VPN zwischen Asus und Fritzbox

dmazurek00

New member
Hallo,

ich versuche, meine Fritzbox als Client mit einem Asus-Router über IPSec zu verbinden.Ich habe die folgende Konfiguration für die Fritzbox erstellt.
Code:
vpncfg {
  connections
    {
    enabled = yes;
    editable = yes;
    conn_type = conntype_lan;
    name = "asus";
    always_renew = yes;
    reject_not_encrypted = no;
    dont_filter_netbios = yes;
    localip = 0.0.0.0;
    local_virtualip = 10.10.10.1;
    remotehostname = "xxx.asuscomm.com";
    remote_virtualip = 10.10.10.1;
    localid {
      fqdn = "xxx.myfritz.net";
    }
    remoteid {
     fqdn = "xxx.asuscomm.com";
    }
    mode = phase1_mode_idp;
    phase1ss = "alt/aes/sha";
    keytype = connkeytype_pre_shared;
    key = "xxx";
    cert_do_server_auth = no;
    use_nat_t = yes;
    use_xauth = yes;
    xauth {
                        valid = yes;
                        username = "xxx";
                        passwd = "xxx";
                };
    use_cfgmode = no;
    phase2localid {
      ipnet {
        ipaddr = 192.168.188.1;
        mask = 255.255.255.0;
      }
    }
    phase2remoteid {
      ipnet {
        ipaddr = 192.168.50.1;
        mask = 255.255.255.0;
      }
    }
    phase2ss = "esp-all-all/ah-all/comp-all/pfs";
    accesslist = "permit ip any 192.168.50.1 255.255.255.0", "permit ip any 192.168.188.1 255.255.255.0";
  }
  ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                      "udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
Leider gibt die Fritzbox einen Timeout-Fehler zurück, während der Asus-Router anzeigt, dass die Verbindung hergestellt wurde, aber es gibt Meldungen, die ich nicht verstehe.

Code:
Feb 17 08:44:39 05[CFG]   loaded ca certificate "C=TW, O=ASUS, CN=ASUS RT-AX5400-3FE8 Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Feb 17 08:44:39 05[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'
Feb 17 08:44:39 05[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Feb 17 08:44:39 05[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'
Feb 17 08:44:39 05[CFG] rereading crls from '/etc/ipsec.d/crls'
Feb 17 08:44:40 05[CFG] received stroke: delete connection 'Host-to-Net'
Feb 17 08:44:40 05[CFG] deleted connection 'Host-to-Net'
Feb 17 08:44:40 06[CFG] received stroke: delete connection 'Host-to-Netv2'
Feb 17 08:44:40 06[CFG] deleted connection 'Host-to-Netv2'
Feb 17 08:44:40 05[CFG] received stroke: add connection 'Host-to-Net'
Feb 17 08:44:40 05[CFG] reusing virtual IP address pool 10.10.10.0/24
Feb 17 08:44:40 05[CFG] added configuration 'Host-to-Net'
Feb 17 08:44:40 06[CFG] received stroke: add connection 'Host-to-Netv2'
Feb 17 08:44:40 06[CFG] reusing virtual IP address pool 10.10.10.0/24
Feb 17 08:44:40 06[CFG]   loaded certificate "C=TW, O=ASUS, CN=xxx.asuscomm.com" from 'svrCert.pem'
Feb 17 08:44:40 06[CFG] added configuration 'Host-to-Netv2'
Feb 17 08:46:37 06[NET] received packet: from xxx[500] to xxx[500] (904 bytes)
Feb 17 08:46:37 06[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Feb 17 08:46:37 06[IKE] received XAuth vendor ID
Feb 17 08:46:37 06[IKE] received DPD vendor ID
Feb 17 08:46:37 06[IKE] received NAT-T (RFC 3947) vendor ID
Feb 17 08:46:37 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 17 08:46:37 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 17 08:46:37 06[ENC] received unknown vendor ID: xxx
Feb 17 08:46:37 06[IKE] xxx is initiating a Main Mode IKE_SA
Feb 17 08:46:37 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 17 08:46:37 06[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 17 08:46:37 06[NET] sending packet: from xxx[500] to xxx[500] (156 bytes)
Feb 17 08:46:38 05[NET] received packet: from xxx[500] to xxx[500] (228 bytes)
Feb 17 08:46:38 05[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 17 08:46:38 05[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 17 08:46:38 05[NET] sending packet: from xxx[500] to xxx[500] (244 bytes)
Feb 17 08:46:39 06[NET] received packet: from xxx[500] to xxx[500] (124 bytes)
Feb 17 08:46:39 06[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Feb 17 08:46:39 06[CFG] looking for XAuthInitPSK peer configs matching xxx...xxx[xxx.myfritz.net]
Feb 17 08:46:39 06[CFG] selected peer config "Host-to-Net"
Feb 17 08:46:39 06[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 17 08:46:39 06[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:39 06[ENC] generating TRANSACTION request 1019943078 [ HASH CPRQ(X_USER X_PWD) ]
Feb 17 08:46:39 06[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:40 05[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:40 05[ENC] parsed INFORMATIONAL_V1 request 4176420332 [ HASH N(INITIAL_CONTACT) ]
Feb 17 08:46:40 06[NET] received packet: from xxx[500] to xxx[500] (108 bytes)
Feb 17 08:46:40 06[ENC] parsed TRANSACTION response 1019943078 [ HASH CPRP(X_TYPE X_USER X_PWD) ]
Feb 17 08:46:40 06[IKE] XAuth authentication of 'fritzbox' successful
Feb 17 08:46:40 06[ENC] generating TRANSACTION request 2969906761 [ HASH CPS(X_STATUS) ]
Feb 17 08:46:40 06[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:41 08[NET] received packet: from xxx[500] to xxx[500] (60 bytes)
Feb 17 08:46:41 08[ENC] parsed TRANSACTION response 2969906761 [ HASH CP ]
Feb 17 08:46:41 08[IKE] IKE_SA Host-to-Net[4] established between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:46:41 08[IKE] scheduling reauthentication in 9753s
Feb 17 08:46:41 08[IKE] maximum IKE_SA lifetime 10293s
Feb 17 08:46:42 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:46:42 05[ENC] parsed QUICK_MODE request 1182859716 [ HASH SA No KE ID ID ]
Feb 17 08:46:42 05[IKE] no matching CHILD_SA config found for 192.168.188.0/24 === 192.168.50.1..192.168.50.255
Feb 17 08:46:42 05[ENC] generating INFORMATIONAL_V1 request 3439557106 [ HASH N(INVAL_ID) ]
Feb 17 08:46:42 05[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:43 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:46:43 05[IKE] received retransmit of request with ID 1182859716, but no response to retransmit
Feb 17 08:46:47 05[NET] received packet: from xxx[500] to xxx[500] (1484 bytes)
Feb 17 08:46:47 05[IKE] received retransmit of request with ID 1182859716, but no response to retransmit
Feb 17 08:46:55 06[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:55 06[ENC] parsed INFORMATIONAL_V1 request 1561383136 [ HASH D ]
Feb 17 08:46:55 06[IKE] received DELETE for IKE_SA Host-to-Net[4]
Feb 17 08:46:55 06[IKE] deleting IKE_SA Host-to-Net[4] between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:46:55 07[NET] received packet: from xxx[500] to xxx[500] (904 bytes)
Feb 17 08:46:55 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Feb 17 08:46:55 07[IKE] received XAuth vendor ID
Feb 17 08:46:55 07[IKE] received DPD vendor ID
Feb 17 08:46:55 07[IKE] received NAT-T (RFC 3947) vendor ID
Feb 17 08:46:55 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 17 08:46:55 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 17 08:46:55 07[ENC] received unknown vendor ID: xxx
Feb 17 08:46:55 07[IKE] xxx is initiating a Main Mode IKE_SA
Feb 17 08:46:55 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 17 08:46:55 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Feb 17 08:46:55 07[NET] sending packet: from xxx[500] to xxx[500] (156 bytes)
Feb 17 08:46:56 06[NET] received packet: from xxx[500] to xxx[500] (228 bytes)
Feb 17 08:46:56 06[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 17 08:46:56 06[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 17 08:46:56 06[NET] sending packet: from xxx[500] to xxx[500] (244 bytes)
Feb 17 08:46:58 07[NET] received packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:58 07[ENC] parsed ID_PROT request 0 [ ID HASH ]
Feb 17 08:46:58 07[CFG] looking for XAuthInitPSK peer configs matching xxx...xxx[xxx.myfritz.net]
Feb 17 08:46:58 07[CFG] selected peer config "Host-to-Net"
Feb 17 08:46:58 07[ENC] generating ID_PROT response 0 [ ID HASH ]
Feb 17 08:46:58 07[NET] sending packet: from xxx[500] to xxx[500] (92 bytes)
Feb 17 08:46:58 07[ENC] generating TRANSACTION request 3358068321 [ HASH CPRQ(X_USER X_PWD) ]
Feb 17 08:46:58 07[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:58 08[NET] received packet: from xxx[500] to xxx[500] (108 bytes)
Feb 17 08:46:58 08[ENC] parsed TRANSACTION response 3358068321 [ HASH CPRP(X_TYPE X_USER X_PWD) ]
Feb 17 08:46:58 08[IKE] XAuth authentication of 'fritzbox' successful
Feb 17 08:46:58 08[ENC] generating TRANSACTION request 544349541 [ HASH CPS(X_STATUS) ]
Feb 17 08:46:58 08[NET] sending packet: from xxx[500] to xxx[500] (76 bytes)
Feb 17 08:46:58 05[NET] received packet: from xxx[500] to xxx[500] (60 bytes)
Feb 17 08:46:58 05[ENC] parsed TRANSACTION response 544349541 [ HASH CP ]
Feb 17 08:46:58 05[IKE] IKE_SA Host-to-Net[5] established between xxx[xxx]...xxx[xxx.myfritz.net]
Feb 17 08:46:58 05[IKE] scheduling reauthentication in 9904s
Feb 17 08:46:58 05[IKE] maximum IKE_SA lifetime 10444s

Ich habe keine Ahnung, was ich in der Fritzbox-Konfiguration ändern kann...
 
Hi
ich habe eine FritzBox 7490, die leider Einschränkungen hat. Ich kann die Wireguard-Konfiguration nicht importieren...
 
Kannst Du die Verbindung nicht auf der Fritzbox erstellen und dann beim Asus importieren (oder händisch dort eintragen)? Hatte vorhin nur kurz einen Blick auf das Demo-Interface eines ASUS-Routers geworfen, soviel gab es da auch nicht und irgendwie fehlte auch dieses "vpnfusion" :unsure:
 

Zurzeit aktive Besucher

Letzte Anleitungen

Statistik des Forums

Themen
5.556
Beiträge
54.721
Mitglieder
5.384
Neuestes Mitglied
joerg.boettcher
Zurück
Oben