------------------------------------------------------------------------------------
/*
* C:\Dokumente und Einstellungen\XXXXX\XXXXX\XXXXXXX.cfg
* Mon Aug 22 21:45:22 2011
*/
vpncfg {
connections {
enabled = yes;
conn_type = conntype_user;
name = "[email protected]";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 192.168.178.201;
remoteid {
user_fqdn = "[email protected]";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = ":XXXXXXXXXXXXXXXXXXXXXXXX";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.178.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipaddr = 192.168.178.201;
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist =
"permit ip 192.168.178.201 255.255.255.255";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
------------------------------------------------------------------------------------
*.pol-Datei:
SECURITY_FILE_VERSION: 1
[INFO]
[EMAIL="[email protected]"][email protected][/EMAIL]
[POLICY]
sa [EMAIL="[email protected]"][email protected][/EMAIL]_1 = {
esp
encrypt_alg 12
max_encrypt_bits 128
auth_alg 3
identity_remote 192.168.178.0/24
src_specific
hard_lifetime_bytes 0
hard_lifetime_addtime 3600
hard_lifetime_usetime 3600
soft_lifetime_bytes 0
soft_lifetime_addtime 3600
soft_lifetime_usetime 3600
replay_win_len 0
pfs
}
remote 0.0.0.0 0.0.0.0 = { [EMAIL="[email protected]_1%28XXXXXX.dyndns.org"][email protected]_1(XXXXXX.dyndns.org[/EMAIL]) }
inbound = { }
outbound = { }
[IKE]
ADDR: XXXXXX.dyndns.org 255.255.255.255
IKE_VERSION: 1
MODE: Aggressive
REPLAY_STATUS: FALSE
USE_MODE_CFG: TRUE
IPSEC_EXPIRE: TRUE
USE_XAUTH: FALSE
USE_COMMIT: FALSE
ESP_UDP_PORT: 0
SEND_NOTIFICATION: TRUE
INITIAL_CONTACT: TRUE
USE_INTERNAL_ADDR: FALSE
DPD_HEARTBEAT: 90
NAT_KEEPALIVE: 60
REKEYING_THRESHOLD: 90
ID_TYPE: 3
FQDN: [EMAIL="[email protected]"][email protected][/EMAIL]
PRESHARED_KEYS:
FORMAT: STRING_FORMAT
KEY: 9 XXXXXXXXX
GROUP_DESCRIPTION_II: MODP_1024
USE_NAT_PROBE: FALSE
PROPOSALS: 1
ENC_ALG: AES128-CBC
AUTH_METHOD: PRE-SHARED
HASH_ALG: SHA1
GROUP_DESCRIPTION: MODP_1024
GROUP_TYPE: DEFAULT
LIFETIME_KBYTES: 0
LIFETIME_SECONDS: 3600
PRF: NONE
DNS_SERVER: 192.168.178.1
*.pin-Datei:
[POLICYNAME]
[EMAIL="[email protected]"][email protected][/EMAIL]
[POLICYVERSION]
1.0
[POLICYDESCRIPTION]
[ISSUERNAME]
[CONTACTINFO]
accesslist = "reject udp any any eq 53", "reject udp any any eq 500", "reject udp any any eq 4500", "permit ip any any";
C:\>tracert sipgate.de
Routenverfolgung zu sipgate.de [217.10.79.9] über maximal 30 Abschnitte:
1 445 ms 639 ms 409 ms sipgate.de [217.10.79.9]
2 474 ms 559 ms 539 ms sipgate.de [217.10.79.9]
3 668 ms 659 ms 699 ms sipgate.de [217.10.79.9]
4 408 ms 559 ms 509 ms sipgate.de [217.10.79.9]
5 438 ms 460 ms 549 ms sipgate.de [217.10.79.9]
6 488 ms 510 ms 499 ms sipgate.de [217.10.79.9]
7 858 ms 379 ms 480 ms sipgate.de [217.10.79.9]
Ablaufverfolgung beendet.
Ist das normal oder muß ich noch etwas anders konfigurieren? Die Internetverbindung scheint ansonsten normal zu funktionieren.
accesslist = "reject udp any any eq 53", "reject udp any any eq 500", "reject udp any any eq 4500", "permit ip 192.168.120.20 255.255.255.255 any", "permit ip 192.168.120.0 255.255.255.0 192.168.100.0 255.255.255.0";
accesslist = "reject udp any any eq 53", "reject udp any any eq 500", "reject udp any any eq 4500", "permit ip 192.168.120.20 255.255.255.255 [B][COLOR="red"]7777[/B][/COLOR]", "permit ip 192.168.120.0 255.255.255.0 192.168.100.0 255.255.255.0";
Code:accesslist = "permit ip 192.168.120.20 255.255.255.255 any eq 7777";
Insofern hoffe ich noch auf eine Eingebung von dir
accesslist = "permit udp 192.168.120.20 255.255.255.255 any eq 7777", "permit tcp 192.168.120.20 255.255.255.255 any eq 7777";