This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Problem

Can anyone tell me where I have gone wrong by looking at this log output?

(none) pluto[9478]: | initiator cookie:
(none) pluto[9478]: | cb 65 b2 d9 ec 76 bb 5d
(none) pluto[9478]: | responder cookie:
(none) pluto[9478]: | 8f 8d f9 b2 88 eb 95 7f
(none) pluto[9478]: | next payload type: ISAKMP_NEXT_KE
(none) pluto[9478]: | ISAKMP version: ISAKMP Version 1.0
(none) pluto[9478]: | exchange type: ISAKMP_XCHG_IDPROT
(none) pluto[9478]: | flags: none
(none) pluto[9478]: | message ID: 00 00 00 00
(none) pluto[9478]: | length: 228
(none) pluto[9478]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
(none) pluto[9478]: | ICOOKIE: cb 65 b2 d9 ec 76 bb 5d
(none) pluto[9478]: | RCOOKIE: 8f 8d f9 b2 88 eb 95 7f
(none) pluto[9478]: | peer: 51 88 ad 98
(none) pluto[9478]: | state hash entry 23
(none) pluto[9478]: | peer and cookies match on #1167, provided msgid 00000000 vs 00000000
(none) pluto[9478]: | state object #1167 found, in STATE_MAIN_R1
(none) pluto[9478]: | processing connection S_Returns_Warehouse_0
(none) pluto[9478]: | ***parse ISAKMP Key Exchange Payload:
(none) pluto[9478]: | next payload type: ISAKMP_NEXT_NONCE
(none) pluto[9478]: | length: 132
(none) pluto[9478]: | ***parse ISAKMP Nonce Payload:
(none) pluto[9478]: | next payload type: ISAKMP_NEXT_15
(none) pluto[9478]: | length: 20
(none) pluto[9478]: "S_Returns_Warehouse_0" #1167: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_15) at the outermost level
(none) pluto[9478]: "S_Returns_Warehouse_0" #1167: sending notification INVALID_PAYLOAD_TYPE to xxx.xxx.xxx.xxx:500
(none) pluto[9478]: | **emit ISAKMP Message:
(none) pluto[9478]: | initiator cookie:
(none) pluto[9478]: | cb 65 b2 d9 ec 76 bb 5d
(none) pluto[9478]: | responder cookie:
(none) pluto[9478]: | 8f 8d f9 b2 88 eb 95 7f
(none) pluto[9478]: | next payload type: ISAKMP_NEXT_N
(none) pluto[9478]: | ISAKMP version: ISAKMP Version 1.0
(none) pluto[9478]: | exchange type: ISAKMP_XCHG_INFO
(none) pluto[9478]: | flags: none
(none) pluto[9478]: | message ID: 00 00 00 00
(none) pluto[9478]: | ***emit ISAKMP Notification Payload:
(none) pluto[9478]: | next payload type: ISAKMP_NEXT_NONE
(none) pluto[9478]: | DOI: ISAKMP_DOI_IPSEC
(none) pluto[9478]: | protocol ID: 1
(none) pluto[9478]: | SPI size: 0
(none) pluto[9478]: | Notify Message Type: INVALID_PAYLOAD_TYPE
(none) pluto[9478]: | emitting length of ISAKMP Notification Payload: 12
(none) pluto[9478]: | emitting length of ISAKMP Message: 40
(none) pluto[9478]: | sending 40 bytes for notification packet through eth7:500 to xxx.xxx.xxx.xxx:500:
(none) pluto[9478]: | next event EVENT_RETRANSMIT in 1 seconds for #1162

I have an ASG320 locally and a Draytek Vigor 2800 dsl router and the remote site.

Cheers

This thread was automatically locked due to age.

Parents

0 Andreas Steffen over 19 years ago

the peer send a totally unsupported payload type:

(none) pluto[9478]: "S_Returns_Warehouse_0" #1167: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_15) at the outermost level

what kind of VPN client are you using?

Regards

Andreas
Cancel
Vote Up 0 Vote Down

Cancel
0 Godsbrother over 19 years ago in reply to Andreas Steffen

Its a Draytek 2800 adsl/2/2+ modem/router that supports VPN's the settings are defined on the router. Trouble is as usual no one seems to use the same layout/methods of confguring the vpn setiings
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Godsbrother over 19 years ago in reply to Andreas Steffen

Its a Draytek 2800 adsl/2/2+ modem/router that supports VPN's the settings are defined on the router. Trouble is as usual no one seems to use the same layout/methods of confguring the vpn setiings
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 NimmdirKeks over 19 years ago in reply to Godsbrother

What IP-Sec config did you made on the router?
Cancel
Vote Up 0 Vote Down

Cancel
0 renny over 18 years ago in reply to NimmdirKeks

i have the same problem, my settings are:
phase1:
Main mode
3des_sha1_g1
28800
phase2:
3des_sha1_none
3600

???
Cancel
Vote Up 0 Vote Down

Cancel
0 renny over 18 years ago in reply to renny

Astaro ASG320 Version 6.304

The ipsec sa light is yellow and the isakmp sa light is green???

IPSEC LOG

2007:06:05-09:56:54 (none) pluto[22458]: added connection description "S_hba__neerach_0"
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: initiating Main Mode
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: received Vendor ID payload [Dead Peer Detection]
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: received Vendor ID payload [RFC 3947] method set to=109
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: enabling possible NAT-traversal with method 3
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: STATE_MAIN_I2: sent MI2, expecting MR2
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: I did not send a certificate because I do not have one.
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: NAT-Traversal: Result using 3: no NAT detected
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: STATE_MAIN_I3: sent MI3, expecting MR3
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: Main mode peer ID is ID_IPV4_ADDR: '80.254.172.77'
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp768}
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18205: Dead Peer Detection (RFC 3706): enabled
2007:06:05-09:56:54 (none) pluto[22458]: "S_hba__neerach_0" #18206: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#18205}
2007:06:05-09:58:04 (none) pluto[22458]: "S_hba__neerach_0" #18206: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2007:06:05-09:58:04 (none) pluto[22458]: "S_hba__neerach_0" #18206: starting keying attempt 2 of an unlimited number
2007:06:05-09:58:04 (none) pluto[22458]: "S_hba__neerach_0" #18210: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #18206 {using isakmp#18205}
2007:06:05-09:59:14 (none) pluto[22458]: "S_hba__neerach_0" #18210: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2007:06:05-09:59:14 (none) pluto[22458]: "S_hba__neerach_0" #18210: starting keying attempt 3 of an unlimited number
2007:06:05-09:59:14 (none) pluto[22458]: "S_hba__neerach_0" #18214: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #18210 {using isakmp#18205}
Cancel
Vote Up 0 Vote Down

Cancel