This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Issues

Hi folks hoping I have the right area of the right group here.

 

I'm trying to push my VPN endpoint off the QNAP and onto the router. I'm seeing my connection attempt in the live log but can't see where the issue is. Hopefully someone here is more experienced than I and can spot it. Local user created, UN, PW and PSK are correct. It's not port forwarding as this is a new box replaced VERY recently and I always had the intention of shifting the endpoint to the router so didn't bother NATing this one.

Full log in link at the bottom but for those who don't like clicking random links (I understand why) I'll put a little in here....

**

Live Log: IPsec VPN
Filter:
Autoscroll
Reload
2018:07:30-18:56:59 router pluto[13157]: | state hash entry 23
2018:07:30-18:56:59 router pluto[13157]: "L_for vpntest"[11] ***??CLIENT-IP***:4500: deleting connection "L_for vpntest"[11] instance with peer ***??CLIENT-IP*** {isakmp=#0/ipsec=#0}
2018:07:30-18:56:59 router pluto[13157]: | certs and keys locked by 'delete_connection'
2018:07:30-18:56:59 router pluto[13157]: | certs and keys unlocked by 'delete_connection'
2018:07:30-18:56:59 router pluto[13157]: | del: 57 69 ff 6c 7f 6c 87 37 2b b9 e5 0a b3 33 b4 1b
2018:07:30-18:56:59 router pluto[13157]: | next event EVENT_NAT_T_KEEPALIVE in 2 seconds
2018:07:30-18:57:01 router pluto[13157]: |
2018:07:30-18:57:01 router pluto[13157]: | *time to handle event
2018:07:30-18:57:01 router pluto[13157]: | event after this is EVENT_REINIT_SECRET in 297 seconds
2018:07:30-18:57:01 router pluto[13157]: | next event EVENT_REINIT_SECRET in 297 seconds
2018:07:30-18:57:40 router pluto[13157]: |
2018:07:30-18:57:40 router pluto[13157]: | *received 724 bytes from ***??CLIENT-IP***:500 on eth1
2018:07:30-18:57:40 router pluto[13157]: | **parse ISAKMP Message:
2018:07:30-18:57:40 router pluto[13157]: | initiator cookie:
2018:07:30-18:57:40 router pluto[13157]: | a0 9b 4a aa c6 d7 7c 0a
2018:07:30-18:57:40 router pluto[13157]: | responder cookie:
2018:07:30-18:57:40 router pluto[13157]: | 00 00 00 00 00 00 00 00
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_SA
2018:07:30-18:57:40 router pluto[13157]: | ISAKMP version: ISAKMP Version 1.0
2018:07:30-18:57:40 router pluto[13157]: | exchange type: ISAKMP_XCHG_IDPROT
2018:07:30-18:57:40 router pluto[13157]: | flags: none
2018:07:30-18:57:40 router pluto[13157]: | message ID: 00 00 00 00
2018:07:30-18:57:40 router pluto[13157]: | length: 724
2018:07:30-18:57:40 router pluto[13157]: | ***parse ISAKMP Security Association Payload:
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_VID
2018:07:30-18:57:40 router pluto[13157]: | length: 572
2018:07:30-18:57:40 router pluto[13157]: | DOI: ISAKMP_DOI_IPSEC
2018:07:30-18:57:40 router pluto[13157]: | ***parse ISAKMP Vendor ID Payload:
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_VID
2018:07:30-18:57:40 router pluto[13157]: | length: 20
2018:07:30-18:57:40 router pluto[13157]: | ***parse ISAKMP Vendor ID Payload:
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_VID
2018:07:30-18:57:40 router pluto[13157]: | length: 20
2018:07:30-18:57:40 router pluto[13157]: | ***parse ISAKMP Vendor ID Payload:
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_VID
2018:07:30-18:57:40 router pluto[13157]: | length: 20
2018:07:30-18:57:40 router pluto[13157]: | ***parse ISAKMP Vendor ID Payload:
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_VID
2018:07:30-18:57:40 router pluto[13157]: | length: 20
2018:07:30-18:57:40 router pluto[13157]: | ***parse ISAKMP Vendor ID Payload:
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_VID
2018:07:30-18:57:40 router pluto[13157]: | length: 24
2018:07:30-18:57:40 router pluto[13157]: | ***parse ISAKMP Vendor ID Payload:
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_NONE
2018:07:30-18:57:40 router pluto[13157]: | length: 20
2018:07:30-18:57:40 router pluto[13157]: packet from ***??CLIENT-IP***:500: received Vendor ID payload [RFC 3947]
2018:07:30-18:57:40 router pluto[13157]: packet from ***??CLIENT-IP***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2018:07:30-18:57:40 router pluto[13157]: packet from ***??CLIENT-IP***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2018:07:30-18:57:40 router pluto[13157]: packet from ***??CLIENT-IP***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2018:07:30-18:57:40 router pluto[13157]: packet from ***??CLIENT-IP***:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2018:07:30-18:57:40 router pluto[13157]: packet from ***??CLIENT-IP***:500: received Vendor ID payload [Dead Peer Detection]
2018:07:30-18:57:40 router pluto[13157]: | ****parse IPsec DOI SIT:
2018:07:30-18:57:40 router pluto[13157]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
2018:07:30-18:57:40 router pluto[13157]: | ****parse ISAKMP Proposal Payload:
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_NONE
2018:07:30-18:57:40 router pluto[13157]: | length: 560
2018:07:30-18:57:40 router pluto[13157]: | proposal number: 1
2018:07:30-18:57:40 router pluto[13157]: | protocol ID: PROTO_ISAKMP
2018:07:30-18:57:40 router pluto[13157]: | SPI size: 0
2018:07:30-18:57:40 router pluto[13157]: | number of transforms: 16
2018:07:30-18:57:40 router pluto[13157]: | *****parse ISAKMP Transform Payload (ISAKMP):
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_T
2018:07:30-18:57:40 router pluto[13157]: | length: 36
2018:07:30-18:57:40 router pluto[13157]: | transform number: 1
2018:07:30-18:57:40 router pluto[13157]: | transform ID: KEY_IKE
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_LIFE_TYPE
2018:07:30-18:57:40 router pluto[13157]: | length/value: 1
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_LIFE_DURATION
2018:07:30-18:57:40 router pluto[13157]: | length/value: 28800
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2018:07:30-18:57:40 router pluto[13157]: | length/value: 7
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_KEY_LENGTH
2018:07:30-18:57:40 router pluto[13157]: | length/value: 256
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2018:07:30-18:57:40 router pluto[13157]: | length/value: 1
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_HASH_ALGORITHM
2018:07:30-18:57:40 router pluto[13157]: | length/value: 5
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_GROUP_DESCRIPTION
2018:07:30-18:57:40 router pluto[13157]: | length/value: 2
2018:07:30-18:57:40 router pluto[13157]: | *****parse ISAKMP Transform Payload (ISAKMP):
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_T
2018:07:30-18:57:40 router pluto[13157]: | length: 36
2018:07:30-18:57:40 router pluto[13157]: | transform number: 2
2018:07:30-18:57:40 router pluto[13157]: | transform ID: KEY_IKE
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_LIFE_TYPE
2018:07:30-18:57:40 router pluto[13157]: | length/value: 1
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_LIFE_DURATION
2018:07:30-18:57:40 router pluto[13157]: | length/value: 28800
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2018:07:30-18:57:40 router pluto[13157]: | length/value: 7
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_KEY_LENGTH
2018:07:30-18:57:40 router pluto[13157]: | length/value: 256
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2018:07:30-18:57:40 router pluto[13157]: | length/value: 1
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_HASH_ALGORITHM
2018:07:30-18:57:40 router pluto[13157]: | length/value: 4
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_GROUP_DESCRIPTION
2018:07:30-18:57:40 router pluto[13157]: | length/value: 2
2018:07:30-18:57:40 router pluto[13157]: | *****parse ISAKMP Transform Payload (ISAKMP):
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_T
2018:07:30-18:57:40 router pluto[13157]: | length: 36
2018:07:30-18:57:40 router pluto[13157]: | transform number: 3
2018:07:30-18:57:40 router pluto[13157]: | transform ID: KEY_IKE
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_LIFE_TYPE
2018:07:30-18:57:40 router pluto[13157]: | length/value: 1
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_LIFE_DURATION
2018:07:30-18:57:40 router pluto[13157]: | length/value: 28800
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2018:07:30-18:57:40 router pluto[13157]: | length/value: 7
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_KEY_LENGTH
2018:07:30-18:57:40 router pluto[13157]: | length/value: 256
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2018:07:30-18:57:40 router pluto[13157]: | length/value: 1
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_HASH_ALGORITHM
2018:07:30-18:57:40 router pluto[13157]: | length/value: 6
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_GROUP_DESCRIPTION
2018:07:30-18:57:40 router pluto[13157]: | length/value: 2
2018:07:30-18:57:40 router pluto[13157]: | *****parse ISAKMP Transform Payload (ISAKMP):
2018:07:30-18:57:40 router pluto[13157]: | next payload type: ISAKMP_NEXT_T
2018:07:30-18:57:40 router pluto[13157]: | length: 36
2018:07:30-18:57:40 router pluto[13157]: | transform number: 4
2018:07:30-18:57:40 router pluto[13157]: | transform ID: KEY_IKE
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_LIFE_TYPE
2018:07:30-18:57:40 router pluto[13157]: | length/value: 1
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_LIFE_DURATION
2018:07:30-18:57:40 router pluto[13157]: | length/value: 28800
2018:07:30-18:57:40 router pluto[13157]: | ******parse ISAKMP Oakley attribute:
2018:07:30-18:57:40 router pluto[13157]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2018:07:30-18:57:40 router pluto[13157]: | length/value: 7

**

 

https://1drv.ms/t/s!AvG7t-dZAI57qYY1YtzTnHq7-k0V9w



This thread was automatically locked due to age.
Parents Reply Children
No Data