Community discussions

MikroTik App
  4. RouterOS
  5. General

L2TP/IPSEC connection drops due to "resend phase1 packet"

Post Reply
 
User avatar
ocgltd
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Sun Sep 02, 2012 12:53 am
Location: Ontario, Canada

L2TP/IPSEC connection drops due to "resend phase1 packet"

Tue Sep 04, 2012 6:44 pm

I finally have an LT2P/IPSEC connection up and running, with the RB450g as the server. However, within 5 seconds of being up the VPN connection goes down.

I see the error "resend phase1 packet" in the log below (in RED) - and I believe that is related (but I can't figure out how to fix this). Help!


------

10:54:48 ipsec,debug,packet ==========
10:54:48 ipsec,debug,packet 352 bytes message received from 184.151.61.155[60601] to 173.239.164.xxx[500]
10:54:48 ipsec,debug,packet 1a93dd3b eb26feb7 00000000 00000000 01100200 00000000 00000160 0d0000dc
10:54:48 ipsec,debug,packet 00000001 00000001 000000d0 01010006 03000020 01010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010005 80030001 80020002 80040002 03000020 02010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010005 80030001 80020001 80040002 03000020 03010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010001 80030001 80020002 80040002 03000020 04010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010001 80030001 80020001 80040002 03000024 05010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010007 800e0080 80030001 80020002 80040002 00000024 06010000 800b0001
10:54:48 ipsec,debug,packet 800c7080 80010007 800e0080 80030001 80020001 80040002 0d000014 4a131c81
10:54:48 ipsec,debug,packet 07035845 5c5728f2 0e95452f 0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448
10:54:48 ipsec,debug,packet 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 4485152d 18b6bbcd
10:54:48 ipsec,debug,packet 0be8a846 9579ddcc 00000018 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000
10:54:48 ipsec,debug,packet ===
10:54:48 ipsec,debug respond new phase 1 negotiation: 173.239.164.xxx[500]<=>184.151.61.155[60601]
10:54:48 ipsec,debug begin Identity Protection mode.
10:54:48 ipsec,debug,packet begin.
10:54:48 ipsec,debug,packet seen nptype=1(sa)
10:54:48 ipsec,debug,packet seen nptype=13(vid)
10:54:48 ipsec,debug,packet seen nptype=13(vid)
10:54:48 ipsec,debug,packet seen nptype=13(vid)
10:54:48 ipsec,debug,packet seen nptype=13(vid)
10:54:48 ipsec,debug,packet seen nptype=13(vid)
10:54:48 ipsec,debug,packet succeed.
10:54:48 ipsec,debug received Vendor ID: RFC 3947
10:54:48 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
10:54:48 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
10:54:48 ipsec,debug
10:54:48 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
10:54:48 ipsec,debug received broken Microsoft ID: FRAGMENTATION
10:54:48 ipsec,debug Selected NAT-T version: RFC 3947
10:54:48 ipsec,debug,packet total SA len=216
10:54:48 ipsec,debug,packet 00000001 00000001 000000d0 01010006 03000020 01010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010005 80030001 80020002 80040002 03000020 02010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010005 80030001 80020001 80040002 03000020 03010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010001 80030001 80020002 80040002 03000020 04010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010001 80030001 80020001 80040002 03000024 05010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010007 800e0080 80030001 80020002 80040002 00000024 06010000 800b0001
10:54:48 ipsec,debug,packet 800c7080 80010007 800e0080 80030001 80020001 80040002
10:54:48 ipsec,debug,packet begin.
10:54:48 ipsec,debug,packet seen nptype=2(prop)
10:54:48 ipsec,debug,packet succeed.
10:54:48 ipsec,debug,packet proposal #1 len=208
10:54:48 ipsec,debug,packet begin.
10:54:48 ipsec,debug,packet seen nptype=3(trns)
10:54:48 ipsec,debug,packet seen nptype=3(trns)
10:54:48 ipsec,debug,packet seen nptype=3(trns)
10:54:48 ipsec,debug,packet seen nptype=3(trns)
10:54:48 ipsec,debug,packet seen nptype=3(trns)
10:54:48 ipsec,debug,packet seen nptype=3(trns)
10:54:48 ipsec,debug,packet succeed.
10:54:48 ipsec,debug,packet transform #1 len=32
10:54:48 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
10:54:48 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
10:54:48 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
10:54:48 ipsec,debug,packet encryption(3des)
10:54:48 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:54:48 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
10:54:48 ipsec,debug,packet hash(sha1)
10:54:48 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:54:48 ipsec,debug,packet hmac(modp1024)
10:54:48 ipsec,debug,packet transform #2 len=32
10:54:48 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
10:54:48 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
10:54:48 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
10:54:48 ipsec,debug,packet encryption(3des)
10:54:48 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:54:48 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
10:54:48 ipsec,debug,packet hash(md5)
10:54:48 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:54:48 ipsec,debug,packet hmac(modp1024)
10:54:48 ipsec,debug,packet transform #3 len=32
10:54:48 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
10:54:48 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
10:54:48 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
10:54:48 ipsec,debug,packet encryption(des)
10:54:48 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:54:48 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
10:54:48 ipsec,debug,packet hash(sha1)
10:54:48 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:54:48 ipsec,debug,packet hmac(modp1024)
10:54:48 ipsec,debug,packet transform #4 len=32
10:54:48 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
10:54:48 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
10:54:48 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
10:54:48 ipsec,debug,packet encryption(des)
10:54:48 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:54:48 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
10:54:48 ipsec,debug,packet hash(md5)
10:54:48 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:54:48 ipsec,debug,packet hmac(modp1024)
10:54:48 ipsec,debug,packet transform #5 len=36
10:54:48 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
10:54:48 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
10:54:48 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:54:48 ipsec,debug,packet encryption(aes)
10:54:48 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
10:54:48 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:54:48 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
10:54:48 ipsec,debug,packet hash(sha1)
10:54:48 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:54:48 ipsec,debug,packet hmac(modp1024)
10:54:48 ipsec,debug,packet transform #6 len=36
10:54:48 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
10:54:48 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
10:54:48 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:54:48 ipsec,debug,packet encryption(aes)
10:54:48 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
10:54:48 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:54:48 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
10:54:48 ipsec,debug,packet hash(md5)
10:54:48 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:54:48 ipsec,debug,packet hmac(modp1024)
10:54:48 ipsec,debug,packet pair 1:
10:54:48 ipsec,debug,packet 0x491708: next=(nil) tnext=0x4916b8
10:54:48 ipsec,debug,packet 0x4916b8: next=(nil) tnext=0x48fd40
10:54:48 ipsec,debug,packet 0x48fd40: next=(nil) tnext=0x48fe58
10:54:48 ipsec,debug,packet 0x48fe58: next=(nil) tnext=0x490ce8
10:54:48 ipsec,debug,packet 0x490ce8: next=(nil) tnext=0x490d68
10:54:48 ipsec,debug,packet 0x490d68: next=(nil) tnext=(nil)
10:54:48 ipsec,debug,packet proposal #1: 6 transform
10:54:48 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=6
10:54:48 ipsec,debug,packet trns#=1, trns-id=IKE
10:54:48 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
10:54:48 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
10:54:48 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
10:54:48 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:54:48 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
10:54:48 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:54:48 ipsec,debug,packet Compared: DB:Peer
10:54:48 ipsec,debug,packet (lifetime = 86400:28800)
10:54:48 ipsec,debug,packet (lifebyte = 0:0)
10:54:48 ipsec,debug,packet enctype = 3DES-CBC:3DES-CBC
10:54:48 ipsec,debug,packet (encklen = 0:0)
10:54:48 ipsec,debug,packet hashtype = SHA:SHA
10:54:48 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
10:54:48 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
10:54:48 ipsec,debug,packet an acceptable proposal found.
10:54:48 ipsec,debug,packet hmac(modp1024)
10:54:48 ipsec,debug,packet agreed on pre-shared key auth.
10:54:48 ipsec,debug,packet ===
10:54:48 ipsec,debug,packet new cookie:
10:54:48 ipsec,debug,packet d9e90d20df08899e
10:54:48 ipsec,debug,packet add payload of len 48, next type 13
10:54:48 ipsec,debug,packet add payload of len 16, next type 13
10:54:48 ipsec,debug,packet add payload of len 16, next type 13
10:54:48 ipsec,debug,packet add payload of len 20, next type 0
10:54:48 ipsec,debug,packet 144 bytes from 173.239.164.xxx[500] to 184.151.61.155[60601]
10:54:48 ipsec,debug,packet sockname 173.239.164.xxx[500]
10:54:48 ipsec,debug,packet send packet from 173.239.164.xxx[500]
10:54:48 ipsec,debug,packet send packet to 184.151.61.155[60601]
10:54:48 ipsec,debug,packet src4 173.239.164.xxx[500]
10:54:48 ipsec,debug,packet dst4 184.151.61.155[60601]
10:54:48 ipsec,debug,packet 1 times of 144 bytes message will be sent to 184.151.61.155[60601]
10:54:48 ipsec,debug,packet 1a93dd3b eb26feb7 d9e90d20 df08899e 01100200 00000000 00000090 0d000034
10:54:48 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080
10:54:48 ipsec,debug,packet 80010005 80030001 80020002 80040002 0d000014 4a131c81 07035845 5c5728f2
10:54:48 ipsec,debug,packet 0e95452f 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 00000018 4048b7d5
10:54:48 ipsec,debug,packet 6ebce885 25e7de7f 00d6c2d3 80000000
10:54:48 ipsec,debug,packet resend phase1 packet 1a93dd3beb26feb7:d9e90d20df08899e
10:54:48 ipsec,debug,packet ==========
10:54:48 ipsec,debug,packet 228 bytes message received from 184.151.61.155[60601] to 173.239.164.xxx[500]
10:54:48 ipsec,debug,packet 1a93dd3b eb26feb7 d9e90d20 df08899e 04100200 00000000 000000e4 0a000084
10:54:48 ipsec,debug,packet f157ce3c 1860c02b 9a9d8379 e4fce0a7 354dd675 b13f1f6c 5214fdd1 404e4afe
10:54:48 ipsec,debug,packet 0f8646ce 2f552716 a9a62a02 698a3bf4 1a2dafb5 38bf8e07 fc3dc653 95c1ebfb
10:54:48 ipsec,debug,packet 61c5a135 9d1fdce9 c78505e4 092eb02b 21005f17 34a3b60d f8563a3e 042d22bf
10:54:48 ipsec,debug,packet 5c705839 cd88c57d fd1008ce 66909a83 06fe52f2 b10de88f e89038ec 96c0ea6c
10:54:48 ipsec,debug,packet 14000014 fcfe3d5b 170990c1 6ad22c2c cd78d823 14000018 098c3c0e 6f5f1420
10:54:48 ipsec,debug,packet b334a75a 56696188 0ef142cf 00000018 67ec9305 eb1da7f6 1a1ecd2a 710d35e7
10:54:48 ipsec,debug,packet 01c8f37c
10:54:48 ipsec,debug,packet begin.
10:54:48 ipsec,debug,packet seen nptype=4(ke)
10:54:48 ipsec,debug,packet seen nptype=10(nonce)
10:54:48 ipsec,debug,packet seen nptype=20(nat-d)
10:54:48 ipsec,debug,packet seen nptype=20(nat-d)
10:54:48 ipsec,debug,packet succeed.
10:54:48 ipsec,debug Hashing 173.239.164.xxx[500] with algo #2
10:54:48 ipsec,debug,packet hash(sha1)
10:54:48 ipsec,debug NAT-D payload #0 verified
10:54:48 ipsec,debug Hashing 184.151.61.155[60601] with algo #2
10:54:48 ipsec,debug,packet hash(sha1)
10:54:48 ipsec,debug NAT-D payload #1 doesn't match
10:54:48 ipsec,debug NAT detected: PEER
10:54:48 ipsec,debug,packet ===
10:54:48 ipsec,debug,packet compute DH's private.
10:54:48 ipsec,debug,packet 46650f7e b7a44262 7b694bd3 7883cc85 c276ea11 c9b06538 4bfa0941 a50e7597
10:54:48 ipsec,debug,packet a352ea17 159aecc1 2b28c772 2e3e0275 a889b6f3 22e963b9 f721457c 0f583953
10:54:48 ipsec,debug,packet 98da9e00 5547fa61 73b53d61 578ca746 52b19690 7dde9925 2dbc535a b7bc4b51
10:54:48 ipsec,debug,packet eb391916 d36558e1 74e24911 931bd867 8a8115be 33cd61c9 7bbb7d84 35e013ef
10:54:48 ipsec,debug,packet compute DH's public.
10:54:48 ipsec,debug,packet 2c279731 d0c9a4a8 5b395c06 48fe2705 b996391f 5d3f09f2 077559f0 568ae0b1
10:54:48 ipsec,debug,packet ca8723d2 963ebd29 a3bfd087 046cf152 5af2d33d 4f8cc91a ef9ac6d8 b13faef5
10:54:48 ipsec,debug,packet c60725df 2120c6fb 07a26039 c093efb5 82c7d385 a633dc37 b6b33bc2 e6157a43
10:54:48 ipsec,debug,packet 91f3c4d9 4ea64d0a 6413aceb 6dd720de d3cd59df 072bceda b0efec68 871cf6c8
10:54:48 ipsec,debug Hashing 184.151.61.155[60601] with algo #2
10:54:48 ipsec,debug,packet hash(sha1)
10:54:48 ipsec,debug Hashing 173.239.164.xxx[500] with algo #2
10:54:48 ipsec,debug,packet hash(sha1)
10:54:48 ipsec,debug Adding remote and local NAT-D payloads.
10:54:48 ipsec,debug,packet add payload of len 128, next type 10
10:54:48 ipsec,debug,packet add payload of len 24, next type 20
10:54:48 ipsec,debug,packet add payload of len 20, next type 20
10:54:48 ipsec,debug,packet add payload of len 20, next type 0
10:54:48 ipsec,debug,packet 236 bytes from 173.239.164.xxx[500] to 184.151.61.155[60601]
10:54:48 ipsec,debug,packet sockname 173.239.164.xxx[500]
10:54:48 ipsec,debug,packet send packet from 173.239.164.xxx[500]
10:54:48 ipsec,debug,packet send packet to 184.151.61.155[60601]
10:54:48 ipsec,debug,packet src4 173.239.164.xxx[500]
10:54:48 ipsec,debug,packet dst4 184.151.61.155[60601]
10:54:48 ipsec,debug,packet 1 times of 236 bytes message will be sent to 184.151.61.155[60601]
10:54:48 ipsec,debug,packet 1a93dd3b eb26feb7 d9e90d20 df08899e 04100200 00000000 000000ec 0a000084
10:54:48 ipsec,debug,packet 2c279731 d0c9a4a8 5b395c06 48fe2705 b996391f 5d3f09f2 077559f0 568ae0b1
10:54:48 ipsec,debug,packet ca8723d2 963ebd29 a3bfd087 046cf152 5af2d33d 4f8cc91a ef9ac6d8 b13faef5
10:54:48 ipsec,debug,packet c60725df 2120c6fb 07a26039 c093efb5 82c7d385 a633dc37 b6b33bc2 e6157a43
10:54:48 ipsec,debug,packet 91f3c4d9 4ea64d0a 6413aceb 6dd720de d3cd59df 072bceda b0efec68 871cf6c8
10:54:48 ipsec,debug,packet 1400001c 804d99a9 b6c20179 16445dcd 1419b3f7 178cb864 fb6dd931 14000018
10:54:48 ipsec,debug,packet 1cc2f875 abd42a97 58b908bd db3f4d02 bea23c3a 00000018 098c3c0e 6f5f1420
10:54:48 ipsec,debug,packet b334a75a 56696188 0ef142cf
10:54:48 ipsec,debug,packet resend phase1 packet 1a93dd3beb26feb7:d9e90d20df08899e
10:54:48 ipsec,debug,packet compute DH's shared.
10:54:48 ipsec,debug,packet
10:54:48 ipsec,debug,packet 66546c3a 9ea86404 ab4b2563 436ad792 6fe94f47 b3db4027 f30ad6b9 0f50ba27
10:54:48 ipsec,debug,packet 84c4d006 9216212f 0b4ec622 428f998c 9026662b 3b1da99a 2be1b03c d1050034
10:54:48 ipsec,debug,packet aa618ef6 24d91306 2ee2fd19 838efdc7 0a4fb2ce 9b1085a6 a0fd801f 5c7e323f
10:54:48 ipsec,debug,packet a9eeec5f b11e9ad1 ff89f7a3 8ff61875 cb1130e4 c3a35824 0eb0e108 fb3140ff
10:54:48 ipsec,debug,packet the psk found.
10:54:48 ipsec,debug,packet nonce 1:
10:54:48 ipsec,debug,packet fcfe3d5b 170990c1 6ad22c2c cd78d823
10:54:48 ipsec,debug,packet nonce 2:
10:54:48 ipsec,debug,packet 804d99a9 b6c20179 16445dcd 1419b3f7 178cb864 fb6dd931
10:54:48 ipsec,debug,packet hmac(hmac_sha1)
10:54:48 ipsec,debug,packet SKEYID computed:
10:54:48 ipsec,debug,packet cb8bf435 8eee0d6e fd425594 173c2d72 671f7b6b
10:54:48 ipsec,debug,packet hmac(hmac_sha1)
10:54:48 ipsec,debug,packet SKEYID_d computed:
10:54:48 ipsec,debug,packet d35ecdf8 aa695965 9f63ac3a bf4c9a75 833ff4e7
10:54:48 ipsec,debug,packet hmac(hmac_sha1)
10:54:48 ipsec,debug,packet SKEYID_a computed:
10:54:48 ipsec,debug,packet 2efce435 ae3f45f6 13e7a20d ca1a971e 3f82f453
10:54:48 ipsec,debug,packet hmac(hmac_sha1)
10:54:48 ipsec,debug,packet SKEYID_e computed:
10:54:48 ipsec,debug,packet bd924050 ff69bbf7 ad5e32fc 55f410a8 09e9eae0
10:54:48 ipsec,debug,packet encryption(3des)
10:54:48 ipsec,debug,packet hash(sha1)
10:54:48 ipsec,debug,packet len(SKEYID_e) < len(Ka) (20 < 24), generating long key (Ka = K1 | K2 | ...)
10:54:48 ipsec,debug,packet hmac(hmac_sha1)
10:54:48 ipsec,debug,packet compute intermediate encryption key K1
10:54:48 ipsec,debug,packet 00
10:54:48 ipsec,debug,packet 7f3e228a d5d2b4dc fdfb2bd9 038ae3eb 0148ffa6
10:54:48 ipsec,debug,packet hmac(hmac_sha1)
10:54:48 ipsec,debug,packet compute intermediate encryption key K2
10:54:48 ipsec,debug,packet 7f3e228a d5d2b4dc fdfb2bd9 038ae3eb 0148ffa6
10:54:48 ipsec,debug,packet f1188017 81b2b7a5 11f4cd83 4fd7d725 56aea5f2
10:54:48 ipsec,debug,packet final encryption key computed:
10:54:48 ipsec,debug,packet 7f3e228a d5d2b4dc fdfb2bd9 038ae3eb 0148ffa6 f1188017
10:54:48 ipsec,debug,packet hash(sha1)
10:54:48 ipsec,debug,packet encryption(3des)
10:54:48 ipsec,debug,packet IV computed:
10:54:48 ipsec,debug,packet aacf5300 972fa810
10:54:58 ipsec,debug,packet 236 bytes from 173.239.164.xxx[500] to 184.151.61.155[60601]
10:54:58 ipsec,debug,packet sockname 173.239.164.xxx[500]
10:54:58 ipsec,debug,packet send packet from 173.239.164.xxx[500]
10:54:58 ipsec,debug,packet send packet to 184.151.61.155[60601]
10:54:58 ipsec,debug,packet src4 173.239.164.xxx[500]
10:54:58 ipsec,debug,packet dst4 184.151.61.155[60601]
10:54:58 ipsec,debug,packet 1 times of 236 bytes message will be sent to 184.151.61.155[60601]
10:54:58 ipsec,debug,packet 1a93dd3b eb26feb7 d9e90d20 df08899e 04100200 00000000 000000ec 0a000084
10:54:58 ipsec,debug,packet 2c279731 d0c9a4a8 5b395c06 48fe2705 b996391f 5d3f09f2 077559f0 568ae0b1
10:54:58 ipsec,debug,packet ca8723d2 963ebd29 a3bfd087 046cf152 5af2d33d 4f8cc91a ef9ac6d8 b13faef5
10:54:58 ipsec,debug,packet c60725df 2120c6fb 07a26039 c093efb5 82c7d385 a633dc37 b6b33bc2 e6157a43
10:54:58 ipsec,debug,packet 91f3c4d9 4ea64d0a 6413aceb 6dd720de d3cd59df 072bceda b0efec68 871cf6c8
10:54:58 ipsec,debug,packet 1400001c 804d99a9 b6c20179 16445dcd 1419b3f7 178cb864 fb6dd931 14000018
10:54:58 ipsec,debug,packet 1cc2f875 abd42a97 58b908bd db3f4d02 bea23c3a 00000018 098c3c0e 6f5f1420
10:54:58 ipsec,debug,packet b334a75a 56696188 0ef142cf
10:54:58 ipsec,debug,packet resend phase1 packet 1a93dd3beb26feb7:d9e90d20df08899e
10:55:08 ipsec,debug,packet 236 bytes from 173.239.164.xxx[500] to 184.151.61.155[60601]
10:55:08 ipsec,debug,packet sockname 173.239.164.xxx[500]
10:55:08 ipsec,debug,packet send packet from 173.239.164.xxx[500]
10:55:08 ipsec,debug,packet send packet to 184.151.61.155[60601]
10:55:08 ipsec,debug,packet src4 173.239.164.xxx[500]
10:55:08 ipsec,debug,packet dst4 184.151.61.155[60601]
10:55:08 ipsec,debug,packet 1 times of 236 bytes message will be sent to 184.151.61.155[60601]
10:55:08 ipsec,debug,packet 1a93dd3b eb26feb7 d9e90d20 df08899e 04100200 00000000 000000ec 0a000084
10:55:08 ipsec,debug,packet 2c279731 d0c9a4a8 5b395c06 48fe2705 b996391f 5d3f09f2 077559f0 568ae0b1
10:55:08 ipsec,debug,packet ca8723d2 963ebd29 a3bfd087 046cf152 5af2d33d 4f8cc91a ef9ac6d8 b13faef5
10:55:08 ipsec,debug,packet c60725df 2120c6fb 07a26039 c093efb5 82c7d385 a633dc37 b6b33bc2 e6157a43
10:55:08 ipsec,debug,packet 91f3c4d9 4ea64d0a 6413aceb 6dd720de d3cd59df 072bceda b0efec68 871cf6c8
10:55:08 ipsec,debug,packet 1400001c 804d99a9 b6c20179 16445dcd 1419b3f7 178cb864 fb6dd931 14000018
10:55:08 ipsec,debug,packet 1cc2f875 abd42a97 58b908bd db3f4d02 bea23c3a 00000018 098c3c0e 6f5f1420
10:55:08 ipsec,debug,packet b334a75a 56696188 0ef142cf
10:55:08 ipsec,debug,packet resend phase1 packet 1a93dd3beb26feb7:d9e90d20df08899e
10:55:18 ipsec,debug,packet 236 bytes from 173.239.164.xxx[500] to 184.151.61.155[60601]
10:55:18 ipsec,debug,packet sockname 173.239.164.xxx[500]
10:55:18 ipsec,debug,packet send packet from 173.239.164.xxx[500]
10:55:18 ipsec,debug,packet send packet to 184.151.61.155[60601]
10:55:18 ipsec,debug,packet src4 173.239.164.xxx[500]
10:55:18 ipsec,debug,packet dst4 184.151.61.155[60601]
10:55:18 ipsec,debug,packet 1 times of 236 bytes message will be sent to 184.151.61.155[60601]
10:55:18 ipsec,debug,packet 1a93dd3b eb26feb7 d9e90d20 df08899e 04100200 00000000 000000ec 0a000084
10:55:18 ipsec,debug,packet 2c279731 d0c9a4a8 5b395c06 48fe2705 b996391f 5d3f09f2 077559f0 568ae0b1
10:55:18 ipsec,debug,packet ca8723d2 963ebd29 a3bfd087 046cf152 5af2d33d 4f8cc91a ef9ac6d8 b13faef5
10:55:18 ipsec,debug,packet c60725df 2120c6fb 07a26039 c093efb5 82c7d385 a633dc37 b6b33bc2 e6157a43
10:55:18 ipsec,debug,packet 91f3c4d9 4ea64d0a 6413aceb 6dd720de d3cd59df 072bceda b0efec68 871cf6c8
10:55:18 ipsec,debug,packet 1400001c 804d99a9 b6c20179 16445dcd 1419b3f7 178cb864 fb6dd931 14000018
10:55:18 ipsec,debug,packet 1cc2f875 abd42a97 58b908bd db3f4d02 bea23c3a 00000018 098c3c0e 6f5f1420
10:55:18 ipsec,debug,packet b334a75a 56696188 0ef142cf
10:55:18 ipsec,debug,packet resend phase1 packet 1a93dd3beb26feb7:d9e90d20df08899e
10:55:20 l2tp,debug,packet rcvd control message from 184.151.61.155:43280
10:55:20 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
10:55:20 l2tp,debug,packet (M) Message-Type=SCCRQ
10:55:20 l2tp,debug,packet (M) Protocol-Version=0x01:00
10:55:20 l2tp,debug,packet (M) Host-Name="anonymous"
10:55:20 l2tp,debug,packet (M) Framing-Capabilities=0x3
10:55:20 l2tp,debug,packet (M) Assigned-Tunnel-ID=23188
10:55:20 l2tp,debug,packet (M) Receive-Window-Size=1
10:55:20 l2tp,info first L2TP UDP packet received from 184.151.61.155
10:55:20 l2tp,debug tunnel 73 entering state: wait-ctl-conn
10:55:20 l2tp,debug,packet sent control message to 184.151.61.155:43280
10:55:20 l2tp,debug,packet tunnel-id=23188, session-id=0, ns=0, nr=1
10:55:20 l2tp,debug,packet (M) Message-Type=SCCRP
10:55:20 l2tp,debug,packet (M) Protocol-Version=0x01:00
10:55:20 l2tp,debug,packet (M) Framing-Capabilities=0x1
10:55:20 l2tp,debug,packet (M) Bearer-Capabilities=0x0
10:55:20 l2tp,debug,packet Firmware-Revision=0x1
10:55:20 l2tp,debug,packet (M) Host-Name="MikroTik"
10:55:20 l2tp,debug,packet Vendor-Name="MikroTik"
10:55:20 l2tp,debug,packet (M) Assigned-Tunnel-ID=73
10:55:20 l2tp,debug,packet (M) Receive-Window-Size=4
10:55:20 l2tp,debug,packet rcvd control message from 184.151.61.155:43280
10:55:20 l2tp,debug,packet tunnel-id=73, session-id=0, ns=1, nr=1
10:55:20 l2tp,debug,packet (M) Message-Type=SCCCN
10:55:20 l2tp,debug tunnel 73 entering state: estabilished
10:55:20 l2tp,debug,packet sent control message (ack) to 184.151.61.155:43280
10:55:20 l2tp,debug,packet tunnel-id=23188, session-id=0, ns=1, nr=2
10:55:21 l2tp,debug,packet rcvd control message from 184.151.61.155:43280
10:55:21 l2tp,debug,packet tunnel-id=73, session-id=0, ns=2, nr=1
10:55:21 l2tp,debug,packet (M) Message-Type=ICRQ
10:55:21 l2tp,debug,packet (M) Assigned-Session-ID=15472
10:55:21 l2tp,debug,packet (M) Call-Serial-Number=3593647708
10:55:21 l2tp,debug session 1 entering state: wait-connect
10:55:21 l2tp,debug,packet sent control message to 184.151.61.155:43280
10:55:21 l2tp,debug,packet tunnel-id=23188, session-id=15472, ns=1, nr=3
10:55:21 l2tp,debug,packet (M) Message-Type=ICRP
10:55:21 l2tp,debug,packet (M) Assigned-Session-ID=1
10:55:21 l2tp,debug,packet rcvd control message from 184.151.61.155:43280
10:55:21 l2tp,debug,packet tunnel-id=73, session-id=1, ns=3, nr=2
10:55:21 l2tp,debug,packet (M) Message-Type=ICCN
10:55:21 l2tp,debug,packet (M) Tx-Connect-Speed-BPS=100000000
10:55:21 l2tp,debug,packet (M) Framing-Type=0x3
10:55:21 l2tp,debug session 1 entering state: established
10:55:21 l2tp,debug,packet sent control message (ack) to 184.151.61.155:43280
10:55:21 l2tp,debug,packet tunnel-id=23188, session-id=0, ns=2, nr=4
10:55:21 l2tp,ppp,info <l2tp-0>: waiting for call...
10:55:21 l2tp,ppp,debug <184.151.61.155>: LCP lowerup
10:55:21 l2tp,ppp,debug <184.151.61.155>: LCP open
10:55:21 l2tp,ppp,debug,packet <184.151.61.155>: rcvd LCP ConfReq id=0x1
10:55:21 l2tp,ppp,debug,packet <mru 1400>
10:55:21 l2tp,ppp,debug,packet <asyncmap 0x0>
10:55:21 l2tp,ppp,debug,packet <magic 0xa5b1acfd>
10:55:22 l2tp,ppp,debug,packet <pcomp>
10:55:22 l2tp,ppp,debug,packet <accomp>
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: sent LCP ConfReq id=0x1
10:55:22 l2tp,ppp,debug,packet <mru 1460>
10:55:22 l2tp,ppp,debug,packet <magic 0x137233bf>
10:55:22 l2tp,ppp,debug,packet <auth mschap2>
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: sent LCP ConfRej id=0x1
10:55:22 l2tp,ppp,debug,packet <asyncmap 0x0>
10:55:22 l2tp,ppp,debug,packet <pcomp>
10:55:22 l2tp,ppp,debug,packet <accomp>
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: rcvd LCP ConfAck id=0x1
10:55:22 l2tp,ppp,debug,packet <mru 1460>
10:55:22 l2tp,ppp,debug,packet <magic 0x137233bf>
10:55:22 l2tp,ppp,debug,packet <auth mschap2>
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: rcvd LCP ConfReq id=0x2
10:55:22 l2tp,ppp,debug,packet <mru 1400>
10:55:22 l2tp,ppp,debug,packet <magic 0xa5b1acfd>
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: sent LCP ConfAck id=0x2
10:55:22 l2tp,ppp,debug,packet <mru 1400>
10:55:22 l2tp,ppp,debug,packet <magic 0xa5b1acfd>
10:55:22 l2tp,ppp,debug <184.151.61.155>: LCP opened
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: sent CHAP Challenge id=0x1
10:55:22 l2tp,ppp,debug,packet <challenge len=10>
10:55:22 l2tp,ppp,debug,packet <name MikroTik>
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: rcvd CHAP Response id=0x1
10:55:22 l2tp,ppp,debug,packet <response len=31>
10:55:22 l2tp,ppp,debug,packet <name userxx>
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: sent CHAP Success id=0x1
10:55:22 l2tp,ppp,debug,packet S=6F8EAFA0743B48CA643D9D4B4BED32E0A85908F3
10:55:22 l2tp,ppp,info <l2tp-0>: authenticated
10:55:22 l2tp,ppp,debug <184.151.61.155>: IPCP lowerup
10:55:22 l2tp,ppp,debug <184.151.61.155>: IPCP open
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: sent IPCP ConfReq id=0x1
10:55:22 l2tp,ppp,debug,packet <addr 172.31.248.233>
10:55:22 l2tp,ppp,debug <184.151.61.155>: IPV6CP open
10:55:22 l2tp,ppp,debug <184.151.61.155>: MPLSCP lowerup
10:55:22 l2tp,ppp,debug <184.151.61.155>: MPLSCP open
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: sent MPLSCP ConfReq id=0x1
10:55:22 l2tp,ppp,debug <184.151.61.155>: BCP open
10:55:22 l2tp,ppp,debug <184.151.61.155>: CCP lowerup
10:55:22 l2tp,ppp,debug <184.151.61.155>: CCP open
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: rcvd CCP ConfReq id=0x1
10:55:22 l2tp,ppp,debug,packet <deflate 17 method 7>
10:55:22 l2tp,ppp,debug,packet <deflate (old) 17 method 7>
10:55:22 l2tp,ppp,debug,packet <0x15 03 2f>
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: sent CCP ConfReq id=0x1
10:55:22 l2tp,ppp,debug,packet <184.151.61.155>: sent CCP ConfRej id=0x1
10:55:22 l2tp,ppp,debug,packet <deflate 17 method 7>
10:55:22 l2tp,ppp,debug,packet <deflate (old) 17 method 7>
10:55:22 l2tp,ppp,debug,packet <0x15 03 2f>
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: rcvd IPCP ConfReq id=0x1
10:55:23 l2tp,ppp,debug,packet <addr 0.0.0.0>
10:55:23 l2tp,ppp,debug,packet <comp VJ f 1>
10:55:23 l2tp,ppp,debug,packet <ms-dns 0.0.0.0>
10:55:23 l2tp,ppp,debug,packet <ms-dns 0.0.0.0>
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: sent IPCP ConfRej id=0x1
10:55:23 l2tp,ppp,debug,packet <comp VJ f 1>
10:55:23 l2tp,ppp,debug,packet <ms-dns 0.0.0.0>
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: rcvd IPCP ConfAck id=0x1
10:55:23 l2tp,ppp,debug,packet <addr 172.31.248.233>
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: rcvd LCP ProtRej id=0x3
10:55:23 l2tp,ppp,debug,packet 82 81 01 01 00 04
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: rcvd CCP ConfAck id=0x1
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: rcvd CCP ConfReq id=0x2
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: sent CCP ConfAck id=0x2
10:55:23 l2tp,ppp,debug <184.151.61.155>: CCP opened
10:55:23 l2tp,ppp,debug <184.151.61.155>: CCP close
10:55:23 l2tp,ppp,debug <184.151.61.155>: CCP closed
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: sent CCP TermReq id=0x2
10:55:23 l2tp,ppp,debug,packet No compression negotiated\00
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: rcvd IPCP ConfReq id=0x2
10:55:23 l2tp,ppp,debug,packet <addr 0.0.0.0>
10:55:23 l2tp,ppp,debug,packet <ms-dns 0.0.0.0>
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: sent IPCP ConfNak id=0x2
10:55:23 l2tp,ppp,debug,packet <addr 172.31.248.232>
10:55:23 l2tp,ppp,debug,packet <ms-dns 172.31.254.32>
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: rcvd CCP TermAck id=0x2
10:55:23 l2tp,ppp,debug <184.151.61.155>: IPCP timer
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: sent IPCP ConfReq id=0x2
10:55:23 l2tp,ppp,debug,packet <addr 172.31.248.233>
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: rcvd IPCP ConfReq id=0x3
10:55:23 l2tp,ppp,debug,packet <addr 172.31.248.232>
10:55:23 l2tp,ppp,debug,packet <ms-dns 172.31.254.32>
10:55:23 l2tp,ppp,debug,packet <184.151.61.155>: sent IPCP ConfAck id=0x3
10:55:23 l2tp,ppp,debug,packet <addr 172.31.248.232>
10:55:23 l2tp,ppp,debug,packet <ms-dns 172.31.254.32>
10:55:24 l2tp,ppp,debug,packet <184.151.61.155>: rcvd IPCP ConfAck id=0x2
10:55:24 l2tp,ppp,debug,packet <addr 172.31.248.233>
10:55:24 l2tp,ppp,debug <184.151.61.155>: IPCP opened
10:55:24 l2tp,ppp,info <l2tp-0>: connected
10:55:24 l2tp,ppp,info,account userxx logged in, 172.31.248.232
10:55:24 ipsec,debug 172.31.248.233[500] used as isakmp port (fd=22)
10:55:24 ipsec,debug 172.31.248.233[4500] used as isakmp port with NAT-T (fd=23)
10:55:28 ipsec,debug,packet 236 bytes from 173.239.164.xxx[500] to 184.151.61.155[60601]
10:55:28 ipsec,debug,packet sockname 173.239.164.xxx[500]
10:55:28 ipsec,debug,packet send packet from 173.239.164.xxx[500]
10:55:28 ipsec,debug,packet send packet to 184.151.61.155[60601]
10:55:28 ipsec,debug,packet src4 173.239.164.xxx[500]
10:55:28 ipsec,debug,packet dst4 184.151.61.155[60601]
10:55:28 ipsec,debug,packet 1 times of 236 bytes message will be sent to 184.151.61.155[60601]
10:55:28 ipsec,debug,packet 1a93dd3b eb26feb7 d9e90d20 df08899e 04100200 00000000 000000ec 0a000084
10:55:28 ipsec,debug,packet 2c279731 d0c9a4a8 5b395c06 48fe2705 b996391f 5d3f09f2 077559f0 568ae0b1
10:55:28 ipsec,debug,packet ca8723d2 963ebd29 a3bfd087 046cf152 5af2d33d 4f8cc91a ef9ac6d8 b13faef5
10:55:28 ipsec,debug,packet c60725df 2120c6fb 07a26039 c093efb5 82c7d385 a633dc37 b6b33bc2 e6157a43
10:55:28 ipsec,debug,packet 91f3c4d9 4ea64d0a 6413aceb 6dd720de d3cd59df 072bceda b0efec68 871cf6c8
10:55:28 ipsec,debug,packet 1400001c 804d99a9 b6c20179 16445dcd 1419b3f7 178cb864 fb6dd931 14000018
10:55:28 ipsec,debug,packet 1cc2f875 abd42a97 58b908bd db3f4d02 bea23c3a 00000018 098c3c0e 6f5f1420
10:55:28 ipsec,debug,packet b334a75a 56696188 0ef142cf
10:55:28 ipsec,debug,packet resend phase1 packet 1a93dd3beb26feb7:d9e90d20df08899e
10:55:29 firewall,info DROP INPUT-INVALID: input-inval: in:<l2tp-userxx> out:(none), proto ICMP (type 3, code 3), 10.232.53.27->173.239.164.xxx, len 292
10:55:38 ipsec,debug,packet 236 bytes from 173.239.164.xxx[500] to 184.151.61.155[60601]
10:55:38 ipsec,debug,packet sockname 173.239.164.xxx[500]
10:55:38 ipsec,debug,packet send packet from 173.239.164.xxx[500]
10:55:38 ipsec,debug,packet send packet to 184.151.61.155[60601]
10:55:38 ipsec,debug,packet src4 173.239.164.xxx[500]
10:55:38 ipsec,debug,packet dst4 184.151.61.155[60601]
10:55:38 ipsec,debug,packet 1 times of 236 bytes message will be sent to 184.151.61.155[60601]
10:55:38 ipsec,debug,packet 1a93dd3b eb26feb7 d9e90d20 df08899e 04100200 00000000 000000ec 0a000084
10:55:38 ipsec,debug,packet 2c279731 d0c9a4a8 5b395c06 48fe2705 b996391f 5d3f09f2 077559f0 568ae0b1
10:55:38 ipsec,debug,packet ca8723d2 963ebd29 a3bfd087 046cf152 5af2d33d 4f8cc91a ef9ac6d8 b13faef5
10:55:38 ipsec,debug,packet c60725df 2120c6fb 07a26039 c093efb5 82c7d385 a633dc37 b6b33bc2 e6157a43
10:55:38 ipsec,debug,packet 91f3c4d9 4ea64d0a 6413aceb 6dd720de d3cd59df 072bceda b0efec68 871cf6c8
10:55:38 ipsec,debug,packet 1400001c 804d99a9 b6c20179 16445dcd 1419b3f7 178cb864 fb6dd931 14000018
10:55:38 ipsec,debug,packet 1cc2f875 abd42a97 58b908bd db3f4d02 bea23c3a 00000018 098c3c0e 6f5f1420
10:55:38 ipsec,debug,packet b334a75a 56696188 0ef142cf
10:55:38 ipsec,debug,packet resend phase1 packet 1a93dd3beb26feb7:d9e90d20df08899e
10:55:39 l2tp,debug,packet rcvd control message from 184.151.61.155:43280
10:55:39 l2tp,debug,packet tunnel-id=73, session-id=0, ns=4, nr=2
10:55:39 l2tp,debug,packet (M) Message-Type=StopCCN
10:55:39 l2tp,debug,packet (M) Assigned-Tunnel-ID=23188
10:55:39 l2tp,debug,packet (M) Result-Code=6
10:55:39 l2tp,debug,packet sent control message (ack) to 184.151.61.155:43280
10:55:39 l2tp,debug,packet tunnel-id=23188, session-id=0, ns=2, nr=5
10:55:39 l2tp,debug tunnel 73 entering state: dead
10:55:39 l2tp,debug session 1 entering state: dead
10:55:39 l2tp,ppp,debug <184.151.61.155>: LCP close
10:55:39 l2tp,ppp,debug <184.151.61.155>: LCP closed
10:55:39 l2tp,ppp,debug <184.151.61.155>: CCP lowerdown
10:55:39 l2tp,ppp,debug <184.151.61.155>: BCP lowerdown
10:55:39 l2tp,ppp,debug <184.151.61.155>: BCP down event in starting state
10:55:39 l2tp,ppp,debug <184.151.61.155>: IPCP lowerdown
10:55:39 l2tp,ppp,debug <184.151.61.155>: IPCP closed
10:55:39 l2tp,ppp,info,account userxx logged out, 18 399 125 10 10
10:55:39 l2tp,ppp,debug <184.151.61.155>: IPV6CP lowerdown
10:55:39 l2tp,ppp,debug <184.151.61.155>: IPV6CP down event in starting state
10:55:39 l2tp,ppp,debug <184.151.61.155>: MPLSCP lowerdown
10:55:39 l2tp,ppp,debug,packet <184.151.61.155>: sent LCP TermReq id=0x2
10:55:39 l2tp,ppp,debug,packet administrator request\00
10:55:39 l2tp,ppp,debug <184.151.61.155>: LCP lowerdown
10:55:39 l2tp,ppp,info <l2tp-userxx>: terminating... - administrator request
10:55:39 l2tp,ppp,debug <184.151.61.155>: LCP lowerdown
10:55:39 l2tp,ppp,debug <184.151.61.155>: LCP down event in initial state
10:55:39 l2tp,ppp,info <l2tp-userxx>: disconnected
10:55:40 ipsec,debug unbind ::ffff:172.31.248.233
10:55:48 ipsec,debug phase1 negotiation failed due to time up. 1a93dd3beb26feb7:d9e90d20df08899e
Top
 
User avatar
ocgltd
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Sun Sep 02, 2012 12:53 am
Location: Ontario, Canada

Re: L2TP/IPSEC connection drops due to "resend phase1 packet

Tue Sep 04, 2012 8:23 pm

I've read some postings about creating a NAT rule to prevent IPSEC traffic one way from going outside of tunnel...but I'm not sure if that applies. Seems like a possibility since the SA list shows bytes have gone one way but not the other.

However, this L2TP/IPSEC vpn is for road warriors (different IP each time)...so I'm not sure a rule will work...
Top
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:
Contact gsloop

Re: L2TP/IPSEC connection drops due to "resend phase1 packet

Tue Sep 04, 2012 9:20 pm

If you're still intent on setting up a RW connect via IPSec after this post, let me know and I'll see if I can offer some help.

However, you'll have to use a peer address of 0.0.0.0/0 to allow a connect.

Also, you can't write any filter rules to manage IPSec traffic, since you can't know the source address.
[This is because RoS doesn't implement IPSec policy matching like IPTables does.]

There's simply no way to know if the traffic came from IPSec or not.
You'll just have traffic show up in the WAN interface from some random IP address on the internet.
And you'll have to have a forward rule that allows all that random source IP traffic to go through. [Or you will have to NOT have an explicit deny everything not allowed rule.]

The only way this could work without serious implications to security is if you're using NAT - which you probably are - but you'll be relying totally and completely on NAT for protecting everything.

So, while I'm glad to help you setup IPSec for RW connections, IPSec on RoS is bad for anything except site-to-site connections. [Even then, I'm not happy not having a IPSec policy match so I can only allow traffic I explicitly know passed through the IPSec tunnel, rather than just blindly allowing traffic that claims to be from a specific IP source range.]

Mikrotik claims they are "planning" on implimenting IPSec policy matching sometime soon, but IMO, don't hold your breath.

For road-warrior support:
Use OpenVPN, [or SSTP - once it's fixed.]

PPTP is inscure - see Cloudcracker.
L2TP has the same issues with no IPSec policy matching, plus some. [They can connect with a straight PPP/L2TP without any IPSec wrapper, and there's no way to stop it. They can connect to IPSec direct without any L2TP too.]
SSTP has issues from what I can see, since 5.12 and newer releases. [And releases older than something like 5.14 contain a security bug.]

HTH
-Greg
Top
 
User avatar
ocgltd
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Sun Sep 02, 2012 12:53 am
Location: Ontario, Canada

Re: L2TP/IPSEC connection drops due to "resend phase1 packet

Tue Sep 04, 2012 11:47 pm

I have devices (eg: Playbook) which will only do L2TP/IPSEC so I don't have a choice on vpn protocols unfortunately.

I have a peer setup with 0.0.0.0/0 and the connection starts, it just dies and I have no understanding of why. I appreciate any help!

Thanks
Top
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:
Contact gsloop

Re: L2TP/IPSEC connection drops due to "resend phase1 packet

Thu Sep 06, 2012 2:02 am

I'm horrible about parsing IPSec logs - but it doesn't look like you get past Phase one.

Do you ever see any SA's get installed in the IPsec SA's section?

My *guess* with just a brief look is that there's some mismatch in the IPSec config client vs RoS side.
SA Lifetime etc.

Good luck.

-Greg
Top
 
User avatar
ocgltd
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Sun Sep 02, 2012 12:53 am
Location: Ontario, Canada

Re: L2TP/IPSEC connection drops due to "resend phase1 packet

Thu Sep 06, 2012 5:33 am

Yes - I see to SA's (one for in, one for out) appear.

Interestingly, the INBOUND shows 1700 bytes, the OUTBOUNG shows 0 bytes. Makes me thinking outbound traffic is going outside the IPSEC secure channel.
Top
 
User avatar
ocgltd
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Sun Sep 02, 2012 12:53 am
Location: Ontario, Canada

Re: L2TP/IPSEC connection drops due to "resend phase1 packet

Sat Sep 08, 2012 8:12 am

5 days and no answers...and no response from MT tech support....frustrating. I'm just about ready to rip this RB out and go back to Linux firewalls.

I contacted a couple of MT certified consultants, but at $100+/hr and 2 hours minimums, and open ended estimates to diagnose and fix, I may as well have purchased a fortigate.

A low entry price of the MT quickly washes away when I need to spend hundreds of dollars of support to do something basic it should do out of the box.

Please someone from MikroTik, help me!

** What about the 30 days support included since I bought direct? **
Top
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:
Contact gsloop

Re: L2TP/IPSEC connection drops due to "resend phase1 packet

Mon Sep 10, 2012 4:37 am

What firewall rules do you have?
If you have any, or NAT/Mangle rules, can you "disable" them? [Other than the necessary ones - like NAT from LAN to WAN]

It looks like it keeps trying to finish phase 1... [Though again, I'm absolutely horrible trying to decipher IPSec logs...]
---
10:55:28 ipsec,debug,packet resend phase1 packet 1a93dd3beb26feb7:d9e90d20df08899e
10:55:29 firewall,info DROP INPUT-INVALID: input-inval: in:<l2tp-userxx> out:(none), proto ICMP (type 3, code 3), 10.232.53.27->173.239.164.xxx, len 292

---

As far as your assessment about unanswered threads etc. I mostly agree.
I'm not sure what you're doing with 'em - though I think like myself, you're looking for decent devices for clients.

For that purpose, once you get reasonably familiar with RoS, and know what to avoid and what works, you'll do fine. You'll sink a lot of time into learning things, but IMO it's worth it.

I've not used Fortigate stuff, but I was a snapgear guy until McAfee nuked the line. RoS was the only reasonable alternative I could find.
[Though if Ubiquiti gets a decent product out in the FW space, I'll probably seriously consider their product - I really like their attitude a lot better. :) ]

-Greg


---
Freeking spam filter. Can't post new message - so I'll append it here...

---
That resend is why I don't think you really have SA's established yet.

I think the IPSec tunnel is getting into P1 [phase1] and then bombing.

My guess is there's some disagreement between the client and server on the key lifetime or something.
See "Proposal check" I can't recall how they go, but "obey" is more "accommodating" than "strict" for example. Look at the docs.

You do have the exchange mode set as Main-L2TP, right?
Generate policy is checked?

-Greg
Top
 
User avatar
ocgltd
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Sun Sep 02, 2012 12:53 am
Location: Ontario, Canada

Re: L2TP/IPSEC connection drops due to "resend phase1 packet

Mon Sep 10, 2012 5:12 am

Greg

Thanks for your posting! Your idea about disabling NAT rules had escaped me, so I tried it and it started to work!

I then re-enabled my NAT rules, and it STILL works. AAAHHHH.....what is going one with this RB!

At least I have something to chase now.

Thanks,
Top
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:
Contact gsloop

Re: L2TP/IPSEC connection drops due to "resend phase1 packet

Mon Sep 10, 2012 10:53 pm

I've seen, at minimum, THREE cases where the OpenVPN server simply stops responding when parameters are changed on the server/RoS. Simply rebooting the Routerboard fixed them.

I've seen this complaint at at least with OpenVPN, and perhaps others [vpn end-points].

IMO, it's a good plan, when making lots of changes to reboot the POS when things look shaky. [IME, the things work great once configured, but throwing switches like Homer Simpson seems to really croak the things sometimes. Thus I'm living with a reboot. Though it sure makes you want to throw and smash things when you've spent the last 5 hours "richard'ing" around trying to figure out what you screwed up, when a reboot fixes it. UGH!]

Glad that worked.

[The disable trick can work wonders while troubleshooting things though! Plus it's easy and quick.]

-Greg
Top
Post Reply

Who is online

Users browsing this forum: CGGXANNX, szizo and 70 guests
  4. RouterOS
  5. General