problem with host to lan vpn L2tp/ipsec

Home Page Forums Network Management ZeroShell problem with host to lan vpn L2tp/ipsec

This topic contains 1 reply, has 0 voices, and was last updated by  Lordnet 9 years, 7 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #40911

    Lordnet
    Member

    190.161.x.x it’s the client modem ip. dmz host disabled
    192.168.10.103 it’s the lan ip of the client, conected to internet by a linksys router
    201.222x.x is the ip of modem where zeroshell is instaled
    192.168.1.150 is the internal LAN IP of zeroshell (only one network card conected). dmz host enabled on this ip. conected with a linksys router

    00:52:04 INFO: respond new phase 1 negotiation: 192.168.1.150[500]< =>190.161.x.x[500]
    00:52:04 INFO: begin Identity Protection mode.
    00:52:04 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    00:52:04 INFO: received Vendor ID: FRAGMENTATION
    00:52:04 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    00:52:04 INFO: ISAKMP-SA established 192.168.1.150[500]-190.161.x.x[500] spi:73fe0b96fd5e5d44:72dfcd932f42408b
    00:52:04 INFO: respond new phase 2 negotiation: 192.168.1.150[500]<190>192.168.1.150[0] spi=240080123(0xe4f54fb)
    00:52:05 INFO: IPsec-SA established: ESP/Transport 192.168.1.150[0]->190.161.xx[0] spi=3021131808(0xb412d020)
    00:52:05 ERROR: such policy does not already exist: “192.168.10.103/32[1701] 201.222.xx/32[1701] proto=udp dir=in”
    00:52:05 ERROR: such policy does not already exist: “201.222.xx/32[1701] 192.168.xx/32[1701] proto=udp dir=out”
    00:52:41 INFO: purging ISAKMP-SA spi=73fe0b96fd5e5d44:72dfcd932f42408b.
    00:52:41 INFO: purged ISAKMP-SA spi=73fe0b96fd5e5d44:72dfcd932f42408b.
    00:52:41 ERROR: unknown Informational exchange received.
    00:52:42 INFO: ISAKMP-SA deleted 192.168.1.150[500]-190.161.xxx[500] spi:73fe0b96fd5e5d44:72dfcd932f42408b

    01:36:39 INFO: respond new phase 1 negotiation: 192.168.1.150[500]< =>190.161.x[500]
    01:36:39 INFO: begin Identity Protection mode.
    01:36:39 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    01:36:39 INFO: received Vendor ID: FRAGMENTATION
    01:36:39 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    01:36:39 NOTIFY: the packet is retransmitted by 190.161.x[500].
    01:36:39 NOTIFY: the packet is retransmitted by 190.161.x[500].
    01:36:39 INFO: ISAKMP-SA established 192.168.1.150[500]-190.161.x[500] spi:3aa854e7edd968ee:45a49de9cc9ffb5d
    01:36:39 INFO: respond new phase 2 negotiation: 192.168.1.150[500]<190>192.168.1.150[0] spi=45280013(0x2b2eb0d)
    01:36:39 INFO: IPsec-SA established: ESP/Transport 192.168.1.150[0]->190.161.x[0] spi=1784062332(0x6a56a17c)
    01:36:39 ERROR: such policy does not already exist: “192.168.10.103/32[1701] 201.222.x/32[1701] proto=udp dir=in”
    01:36:39 ERROR: such policy does not already exist: “201.222.x/32[1701] 192.168.10.103/32[1701] proto=udp dir=out”
    01:37:14 INFO: purging ISAKMP-SA spi=3aa854e7edd968ee:45a49de9cc9ffb5d.
    01:37:14 INFO: purged ISAKMP-SA spi=3aa854e7edd968ee:45a49de9cc9ffb5d.
    01:37:15 INFO: ISAKMP-SA deleted 192.168.1.150[500]-190.161.x[500] spi:3aa854e7edd968ee:45a49de9cc9ffb5d

    #46163

    carlosczar
    Member

    Hey Lord.
    I’ve the same problem in my net.

    Have you found a solution for? I was implemented the /etc/ipsec.conf file and execute setkey with -f option, but without sucesses.

    Can you help me?
    Thanks

    #46164

    cowking2009
    Member

    Dear all,

    I have the same problem of you while using NAT-T. Any ideas?

    11:28:53 INFO: Hashing 140.116.103.162[43166] with algo #1
    11:28:53 INFO: Hashing 140.116.103.164[500] with algo #1
    11:28:53 INFO: Adding remote and local NAT-D payloads.
    11:28:53 INFO: NAT-T: ports changed to: 140.116.103.162[43270]140.116.103.164[4500]
    11:28:53 INFO: KA list add: 140.116.103.164[4500]->140.116.103.162[43270]
    11:28:53 INFO: ISAKMP-SA established 140.116.103.164[4500]-140.116.103.162[43270] spi:70a96c3f3f6e6c15:8a639dc973d76474
    11:28:54 INFO: respond new phase 2 negotiation: 140.116.103.164[4500]140.116.103.162[43270]
    11:28:54 INFO: no policy found, try to generate the policy : 140.116.103.162/32[43270] 140.116.103.164/32[1701] proto=udp dir=in
    11:28:54 INFO: Adjusting my encmode UDP-Transport->Transport
    11:28:54 INFO: Adjusting peer’s encmode UDP-Transport(61444)->Transport(2)
    11:28:54 INFO: IPsec-SA established: ESP/Transport 140.116.103.162[43270]->140.116.103.164[4500] spi=120777682(0x732ebd2)
    11:28:54 INFO: IPsec-SA established: ESP/Transport 140.116.103.164[4500]->140.116.103.162[43270] spi=592665891(0x23535d23)
    11:28:54 ERROR: such policy does not already exist: “140.116.103.162/32[43270] 140.116.103.164/32[1701] proto=udp dir=in”
    11:28:54 ERROR: such policy does not already exist: “140.116.103.164/32[1701] 140.116.103.162/32[43270] proto=udp dir=out”
    11:29:29 INFO: purging ISAKMP-SA spi=70a96c3f3f6e6c15:8a639dc973d76474.
    11:29:29 INFO: purged ISAKMP-SA spi=70a96c3f3f6e6c15:8a639dc973d76474.
    11:29:30 INFO: ISAKMP-SA deleted 140.116.103.164[4500]-140.116.103.162[43270] spi:70a96c3f3f6e6c15:8a639dc973d76474

    Any ideas?

    Thanks and regards,
    Cowking

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.