raxxis990
Goto Top

Notebook Windows 10 Ipsec Verbindung zur pfsense nicht möglich?

Hallo Leute

ich versuche gerade mich vom Notebook per Windows VPN mich zur pfsense zu verbinden. Das klappt leider nicht.

Vorgeschichte : Aktuell pfsense ipsec Verbindungen zu 2 anderen Fritzboxen und vom iPhone 8 zur pfsense.

Jetzt wollte ich gern den Laptop auch fertig machen für die VPN Verbindung. Windows 10 Pro 1903 18362.86 .

Habe diese Anleitung zur Hilfe genommen. Von @aqui Ipsec für Mobile

Notebook verbunden über Iphone Hotspot


Beim klick auf die VPN Verbindung kommt das Anmelde Fenster dann kommt der Fehler " IKE-Authentifizierung-Anmeldeinformationen sind nicht akzeptabel "

Pfsense log

Mar 9 10:44:12	charon		12[NET] <3209> received packet: from 109.41.129.165[19212] to 192.168.178.2[500] (544 bytes)
Mar 9 10:44:12	charon		12[ENC] <3209> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Mar 9 10:44:12	charon		12[CFG] <3209> looking for an IKEv2 config for 192.168.178.2...109.41.129.165
Mar 9 10:44:12	charon		12[CFG] <3209> candidate: 192.168.178.2...%any, prio 1052
Mar 9 10:44:12	charon		12[CFG] <3209> found matching ike config: 192.168.178.2...%any with prio 1052
Mar 9 10:44:12	charon		12[IKE] <3209> received MS NT5 ISAKMPOAKLEY v9 vendor ID
Mar 9 10:44:12	charon		12[IKE] <3209> received MS-Negotiation Discovery Capable vendor ID
Mar 9 10:44:12	charon		12[IKE] <3209> received Vid-Initial-Contact vendor ID
Mar 9 10:44:12	charon		12[ENC] <3209> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Mar 9 10:44:12	charon		12[IKE] <3209> 109.41.129.165 is initiating an IKE_SA
Mar 9 10:44:12	charon		12[IKE] <3209> IKE_SA (unnamed)[3209] state change: CREATED => CONNECTING
Mar 9 10:44:12	charon		12[CFG] <3209> selecting proposal:
Mar 9 10:44:12	charon		12[CFG] <3209> proposal matches
Mar 9 10:44:12	charon		12[CFG] <3209> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mar 9 10:44:12	charon		12[CFG] <3209> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mar 9 10:44:12	charon		12[CFG] <3209> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mar 9 10:44:12	charon		12[IKE] <3209> local host is behind NAT, sending keep alives
Mar 9 10:44:12	charon		12[IKE] <3209> remote host is behind NAT
Mar 9 10:44:12	charon		12[IKE] <3209> sending cert request for "CN=firewall-ca, C=DE, ST=Th?ringen, L=Sondershausen, O=IT, OU=IT Home"  
Mar 9 10:44:12	charon		12[ENC] <3209> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Mar 9 10:44:12	charon		12[NET] <3209> sending packet: from 192.168.178.2[500] to 109.41.129.165[19212] (473 bytes)
Mar 9 10:44:12	charon		12[NET] <3209> received packet: from 109.41.129.165[19055] to 192.168.178.2[4500] (580 bytes)
Mar 9 10:44:12	charon		12[ENC] <3209> parsed IKE_AUTH request 1 [ EF(1/2) ]
Mar 9 10:44:12	charon		12[ENC] <3209> received fragment #1 of 2, waiting for complete IKE message
Mar 9 10:44:12	charon		12[NET] <3209> received packet: from 109.41.129.165[19055] to 192.168.178.2[4500] (532 bytes)
Mar 9 10:44:12	charon		12[ENC] <3209> parsed IKE_AUTH request 1 [ EF(2/2) ]
Mar 9 10:44:12	charon		12[ENC] <3209> received fragment #2 of 2, reassembled fragmented IKE message (1024 bytes)
Mar 9 10:44:12	charon		12[ENC] <3209> parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV) SA TSi TSr ]
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 8b:d0:2f:e5:63:e4:a7:f4:76:b5:61:a5:93:d6:6c:7e:cc:06:e7:a7
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 5c:b8:69:fe:8d:ef:c1:ed:66:27:ee:b2:12:0f:72:1b:b8:0a:0e:04
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for "CN=firewall-ca, C=DE, ST=Th?ringen, L=Sondershausen, O=IT, OU=IT Home"  
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for "CN=pfsense, C=DE, ST=Th?ringen, L=Sondershausen, O=IT, OU=IT Home"  
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid f9:27:b6:1b:0a:37:f3:c3:1a:fa:17:ec:2d:46:17:16:12:9d:0c:0e
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 93:60:bb:8b:88:eb:e4:f8:7a:2b:fa:4f:c3:39:fb:c5:8f:22:d2:50
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 64:1d:f8:d5:0e:23:31:c2:29:b2:50:cb:32:f5:6d:f5:5c:8e:00:fa
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 5e:8c:53:18:22:60:1d:56:71:d6:6a:a0:cc:64:a0:60:07:43:d5:a8
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid c0:7a:98:68:8d:89:fb:ab:05:64:0c:11:7d:aa:7d:65:b8:ca:cc:4e
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid f7:93:19:ef:df:c1:f5:20:fb:ac:85:55:2c:f2:d2:8f:5a:b9:ca:0b
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 69:c4:27:db:59:69:68:18:47:e2:52:17:0a:e0:e5:7f:ab:9d:ef:0f
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 4a:81:0c:de:f0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid d5:2e:13:c1:ab:e3:49:da:e8:b4:95:94:ef:7c:38:43:60:64:66:bd
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid a5:06:8a:78:cf:84:bd:74:32:dd:58:f9:65:eb:3a:55:e7:c7:80:dc
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 3e:22:d4:2c:1f:02:44:b8:04:10:65:61:7c:c7:6b:ae:da:87:29:9c
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 21:0f:2c:89:f7:c4:cd:5d:1b:82:5e:38:d6:c6:59:3b:a6:93:75:ae
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid bb:c2:3e:29:0b:b3:28:77:1d:ad:3e:a2:4d:bd:f4:23:bd:06:b0:3d
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 68:33:0e:61:35:85:21:59:29:83:a3:c8:d2:d2:e1:40:6e:7a:b3:c1
Mar 9 10:44:12	charon		12[IKE] <3209> received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
Mar 9 10:44:12	charon		12[IKE] <3209> received 35 cert requests for an unknown ca
Mar 9 10:44:12	charon		12[CFG] <3209> looking for peer configs matching 192.168.178.2[%any]...109.41.129.165[172.20.10.2]
Mar 9 10:44:12	charon		12[CFG] <3209> candidate "con-mobile", match: 1/1/1052 (me/other/ike)  
Mar 9 10:44:12	charon		12[CFG] <con-mobile|3209> selected peer config 'con-mobile'  
Mar 9 10:44:12	charon		12[IKE] <con-mobile|3209> initiating EAP_IDENTITY method (id 0x00)
Mar 9 10:44:12	charon		12[IKE] <con-mobile|3209> processing INTERNAL_IP4_ADDRESS attribute
Mar 9 10:44:12	charon		12[IKE] <con-mobile|3209> processing INTERNAL_IP4_DNS attribute
Mar 9 10:44:12	charon		12[IKE] <con-mobile|3209> processing INTERNAL_IP4_NBNS attribute
Mar 9 10:44:12	charon		12[IKE] <con-mobile|3209> processing INTERNAL_IP4_SERVER attribute
Mar 9 10:44:12	charon		12[IKE] <con-mobile|3209> peer supports MOBIKE
Mar 9 10:44:12	charon		12[IKE] <con-mobile|3209> authentication of 'pfsense' (myself) with RSA signature successful  
Mar 9 10:44:12	charon		12[IKE] <con-mobile|3209> sending end entity cert "CN=pfsense, C=DE, ST=Th?ringen, L=Sondershausen, O=IT, OU=IT Home"  
Mar 9 10:44:12	charon		12[ENC] <con-mobile|3209> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Mar 9 10:44:12	charon		12[ENC] <con-mobile|3209> splitting IKE message (1616 bytes) into 2 fragments
Mar 9 10:44:12	charon		12[ENC] <con-mobile|3209> generating IKE_AUTH response 1 [ EF(1/2) ]
Mar 9 10:44:12	charon		12[ENC] <con-mobile|3209> generating IKE_AUTH response 1 [ EF(2/2) ]
Mar 9 10:44:12	charon		12[NET] <con-mobile|3209> sending packet: from 192.168.178.2[4500] to 109.41.129.165[19055] (1236 bytes)
Mar 9 10:44:12	charon		12[NET] <con-mobile|3209> sending packet: from 192.168.178.2[4500] to 109.41.129.165[19055] (452 bytes)
Mar 9 10:44:33	charon		12[IKE] <con-mobile|3209> sending keep alive to 109.41.129.165[19055]
Mar 9 10:44:43	charon		12[JOB] <con-mobile|3209> deleting half open IKE_SA with 109.41.129.165 after timeout
Mar 9 10:44:43	charon		12[IKE] <con-mobile|3209> IKE_SA con-mobile[3209] state change: CONNECTING => DESTROYING

Content-ID: 556054

Url: https://administrator.de/forum/notebook-windows-10-ipsec-verbindung-zur-pfsense-nicht-moeglich-556054.html

Ausgedruckt am: 22.12.2024 um 13:12 Uhr