Linksys BEFVP41 firmware 1.40.5 and VaporSec

...Originally posted on VAPOR forum by error... Trying to get a Linksys BEFVP41 VPN tunnel working with VaporSec running on Jaguar. After I realized that you need to use Explorer when configuring the Linksys because PFS doesn't stay checked with Safari I thought I was away to the races. All the Settings and Logfile Results are below, I've obviously tried a number of different settings, but this one as well as variations of this config all get me to the same Phase 2 error "unknown notify message, no phase2 handle found". Note: The VaporSec client is behind a standard Linksys 4 port router, which has IPSec pass-through enabled, both client and host are on the same ISP's DSL network. Help? [b:89818bf6a6]Linksys settings:[/b:89818bf6a6] Tunnel Name: five41 Local Secure Group: 192.168.20.0 (the entire local subnet) Remote Secure Group: Any Remote Secure Gateway: Any Encryption: 3DES Authentication: SHA Key Management: Auto. (IKE) PFS: Checked Pre-shared Key: 12345 Key Lifetime: 3600 sec. Advanced Settings: Operation Mode: Main mode Prop1 Encryption: 3DEC Prop1 Authentication: SHA Group: 768-bit Key Lifetime: 3600 seconds Prop2 settings the same as Prop1 Anti-replay: Checked [b:89818bf6a6]VaporSec Settings:[/b:89818bf6a6] Remote IPSec device: [i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6] Remote Network 192.168.20.1 Local Network Mask 32 Main Tab Shared Secret: 12345 Local IP: blank Mode: main Popsal Check: obey Nonce size: 16 Phase 1 Lifetime: 5 minutes DH Group: 1 Encryption: 3des Authentication: sha1 Phase 2 Lifetime: 12 hours PFS Group: 1 Encryption: 3des Authentication: hmac_sha1 ID Local: Address Remote: Address [b:89818bf6a6]Linksys Log File Results:[/b:89818bf6a6] 2003-08-11 20:43:24 IKE[71] Rx << MM_I1 : [i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6] SA 2003-08-11 20:43:24 IKE[71] Tx >> MM_R1 : [i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6] SA 2003-08-11 20:43:24 IKE[71] ISAKMP SA CKI=[ec7b3029 eecc3efc] CKR=[2cfacc31 6239d9af] 2003-08-11 20:43:24 IKE[71] ISAKMP SA 3DES / SHA / PreShared / MODP_768 / 300 sec (*0 sec) 2003-08-11 20:43:25 IKE[71] Rx << MM_I2 : [i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6] KE, NONCE, VID 2003-08-11 20:43:25 IKE[71] Tx >> MM_R2 : [i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6] KE, NONCE 2003-08-11 20:43:25 This connection request matches tunnel 1 setting ! 2003-08-11 20:43:25 IKE[1] Rx << MM_I3 : [i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6] ID, HASH 2003-08-11 20:43:25 IKE[1] Tx >> MM_R3 : [i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6] ID, HASH 2003-08-11 20:43:25 IKE[1] Rx << Notify : 2003-08-11 20:43:26 IKE[1] Rx << QM_I1 : [i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6] HASH, SA, NONCE, KE, ID, ID [color=red:89818bf6a6]2003-08-11 20:43:26 IKE[1] **Check your Local/Remote Secure Group settings ! [/color:89818bf6a6] 2003-08-11 20:43:26 IKE[1] Tx >> Notify : INVALID-ID-INFORMATION [b:89818bf6a6]Mac Syslog File Results:[/b:89818bf6a6] Aug 11 20:43:16 tbase racoon: INFO: main.c:169:main(): @(#)racoon 20001216 20001216 sakane@kame.net Aug 11 20:43:16 tbase racoon: INFO: main.c:170:main(): @(#)This product linked OpenSSL 0.9.6i Feb 19 2003 (http://www.openssl.org/) Aug 11 20:43:17 tbase racoon: INFO: isakmp.c:1357:isakmp_open(): 192.168.1.20[500] used as isakmp port (fd=6) Aug 11 20:43:17 tbase racoon: INFO: isakmp.c:1357:isakmp_open(): fe80::205:2ff:fecb:9510[500] used as isakmp port (fd=7) Aug 11 20:43:17 tbase racoon: INFO: isakmp.c:1357:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=8 ) Aug 11 20:43:17 tbase racoon: INFO: isakmp.c:1357:isakmp_open(): fe80::1[500] used as isakmp port (fd=9) Aug 11 20:43:17 tbase racoon: INFO: isakmp.c:1357:isakmp_open(): ::1[500] used as isakmp port (fd=10) Aug 11 20:43:23 tbase racoon: INFO: isakmp.c:1681:isakmp_post_acquire(): IPsec-SA request for [i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6] queued due to no phase1 found. Aug 11 20:43:23 tbase racoon: INFO: isakmp.c:795:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 192.168.1.20[500]<=>[i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6][500] Aug 11 20:43:23 tbase racoon: INFO: isakmp.c:800:isakmp_ph1begin_i(): begin Identity Protection mode. Aug 11 20:43:24 tbase racoon: INFO: isakmp.c:2409:log_ph1established(): ISAKMP-SA established 192.168.1.20[500]-[i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6][500] spi:ec7b3029eecc3efc:2cfacc316239d9af Aug 11 20:43:25 tbase racoon: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 192.168.1.20[0]<=>[i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6][0] Aug 11 20:43:26 tbase racoon: ERROR: isakmp_inf.c:776:isakmp_info_recv_n(): unknown notify message, no phase2 handle found. Aug 11 20:43:55 tbase racoon: ERROR: pfkey.c:738:pfkey_timeover(): 142.161.173.74 give up to get IPsec-SA due to time up to wait. Aug 11 20:43:58 tbase racoon: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 192.168.1.20[0]<=>[i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6][0] Aug 11 20:43:59 tbase racoon: ERROR: isakmp_inf.c:776:isakmp_info_recv_n(): unknown notify message, no phase2 handle found. Aug 11 20:44:28 tbase racoon: ERROR: pfkey.c:738:pfkey_timeover(): 142.161.173.74 give up to get IPsec-SA due to time up to wait. Aug 11 20:44:31 tbase racoon: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 192.168.1.20[0]<=>[i:89818bf6a6]LinkSys WAN IP[/i:89818bf6a6][0]