l2tp/Ipsec VPN Help

Home Page Forums Network Management ZeroShell l2tp/Ipsec VPN Help

This topic contains 0 replies, has 0 voices, and was last updated by  ultimoblaze 3 years, 6 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #44356

    ultimoblaze
    Member

    Hi,

    I’ve been trying to set up a host-to-LAN VPN following these guides:
    http://digilander.libero.it/smasherdevourer/schede/linux/Zeroshell%20VPN%20Host-to-LAN-EN.pdf
    http://www.zeroshell.net/listing/l2tp.pdf

    These guides are a few releases behind, I think, while I’m on the latest. I haven’t had any luck connecting.

    I suspect I need to open a port or create some sort of policy in the firewall to allow connections in. Currently I have DENY polices for input and forward chains with specific accept policies.

    Does anybody know if this could be the issue?

    Thanks,
    Ultimoblaze

    #53870

    ultimoblaze
    Member

    I’ve been working on this some more and was able to rule out the firewall. I disabled the firewall on my Windows 7 machine and set the policies to accept on Zeroshell. I have been able to contact the Zeroshell machine, but receive a handful of failures and rejections in the Zeroshell log.

    What I’ve tried:

    Windows 7 VPN Security setting: Automatic
    admin username and password
    Zeroshell log:

    20:46:55 	INFO: respond new phase 1 negotiation: xx.xx.172.2[500]< =>xx.xx.70.89[500]
    20:46:55 INFO: begin Identity Protection mode.
    20:46:55 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    20:46:55 INFO: received Vendor ID: RFC 3947
    20:46:55 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    20:46:55 INFO: received Vendor ID: FRAGMENTATION
    20:46:55 INFO: Selected NAT-T version: RFC 3947
    20:46:55 ERROR: invalid DH group 20.
    20:46:55 ERROR: invalid DH group 19.
    20:46:55 ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 3DES-CBC:7
    20:46:55 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
    20:46:55 ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
    20:46:55 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
    20:46:55 ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
    20:46:55 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = MD5:SHA
    20:46:55 ERROR: no suitable proposal found.
    20:46:55 ERROR: failed to get valid proposal.
    20:46:55 ERROR: failed to process packet.

    I tried forcing the security setting to L2TP/IPsec and received the same results.

    Can anybody provide some help in this matter?

    Thanks,
    Ultimoblaze

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.