The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers
«
»

Reminder that the Fritz!Box IKE error 0x1C is still barely documented: crucial places like the built-in help page point to non-existing URLs

Posted by jpluimers on 2024/02/12

A while ago, I had to redo all of the existing Fritz!Box LAN2LAN VPN connections.

It was a pain for many reasons, reminding me of the pain

This is why it was so painful:

  1. Decades after KPN acquired xs4all they decided to really integrate xs4all into the KPN infrastructure. The initial promise “nothing will change” didn’t mean a thing, as all the IPv4 addresses got replaced with new ones (hello IPv4 shortage!) and their VoIP changed into not supporting Fritz!Box 73xx models any more.
  2. The Fritz!OS 7.x firmware is excruciatingly slow making this whole thing a tedious operation
  3. Fritz!OS 7.x firmware in the mean time now by default requires local confirmation for each and every whim you change in the configuration (yes, you can disable this or perform 2FA, but that requires local confirmation which is a pain when one of the sites is in lock-down because of Covid-19)
  4. Each time anything tiny in the VPN settings changes, each and every network connection gets reset for an undetermined time each time
  5. Fritz!Box documentation sucks (see below why)
  6. Despite configuring the new IPv4 addresses, you initially get IKE error galore, especially these:
    • VPN error: vpnAnsLAN2LAN, IKE-Error 0x2027
    • VPN error: vpnAnsLAN2LAN, IKE-Error 0x1c

    In the Fritz!Box UI, they are clickable and when you do, you end up at a page like [Wayback/Archive] FRITZ!Box 7490 Help – VPN Error: [Message text] with undescriptive explanations and most of the links non-clickable. More on that below.

  7. A LAN2LAN VPN connection has to Fritz!Box sides. Regularly, one Fritz!Box will tell you the LAN2LAN VPN succeeds whereas the other will tell you it fails.
  8. Since the “Help” texts at service.avm.de is so badly indexed in Google, it is really hard to find out information for other models that might help you further.

Back to the 7490 help for VPN errors, as you can clock on them and then get help in side a subdomain of your configured Frtiz!Box UI language.

For English, this is [Wayback/Archive] FRITZ!Box 7490 Help – VPN Error: [Message text] at service.avm.de/help/en/FRITZ-Box-Fon-WLAN-7490-avme/019p2/hilfe_syslog_122

  1. Luckily these two links are clickable:

    VPN Error: [Message text]

    This is an event message from the “Internet” area.

    The FRITZ!Box outputs this error message when the VPN connection was interrupted due to an error. The given message text indicates which specific error occurred.

    • If available, you can view further information on a VPN error by clicking the error code in the list below.
    • If the message is output repeatedly, contact the administrator of your VPN network to remedy the problem.

    Overview of Possible VPN Errors

    IKE error 0x1c “invalid id”
    IKE error 0x2027 “timeout”
  2. You’d think clicking them would help, until you find out these are the actual clickable links (which I inserted into an additional column):
    IKE error 0x1c https://https//en.avm.de/service/support-request/your-support-request/knowlegdebasesupport/detail/en_FRITZ-Box-7490-int/687_Cannot-establish-a-VPN-connection-between-two-FRITZ-Box-networks/ “invalid id”
    IKE error 0x2005 https://https//en.avm.de/service/support-request/your-support-request/knowlegdebasesupport/detail/en_FRITZ-Box-7490-int/687_Cannot-establish-a-VPN-connection-between-two-FRITZ-Box-networks/ “internal error”
    IKE error 0x2020 http://avm.de/nc/service/fritzbox/fritzbox-7490/wissensdatenbank/publication/show/687_VPN-Verbindung-zwischen-zwei-FRITZ-Box-Netzwerken-kann-nicht-hergestellt-werden/ “hash mismatch in received packet”
    IKE error 0x2027 http://avm.de/nc/service/fritzbox/fritzbox-7490/wissensdatenbank/publication/show/687_VPN-Verbindung-zwischen-zwei-FRITZ-Box-Netzwerken-kann-nicht-hergestellt-werden/ “timeout”

    So it is four entries with in total two addresses. Clicking result in these:

  3. Knowing that, you can find out that the URL now has changed
    • from: http://avm.de/nc/service/fritzbox/fritzbox-7490/wissensdatenbank/publication/show/687_VPN-Verbindung-zwischen-zwei-FRITZ-Box-Netzwerken-kann-nicht-hergestellt-werden/
    • to: https://avm.de/service/wissensdatenbank/dok/FRITZ-Box-7490/687_VPN-Verbindung-zwischen-zwei-FRITZ-Box-Netzwerken-kann-nicht-hergestellt-werden/

    It is archived too: [Wayback/Archive] VPN-Verbindung zwischen zwei FRITZ!Box-Netzwerken kann nicht hergestellt werden | FRITZ!Box 7490 | AVM Deutschland

  4. Of course any HTTP 301 or 302 URL redirection from the first to the last is long gone, despite the Fritz!Box 7490 still being at level “supported” as (via [Wayback/Archive] eol fritz 7490 – Google Search): per [Wayback/Archive] FRITZ!Box | AVM Deutschland: Status-der-Produktunterstuetzung/fritzbox (product support status: Fritz!Box)
    Wissensdatenbank Persönlicher Support Aktuelle Version AVM-Herstellergarantie
    FRITZ!Box 7490 [Wayback/Archive] [Wayback/Archive] FRITZ!OS 7.29 5 Jahre

    You’d wish there was:

      • an easy way to switch those pages from German to English. There is no way, not even a difficult one
      • a firmware upgrade that fixes the URLs

    Well, one can dream (:

  5. Knowing the English support page service.avm.de/help/en/FRITZ-Box-Fon-WLAN-7490-avme/019p2/hilfe_syslog_122 has failing URLs, and no pages returned from [Wayback/Archive] site:service.avm.de/help/de/FRITZ-Box-Fon-WLAN-7490-avme/019p2 – Google Search, I figured “the English URL has German text, so what if there is a similar page on the German part of the site” and just tried https://service.avm.de/help/de/FRITZ-Box-Fon-WLAN-7490-avme/019p2/hilfe_syslog_122.

    Hey, it’s there (so I archived it) and cut the quoted table down to the entries having a URL link [Wayback/Archive] Hilfe FRITZ!Box 7490 – VPN-Fehler: [Meldungstext]:

    IKE-Error 0x1c “invalid id”
    IKE-Error 0x2005 “internal error”
    IKE-Error 0x2020 “hash mismatch in received packet”
    IKE-Error 0x2027 “timeout”
    1. Yay, the first two links point to the same URL, functions, and is another variation of the from/to URLs I mentioned above:
      • from: http://avm.de/nc/service/fritzbox/fritzbox-7490/wissensdatenbank/publication/show/687_VPN-Verbindung-zwischen-zwei-FRITZ-Box-Netzwerken-kann-nicht-hergestellt-werden/
      • to: https://avm.de/service/wissensdatenbank/dok/FRITZ-Box-7490/687_VPN-Verbindung-zwischen-zwei-FRITZ-Box-Netzwerken-kann-nicht-hergestellt-werden/
      • German: https://avm.de/service/fritzbox/fritzbox-7490/wissensdatenbank/publication/show/687_VPN-Verbindung-zwischen-zwei-FRITZ-Box-Netzwerken-kann-nicht-hergestellt-werden/
    2. The last two point to http://avm.de/nc/service/fritzbox/fritzbox-7490/wissensdatenbank/publication/show/687_VPN-Verbindung-zwischen-zwei-FRITZ-Box-Netzwerken-kann-nicht-hergestellt-werden/ and give the same “not found” error like covered by 20141021072304 and 20200217121304 above.
  6. Other Fritz!Box models have similar documentation, some of it even in Dutch. A few of the links (all have a heading with #687):

Fazit

All in all, not much has changed since my first posts on this topic:

The state is this:

  • LAN2LAN VPN is still messy and full of cryptic error messages
  • Fritz!Box documentation has not really improved and likely even got worse given that they now have so many more models for which they need to keep similar documentation up-to-date with an ever growing inter-connectedness of firmware versions and documentation URLs

–jeroen

This entry was posted on 2024/02/12 at 12:00 and is filed under Fritz!, Fritz!Box, Hardware, Network-and-equipment, Power User. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»