Arch Linux

Problem mit vpn (verwende vpnc)

Army

Tach zusammen

Ich möchte gern eine vpn-Verbindung zu meiner Uni einrichten, damit ich auch außerhalb des Netzwerks Matlab (Netzwerk-Lizenz) benutzen kann. Auch will ich es einfach mal einrichten, um es einfach mal gemacht zu haben, da ich mit vpn noch nie was gemacht hab.

Naja, jedenfalls funktioniert es noch nicht so richtig. Da die Uni selbst nur Support für den Cisco Client geben will, frag ich mal hier nach, woran das liegen könnte.

Also, hier mal Schritt für Schritt, was ich getan habe, damit ihr es schön nachvollziehen könnt:

Erstmal die Anleitung der Uni http://www.uni-ulm.de/einrichtungen/kiz/it/netzwerk/vpn/vpn-ipsec.html#vpnc

Ich mach also folgendes

su -
cd /etc/vpnc
wget -O 1.pem http://cdp.pca.dfn.de/uni-ulm-ca/pub/cacert/cacert.pem
wget -O 2.pem http://cdp.pca.dfn.de/global-root-ca/pub/cacert/cacert.pem
wget -O 3.pem http://cdp.pca.dfn.de/telekom-root-ca-2/pub/cacert/cacert.pem

Ich hab halt die ganzen pem-Dateien irgendwie umbenannt, weil sie ja auf dem Server alle cacert.pem heißen. Sind die Dateinamen hier wichtig? Falls ja, wie find ich raus wie die Dateien wirklich heißen müssen?

Die Datei /etc/vpnc/default.conf schaut so aus

IPSec gateway vpn.uni-ulm.de
IPSec ID standard
IPSec secret standard
IKE Authmode hybrid
CA-File /etc/vpnc/3.pem
Debug 3

Benutze jetzt mal Debug 3, damit ihr maximalen Output habt

So, dann starte ich mal vpnc

vpnc version 0.5.3
   hex_test: 00010203

S1 init_sockaddr
 [2011-05-29 19:40:02]

S2 make_socket
 [2011-05-29 19:40:02]

S3 setup_tunnel
 [2011-05-29 19:40:02]
   using interface tun0

S4 do_phase1_am
 [2011-05-29 19:40:02]

S4.1 create_nonce
 [2011-05-29 19:40:02]
   i_cookie: f42157d4 125c8d46
   i_nonce:
   a886b2ee fe701253 bf848deb 4e37e72b 90194d8d

S4.2 dh setup
 [2011-05-29 19:40:02]
   dh_public:
   46d20cba aefef852 ec68e896 fdf6248c 45583ff8 eaf4a569 5c8b3e70 b327c308
   d828dcfc 44929c3b 77b10aed b29e7139 e9283f48 679547be 2e77d0ff b7383c24
   ad8c05da fa069be0 454ef98f d9d641ff 3c3f3cc7 15764e7e e6b5d391 addef21f
   68d8f7d7 02760e38 2ec216c0 2417caf4 b14aada5 ac6ff9e7 b2cb571f f33a44fd

S4.3 AM packet_1
 [2011-05-29 19:40:03]

 sending: ========================>
   BEGIN_PARSE
   Recieved Packet Len: 828
   i_cookie: f42157d4 125c8d46
   r_cookie: 00000000 00000000
   payload: 01 (ISAKMP_PAYLOAD_SA)
   isakmp_version: 10
   exchange_type: 04 (ISAKMP_EXCHANGE_AGGRESSIVE)
   flags: 00
   message_id: 00000000
   len: 0000033c
   
   PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)
   next_type: 04 (ISAKMP_PAYLOAD_KE)
   length: 01dc
   sa.doi: 00000001 (ISAKMP_DOI_IPSEC)
   sa.situation: 00000001 (ISAKMP_IPSEC_SIT_IDENTITY_ONLY)
   
   PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
   next_type: 00 (ISAKMP_PAYLOAD_NONE)
   length: 01d0
   p.number: 00
   p.prot_id: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
   p.spi_size: 00
   length: 0c
   p.spi: 
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0028
   t.number: 00
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
   t.attributes.u.attr_16: 0100
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0028
   t.number: 01
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
   t.attributes.u.attr_16: 0100
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0028
   t.number: 02
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
   t.attributes.u.attr_16: 00c0
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0028
   t.number: 03
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
   t.attributes.u.attr_16: 00c0
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0028
   t.number: 04
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
   t.attributes.u.attr_16: 0080
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0028
   t.number: 05
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
   t.attributes.u.attr_16: 0080
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0024
   t.number: 06
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0005 (IKE_ENC_3DES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0024
   t.number: 07
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0005 (IKE_ENC_3DES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0024
   t.number: 08
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0001 (IKE_ENC_DES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0024
   t.number: 09
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0001 (IKE_ENC_DES_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 03 (ISAKMP_PAYLOAD_T)
   length: 0024
   t.number: 0a
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0000 (IKE_ENC_NO_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 00 (ISAKMP_PAYLOAD_NONE)
   length: 0024
   t.number: 0b
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0000 (IKE_ENC_NO_CBC)
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
   DONE PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
   
   PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
   DONE PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)
   
   PARSING PAYLOAD type: 04 (ISAKMP_PAYLOAD_KE)
   next_type: 0a (ISAKMP_PAYLOAD_NONCE)
   length: 0084
   ke.data:
   46d20cba aefef852 ec68e896 fdf6248c 45583ff8 eaf4a569 5c8b3e70 b327c308
   d828dcfc 44929c3b 77b10aed b29e7139 e9283f48 679547be 2e77d0ff b7383c24
   ad8c05da fa069be0 454ef98f d9d641ff 3c3f3cc7 15764e7e e6b5d391 addef21f
   68d8f7d7 02760e38 2ec216c0 2417caf4 b14aada5 ac6ff9e7 b2cb571f f33a44fd
   DONE PARSING PAYLOAD type: 04 (ISAKMP_PAYLOAD_KE)
   
   PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)
   next_type: 05 (ISAKMP_PAYLOAD_ID)
   length: 0018
   ke.data:
   a886b2ee fe701253 bf848deb 4e37e72b 90194d8d
   DONE PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)
   
   PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0010
   id.type: 0b (ISAKMP_IPSEC_ID_KEY_ID)
   id.protocol: 11
   id.port: 01f4
   id.data: 7374616e 64617264
   DONE PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 000c
   ke.data: 09002689 dfd6b712
   (Xauth)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0014
   ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
   (Cisco Unity)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0014
   ke.data: 4a131c81 07035845 5c5728f2 0e95452f
   (Nat-T RFC)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0014
   ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
   (Nat-T 02N)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0014
   ke.data: cd604643 35df21f8 7cfdb2fc 68b6a448
   (Nat-T 02)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0014
   ke.data: 16f6ca16 e4a4066d 83821a0f 0aeaa862
   (Nat-T 01)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0014
   ke.data: 4485152d 18b6bbcd 0be8a846 9579ddcc
   (Nat-T 00)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 00 (ISAKMP_PAYLOAD_NONE)
   length: 0014
   ke.data: afcad713 68a1f1c9 6b8696fc 77570100
   (DPD)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
   PARSE_OK


 receiving: <========================
 [2011-05-29 19:40:03]

S4.4 AM_packet2
 [2011-05-29 19:40:03]
   BEGIN_PARSE
   Recieved Packet Len: 1995
   i_cookie: f42157d4 125c8d46
   r_cookie: 7fa73337 5a95768b
   payload: 01 (ISAKMP_PAYLOAD_SA)
   isakmp_version: 10
   exchange_type: 04 (ISAKMP_EXCHANGE_AGGRESSIVE)
   flags: 00
   message_id: 00000000
   len: 000007cb
   
   PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)
   next_type: 04 (ISAKMP_PAYLOAD_KE)
   length: 003c
   sa.doi: 00000001 (ISAKMP_DOI_IPSEC)
   sa.situation: 00000001 (ISAKMP_IPSEC_SIT_IDENTITY_ONLY)
   
   PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
   next_type: 00 (ISAKMP_PAYLOAD_NONE)
   length: 0030
   p.number: 01
   p.prot_id: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
   p.spi_size: 00
   length: 01
   p.spi: 
   
   PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   next_type: 00 (ISAKMP_PAYLOAD_NONE)
   length: 0028
   t.number: 04
   t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
   t.attributes.type: 0001 (IKE_ATTRIB_ENC)
   t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
   t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
   t.attributes.u.attr_16: 0080
   t.attributes.type: 0002 (IKE_ATTRIB_HASH)
   t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
   t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
   t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
   t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
   t.attributes.u.attr_16: fadd (IKE_AUTH_HybridInitRSA)
   t.attributes.type: 000b (IKE_ATTRIB_LIFE_TYPE)
   t.attributes.u.attr_16: 0001 (IKE_LIFE_TYPE_SECONDS)
   t.attributes.type: 000c (IKE_ATTRIB_LIFE_DURATION)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0020c49b
   DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
   
   PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
   DONE PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
   
   PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
   DONE PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)
   
   PARSING PAYLOAD type: 04 (ISAKMP_PAYLOAD_KE)
   next_type: 0a (ISAKMP_PAYLOAD_NONCE)
   length: 0084
   ke.data:
   5c287af9 e8e05e9f 4fe52e7d 08a2c462 7ef46661 fd1f0c70 7ee05014 d12b2cf2
   a963c38c cbbed54f 6085ef89 b0701637 dff057e1 87df396c c0550ac7 282f04f9
   90930a9a ff9fccec 37bdca15 81629a3d 31d36e2f 602fc1d5 85194dca 21b1e056
   16d743d9 4c46abe8 7db73493 c6119f29 75800c3b 3b7bd071 c2e67e4a b59e491e
   DONE PARSING PAYLOAD type: 04 (ISAKMP_PAYLOAD_KE)
   
   PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)
   next_type: 05 (ISAKMP_PAYLOAD_ID)
   length: 0018
   ke.data:
   71370204 bb5fb9d5 adfd0f75 0f0d6dbb 4638989d
   DONE PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)
   
   PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
   next_type: 06 (ISAKMP_PAYLOAD_CERT)
   length: 006a
   id.type: 09 (ISAKMP_IPSEC_ID_DER_ASN1_DN)
   id.protocol: 00
   id.port: 0000
   id.data:
   3060310b 30090603 55040613 02444531 19301706 0355040a 1310556e 69766572
   73697461 65742055 6c6d3117 30150603 55040313 0e76706e 2e756e69 2d756c6d
   2e646531 1d301b06 092a8648 86f70d01 0902130e 76706e2e 756e692d 756c6d2e
   6465
   DONE PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
   
   PARSING PAYLOAD type: 06 (ISAKMP_PAYLOAD_CERT)
   next_type: 09 (ISAKMP_PAYLOAD_SIG)
   length: 04c5
   cert.encoding: 04
   cert.data:
   308204bc 308203a4 a0030201 02020410 72439d30 0d06092a 864886f7 0d010105
   05003062 310b3009 06035504 06130244 45311930 17060355 040a1310 556e6976
   65727369 74616574 20556c6d 311a3018 06035504 03131147 6c6f6261 6c2d556e
   692d556c 6d2d4341 311c301a 06092a86 4886f70d 01090116 0d636140 756e692d
   756c6d2e 6465301e 170d3130 30373330 31323331 31305a17 0d313530 37323931
   32333131 305a3060 310b3009 06035504 06130244 45311930 17060355 040a1310
   556e6976 65727369 74616574 20556c6d 31173015 06035504 03130e76 706e2e75
   6e692d75 6c6d2e64 65311d30 1b06092a 864886f7 0d010902 130e7670 6e2e756e
   692d756c 6d2e6465 30820122 300d0609 2a864886 f70d0101 01050003 82010f00
   3082010a 02820101 00ae16cc 167fab15 2ce97a76 57e8edc9 da2cf74c 35240f27
   bf98e704 662e2b3f 1b4fcd60 2fbdc268 5c9141bb 8275906d 5a66dbff c38583b3
   a004ae66 ed3f0c3b afb3375d ac01f6e1 fe5673da 3a8cf01e ed57d9d2 bac18fcc
   500f7d9e dd2648f2 ea88a6fa 4762e6f5 fe9be8f9 0f11434c 975a0957 e47c7690
   762304a6 22ab903f 68983289 23c03c05 c644a3fd 241ffe28 4ec1376c 62a86a3c
   59b42396 fde870cd 79cc790a 50946031 83c5eea9 c0a7aac6 599e2b2a b4665a52
   59e9f28d f4046d39 c5399d26 ff7f6361 bb2bca5e 8b491849 e401452f aef5a991
   c6383c65 883b815b 6327c36c 3443649c b114aa1b 395cdfe1 1e05af58 70a2ea15
   7b0845ee 35de9d31 71020301 0001a382 017a3082 01763009 0603551d 13040230
   00300b06 03551d0f 04040302 05e0301d 0603551d 0e041604 144c8a71 f722db31
   a353f2a2 29bf3525 793838ab aa301f06 03551d23 04183016 8014b37b 0f3da387
   b6cf64ed c2765dc2 da9697c9 a0df307f 0603551d 1f047830 763039a0 37a03586
   33687474 703a2f2f 63647031 2e706361 2e64666e 2e64652f 756e692d 756c6d2d
   63612f70 75622f63 726c2f63 6163726c 2e63726c 3039a037 a0358633 68747470
   3a2f2f63 6470322e 7063612e 64666e2e 64652f75 6e692d75 6c6d2d63 612f7075
   622f6372 6c2f6361 63726c2e 63726c30 819a0608 2b060105 05070101 04818d30
   818a3043 06082b06 01050507 30028637 68747470 3a2f2f63 6470312e 7063612e
   64666e2e 64652f75 6e692d75 6c6d2d63 612f7075 622f6361 63657274 2f636163
   6572742e 63727430 4306082b 06010505 07300286 37687474 703a2f2f 63647032
   2e706361 2e64666e 2e64652f 756e692d 756c6d2d 63612f70 75622f63 61636572
   742f6361 63657274 2e637274 300d0609 2a864886 f70d0101 05050003 82010100
   16ee43c2 939329a4 c8a2b56d d59140a7 2d9090df 5c0bd354 750cca02 db34e64a
   86a88450 ca3755e3 8e92ac49 8f473e7f dfb76575 76584a92 349ea0da 0d134623
   16866337 2ebb4d62 17d1fd4d a884c0d1 af12205d 204d3176 aa769683 c0b77d5a
   c0feadc3 52e35625 944228ae f971742a 3971737d e455d1e7 9e3c3d12 e902e4a0
   b849b7ce 936a09f5 3003fd76 c390511d 52dd1347 f0adf681 79c0fec9 a6a99bc5
   c6a6f260 01f76940 31693c78 8d139faf 85bc99cc 32fdeef3 c361ac29 9cd2d582
   e986803d 507a3b2d d6d94cb2 e1664e09 26f27155 9f614124 0c167d57 83eaa8e3
   a68f90f6 aaf68207 705d594b e09dabd1 72b97c0b 4a8d3b8b 7fe2d154 9ab338be
   DONE PARSING PAYLOAD type: 06 (ISAKMP_PAYLOAD_CERT)
   
   PARSING PAYLOAD type: 09 (ISAKMP_PAYLOAD_SIG)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0104
   ke.data:
   5c16adab 5deae5ec 61d487fa 27cebb05 28a92beb a4c31df4 14226b31 2430931e
   433455c5 140a6add 5f5731ca b26e33b4 87a8a377 a5443a51 3f1c2ad1 aebe422c
   81bfbd2a 5fd5108c c32b99cf 7e10caf2 54cfaba8 43203bba 347a1901 ae844bf6
   e78b240e c6f16da6 349931ef ad999442 eb465e3c 624ad46d c3309985 d631042f
   bcf60442 18eb8065 2801ac2f 7253a2c5 fadf4624 79e2248b e8efa842 686b905d
   b0299f9c 13feff2b b8125122 52ab4602 8809aea3 1bb59337 38b17e99 bf736200
   70ddd1ea 20cd1702 080b7076 4cb249e6 904512e9 496bf7e8 63f361a5 90b77e65
   cafa91cf e3692d0f b3791e2d 6f44c659 2c54667b 41b025de 4b8e3a3a 6e8371f6
   DONE PARSING PAYLOAD type: 09 (ISAKMP_PAYLOAD_SIG)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0014
   ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
   (Cisco Unity)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 000c
   ke.data: 09002689 dfd6b712
   (Xauth)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 82 (ISAKMP_PAYLOAD_NAT_D_OLD)
   length: 0014
   ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
   (Nat-T 02N)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 82 (ISAKMP_PAYLOAD_NAT_D_OLD)
   next_type: 82 (ISAKMP_PAYLOAD_NAT_D_OLD)
   length: 0018
   ke.data:
   f2baf6c4 7c15f408 c401fd41 5e45a7c8 89e376b2
   DONE PARSING PAYLOAD type: 82 (ISAKMP_PAYLOAD_NAT_D_OLD)
   
   PARSING PAYLOAD type: 82 (ISAKMP_PAYLOAD_NAT_D_OLD)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0018
   ke.data:
   ad204ec7 fe8dede1 c8cc4810 9b4aeb58 793d6a15
   DONE PARSING PAYLOAD type: 82 (ISAKMP_PAYLOAD_NAT_D_OLD)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0018
   ke.data:
   4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
   (unknown)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 0d (ISAKMP_PAYLOAD_VID)
   length: 0014
   ke.data: 8a60942a 5a94768b d516d0de b2841e2e
   (unknown)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   next_type: 00 (ISAKMP_PAYLOAD_NONE)
   length: 0014
   ke.data: 1f07f70e aa6514d3 b0fa9654 2a500100
   (unknown)
   DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
   
   PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
   PARSE_OK
   got ike lifetime attributes: 2147483 seconds
   IKE SA selected hybrid(rsa)-aes128-sha1
   unknown ISAKMP_PAYLOAD_VID: 12f5f28c 457168a9 702d9fe2 74cc0100
   peer is NAT-T capable (draft-02)\n
   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads
   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads
   unknown ISAKMP_PAYLOAD_VID:
   4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
   unknown ISAKMP_PAYLOAD_VID: 8a60942a 5a94768b d516d0de b2841e2e
   unknown ISAKMP_PAYLOAD_VID: 1f07f70e aa6514d3 b0fa9654 2a500100
   dh_shared_secret:
   c813403c 66f028e8 07da0b90 11042034 8440ce5c 1872075d 6b08073d 3615354c
   3df050f1 449f5b2e f7797a0a 3c958d4e 28ad2863 b57cd994 e5231b5b 3779cae5
   855c1d95 b0e0ee8d fc92e365 f6e6748a 62185c66 efb952a9 3a7b3069 5cd73887
   29bac78b b7ef6f01 74502bea 0ad9dde7 709bfbe7 432cb920 b01d3636 c1df5e1a
   (not dumping psk hash)
   skeyid:
   7410930c 01f70314 4437c796 a9b24cf7 79ee8e9e
   expected hash:
   35f5590b 604b21e3 c0a261a4 df05c2bd 6b862cba
   received signature:
   5c16adab 5deae5ec 61d487fa 27cebb05 28a92beb a4c31df4 14226b31 2430931e
   433455c5 140a6add 5f5731ca b26e33b4 87a8a377 a5443a51 3f1c2ad1 aebe422c
   81bfbd2a 5fd5108c c32b99cf 7e10caf2 54cfaba8 43203bba 347a1901 ae844bf6
   e78b240e c6f16da6 349931ef ad999442 eb465e3c 624ad46d c3309985 d631042f
   bcf60442 18eb8065 2801ac2f 7253a2c5 fadf4624 79e2248b e8efa842 686b905d
   b0299f9c 13feff2b b8125122 52ab4602 8809aea3 1bb59337 38b17e99 bf736200
   70ddd1ea 20cd1702 080b7076 4cb249e6 904512e9 496bf7e8 63f361a5 90b77e65
   cafa91cf e3692d0f b3791e2d 6f44c659 2c54667b 41b025de 4b8e3a3a 6e8371f6
   last cert:
   308204bc 308203a4 a0030201 02020410 72439d30 0d06092a 864886f7 0d010105
   05003062 310b3009 06035504 06130244 45311930 17060355 040a1310 556e6976
   65727369 74616574 20556c6d 311a3018 06035504 03131147 6c6f6261 6c2d556e
   692d556c 6d2d4341 311c301a 06092a86 4886f70d 01090116 0d636140 756e692d
   756c6d2e 6465301e 170d3130 30373330 31323331 31305a17 0d313530 37323931
   32333131 305a3060 310b3009 06035504 06130244 45311930 17060355 040a1310
   556e6976 65727369 74616574 20556c6d 31173015 06035504 03130e76 706e2e75
   6e692d75 6c6d2e64 65311d30 1b06092a 864886f7 0d010902 130e7670 6e2e756e
   692d756c 6d2e6465 30820122 300d0609 2a864886 f70d0101 01050003 82010f00
   3082010a 02820101 00ae16cc 167fab15 2ce97a76 57e8edc9 da2cf74c 35240f27
   bf98e704 662e2b3f 1b4fcd60 2fbdc268 5c9141bb 8275906d 5a66dbff c38583b3
   a004ae66 ed3f0c3b afb3375d ac01f6e1 fe5673da 3a8cf01e ed57d9d2 bac18fcc
   500f7d9e dd2648f2 ea88a6fa 4762e6f5 fe9be8f9 0f11434c 975a0957 e47c7690
   762304a6 22ab903f 68983289 23c03c05 c644a3fd 241ffe28 4ec1376c 62a86a3c
   59b42396 fde870cd 79cc790a 50946031 83c5eea9 c0a7aac6 599e2b2a b4665a52
   59e9f28d f4046d39 c5399d26 ff7f6361 bb2bca5e 8b491849 e401452f aef5a991
   c6383c65 883b815b 6327c36c 3443649c b114aa1b 395cdfe1 1e05af58 70a2ea15
   7b0845ee 35de9d31 71020301 0001a382 017a3082 01763009 0603551d 13040230
   00300b06 03551d0f 04040302 05e0301d 0603551d 0e041604 144c8a71 f722db31
   a353f2a2 29bf3525 793838ab aa301f06 03551d23 04183016 8014b37b 0f3da387
   b6cf64ed c2765dc2 da9697c9 a0df307f 0603551d 1f047830 763039a0 37a03586
   33687474 703a2f2f 63647031 2e706361 2e64666e 2e64652f 756e692d 756c6d2d
   63612f70 75622f63 726c2f63 6163726c 2e63726c 3039a037 a0358633 68747470
   3a2f2f63 6470322e 7063612e 64666e2e 64652f75 6e692d75 6c6d2d63 612f7075
   622f6372 6c2f6361 63726c2e 63726c30 819a0608 2b060105 05070101 04818d30
   818a3043 06082b06 01050507 30028637 68747470 3a2f2f63 6470312e 7063612e
   64666e2e 64652f75 6e692d75 6c6d2d63 612f7075 622f6361 63657274 2f636163
   6572742e 63727430 4306082b 06010505 07300286 37687474 703a2f2f 63647032
   2e706361 2e64666e 2e64652f 756e692d 756c6d2d 63612f70 75622f63 61636572
   742f6361 63657274 2e637274 300d0609 2a864886 f70d0101 05050003 82010100
   16ee43c2 939329a4 c8a2b56d d59140a7 2d9090df 5c0bd354 750cca02 db34e64a
   86a88450 ca3755e3 8e92ac49 8f473e7f dfb76575 76584a92 349ea0da 0d134623
   16866337 2ebb4d62 17d1fd4d a884c0d1 af12205d 204d3176 aa769683 c0b77d5a
   c0feadc3 52e35625 944228ae f971742a 3971737d e455d1e7 9e3c3d12 e902e4a0
   b849b7ce 936a09f5 3003fd76 c390511d 52dd1347 f0adf681 79c0fec9 a6a99bc5
   c6a6f260 01f76940 31693c78 8d139faf 85bc99cc 32fdeef3 c361ac29 9cd2d582
   e986803d 507a3b2d d6d94cb2 e1664e09 26f27155 9f614124 0c167d57 83eaa8e3
   a68f90f6 aaf68207 705d594b e09dabd1 72b97c0b 4a8d3b8b 7fe2d154 9ab338be
   Subject name hash: 7141e421
vpnc: Error verifying the certificate-chain

Falls das zu viel Output ist, hier mal der Output mit Debug 2

vpnc version 0.5.3

S1 init_sockaddr
 [2011-05-29 19:41:39]

S2 make_socket
 [2011-05-29 19:41:39]

S3 setup_tunnel
 [2011-05-29 19:41:39]
   using interface tun0

S4 do_phase1_am
 [2011-05-29 19:41:39]

S4.1 create_nonce
 [2011-05-29 19:41:39]

S4.2 dh setup
 [2011-05-29 19:41:39]

S4.3 AM packet_1
 [2011-05-29 19:41:39]

S4.4 AM_packet2
 [2011-05-29 19:41:39]
   (Cisco Unity)
   (Xauth)
   (Nat-T 02N)
   (unknown)
   (unknown)
   (unknown)
   got ike lifetime attributes: 2147483 seconds
   IKE SA selected hybrid(rsa)-aes128-sha1
   peer is NAT-T capable (draft-02)\n
   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads
   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads
vpnc: Error verifying the certificate-chain

und Debug 1

vpnc version 0.5.3
IKE SA selected hybrid(rsa)-aes128-sha1
vpnc: Error verifying the certificate-chain

Ich hab auch mal testweise auf die Datei 2.pem und 1.pem in der default.conf gezielt, führt zum gleichen Ergebnis.

Mangels Erfahrung tu ich mich auch schwer, den Output zu lesen / deuten. Eine Suche nach "vpnc: Error verifying the certificate-chain" bringt zwar Ergebnisse, aber nicht was ich suche.

Ergo, ich hab kein Plan was ich hier noch versuchen könnte. Sind evtl die Zertifikate Müll?

Bin jedenfalls für jeden Input dankbar!

Weltio

Als root?

Army

Jepp, hab das mit dem

su -

andeuten wollen.

stigmayta

Army schrieb

su -
cd /etc/vpnc
wget -O 1.pem http://cdp.pca.dfn.de/uni-ulm-ca/pub/cacert/cacert.pem
wget -O 2.pem http://cdp.pca.dfn.de/global-root-ca/pub/cacert/cacert.pem
wget -O 3.pem http://cdp.pca.dfn.de/telekom-root-ca-2/pub/cacert/cacert.pem

...

IPSec gateway vpn.uni-ulm.de
IPSec ID standard
IPSec secret standard
IKE Authmode hybrid
CA-File /etc/vpnc/3.pem
Debug 3

Das "CA-File" in der Config sollte anstatt auf 3.pem auf die 1.pem verweisen, also auf das Zertifikat der Uni. 🙂

EDIT: Uups, habe gesehen das du das ja schon gemacht hast. Versuche mal anstatt CA-File folgende Angabe:

CA-Dir /etc/vpnc

Wenn das auch noch nicht will, dann geh mal in einer Konsole als root in den Ordner /etc/vpnc und führe folgendes aus:

for f in 1 2 3; do mv $f.pem $(openssl x509 -subject_hash -noout -in $f.pem).0; done

Und versuche es noch einmal. 🙂
Könnte durchaus möglich sein das vpnc die Zertifikate anhand des Hashes laden will, also auch den Dateinamen so erwartet.

Und nur um sicher zu gehen das beim Download nix schief gegangen ist, hier meine SHA1-Hashes der drei Dateien (bitte vergleichen wenn das alles nicht geht):

# sha1sum *
7296ed49dda9299db678aa5b4d4bb79c670e26d5  6107e209.0
0c46f629440524310d9857ff2ce7ef73b163b72c  70461b92.0
175c17492e693e80f148a53d0d97aa0a9bfbdaf9  812e17de.0

Army

stigmayta schrieb Das "CA-File" in der Config sollte anstatt auf 3.pem auf die 1.pem verweisen, also auf das Zertifikat der Uni. 🙂

EDIT: Uups, habe gesehen das du das ja schon gemacht hast.

Ja hab auch bemerkt, dass das falsch war, nachdem ich den Beitrag geschrieben hab, aber hatte ja geschrieben, dass es mit den anderen auch nicht geht.

stigmayta schrieb Versuche mal anstatt CA-File folgende Angabe:
CA-Dir /etc/vpnc

Bis hierhin hat es noch keinen Unterschied gemacht.

stigmayta schrieb Wenn das auch noch nicht will, dann geh mal in einer Konsole als root in den Ordner /etc/vpnc und führe folgendes aus:
for f in 1 2 3; do mv $f.pem $(openssl x509 -subject_hash -noout -in $f.pem).0; done
Und versuche es noch einmal. 🙂
Könnte durchaus möglich sein das vpnc die Zertifikate anhand des Hashes laden will, also auch den Dateinamen so erwartet.

Und genau so ist es, jetzt funktioniert es perfekt. Hab es in der default.conf jetzt so gelassen mit CA-Dir.

Ausgezeichnet, danke dir!!!

Ich werde jetzt den Verantwortlichen schreiben, wie das zum Laufen gebracht werden kann, damit die ne gscheite Anleitung hochstellen.