so ich hab das ganze auch mal probiert.
mit dem standard ike aus hardy ( 2.0.3 ) steht ne verbindung, aber keine daten werden übertragen ( genauso wie bei MaxPowers mit seinem Pic wo das mit dem "Failed" steht).
drum hab ich mal 2.1.0 kompiliert, allerdings läuft das nicht.
hier mal n log vom kompilieren, sollte ja eigentlich okay sein oder ?
Code:
root@eeepc:/home/martin/Dokumente/ike# cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DMANDIR=/usr/share/man -DNATT=YES
-- Using install prefix /usr ...
-- Using etc path /etc ...
-- Using man path /usr/share/man ...
-- Using binary /usr/bin/flex ...
-- Using binary /usr/bin/bison ...
-- Enabled NAT Traversal support ...
-- Enabled Client QT GUI support ...
-- Configuring done
-- Generating done
-- Build files have been written to: /home/martin/Dokumente/ike
root@eeepc:/home/martin/Dokumente/ike# make
[ 1%] Building CXX object source/libpfk/CMakeFiles/pfk.dir/libpfk.o
Linking CXX shared library libpfk.so
[ 1%] Built target pfk
[ 2%] Building CXX object source/libike/CMakeFiles/ike.dir/libike.o
/home/martin/Dokumente/ike/source/libike/libike.cpp: In member function »long int _IKEI::attach(long int)«:
/home/martin/Dokumente/ike/source/libike/libike.cpp:231: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/libike/libike.cpp: In member function »long int _IKES::init()«:
/home/martin/Dokumente/ike/source/libike/libike.cpp:301: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/libike/libike.cpp: In member function »long int _IKES::inbound(IKEI**)«:
/home/martin/Dokumente/ike/source/libike/libike.cpp:313: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
Linking CXX shared library libike.so
[ 2%] Built target ike
[ 3%] Building CXX object source/libidb/CMakeFiles/idb.dir/libidb.o
[ 4%] Building CXX object source/libidb/CMakeFiles/idb.dir/base64.o
Linking CXX static library libidb.a
[ 4%] Built target idb
[ 5%] Building CXX object source/libith/CMakeFiles/ith.dir/libith.o
Linking CXX static library libith.a
[ 5%] Built target ith
[ 6%] Building CXX object source/libip/CMakeFiles/ip.dir/libip.frag.o
[ 7%] Building CXX object source/libip/CMakeFiles/ip.dir/libip.packet.o
[ 8%] Building CXX object source/libip/CMakeFiles/ip.dir/libip.packet.dns.o
[ 9%] Building CXX object source/libip/CMakeFiles/ip.dir/libip.packet.ip.o
[ 10%] Building CXX object source/libip/CMakeFiles/ip.dir/libip.packet.udp.o
[ 11%] Building CXX object source/libip/CMakeFiles/ip.dir/libip.pcap.o
[ 12%] Building CXX object source/libip/CMakeFiles/ip.dir/libip.queue.o
[ 13%] Building CXX object source/libip/CMakeFiles/ip.dir/libip.route.o
Linking CXX static library libip.a
[ 13%] Built target ip
[ 14%] Building CXX object source/liblog/CMakeFiles/log.dir/liblog.o
Linking CXX static library liblog.a
[ 14%] Built target log
[ 15%] Generating conf.token.cpp
[ 16%] Generating conf.parse.cpp
Scanning dependencies of target iked
[ 17%] Building CXX object source/iked/CMakeFiles/iked.dir/crypto.o
[ 18%] Building CXX object source/iked/CMakeFiles/iked.dir/conf.parse.o
[ 19%] Building CXX object source/iked/CMakeFiles/iked.dir/conf.token.o
[ 20%] Building CXX object source/iked/CMakeFiles/iked.dir/dhcp.o
[ 21%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.o
[ 22%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.exch.config.o
[ 23%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.exch.inform.o
[ 24%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.exch.phase1.o
[ 25%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.exch.phase2.o
[ 26%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.idb.config.o
/home/martin/Dokumente/ike/source/iked/ike.idb.config.cpp: In member function »virtual char* _IDB_CFG::name()«:
/home/martin/Dokumente/ike/source/iked/ike.idb.config.cpp:158: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 27%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.idb.inform.o
/home/martin/Dokumente/ike/source/iked/ike.idb.inform.cpp: In member function »virtual char* _IDB_INF::name()«:
/home/martin/Dokumente/ike/source/iked/ike.idb.inform.cpp:50: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 28%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.idb.lists.o
[ 29%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.idb.phase1.o
/home/martin/Dokumente/ike/source/iked/ike.idb.phase1.cpp: In member function »virtual char* _IDB_PH1::name()«:
/home/martin/Dokumente/ike/source/iked/ike.idb.phase1.cpp:585: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 30%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.idb.phase2.o
/home/martin/Dokumente/ike/source/iked/ike.idb.phase2.cpp: In member function »virtual char* _IDB_PH2::name()«:
/home/martin/Dokumente/ike/source/iked/ike.idb.phase2.cpp:327: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 31%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.idb.peer.o
/home/martin/Dokumente/ike/source/iked/ike.idb.peer.cpp: In member function »virtual char* _IDB_PEER::name()«:
/home/martin/Dokumente/ike/source/iked/ike.idb.peer.cpp:149: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 32%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.idb.policy.o
/home/martin/Dokumente/ike/source/iked/ike.idb.policy.cpp: In member function »virtual char* _IDB_POLICY::name()«:
/home/martin/Dokumente/ike/source/iked/ike.idb.policy.cpp:209: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 33%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.idb.tunnel.o
/home/martin/Dokumente/ike/source/iked/ike.idb.tunnel.cpp: In member function »virtual char* _IDB_TUNNEL::name()«:
/home/martin/Dokumente/ike/source/iked/ike.idb.tunnel.cpp:254: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 34%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.idb.exch.o
[ 35%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.io.admin.o
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp: In member function »long int _IKED::loop_ipc_server()«:
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:60: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:80: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp: In member function »long int _IKED::loop_ipc_client(IKEI*)«:
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:94: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:722: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:743: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:768: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:820: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:827: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:834: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:841: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:848: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:857: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:864: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:871: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:878: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:885: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:892: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:899: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:906: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:944: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.admin.cpp:950: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 36%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.io.network.o
/home/martin/Dokumente/ike/source/iked/ike.io.network.cpp: In member function »long int _IKED::loop_ike_nwork()«:
/home/martin/Dokumente/ike/source/iked/ike.io.network.cpp:60: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.network.cpp:246: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 37%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.io.pfkey.o
/home/martin/Dokumente/ike/source/iked/ike.io.pfkey.cpp: In member function »long int _IKED::loop_ike_pfkey()«:
/home/martin/Dokumente/ike/source/iked/ike.io.pfkey.cpp:60: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.io.pfkey.cpp:248: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 38%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.keyfile.o
[ 39%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.names.o
[ 40%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.nethlp.o
/home/martin/Dokumente/ike/source/iked/ike.nethlp.cpp: In member function »void _IKED::text_prot(char*, int)«:
/home/martin/Dokumente/ike/source/iked/ike.nethlp.cpp:50: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.nethlp.cpp:51: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.nethlp.cpp:52: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.nethlp.cpp:53: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.nethlp.cpp:54: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.nethlp.cpp:55: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.nethlp.cpp:56: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
/home/martin/Dokumente/ike/source/iked/ike.nethlp.cpp:57: Warnung: veraltete Konvertierung von Zeichenkettenkonstante in »char*«
[ 41%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.packet.o
[ 42%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.payload.o
[ 43%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.peerid.o
[ 44%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.policy.o
[ 45%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.proposal.o
[ 46%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.socket.o
[ 47%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.xauth.o
[ 48%] Building CXX object source/iked/CMakeFiles/iked.dir/ike.xconf.o
[ 49%] Building CXX object source/iked/CMakeFiles/iked.dir/iked.o
[ 50%] Building CXX object source/iked/CMakeFiles/iked.dir/main.o
Linking CXX executable iked
[ 50%] Built target iked
[ 51%] Generating about.h
[ 52%] Generating moc_about.cxx
[ 53%] Generating images.cxx
[ 54%] Generating site.h
[ 55%] Generating site.cxx
[ 56%] Generating moc_site.cxx
[ 57%] Generating root.h
[ 58%] Generating root.cxx
[ 59%] Generating moc_root.cxx
[ 60%] Generating conflict.h
[ 61%] Generating conflict.cxx
[ 62%] Generating moc_conflict.cxx
[ 63%] Generating topology.h
[ 64%] Generating topology.cxx
[ 65%] Generating moc_topology.cxx
[ 66%] Generating about.cxx
Scanning dependencies of target ikea
[ 67%] Building CXX object source/ikea/CMakeFiles/ikea.dir/main.o
[ 68%] Building CXX object source/ikea/CMakeFiles/ikea.dir/ikea.o
[ 69%] Building CXX object source/ikea/CMakeFiles/ikea.dir/config.o
[ 70%] Building CXX object source/ikea/CMakeFiles/ikea.dir/images.o
[ 71%] Building CXX object source/ikea/CMakeFiles/ikea.dir/site.o
[ 72%] Building CXX object source/ikea/CMakeFiles/ikea.dir/moc_site.o
[ 73%] Building CXX object source/ikea/CMakeFiles/ikea.dir/root.o
[ 74%] Building CXX object source/ikea/CMakeFiles/ikea.dir/moc_root.o
[ 75%] Building CXX object source/ikea/CMakeFiles/ikea.dir/conflict.o
[ 76%] Building CXX object source/ikea/CMakeFiles/ikea.dir/moc_conflict.o
[ 77%] Building CXX object source/ikea/CMakeFiles/ikea.dir/topology.o
[ 78%] Building CXX object source/ikea/CMakeFiles/ikea.dir/moc_topology.o
[ 79%] Building CXX object source/ikea/CMakeFiles/ikea.dir/about.o
[ 80%] Building CXX object source/ikea/CMakeFiles/ikea.dir/moc_about.o
Linking CXX executable ikea
[ 80%] Built target ikea
[ 81%] Generating root.h
[ 82%] Generating moc_root.cxx
[ 83%] Generating images.cxx
[ 84%] Generating banner.h
[ 85%] Generating banner.cxx
[ 86%] Generating moc_banner.cxx
[ 87%] Generating filepass.h
[ 88%] Generating filepass.cxx
[ 89%] Generating moc_filepass.cxx
[ 90%] Generating root.cxx
Scanning dependencies of target ikec
[ 91%] Building CXX object source/ikec/CMakeFiles/ikec.dir/main.o
[ 92%] Building CXX object source/ikec/CMakeFiles/ikec.dir/ikec.o
[ 93%] Building CXX object source/ikec/CMakeFiles/ikec.dir/__/ikea/config.o
[ 94%] Building CXX object source/ikec/CMakeFiles/ikec.dir/images.o
[ 95%] Building CXX object source/ikec/CMakeFiles/ikec.dir/banner.o
[ 96%] Building CXX object source/ikec/CMakeFiles/ikec.dir/moc_banner.o
[ 97%] Building CXX object source/ikec/CMakeFiles/ikec.dir/filepass.o
[ 98%] Building CXX object source/ikec/CMakeFiles/ikec.dir/moc_filepass.o
[ 99%] Building CXX object source/ikec/CMakeFiles/ikec.dir/root.o
[100%] Building CXX object source/ikec/CMakeFiles/ikec.dir/moc_root.o
Linking CXX executable ikec
[100%] Built target ikec
root@eeepc:/home/martin/Dokumente/ike# make install
[ 1%] Built target pfk
[ 2%] Built target ike
[ 4%] Built target idb
[ 5%] Built target ith
[ 13%] Built target ip
[ 14%] Built target log
[ 50%] Built target iked
[ 80%] Built target ikea
[100%] Built target ikec
Linking CXX executable CMakeFiles/CMakeRelink.dir/iked
Linking CXX executable CMakeFiles/CMakeRelink.dir/ikea
Linking CXX executable CMakeFiles/CMakeRelink.dir/ikec
Install the project...
-- Install configuration: ""
-- Install configuration: ""
-- Installing /usr/sbin/iked
-- Installing /usr/share/man/man8/iked.8
-- Installing /usr/share/man/man5/iked.conf.5
-- Installing /etc/iked.conf.sample
-- Install configuration: ""
-- Installing /usr/lib/libike.so.2.1.0
-- Install configuration: ""
-- Install configuration: ""
-- Install configuration: ""
-- Install configuration: ""
-- Install configuration: ""
-- Installing /usr/lib/libpfk.so.2.1.0
-- Install configuration: ""
-- Installing /usr/bin/ikea
-- Installing /usr/share/man/man1/ikea.1
-- Install configuration: ""
-- Installing /usr/bin/ikec
-- Installing /usr/share/man/man1/ikec.1
root@eeepc:/home/martin/Dokumente/ike#
da bekomm ich direkt eine "invalid message from gateway".
im log steht das:
Code:
08/05/22 19:37:22 K! : recv X_SPDDUMP message failure ( errno = 2 )
08/05/22 19:37:26 !! : phase1 id mismatch ( src != trg )
08/05/22 19:37:26 !! : src = ipv4-host 217.227.71.110
08/05/22 19:37:26 !! : trg = ipv4-host 255.255.255.255
ich weiss jetzt nicht ob das vielleicht an ner ganz falschen config liegt.
Whoopie könntest du nicht einfach mal deine config posten, damit ich da einfach host / key + ips abändern kann, das müsste ja funktionieren ?
meine config von ike sieht z.b. so aus:
Code:
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:0
n:network-frag-size:540
n:network-dpd-enable:1
n:network-notify-enable:1
n:client-banner-enable:1
n:client-dns-used:0
b:auth-mutual-psk:Yzc4M2I1Y2QwNEo5MmM4YjExIGI5MDVkNjljZTRlMTtkNGU1
n:phase1-dhgroup:2
n:phase1-keylen:256
n:phase1-life-secs:3600
n:phase1-life-kbytes:0
n:phase2-keylen:256
n:phase2-pfsgroup:2
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
s:network-host:mac.dyndns.net
s:client-auto-mode:pull
s:client-iface:virtual
s:client-ip-addr:192.168.0.201
s:client-ip-mask:255.255.255.0
s:network-natt-mode:disable
s:network-frag-mode:enable
s:auth-method:mutual-psk
s:ident-client-type:ufqdn
s:ident-client-data:[email protected]
s:ident-server-type:address
s:phase1-exchange:aggressive
s:phase1-cipher:aes
s:phase1-hash:sha1
s:phase2-transform:aes
s:phase2-hmac:sha1
s:ipcomp-transform:deflate
s:policy-list-include:192.168.0.0 / 255.255.0.0
n:version:2
die config von der fritzbox software sieht so aus:
Code:
version {
revision = "$Revision: 1.30 $";
creatversion = "1.1";
}
pwcheck {
}
datapipecfg {
security = dpsec_quiet;
icmp {
ignore_echo_requests = no;
destunreach_rate {
burstfactor = 6;
timeout = 1;
}
timeexceeded_rate {
burstfactor = 6;
timeout = 1;
}
echoreply_rate {
burstfactor = 6;
timeout = 1;
}
}
masqtimeouts {
tcp = 15m;
tcp_fin = 2m;
tcp_rst = 3s;
udp = 5m;
icmp = 30s;
got_icmp_error = 15s;
any = 5m;
tcp_connect = 6m;
tcp_listen = 2m;
}
ipfwlow {
input {
}
output {
}
}
ipfwhigh {
input {
}
output {
}
}
NAT_T_keepalive_interval = 20;
}
targets {
policies {
name = "mac.dyndns.net";
connect_on_channelup = no;
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
virtualip = 192.168.0.201;
remoteip = 0.0.0.0;
remotehostname = "mac.dyndns.net";
localid {
user_fqdn = "[email protected]";
}
mode = mode_aggressive;
phase1ss = "all/all/all";
keytype = keytype_pre_shared;
key = "c783b5cd04J92c8b11 b905d69ce4e1;d4e5";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "permit ip any 192.168.0.0 255.255.0.0";
wakeupremote = no;
}
}
policybindings {
}
// EOF
sollten die beiden keys da eigentlich nicht gleich sein (?)