Thread: L2TP/IPSEC configuration error
View Single Post
  #4   (View Single Post)  
Old 1st December 2016
chigurh chigurh is offline
Port Guard
  
Join Date: Jul 2014
Posts: 38
Default
Some progress after minor changes in ipsec.conf but still can't connect -
Code:
ext_if="re0" 
key="XXXXXXX"                                                                        
                               
ike passive esp transport proto udp from $ext_if to any port 1701 main auth "hmac-md5" enc "3des" group modp1024 quick auth "hmac-md5" enc "3des" psk $key
I am getting -
Code:
Dec  1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Dec  1 05:07:54 ireland2 last message repeated 17 times
Dec  1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got SHA2_256, expected SHA
Dec  1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: GROUP_DESCRIPTION: got MODP_1024, expected MODP_2048
Dec  1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got SHA2_256, expected MD5
Dec  1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: GROUP_DESCRIPTION: got MODP_1024, expected MODP_2048
Dec  1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got SHA, expected SHA2_256
Dec  1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got SHA, expected MD5
Dec  1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got MD5, expected SHA
Dec  1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got MD5, expected SHA2_256
Dec  1 05:07:57 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:07:57 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:00 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:08:00 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:04 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:08:04 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:06 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:08:06 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:09 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:08:09 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:13 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:08:13 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:18 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:08:18 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:19 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:08:19 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:20 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:08:20 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:24 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec  1 05:08:24 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec  1 05:08:27 ireland2 npppd[52928]: l2tpd ctrl=4 logtype=Started RecvSCCRQ from=xxx.xxx.xxx.xx:8061/udp tunnel_id=4/61333 protocol=1.0 winsize=1 hostname=anonymous vendor=(no vendorname) firm=0000
Dec  1 05:08:27 ireland2 npppd[52928]: l2tpd ctrl=4 SendSCCRP
Dec  1 05:08:27 ireland2 npppd[52928]: l2tpd Received from=xxx.xxx.xxx.xx:8061: bad control message: tunnelId=0 is not found.  mestype=StopCCN
Dec  1 05:08:39 ireland2 npppd[52928]: l2tpd ctrl=4 timeout waiting ack for ctrl packets.
Dec  1 05:08:39 ireland2 npppd[52928]: l2tpd ctrl=4 logtype=Finished
Not sure what this INVALID_ID_INFORMATION is all about or there is some error other than that.
Reply With Quote