This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall blocking VPN.

Greetings and hello mates (that covers three continents).

The firewall is blocking my vpn requests.

Your thoughts are welcomed.

ipsec - Pastebin.com

This thread was automatically locked due to age.

0 sandsjh over 14 years ago


2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: received Vendor ID payload [RFC 3947]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

2011:08:21-22:22:31 gw pluto[6591]: packet from 1.1.1.1:11394: received Vendor ID payload [Dead Peer Detection]

2011:08:21-22:22:31 gw pluto[6591]: "S_for sandsjh"[3] 1.1.1.1:11394 #2: responding to Main Mode from unknown peer 1.1.1.1:11394

2011:08:21-22:22:31 gw pluto[6591]: "S_for sandsjh"[3] 1.1.1.1:11394 #2: NAT-Traversal: Result using RFC 3947: both are NATed

2011:08:21-22:22:32 gw pluto[6591]: "S_for sandsjh"[3] 1.1.1.1:11394 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT

2011:08:21-22:22:32 gw pluto[6591]: "S_for sandsjh"[3] 1.1.1.1:11394 #2: Peer ID is ID_IPV4_ADDR: '192.168.1.10'

2011:08:21-22:22:32 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:11394 #2: deleting connection "S_for sandsjh"[3] instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}

2011:08:21-22:22:32 gw pluto[6591]: | NAT-T: new mapping 1.1.1.1:11394/5953)

2011:08:21-22:22:32 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sent MR3, ISAKMP SA established

2011:08:21-22:22:33 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: cannot respond to IPsec SA request because no connection is known for 69.29.154.163/32===192.168.21.254:4500[192.168.21.254]:17/1701...1.1.1.1:5953[192.168.1.10]:17/%any==={192.168.1.10/32}

2011:08:21-22:22:33 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_ID_INFORMATION to 1.1.1.1:5953

2011:08:21-22:22:35 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc910cbee (perhaps this is a duplicated packet)

2011:08:21-22:22:35 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_MESSAGE_ID to 1.1.1.1:5953

2011:08:21-22:22:39 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc910cbee (perhaps this is a duplicated packet)

2011:08:21-22:22:39 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_MESSAGE_ID to 1.1.1.1:5953

2011:08:21-22:22:42 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc910cbee (perhaps this is a duplicated packet)

2011:08:21-22:22:42 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_MESSAGE_ID to 1.1.1.1:5953

2011:08:21-22:22:45 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc910cbee (perhaps this is a duplicated packet)

2011:08:21-22:22:45 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_MESSAGE_ID to 1.1.1.1:5953

2011:08:21-22:22:48 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc910cbee (perhaps this is a duplicated packet)

2011:08:21-22:22:48 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_MESSAGE_ID to 1.1.1.1:5953

2011:08:21-22:22:51 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc910cbee (perhaps this is a duplicated packet)

2011:08:21-22:22:51 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_MESSAGE_ID to 1.1.1.1:5953

2011:08:21-22:22:54 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc910cbee (perhaps this is a duplicated packet)

2011:08:21-22:22:54 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_MESSAGE_ID to 1.1.1.1:5953

2011:08:21-22:22:57 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc910cbee (perhaps this is a duplicated packet)

2011:08:21-22:22:57 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_MESSAGE_ID to 1.1.1.1:5953

2011:08:21-22:23:00 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc910cbee (perhaps this is a duplicated packet)

2011:08:21-22:23:00 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: sending encrypted notification INVALID_MESSAGE_ID to 1.1.1.1:5953

2011:08:21-22:23:03 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953 #2: received Delete SA payload: deleting ISAKMP State #2

2011:08:21-22:23:03 gw pluto[6591]: "S_for sandsjh"[4] 1.1.1.1:5953: deleting connection "S_for sandsjh"[4] instance with peer 1.1.1.1 {isakmp=#0/ipsec=#0}

2011:08:21-22:23:03 gw pluto[6591]: ERROR: asynchronous network error report on eth0 for message to 1.1.1.1 port 5953, complainant 1.1.1.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]

0 Scott_Klassen over 14 years ago

What version of Astaro are you using?
Cancel
Vote Up 0 Vote Down

Cancel
0 sandsjh over 14 years ago in reply to Scott_Klassen

Firmware version: 8.201
Pattern version: 22730
Cancel
Vote Up 0 Vote Down

Cancel
0 sandsjh over 14 years ago in reply to sandsjh

any ideas?
Cancel
Vote Up 0 Vote Down

Cancel
0 profesor over 14 years ago

Have you upgraded from 8.103 to 8.20x?
Cancel
Vote Up 0 Vote Down

Cancel
0 sandsjh over 14 years ago in reply to profesor

Yes, I have.
Cancel
Vote Up 0 Vote Down

Cancel
0 superbits over 14 years ago

I'm also having this issue. Looks like it is a bug in version 8.20x. Everything worked prior to the update from 8.103.
Cancel
Vote Up 0 Vote Down

Cancel
0 profesor over 14 years ago

try recreate vpn.
Cancel
Vote Up 0 Vote Down

Cancel
0 dschmidl over 14 years ago

Could you please check your IPS log.

Regards
Dominic
Cancel
Vote Up 0 Vote Down

Cancel
0 kernel_wall over 14 years ago in reply to dschmidl

Same pb here using the cisco vpn under 8.201 and i did the first conf for VPN jsut now.
Cancel
Vote Up 0 Vote Down

Cancel