Some progress after minor changes in ipsec.conf but still can't connect -
Code:
ext_if="re0"
key="XXXXXXX"
ike passive esp transport proto udp from $ext_if to any port 1701 main auth "hmac-md5" enc "3des" group modp1024 quick auth "hmac-md5" enc "3des" psk $key
I am getting -
Code:
Dec 1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Dec 1 05:07:54 ireland2 last message repeated 17 times
Dec 1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got SHA2_256, expected SHA
Dec 1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: GROUP_DESCRIPTION: got MODP_1024, expected MODP_2048
Dec 1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got SHA2_256, expected MD5
Dec 1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: GROUP_DESCRIPTION: got MODP_1024, expected MODP_2048
Dec 1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got SHA, expected SHA2_256
Dec 1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got SHA, expected MD5
Dec 1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got MD5, expected SHA
Dec 1 05:07:54 ireland2 isakmpd[8721]: attribute_unacceptable: HASH_ALGORITHM: got MD5, expected SHA2_256
Dec 1 05:07:57 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:07:57 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:00 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:08:00 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:04 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:08:04 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:06 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:08:06 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:09 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:08:09 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:13 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:08:13 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:18 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:08:18 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:19 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:08:19 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:20 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:08:20 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:24 ireland2 isakmpd[8721]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.228.247.127, responder id 54.229.xxx.xx
Dec 1 05:08:24 ireland2 isakmpd[8721]: dropped message from xxx.xxx.xxx.xx port 8055 due to notification type INVALID_ID_INFORMATION
Dec 1 05:08:27 ireland2 npppd[52928]: l2tpd ctrl=4 logtype=Started RecvSCCRQ from=xxx.xxx.xxx.xx:8061/udp tunnel_id=4/61333 protocol=1.0 winsize=1 hostname=anonymous vendor=(no vendorname) firm=0000
Dec 1 05:08:27 ireland2 npppd[52928]: l2tpd ctrl=4 SendSCCRP
Dec 1 05:08:27 ireland2 npppd[52928]: l2tpd Received from=xxx.xxx.xxx.xx:8061: bad control message: tunnelId=0 is not found. mestype=StopCCN
Dec 1 05:08:39 ireland2 npppd[52928]: l2tpd ctrl=4 timeout waiting ack for ctrl packets.
Dec 1 05:08:39 ireland2 npppd[52928]: l2tpd ctrl=4 logtype=Finished
Not sure what this INVALID_ID_INFORMATION is all about or there is some error other than that.