- This topic has 1 reply, 2 voices, and was last updated 20 years, 8 months ago by afp548contributor.
-
AuthorPosts
-
June 16, 2003 at 1:47 am #355867dfrankenParticipant
I am having trouble connecting to a Linksys BEFVP41 using VaproSec 1.0. I have the latest firmware (1.40.4, Nov 21 2002) installed on the Linksys and it is configured following the instructions here [url]https://www.afp548.com/eBBS/viewtopic.php?t=201[/url]
Looking at the log on the BEFVP41, I can see the request coming in. Here is my what I get when I start Vaporsec:
Jun 15 14:55:34 laptop sudo: dfranken : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/killall racoon
Jun 15 14:55:35 laptop sudo: dfranken : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/mv /private/tmp/vaporsectmploc0.728484699123 /Library/Application Support/VaporSec/racoon.conf
Jun 15 14:55:37 laptop sudo: dfranken : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/racoon -f /Library/Application Support/VaporSec/racoon.conf
Jun 15 14:55:37 laptop racoon: INFO: main.c:169:main(): @(#)racoon 20001216 20001216 [email protected]
Jun 15 14:55:37 laptop racoon: INFO: main.c:170:main(): @(#)This product linked OpenSSL 0.9.6i Feb 19 2003 (http://www.openssl.org/)
Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): 192.168.100.57[500] used as isakmp port (fd=6)
Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): fe80::230:65ff:fe25:1e90[500] used as isakmp port (fd=7)
Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): fe80::20a:95ff:fe75:a658[500] used as isakmp port (fd=8 )
Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=9)
Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): fe80::1[500] used as isakmp port (fd=10)
Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): ::1[500] used as isakmp port (fd=11)
Jun 15 14:55:54 laptop racoon: INFO: isakmp.c:1681:isakmp_post_acquire(): IPsec-SA request for 66.1.214.55 queued due to no phase1 found.
Jun 15 14:55:54 laptop racoon: INFO: isakmp.c:795:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 192.168.100.57[500]<=>66.1.214.55[500]
Jun 15 14:55:54 laptop racoon: INFO: isakmp.c:800:isakmp_ph1begin_i(): begin Identity Protection mode.
Jun 15 14:55:55 laptop racoon: INFO: isakmp.c:2409:log_ph1established(): ISAKMP-SA established 192.168.100.57[500]-66.1.214.55[500] spi:fb186eea586b811e:8f1953e2911cd48f
Jun 15 14:55:56 laptop racoon: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 192.168.100.57[0]<=>66.1.214.55[0]
Jun 15 14:55:57 laptop racoon: ERROR: isakmp_quick.c:437:quick_i2recv(): mismatched ID was returned.
Jun 15 14:55:57 laptop racoon: ERROR: isakmp.c:707:quick_main(): failed to pre-process packet.
Jun 15 14:55:57 laptop racoon: ERROR: isakmp.c:526:isakmp_main(): phase2 negotiation failed.
Jun 15 14:56:08 laptop racoon: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 192.168.100.57[0]<=>66.1.214.55[0]I am not sure why it is not able to find phase 1 or why a mismatched ID is returned. Here is the log from the BEFVP41:
2003-06-15 14:55:52 IKE[71] Rx << MM_I1 : 66.87.155.226 SA
2003-06-15 14:55:53 IKE[71] Tx >> MM_R1 : 66.87.155.226 SA
2003-06-15 14:55:53 IKE[71] ISAKMP SA CKI=[fb186eea 586b811e] CKR=[8f1953e2 911cd48f]
2003-06-15 14:55:53 IKE[71] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 300 sec (*0 sec)
2003-06-15 14:55:53 IKE[71] Rx << MM_I2 : 66.87.155.226 KE, NONCE, VID
2003-06-15 14:55:53 IKE[71] Tx >> MM_R2 : 66.87.155.226 KE, NONCE
2003-06-15 14:55:54 This connection request matches tunnel 1 setting !
2003-06-15 14:55:54 IKE[1] Rx << MM_I3 : 66.87.155.226 ID, HASH
2003-06-15 14:55:54 IKE[1] Tx >> MM_R3 : 66.87.155.226 ID, HASH
2003-06-15 14:55:54 IKE[1] Rx << Notify :
2003-06-15 14:55:55 IKE[1] Rx << QM_I1 : 66.87.155.226 HASH, SA, NONCE, KE, ID, ID
2003-06-15 14:55:55 IKE[1] Tx >> QM_R1 : 66.87.155.226 HASH, SA, NONCE, KE, ID, ID
2003-06-15 14:55:56 IKE[1] Rx << Notify : ATTRIBUTES-NOT-SUPPORTEDHow can I tell what attributes are not supported. My VaporSec configuration matches the Linksys configuration. Looking through the articles on afp548 I have been unable to find any clues as to what could be wrong.
Thanks in advance for any assistance.
-
AuthorPosts
- You must be logged in to reply to this topic.
Comments are closed