Home Forums Archive VaporSec Connecting to a Linksys BEFVP41

Viewing 1 post (of 1 total)
  • Author
    Posts
  • June 16, 2003 at 1:47 am #355867
    dfranken
    Participant

    I am having trouble connecting to a Linksys BEFVP41 using VaproSec 1.0. I have the latest firmware (1.40.4, Nov 21 2002) installed on the Linksys and it is configured following the instructions here [url]https://www.afp548.com/eBBS/viewtopic.php?t=201[/url]

    Looking at the log on the BEFVP41, I can see the request coming in. Here is my what I get when I start Vaporsec:

    Jun 15 14:55:34 laptop sudo: dfranken : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/killall racoon
    Jun 15 14:55:35 laptop sudo: dfranken : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/mv /private/tmp/vaporsectmploc0.728484699123 /Library/Application Support/VaporSec/racoon.conf
    Jun 15 14:55:37 laptop sudo: dfranken : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/racoon -f /Library/Application Support/VaporSec/racoon.conf
    Jun 15 14:55:37 laptop racoon: INFO: main.c:169:main(): @(#)racoon 20001216 20001216 [email protected]
    Jun 15 14:55:37 laptop racoon: INFO: main.c:170:main(): @(#)This product linked OpenSSL 0.9.6i Feb 19 2003 (http://www.openssl.org/)
    Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): 192.168.100.57[500] used as isakmp port (fd=6)
    Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): fe80::230:65ff:fe25:1e90[500] used as isakmp port (fd=7)
    Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): fe80::20a:95ff:fe75:a658[500] used as isakmp port (fd=8 )
    Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=9)
    Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): fe80::1[500] used as isakmp port (fd=10)
    Jun 15 14:55:38 laptop racoon: INFO: isakmp.c:1357:isakmp_open(): ::1[500] used as isakmp port (fd=11)
    Jun 15 14:55:54 laptop racoon: INFO: isakmp.c:1681:isakmp_post_acquire(): IPsec-SA request for 66.1.214.55 queued due to no phase1 found.
    Jun 15 14:55:54 laptop racoon: INFO: isakmp.c:795:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 192.168.100.57[500]<=>66.1.214.55[500]
    Jun 15 14:55:54 laptop racoon: INFO: isakmp.c:800:isakmp_ph1begin_i(): begin Identity Protection mode.
    Jun 15 14:55:55 laptop racoon: INFO: isakmp.c:2409:log_ph1established(): ISAKMP-SA established 192.168.100.57[500]-66.1.214.55[500] spi:fb186eea586b811e:8f1953e2911cd48f
    Jun 15 14:55:56 laptop racoon: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 192.168.100.57[0]<=>66.1.214.55[0]
    Jun 15 14:55:57 laptop racoon: ERROR: isakmp_quick.c:437:quick_i2recv(): mismatched ID was returned.
    Jun 15 14:55:57 laptop racoon: ERROR: isakmp.c:707:quick_main(): failed to pre-process packet.
    Jun 15 14:55:57 laptop racoon: ERROR: isakmp.c:526:isakmp_main(): phase2 negotiation failed.
    Jun 15 14:56:08 laptop racoon: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 192.168.100.57[0]<=>66.1.214.55[0]

    I am not sure why it is not able to find phase 1 or why a mismatched ID is returned. Here is the log from the BEFVP41:

    2003-06-15 14:55:52 IKE[71] Rx << MM_I1 : 66.87.155.226 SA
    2003-06-15 14:55:53 IKE[71] Tx >> MM_R1 : 66.87.155.226 SA
    2003-06-15 14:55:53 IKE[71] ISAKMP SA CKI=[fb186eea 586b811e] CKR=[8f1953e2 911cd48f]
    2003-06-15 14:55:53 IKE[71] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 300 sec (*0 sec)
    2003-06-15 14:55:53 IKE[71] Rx << MM_I2 : 66.87.155.226 KE, NONCE, VID
    2003-06-15 14:55:53 IKE[71] Tx >> MM_R2 : 66.87.155.226 KE, NONCE
    2003-06-15 14:55:54 This connection request matches tunnel 1 setting !
    2003-06-15 14:55:54 IKE[1] Rx << MM_I3 : 66.87.155.226 ID, HASH
    2003-06-15 14:55:54 IKE[1] Tx >> MM_R3 : 66.87.155.226 ID, HASH
    2003-06-15 14:55:54 IKE[1] Rx << Notify :
    2003-06-15 14:55:55 IKE[1] Rx << QM_I1 : 66.87.155.226 HASH, SA, NONCE, KE, ID, ID
    2003-06-15 14:55:55 IKE[1] Tx >> QM_R1 : 66.87.155.226 HASH, SA, NONCE, KE, ID, ID
    2003-06-15 14:55:56 IKE[1] Rx << Notify : ATTRIBUTES-NOT-SUPPORTED

    How can I tell what attributes are not supported. My VaporSec configuration matches the Linksys configuration. Looking through the articles on afp548 I have been unable to find any clues as to what could be wrong.

    Thanks in advance for any assistance.

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2024 AFP548. All Rights Reserved.