A9 FE 01 68 0B 25 05 F2 80 28 64 2A 28 02 EB EE
| 71 60 4D BF 98 BC 96 C2 9F 68 5F BD 80 43 79 DA
| 3D A3 8D E2 16 6C 24 14 79 8E 06 38 F1 48 24 61
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 36 Bytes
| Nonce(256 bits) : A4 19 07 2D 62 A6 37 6B E6 48 B2 B6 5D D2 3A 6B
| B4 05 AA 3D 09 9C 5A 9A A1 0C 55 81 76 73 D9 00
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : 9C 59 9B 21 E9 98 DC 98 5F 66 2C 8A 96 EA DD 00
| 3E 69 E3 D9
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : F0 1E F6 75 16 1B 32 3A 66 FB 21 DE 1E D1 89 B7
| 10 84 85 E2
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 16 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs. : SHA1, SHA-256, SHA-384, SHA-512
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1072 bytes
Gateways: 217.91.122.169:500<--193.170.254.90:58432
SPIs: 0xCB6CEF13BD9F1ABA0000000000000000, Message-ID 0
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
QUB-DATA: 217.91.122.169:500<---193.170.254.90:58432 rtg_tag 0 physical-channel LAN
transport: [id: 55361, UDP (17) {incoming unicast, fixed source address}, dst: 193.170.254.90, tag 0 (U), src: 217.91.122.169, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INTRANET (2), mac address: ca:64:81:54:c0:1d, port 3], local port: 500, remote port: 58432
+No IKE_SA found
Counting consumed licenses by active channels...
Consumed connected licenses : 0
Negotiating connections : 0
IKE negotiations : 0
MPPE connections : 0
LTA licenses : 0
Licenses in use : 0 < 5
+Passive connection request accepted (42 micro seconds)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0xCB6CEF13BD9F1ABADDEEFD8C1DAB18F500000000, P1, RESPONDER): Setting Negotiation SA
Referencing (IKE_SA, 0xCB6CEF13BD9F1ABADDEEFD8C1DAB18F500000000, responder): use_count 3
Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
+Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
+Computing SHA1(0xCB6CEF13BD9F1ABA0000000000000000|193.170.254.90:58432)
+Computing SHA1(0xCB6CEF13BD9F1ABA0000000000000000C1AAFE5AE440)
+Computed: 0xE103FBAD36011BFAEDCD7576193731374318C667
+Received: 0xA6F586DFB704D1A2059C41F2EEC292299429FFEC
+Not equal => NAT-T enabled => switching on port 4500
Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
+Computing SHA1(0xCB6CEF13BD9F1ABA0000000000000000|217.91.122.169:500)
+Computing SHA1(0xCB6CEF13BD9F1ABA0000000000000000D95B7AA901F4)
+Computed: 0x99BC8527E794CF7CB3C15A45B62FBD518B7C2025
+Received: 0x99BC8527E794CF7CB3C15A45B62FBD518B7C2025
+Equal => NAT-T is already enabled
Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
Looking for payload IKE_SA (33)...Found 1 payload.
+Config ENCR transform(s): AES-CBC-256
+Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
+Best intersection: AES-CBC-256
+Config PRF transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
+Received PRF transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
+Best intersection: PRF-HMAC-SHA-256
+Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
+Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
+Best intersection: HMAC-SHA-256
+Config DH transform(s): 14
+Received DH transform(s): 16 31 15 14
+Best intersection: 14
[VPN-Status] 2025/11/10 15:22:22,056 Devicetime: 2025/11/10 15:22:17,017
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1072 bytes
Gateways: 217.91.122.169:500<--193.170.254.90:58432
SPIs: 0xCB6CEF13BD9F1ABA0000000000000000, Message-ID 0
Peer identified: DEFAULT
IKE_SA ('', '' IPSEC_IKE SPIs 0xCB6CEF13BD9F1ABADDEEFD8C1DAB18F5) entered to SADB
Received 4 notifications:
+NAT_DETECTION_SOURCE_IP(0xA6F586DFB704D1A2059C41F2EEC292299429FFEC) (STATUS)
+NAT_DETECTION_DESTINATION_IP(0x99BC8527E794CF7CB3C15A45B62FBD518B7C2025) (STATUS)
+IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
+SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
Peer (initiator) is behind a NAT
NAT-T enabled => switching on port 4500
We (responder) are not behind a NAT. NAT-T is already enabled
+IKE-SA:
IKE-Proposal-1 (21 transforms)
ENCR : AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
DH : 16 31 15 14
IKE-Proposal-2 (20 transforms)
ENCR : ENCR-CHACHA20-POLY1305 AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
DH : 16 31 15 14
-Agreed on DH-Group 14 but received KE-DH-Group 16 => responding with INVALID_KE_PAYLOAD(14)
[VPN-IKE] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,017
[DEFAULT] Sending packet:
IKE 2.0 Header:
Source/Port : 217.91.122.169:500
Destination/Port : 193.170.254.90:58432
Routing-tag : 0
Com-channel : 0
| Initiator cookie : CB 6C EF 13 BD 9F 1A BA
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : NOTIFY
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x20 Response
| Msg-ID : 0
| Length : 38 Bytes
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 10 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : INVALID_KE_PAYLOAD
| Notif. data : 00 0E
[VPN-Debug] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,017
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
+(request, response) pair inserted into retransmission map
Sending an IKE_SA_INIT-RESPONSE of 38 bytes (responder)
Gateways: 217.91.122.169:500-->193.170.254.90:58432, tag 0 (UDP)
SPIs: 0xCB6CEF13BD9F1ABA0000000000000000, Message-ID 0
Payloads: NOTIFY(INVALID_KE_PAYLOAD[0x000E])
[VPN-Status] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,017
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
NOTIFY(INVALID_KE_PAYLOAD[3584])
Sending an IKE_SA_INIT-RESPONSE of 38 bytes (responder)
Gateways: 217.91.122.169:500-->193.170.254.90:58432, tag 0 (UDP)
SPIs: 0xCB6CEF13BD9F1ABA0000000000000000, Message-ID 0
[VPN-Debug] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,018
IKE-TRANSPORT freed
[VPN-Status] 2025/11/10 15:22:22,099 Devicetime: 2025/11/10 15:22:17,018
IKE_SA ('', '' IPSEC_IKE SPIs 0xCB6CEF13BD9F1ABA0000000000000000) removed from SADB
IKE_SA ('', '' IPSEC_IKE SPIs 0xCB6CEF13BD9F1ABA0000000000000000) freed
[VPN-IKE] 2025/11/10 15:22:22,115 Devicetime: 2025/11/10 15:22:17,036
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port : 193.170.254.90:50242
Destination/Port : 217.91.122.169:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 04 F3 0A 46 3C A6 77 E9
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 0
| Length : 816 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 408 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 200 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 21
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-384 (13)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-XCBC-96 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CMAC-96 (8)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 204 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 20
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 264 Bytes
| DH Group : 14
| Reserved2 : 0x0000
| DH-Key(2048 bits) : 3E 48 F7 23 D5 30 F2 67 22 ED D2 66 C4 27 54 17
| 6B 2B 1C 7A 28 12 3E 4B 07 D8 40 E7 E5 A0 B4 DB
| 0B 5C B5 80 98 3F 32 42 4B 5C BD 86 44 E9 0C 7D
| 9D 56 74 93 AE 9A 43 2F 06 60 68 F3 05 40 85 AB
| AE 96 14 74 42 E2 86 0D 0E 65 16 91 19 12 E0 10
| B3 39 49 DF 9C 5C C8 7F 62 11 80 62 12 FC EB 27
| FB 08 A5 92 32 D8 8F E0 AF 2E C2 3E 13 B4 96 2F
| F9 7A B3 C7 35 BA 52 2B 8B 18 16 FE E1 C4 95 16
| D8 16 EF 7B FF 90 A8 A0 E3 84 CB 26 C8 51 86 CF
| 66 A2 7A 74 11 AD 06 F3 AD 48 45 84 0A 31 D6 14
| B1 06 DB 58 05 7F C7 7C 41 2B 77 AF 95 28 74 FC
| 17 9E CE 67 D9 E7 AD 9C 49 80 24 6C 55 D3 D0 3C
| B5 72 A2 96 CD 6B 26 26 41 F8 05 A5 70 87 DE 19
| A9 FE 01 68 0B 25 05 F2 80 28 64 2A 28 02 EB EE
| 71 60 4D BF 98 BC 96 C2 9F 68 5F BD 80 43 79 DA
| 3D A3 8D E2 16 6C 24 14 79 8E 06 38 F1 48 24 61
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 36 Bytes
| Nonce(256 bits) : A4 19 07 2D 62 A6 37 6B E6 48 B2 B6 5D D2 3A 6B
| B4 05 AA 3D 09 9C 5A 9A A1 0C 55 81 76 73 D9 00
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : 9C 59 9B 21 E9 98 DC 98 5F 66 2C 8A 96 EA DD 00
| 3E 69 E3 D9
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : F0 1E F6 75 16 1B 32 3A 66 FB 21 DE 1E D1 89 B7
| 10 84 85 E2
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 16 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs. : SHA1, SHA-256, SHA-384, SHA-512
-
Frühstücksdirektor
- Beiträge: 239
- Registriert: 08 Jul 2022, 12:53
- Wohnort: Aachen
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Hallo,
der Trace sagt uns:
der Trace sagt uns:
Probiere doch mal in der Konfiguration DH15 und DH16 zu aktivieren. Das gilt auch und gerade für die DEFAULT-Zeile im LCOS.-Agreed on DH-Group 14 but received KE-DH-Group 16 => responding with INVALID_KE_PAYLOAD(14)
-
Dr.Einstein
- Beiträge: 3418
- Registriert: 12 Jan 2010, 14:10
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Das ist es nicht. Im 2. Verbindungsaufbauversuch kommt der Client mit DH14. Die entscheidenden Zeilen fehlen. Du musst den Trace in einen Codeblock packen, oder auf mehrere Posts aufteilen. Aktuell ist dein Post/Traceausgabe hier im Forum abgeschnitten.Frühstücksdirektor hat geschrieben: 10 Nov 2025, 16:08 Probiere doch mal in der Konfiguration DH15 und DH16 zu aktivieren. Das gilt auch und gerade für die DEFAULT-Zeile im LCOS.
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Ich habe es jetzt in einer Text Datei angefügt, ich hoffe damit sind jetzt alle Infos da.
Vielen Dank für Eure Hilfe
Vielen Dank für Eure Hilfe
Du hast keine ausreichende Berechtigung, um die Dateianhänge dieses Beitrags anzusehen.
-
Dr.Einstein
- Beiträge: 3418
- Registriert: 12 Jan 2010, 14:10
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Du musst bei Authentifizierung deiner Android-Gegenstelle im Lancom die passenden Werte hinterlegen:
Im Lancom muss als lokaler Identitätstyp IPv4 stehen mit dem Wert "217.91.122.169", als entfernter Identitätstyp FQDN mit dem Wert "mitarbeiter".
Code: Alles auswählen
IDI Payload
| Next Payload : IDR
| CRITICAL : NO
| Reserved : 0x00
| Length : 19 Bytes
| ID type : FQDN
| Reserved : 0x000000
| ID : mitarbeiter
IDR Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 12 Bytes
| ID type : IPV4_ADDR
| Reserved : 0x000000
| ID : 217.91.122.169Re: VPN Tunnel vom Mobiltelefon nicht möglich
Das ist im Router alles hinterlegt. Wie gesagt, mit meinem Samsung Handy klappt es sofort.
-
Dr.Einstein
- Beiträge: 3418
- Registriert: 12 Jan 2010, 14:10
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Ganz sicher, dass du nicht FQUN statt FQDN im Router konfiguriert hast?
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Bei mir ist "KEY ID" eingetragen, damit hat es beim Samsung funktioniert. Ich habe "FQDN" probiert, haut jedoch auch nicht hin mit dem Motorola
-
Dr.Einstein
- Beiträge: 3418
- Registriert: 12 Jan 2010, 14:10
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Hast du einen neuen Trace angefertigt nach Umstellung auf FQDN? Erst sagst du, ist alles richtig hinterlegt, dann sagst du steht auf Key ID ... Macht so keinen Spaß dir zu helfen. Wenn du beide Geräte betreiben willst, wirst du nicht an zwei verschiedenen VPN-Gegenstellen drumrum kommen da beide Hersteller den VPN-Stack vom Android unterschiedlich ansteuern bzw. konfigurieren.
Re: VPN Tunnel vom Mobiltelefon nicht möglich
Ich möchte nicht beide Geräte an einem VPN Zugang betreiben, ich möchte mein altes Handy außer Betrieb nehmen und dafür das neue in Betrieb nehmen. Beide haben Android und beide haben die selbe Einstellungsmaske. Am Handy kann ich nichts verändern. Was ist an KEY ID falsch, damit hat es doch seit Jahren funktioniert?