Notebook Windows 10 Ipsec Verbindung zur pfsense nicht möglich?
Hallo Leute
ich versuche gerade mich vom Notebook per Windows VPN mich zur pfsense zu verbinden. Das klappt leider nicht.
Vorgeschichte : Aktuell pfsense ipsec Verbindungen zu 2 anderen Fritzboxen und vom iPhone 8 zur pfsense.
Jetzt wollte ich gern den Laptop auch fertig machen für die VPN Verbindung. Windows 10 Pro 1903 18362.86 .
Habe diese Anleitung zur Hilfe genommen. Von @aqui Ipsec für Mobile
Notebook verbunden über Iphone Hotspot
Beim klick auf die VPN Verbindung kommt das Anmelde Fenster dann kommt der Fehler " IKE-Authentifizierung-Anmeldeinformationen sind nicht akzeptabel "
ich versuche gerade mich vom Notebook per Windows VPN mich zur pfsense zu verbinden. Das klappt leider nicht.
Vorgeschichte : Aktuell pfsense ipsec Verbindungen zu 2 anderen Fritzboxen und vom iPhone 8 zur pfsense.
Jetzt wollte ich gern den Laptop auch fertig machen für die VPN Verbindung. Windows 10 Pro 1903 18362.86 .
Habe diese Anleitung zur Hilfe genommen. Von @aqui Ipsec für Mobile
Notebook verbunden über Iphone Hotspot
Beim klick auf die VPN Verbindung kommt das Anmelde Fenster dann kommt der Fehler " IKE-Authentifizierung-Anmeldeinformationen sind nicht akzeptabel "
Pfsense log
Mar 9 10:44:12 charon 12[NET] <3209> received packet: from 109.41.129.165[19212] to 192.168.178.2[500] (544 bytes)
Mar 9 10:44:12 charon 12[ENC] <3209> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Mar 9 10:44:12 charon 12[CFG] <3209> looking for an IKEv2 config for 192.168.178.2...109.41.129.165
Mar 9 10:44:12 charon 12[CFG] <3209> candidate: 192.168.178.2...%any, prio 1052
Mar 9 10:44:12 charon 12[CFG] <3209> found matching ike config: 192.168.178.2...%any with prio 1052
Mar 9 10:44:12 charon 12[IKE] <3209> received MS NT5 ISAKMPOAKLEY v9 vendor ID
Mar 9 10:44:12 charon 12[IKE] <3209> received MS-Negotiation Discovery Capable vendor ID
Mar 9 10:44:12 charon 12[IKE] <3209> received Vid-Initial-Contact vendor ID
Mar 9 10:44:12 charon 12[ENC] <3209> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Mar 9 10:44:12 charon 12[IKE] <3209> 109.41.129.165 is initiating an IKE_SA
Mar 9 10:44:12 charon 12[IKE] <3209> IKE_SA (unnamed)[3209] state change: CREATED => CONNECTING
Mar 9 10:44:12 charon 12[CFG] <3209> selecting proposal:
Mar 9 10:44:12 charon 12[CFG] <3209> proposal matches
Mar 9 10:44:12 charon 12[CFG] <3209> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mar 9 10:44:12 charon 12[CFG] <3209> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mar 9 10:44:12 charon 12[CFG] <3209> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mar 9 10:44:12 charon 12[IKE] <3209> local host is behind NAT, sending keep alives
Mar 9 10:44:12 charon 12[IKE] <3209> remote host is behind NAT
Mar 9 10:44:12 charon 12[IKE] <3209> sending cert request for "CN=firewall-ca, C=DE, ST=Th?ringen, L=Sondershausen, O=IT, OU=IT Home"
Mar 9 10:44:12 charon 12[ENC] <3209> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Mar 9 10:44:12 charon 12[NET] <3209> sending packet: from 192.168.178.2[500] to 109.41.129.165[19212] (473 bytes)
Mar 9 10:44:12 charon 12[NET] <3209> received packet: from 109.41.129.165[19055] to 192.168.178.2[4500] (580 bytes)
Mar 9 10:44:12 charon 12[ENC] <3209> parsed IKE_AUTH request 1 [ EF(1/2) ]
Mar 9 10:44:12 charon 12[ENC] <3209> received fragment #1 of 2, waiting for complete IKE message
Mar 9 10:44:12 charon 12[NET] <3209> received packet: from 109.41.129.165[19055] to 192.168.178.2[4500] (532 bytes)
Mar 9 10:44:12 charon 12[ENC] <3209> parsed IKE_AUTH request 1 [ EF(2/2) ]
Mar 9 10:44:12 charon 12[ENC] <3209> received fragment #2 of 2, reassembled fragmented IKE message (1024 bytes)
Mar 9 10:44:12 charon 12[ENC] <3209> parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV) SA TSi TSr ]
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 8b:d0:2f:e5:63:e4:a7:f4:76:b5:61:a5:93:d6:6c:7e:cc:06:e7:a7
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 5c:b8:69:fe:8d:ef:c1:ed:66:27:ee:b2:12:0f:72:1b:b8:0a:0e:04
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for "CN=firewall-ca, C=DE, ST=Th?ringen, L=Sondershausen, O=IT, OU=IT Home"
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for "CN=pfsense, C=DE, ST=Th?ringen, L=Sondershausen, O=IT, OU=IT Home"
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid f9:27:b6:1b:0a:37:f3:c3:1a:fa:17:ec:2d:46:17:16:12:9d:0c:0e
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 93:60:bb:8b:88:eb:e4:f8:7a:2b:fa:4f:c3:39:fb:c5:8f:22:d2:50
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 64:1d:f8:d5:0e:23:31:c2:29:b2:50:cb:32:f5:6d:f5:5c:8e:00:fa
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 5e:8c:53:18:22:60:1d:56:71:d6:6a:a0:cc:64:a0:60:07:43:d5:a8
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid c0:7a:98:68:8d:89:fb:ab:05:64:0c:11:7d:aa:7d:65:b8:ca:cc:4e
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid f7:93:19:ef:df:c1:f5:20:fb:ac:85:55:2c:f2:d2:8f:5a:b9:ca:0b
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 69:c4:27:db:59:69:68:18:47:e2:52:17:0a:e0:e5:7f:ab:9d:ef:0f
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 4a:81:0c:de:f0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid d5:2e:13:c1:ab:e3:49:da:e8:b4:95:94:ef:7c:38:43:60:64:66:bd
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid a5:06:8a:78:cf:84:bd:74:32:dd:58:f9:65:eb:3a:55:e7:c7:80:dc
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 3e:22:d4:2c:1f:02:44:b8:04:10:65:61:7c:c7:6b:ae:da:87:29:9c
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 21:0f:2c:89:f7:c4:cd:5d:1b:82:5e:38:d6:c6:59:3b:a6:93:75:ae
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid bb:c2:3e:29:0b:b3:28:77:1d:ad:3e:a2:4d:bd:f4:23:bd:06:b0:3d
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 68:33:0e:61:35:85:21:59:29:83:a3:c8:d2:d2:e1:40:6e:7a:b3:c1
Mar 9 10:44:12 charon 12[IKE] <3209> received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
Mar 9 10:44:12 charon 12[IKE] <3209> received 35 cert requests for an unknown ca
Mar 9 10:44:12 charon 12[CFG] <3209> looking for peer configs matching 192.168.178.2[%any]...109.41.129.165[172.20.10.2]
Mar 9 10:44:12 charon 12[CFG] <3209> candidate "con-mobile", match: 1/1/1052 (me/other/ike)
Mar 9 10:44:12 charon 12[CFG] <con-mobile|3209> selected peer config 'con-mobile'
Mar 9 10:44:12 charon 12[IKE] <con-mobile|3209> initiating EAP_IDENTITY method (id 0x00)
Mar 9 10:44:12 charon 12[IKE] <con-mobile|3209> processing INTERNAL_IP4_ADDRESS attribute
Mar 9 10:44:12 charon 12[IKE] <con-mobile|3209> processing INTERNAL_IP4_DNS attribute
Mar 9 10:44:12 charon 12[IKE] <con-mobile|3209> processing INTERNAL_IP4_NBNS attribute
Mar 9 10:44:12 charon 12[IKE] <con-mobile|3209> processing INTERNAL_IP4_SERVER attribute
Mar 9 10:44:12 charon 12[IKE] <con-mobile|3209> peer supports MOBIKE
Mar 9 10:44:12 charon 12[IKE] <con-mobile|3209> authentication of 'pfsense' (myself) with RSA signature successful
Mar 9 10:44:12 charon 12[IKE] <con-mobile|3209> sending end entity cert "CN=pfsense, C=DE, ST=Th?ringen, L=Sondershausen, O=IT, OU=IT Home"
Mar 9 10:44:12 charon 12[ENC] <con-mobile|3209> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Mar 9 10:44:12 charon 12[ENC] <con-mobile|3209> splitting IKE message (1616 bytes) into 2 fragments
Mar 9 10:44:12 charon 12[ENC] <con-mobile|3209> generating IKE_AUTH response 1 [ EF(1/2) ]
Mar 9 10:44:12 charon 12[ENC] <con-mobile|3209> generating IKE_AUTH response 1 [ EF(2/2) ]
Mar 9 10:44:12 charon 12[NET] <con-mobile|3209> sending packet: from 192.168.178.2[4500] to 109.41.129.165[19055] (1236 bytes)
Mar 9 10:44:12 charon 12[NET] <con-mobile|3209> sending packet: from 192.168.178.2[4500] to 109.41.129.165[19055] (452 bytes)
Mar 9 10:44:33 charon 12[IKE] <con-mobile|3209> sending keep alive to 109.41.129.165[19055]
Mar 9 10:44:43 charon 12[JOB] <con-mobile|3209> deleting half open IKE_SA with 109.41.129.165 after timeout
Mar 9 10:44:43 charon 12[IKE] <con-mobile|3209> IKE_SA con-mobile[3209] state change: CONNECTING => DESTROYING
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 556054
Url: https://administrator.de/forum/notebook-windows-10-ipsec-verbindung-zur-pfsense-nicht-moeglich-556054.html
Ausgedruckt am: 22.12.2024 um 13:12 Uhr