Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

RB2011 as Cisco VPN (L2TP/IPSec) client

Locked
 
sejtam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Sun Dec 14, 2014 4:23 pm

RB2011 as Cisco VPN (L2TP/IPSec) client

Mon Dec 29, 2014 5:58 am

[something went wron with the previous attempt at posting this. Here is try #2]:

I am trying to configure my RB2011 as a client to out HQ's Cisco VPN.

We were given the following information for configuration
(with samples fow both Win and Mac)

Code: Select all
Server IP address 	[A.B.C.D in my sample code below]
username
password
IPsec preshared key
That is basically all.

Note that my RB2011 is not at this point actually my router. I just connected
it to the LAN. Thus I opened up 'VPN Passthrough' for both IPsec and L2TP.

The RB2011 uses 192.168.0.233 as source IP, which is NATed on my existing
router.
... Ultimately I will use the WAN port when the RB2011 becomes my actual
router, but I am not that far yet...


I configured the following:
Code: Select all
/ip ipsec peer
add address=A.B.C.D/32 disabled=yes enc-algorithm=3des lifetime=1h secret=XXXXX
Code: Select all
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add dst-address=A.B.C.D/32 proposal=myproposal sa-dst-address=A.B.C.D sa-src-address=0.0.0.0 src-address=192.168.0.233/32 tunnel=yes
Code: Select all
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc
add auth-algorithms=md5,sha1 comment=HQ enc-algorithms=3des,aes-128-cbc,aes-256-cbc name=myproposal
Code: Select all
/interface l2tp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 comment=HQ connect-to=A.B.C.D dial-on-demand=no disabled=yes keepalive-timeout=60 max-mru=1450 max-mtu=1450 mrru=disabled name=HQ \
    password=hyid@HERN profile=default-encryption user=mathias
When I enable the ipsec peer, I see:
Code: Select all
23:18:36 system,info ipsec peer changed by admin
23:18:36 ipsec,debug,packet ===
23:18:36 ipsec,debug initiate new phase 1 negotiation: 192.168.0.223[500]<=>A.B.C.D[500]
23:18:36 ipsec,debug begin Identity Protection mode.
23:18:36 ipsec,debug,packet new cookie:
23:18:36 ipsec,debug,packet 0c7a009377266782
23:18:36 ipsec,debug,packet add payload of len 48, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 0
23:18:36 ipsec,debug,packet 340 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:18:36 ipsec,debug,packet sockname 192.168.0.223[500]
23:18:36 ipsec,debug,packet send packet from 192.168.0.223[500]
23:18:36 ipsec,debug,packet send packet to A.B.C.D[500]
23:18:36 ipsec,debug,packet src4 192.168.0.223[500]
23:18:36 ipsec,debug,packet dst4 A.B.C.D[500]
23:18:36 ipsec,debug,packet 1 times of 340 bytes message will be sent to A.B.C.D[500]
23:18:36 ipsec,debug,packet 0c7a0093 77266782 00000000 00000000 01100200 00000000 00000154 0d000034
23:18:36 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c0e10
23:18:36 ipsec,debug,packet 80010005 80030001 80020002 80040002 0d000014 4a131c81 07035845 5c5728f2
23:18:36 ipsec,debug,packet 0e95452f 0d000014 8f8d8382 6d246b6f c7a8a6a4 28c11de8 0d000014 439b59f8
23:18:36 ipsec,debug,packet ba676c4c 7737ae22 eab8f582 0d000014 4d1e0e13 6deafa34 c4f3ea9f 02ec7285
23:18:36 ipsec,debug,packet 0d000014 80d0bb3d ef54565e e84645d4 c85ce3ee 0d000014 9909b64e ed937c65
23:18:36 ipsec,debug,packet 73de52ac e952fa6b 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014
23:18:36 ipsec,debug,packet cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e 086381b5
23:18:36 ipsec,debug,packet ec427b1f 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862 0d000014 4485152d
23:18:36 ipsec,debug,packet 18b6bbcd 0be8a846 9579ddcc 0d000014 12f5f28c 457168a9 702d9fe2 74cc0100
23:18:36 ipsec,debug,packet 00000014 afcad713 68a1f1c9 6b8696fc 77570100
23:18:36 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:0000000000000000
23:18:37 ipsec,debug,packet ==========
23:18:37 ipsec,debug,packet 100 bytes message received from A.B.C.D[500] to 192.168.0.223[500]
23:18:37 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 01100200 00000000 00000064 0d000034
23:18:37 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:18:37 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10 00000014 4a131c81 07035845 5c5728f2
23:18:37 ipsec,debug,packet 0e95452f
23:18:37 ipsec,debug,packet begin.
23:18:37 ipsec,debug,packet seen nptype=1(sa)
23:18:37 ipsec,debug,packet seen nptype=13(vid)
23:18:37 ipsec,debug,packet succeed.
23:18:37 ipsec,debug received Vendor ID: RFC 3947
23:18:37 ipsec,debug Selected NAT-T version: RFC 3947
23:18:37 ipsec,debug,packet total SA len=48
23:18:37 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:18:37 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10
23:18:37 ipsec,debug,packet begin.
23:18:37 ipsec,debug,packet seen nptype=2(prop)
23:18:37 ipsec,debug,packet succeed.
23:18:37 ipsec,debug,packet proposal #1 len=40
23:18:37 ipsec,debug,packet begin.
23:18:37 ipsec,debug,packet seen nptype=3(trns)
23:18:37 ipsec,debug,packet succeed.
23:18:37 ipsec,debug,packet transform #1 len=32
23:18:37 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:18:37 ipsec,debug,packet encryption(3des)
23:18:37 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:18:37 ipsec,debug,packet hash(sha1)
23:18:37 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:18:37 ipsec,debug,packet dh(modp1024)
23:18:37 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:18:37 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:18:37 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:18:37 ipsec,debug,packet pair 1:
23:18:37 ipsec,debug,packet  0x478c00: next=(nil) tnext=(nil)
23:18:37 ipsec,debug,packet proposal #1: 1 transform
23:18:37 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
23:18:37 ipsec,debug,packet trns#=1, trns-id=IKE
23:18:37 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:18:37 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:18:37 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:18:37 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:18:37 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:18:37 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:18:37 ipsec,debug,packet Compared: Local:Peer
23:18:37 ipsec,debug,packet (lifetime = 3600:3600)
23:18:37 ipsec,debug,packet (lifebyte = 0:0)
23:18:37 ipsec,debug,packet enctype = 3DES-CBC:3DES-CBC
23:18:37 ipsec,debug,packet (encklen = 0:0)
23:18:37 ipsec,debug,packet hashtype = SHA:SHA
23:18:37 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
23:18:37 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
23:18:37 ipsec,debug,packet an acceptable proposal found.
23:18:37 ipsec,debug,packet dh(modp1024)
23:18:37 ipsec,debug,packet agreed on pre-shared key auth.
23:18:37 ipsec,debug,packet ===
23:18:37 ipsec,debug,packet compute DH's private.
23:18:37 ipsec,debug,packet 73fe0535 fcf284d3 3d9b9c94 30b7e7e0 d44c6ed6 a715808b 2db299b1 b7f2415a
23:18:37 ipsec,debug,packet 59a2639f 4fa09b7c aadf5bf8 199c5fcf 5b98eeb3 6b00da14 f5355a16 84e433f3
23:18:37 ipsec,debug,packet bfa7c733 9f1d555f 5ff4ad53 c18d7ad9 fc9a0008 30ac6500 7fd08293 f1c309e6
23:18:37 ipsec,debug,packet 6a96dec5 b485dbd7 705a0ccd 1acec986 189abc7a c4f3ab5c 37aa61f2 86c1e861
23:18:37 ipsec,debug,packet compute DH's public.
23:18:37 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:18:37 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:18:37 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:18:37 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:18:37 ipsec,debug Hashing A.B.C.D[500] with algo #2
23:18:37 ipsec,debug,packet hash(sha1)
23:18:37 ipsec,debug Hashing 192.168.0.223[500] with algo #2
23:18:37 ipsec,debug,packet hash(sha1)
23:18:37 ipsec,debug Adding remote and local NAT-D payloads.
23:18:37 ipsec,debug,packet add payload of len 128, next type 10
23:18:37 ipsec,debug,packet add payload of len 24, next type 20
23:18:37 ipsec,debug,packet add payload of len 20, next type 20
23:18:37 ipsec,debug,packet add payload of len 20, next type 0
23:18:37 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:18:37 ipsec,debug,packet sockname 192.168.0.223[500]
23:18:37 ipsec,debug,packet send packet from 192.168.0.223[500]
23:18:37 ipsec,debug,packet send packet to A.B.C.D[500]
23:18:37 ipsec,debug,packet src4 192.168.0.223[500]
23:18:37 ipsec,debug,packet dst4 A.B.C.D[500]
23:18:37 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:18:37 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:18:37 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:18:37 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:18:37 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:18:37 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:18:37 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:18:37 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:18:37 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:18:37 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
A tcpdump on my current DD-WRT router shows:
Code: Select all
23:18:15.927375 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 368) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))))
    (vid: len=16 4a131c81070358455c5728f20e95452f)
    (vid: len=16 8f8d83826d246b6fc7a8a6a428c11de8)
    (vid: len=16 439b59f8ba676c4c7737ae22eab8f582)
    (vid: len=16 4d1e0e136deafa34c4f3ea9f02ec7285)
    (vid: len=16 80d0bb3def54565ee84645d4c85ce3ee)
    (vid: len=16 9909b64eed937c6573de52ace952fa6b)
    (vid: len=16 7d9419a65310ca6f2c179d9215529d56)
    (vid: len=16 cd60464335df21f87cfdb2fc68b6a448)
    (vid: len=16 90cb80913ebb696e086381b5ec427b1f)
    (vid: len=16 16f6ca16e4a4066d83821a0f0aeaa862)
    (vid: len=16 4485152d18b6bbcd0be8a8469579ddcc)
    (vid: len=16 12f5f28c457168a9702d9fe274cc0100)
    (vid: len=16 afcad71368a1f1c96b8696fc77570100)
23:18:16.128493 IP (tos 0x0, ttl 245, id 46454, offset 0, flags [none], proto UDP (17), length 128) A.B.C.D.500 > 192.168.0.223.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 R ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration value=0e10))))
    (vid: len=16 4a131c81070358455c5728f20e95452f)
23:18:16.216888 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
    (nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
    (#20)
    (#20)
23:18:26.228340 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
    (nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
    (#20)
    (#20)
23:18:36.225949 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
    (nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
    (#20)
    (#20)
23:18:46.235812 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
    (nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
    (#20)
    (#20)
23:18:56.232991 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
    (nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
    (#20)
    (#20)
23:19:06.241004 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
    (nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
    (#20)
    (#20)
23:19:25.920422 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 368) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))))
    (vid: len=16 4a131c81070358455c5728f20e95452f)
    (vid: len=16 8f8d83826d246b6fc7a8a6a428c11de8)
    (vid: len=16 439b59f8ba676c4c7737ae22eab8f582)
    (vid: len=16 4d1e0e136deafa34c4f3ea9f02ec7285)
    (vid: len=16 80d0bb3def54565ee84645d4c85ce3ee)
    (vid: len=16 9909b64eed937c6573de52ace952fa6b)
    (vid: len=16 7d9419a65310ca6f2c179d9215529d56)
    (vid: len=16 cd60464335df21f87cfdb2fc68b6a448)
    (vid: len=16 90cb80913ebb696e086381b5ec427b1f)
    (vid: len=16 16f6ca16e4a4066d83821a0f0aeaa862)
    (vid: len=16 4485152d18b6bbcd0be8a8469579ddcc)
    (vid: len=16 12f5f28c457168a9702d9fe274cc0100)
    (vid: len=16 afcad71368a1f1c96b8696fc77570100)
23:19:26.133409 IP (tos 0x0, ttl 245, id 46650, offset 0, flags [none], proto UDP (17), length 128) A.B.C.D.500 > 192.168.0.223.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 R ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration value=0e10))))
    (vid: len=16 4a131c81070358455c5728f20e95452f)
23:19:26.220992 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (ke: key len=128 229b788f106362f6edb6d6ede586f1ddfd81927ac67c8ace4fa68862ab34e9bd86ecc52d0831d5e775fdd5e8cc016f0de1eb58f691929c9027a32f421814fd6c984d693025836d863a8fd9c12268c94bc7e324bd16249fcc9221a03f79fc4cf360df3d073dd4a22243709dcf4a1b82be8f9a5db1042a3e5870a94480f75d7991)
    (nonce: n len=24 85eca684dcae46c0a90d8f25844f8884d62bc77d7d304e5e)
    (#20)
    (#20)
23:19:36.223335 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (ke: key len=128 229b788f106362f6edb6d6ede586f1ddfd81927ac67c8ace4fa68862ab34e9bd86ecc52d0831d5e775fdd5e8cc016f0de1eb58f691929c9027a32f421814fd6c984d693025836d863a8fd9c12268c94bc7e324bd16249fcc9221a03f79fc4cf360df3d073dd4a22243709dcf4a1b82be8f9a5db1042a3e5870a94480f75d7991)
    (nonce: n len=24 85eca684dcae46c0a90d8f25844f8884d62bc77d7d304e5e)
    (#20)
    (#20)
23:19:46.226383 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid  cookie ->: phase 1 I ident:
    (ke: key len=128 229b788f106362f6edb6d6ede586f1ddfd81927ac67c8ace4fa68862ab34e9bd86ecc52d0831d5e775fdd5e8cc016f0de1eb58f691929c9027a32f421814fd6c984d693025836d863a8fd9c12268c94bc7e324bd16249fcc9221a03f79fc4cf360df3d073dd4a22243709dcf4a1b82be8f9a5db1042a3e5870a94480f75d7991)
    (nonce: n len=24 85eca684dcae46c0a90d8f25844f8884d62bc77d7d304e5e)
    (#20)
    (#20)


after this is seems to simply continue:
Code: Select all
23:18:47 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:18:47 ipsec,debug,packet sockname 192.168.0.223[500]
23:18:47 ipsec,debug,packet send packet from 192.168.0.223[500]
23:18:47 ipsec,debug,packet send packet to A.B.C.D[500]
23:18:47 ipsec,debug,packet src4 192.168.0.223[500]
23:18:47 ipsec,debug,packet dst4 A.B.C.D[500]
23:18:47 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:18:47 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:18:47 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:18:47 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:18:47 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:18:47 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:18:47 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:18:47 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:18:47 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:18:47 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:18:57 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:18:57 ipsec,debug,packet sockname 192.168.0.223[500]
23:18:57 ipsec,debug,packet send packet from 192.168.0.223[500]
23:18:57 ipsec,debug,packet send packet to A.B.C.D[500]
23:18:57 ipsec,debug,packet src4 192.168.0.223[500]
23:18:57 ipsec,debug,packet dst4 A.B.C.D[500]
23:18:57 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:18:57 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:18:57 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:18:57 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:18:57 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:18:57 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:18:57 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:18:57 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:18:57 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:18:57 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:07 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:07 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:07 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:07 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:07 ipsec,debug,packet src4 192.168.0.223[500]
23:19:07 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:07 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:07 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:19:07 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:19:07 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:19:07 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:19:07 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:19:07 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:19:07 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:19:07 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:19:07 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:17 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:17 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:17 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:17 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:17 ipsec,debug,packet src4 192.168.0.223[500]
23:19:17 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:17 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:17 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:19:17 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:19:17 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:19:17 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:19:17 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:19:17 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:19:17 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:19:17 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:19:17 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:27 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:27 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:27 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:27 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:27 ipsec,debug,packet src4 192.168.0.223[500]
23:19:27 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:27 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:27 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:19:27 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:19:27 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:19:27 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:19:27 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:19:27 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:19:27 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:19:27 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:19:27 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:37 ipsec,error phase1 negotiation failed due to time up 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:46 ipsec,debug,packet ===
23:19:46 ipsec,debug initiate new phase 1 negotiation: 192.168.0.223[500]<=>A.B.C.D[500]
23:19:46 ipsec,debug begin Identity Protection mode.
23:19:46 ipsec,debug,packet new cookie:
23:19:46 ipsec,debug,packet 59cf7fc45df2d47d
23:19:46 ipsec,debug,packet add payload of len 48, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 0
23:19:46 ipsec,debug,packet 340 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:46 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:46 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:46 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:46 ipsec,debug,packet src4 192.168.0.223[500]
23:19:46 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:46 ipsec,debug,packet 1 times of 340 bytes message will be sent to A.B.C.D[500]
23:19:46 ipsec,debug,packet 59cf7fc4 5df2d47d 00000000 00000000 01100200 00000000 00000154 0d000034
23:19:46 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c0e10
23:19:46 ipsec,debug,packet 80010005 80030001 80020002 80040002 0d000014 4a131c81 07035845 5c5728f2
23:19:46 ipsec,debug,packet 0e95452f 0d000014 8f8d8382 6d246b6f c7a8a6a4 28c11de8 0d000014 439b59f8
23:19:46 ipsec,debug,packet ba676c4c 7737ae22 eab8f582 0d000014 4d1e0e13 6deafa34 c4f3ea9f 02ec7285
23:19:46 ipsec,debug,packet 0d000014 80d0bb3d ef54565e e84645d4 c85ce3ee 0d000014 9909b64e ed937c65
23:19:46 ipsec,debug,packet 73de52ac e952fa6b 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014
23:19:46 ipsec,debug,packet cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e 086381b5
23:19:46 ipsec,debug,packet ec427b1f 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862 0d000014 4485152d
23:19:46 ipsec,debug,packet 18b6bbcd 0be8a846 9579ddcc 0d000014 12f5f28c 457168a9 702d9fe2 74cc0100
23:19:46 ipsec,debug,packet 00000014 afcad713 68a1f1c9 6b8696fc 77570100
23:19:46 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:0000000000000000
23:19:47 ipsec,debug,packet ==========
23:19:47 ipsec,debug,packet 100 bytes message received from A.B.C.D[500] to 192.168.0.223[500]
23:19:47 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 01100200 00000000 00000064 0d000034
23:19:47 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:19:47 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10 00000014 4a131c81 07035845 5c5728f2
23:19:47 ipsec,debug,packet 0e95452f
23:19:47 ipsec,debug,packet begin.
23:19:47 ipsec,debug,packet seen nptype=1(sa)
23:19:47 ipsec,debug,packet seen nptype=13(vid)
23:19:47 ipsec,debug,packet succeed.
23:19:47 ipsec,debug received Vendor ID: RFC 3947
23:19:47 ipsec,debug Selected NAT-T version: RFC 3947
23:19:47 ipsec,debug,packet total SA len=48
23:19:47 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:19:47 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10
23:19:47 ipsec,debug,packet begin.
23:19:47 ipsec,debug,packet seen nptype=2(prop)
23:19:47 ipsec,debug,packet succeed.
23:19:47 ipsec,debug,packet proposal #1 len=40
23:19:47 ipsec,debug,packet begin.
23:19:47 ipsec,debug,packet seen nptype=3(trns)
23:19:47 ipsec,debug,packet succeed.
23:19:47 ipsec,debug,packet transform #1 len=32
23:19:47 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:19:47 ipsec,debug,packet encryption(3des)
23:19:47 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:19:47 ipsec,debug,packet hash(sha1)
23:19:47 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:19:47 ipsec,debug,packet dh(modp1024)
23:19:47 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:19:47 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:19:47 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:19:47 ipsec,debug,packet pair 1:
23:19:47 ipsec,debug,packet  0x47cf08: next=(nil) tnext=(nil)
23:19:47 ipsec,debug,packet proposal #1: 1 transform
23:19:47 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
23:19:47 ipsec,debug,packet trns#=1, trns-id=IKE
23:19:47 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:19:47 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:19:47 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:19:47 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:19:47 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:19:47 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:19:47 ipsec,debug,packet Compared: Local:Peer
23:19:47 ipsec,debug,packet (lifetime = 3600:3600)
23:19:47 ipsec,debug,packet (lifebyte = 0:0)
23:19:47 ipsec,debug,packet enctype = 3DES-CBC:3DES-CBC
23:19:47 ipsec,debug,packet (encklen = 0:0)
23:19:47 ipsec,debug,packet hashtype = SHA:SHA
23:19:47 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
23:19:47 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
23:19:47 ipsec,debug,packet an acceptable proposal found.
23:19:47 ipsec,debug,packet dh(modp1024)
23:19:47 ipsec,debug,packet agreed on pre-shared key auth.
23:19:47 ipsec,debug,packet ===
23:19:47 ipsec,debug,packet compute DH's private.
23:19:47 ipsec,debug,packet 5245f6f9 c33b63e2 a16eee00 9ae2a462 b622d609 1f23080f d84055a9 be03ab5e
23:19:47 ipsec,debug,packet fc282181 50b84ca8 2b7af426 c0176b56 0a02043a b1729c0c 2edc61f3 55eac1df
23:19:47 ipsec,debug,packet 4cf2ffc8 3f065523 44d89ac7 1677c6e4 32f81d88 0e9bc378 90e90913 a4b38d6a
23:19:47 ipsec,debug,packet 7c471249 036f3806 31579302 126c9fa6 60985d1d 8f62e2f4 17fda183 4c491b58
23:19:47 ipsec,debug,packet compute DH's public.
23:19:47 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:19:47 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:19:47 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:19:47 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:19:47 ipsec,debug Hashing A.B.C.D[500] with algo #2
23:19:47 ipsec,debug,packet hash(sha1)
23:19:47 ipsec,debug Hashing 192.168.0.223[500] with algo #2
23:19:47 ipsec,debug,packet hash(sha1)
23:19:47 ipsec,debug Adding remote and local NAT-D payloads.
23:19:47 ipsec,debug,packet add payload of len 128, next type 10
23:19:47 ipsec,debug,packet add payload of len 24, next type 20
23:19:47 ipsec,debug,packet add payload of len 20, next type 20
23:19:47 ipsec,debug,packet add payload of len 20, next type 0
23:19:47 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:47 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:47 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:47 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:47 ipsec,debug,packet src4 192.168.0.223[500]
23:19:47 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:47 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:47 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:19:47 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:19:47 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:19:47 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:19:47 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:19:47 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:19:47 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:19:47 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:19:47 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:19:57 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:57 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:57 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:57 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:57 ipsec,debug,packet src4 192.168.0.223[500]
23:19:57 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:57 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:57 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:19:57 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:19:57 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:19:57 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:19:57 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:19:57 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:19:57 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:19:57 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:19:57 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:07 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:07 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:07 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:07 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:07 ipsec,debug,packet src4 192.168.0.223[500]
23:20:07 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:07 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:07 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:20:07 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:20:07 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:20:07 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:20:07 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:20:07 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:20:07 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:20:07 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:20:07 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:17 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:17 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:17 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:17 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:17 ipsec,debug,packet src4 192.168.0.223[500]
23:20:17 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:17 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:17 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:20:17 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:20:17 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:20:17 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:20:17 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:20:17 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:20:17 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:20:17 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:20:17 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:27 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:27 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:27 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:27 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:27 ipsec,debug,packet src4 192.168.0.223[500]
23:20:27 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:27 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:27 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:20:27 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:20:27 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:20:27 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:20:27 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:20:27 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:20:27 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:20:27 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:20:27 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:37 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:37 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:37 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:37 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:37 ipsec,debug,packet src4 192.168.0.223[500]
23:20:37 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:37 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:37 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:20:37 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:20:37 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:20:37 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:20:37 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:20:37 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:20:37 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:20:37 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:20:37 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:47 ipsec,error phase1 negotiation failed due to time up 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:56 ipsec,debug,packet ===
23:20:56 ipsec,debug initiate new phase 1 negotiation: 192.168.0.223[500]<=>A.B.C.D[500]
23:20:56 ipsec,debug begin Identity Protection mode.
23:20:56 ipsec,debug,packet new cookie:
23:20:56 ipsec,debug,packet 629bf09478fd27f0
23:20:56 ipsec,debug,packet add payload of len 48, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 0
23:20:56 ipsec,debug,packet 340 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:56 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:56 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:56 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:56 ipsec,debug,packet src4 192.168.0.223[500]
23:20:56 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:56 ipsec,debug,packet 1 times of 340 bytes message will be sent to A.B.C.D[500]
23:20:56 ipsec,debug,packet 629bf094 78fd27f0 00000000 00000000 01100200 00000000 00000154 0d000034
23:20:56 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c0e10
23:20:56 ipsec,debug,packet 80010005 80030001 80020002 80040002 0d000014 4a131c81 07035845 5c5728f2
23:20:56 ipsec,debug,packet 0e95452f 0d000014 8f8d8382 6d246b6f c7a8a6a4 28c11de8 0d000014 439b59f8
23:20:56 ipsec,debug,packet ba676c4c 7737ae22 eab8f582 0d000014 4d1e0e13 6deafa34 c4f3ea9f 02ec7285
23:20:56 ipsec,debug,packet 0d000014 80d0bb3d ef54565e e84645d4 c85ce3ee 0d000014 9909b64e ed937c65
23:20:56 ipsec,debug,packet 73de52ac e952fa6b 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014
23:20:56 ipsec,debug,packet cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e 086381b5
23:20:56 ipsec,debug,packet ec427b1f 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862 0d000014 4485152d
23:20:56 ipsec,debug,packet 18b6bbcd 0be8a846 9579ddcc 0d000014 12f5f28c 457168a9 702d9fe2 74cc0100
23:20:56 ipsec,debug,packet 00000014 afcad713 68a1f1c9 6b8696fc 77570100
23:20:56 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 629bf09478fd27f0:0000000000000000
23:20:57 ipsec,debug,packet ==========
23:20:57 ipsec,debug,packet 100 bytes message received from A.B.C.D[500] to 192.168.0.223[500]
23:20:57 ipsec,debug,packet 629bf094 78fd27f0 35798ff0 57ef2202 01100200 00000000 00000064 0d000034
23:20:57 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:20:57 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10 00000014 4a131c81 07035845 5c5728f2
23:20:57 ipsec,debug,packet 0e95452f
23:20:57 ipsec,debug,packet begin.
23:20:57 ipsec,debug,packet seen nptype=1(sa)
23:20:57 ipsec,debug,packet seen nptype=13(vid)
23:20:57 ipsec,debug,packet succeed.
23:20:57 ipsec,debug received Vendor ID: RFC 3947
23:20:57 ipsec,debug Selected NAT-T version: RFC 3947
23:20:57 ipsec,debug,packet total SA len=48
23:20:57 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:20:57 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10
23:20:57 ipsec,debug,packet begin.
23:20:57 ipsec,debug,packet seen nptype=2(prop)
23:20:57 ipsec,debug,packet succeed.
23:20:57 ipsec,debug,packet proposal #1 len=40
23:20:57 ipsec,debug,packet begin.
23:20:57 ipsec,debug,packet seen nptype=3(trns)
23:20:57 ipsec,debug,packet succeed.
23:20:57 ipsec,debug,packet transform #1 len=32
23:20:57 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:20:57 ipsec,debug,packet encryption(3des)
23:20:57 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:20:57 ipsec,debug,packet hash(sha1)
23:20:57 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:20:57 ipsec,debug,packet dh(modp1024)
23:20:57 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:20:57 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:20:57 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:20:57 ipsec,debug,packet pair 1:
23:20:57 ipsec,debug,packet  0x47a848: next=(nil) tnext=(nil)
23:20:57 ipsec,debug,packet proposal #1: 1 transform
23:20:57 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
23:20:57 ipsec,debug,packet trns#=1, trns-id=IKE
23:20:57 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:20:57 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:20:57 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:20:57 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:20:57 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:20:57 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:20:57 ipsec,debug,packet Compared: Local:Peer
23:20:57 ipsec,debug,packet (lifetime = 3600:3600)
23:20:57 ipsec,debug,packet (lifebyte = 0:0)
23:20:57 ipsec,debug,packet enctype = 3DES-CBC:3DES-CBC
23:20:57 ipsec,debug,packet (encklen = 0:0)
23:20:57 ipsec,debug,packet hashtype = SHA:SHA
23:20:57 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
23:20:57 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
23:20:57 ipsec,debug,packet an acceptable proposal found.
23:20:57 ipsec,debug,packet dh(modp1024)
23:20:57 ipsec,debug,packet agreed on pre-shared key auth.
23:20:57 ipsec,debug,packet ===
23:20:57 ipsec,debug,packet compute DH's private.
23:20:57 ipsec,debug,packet 45188878 53d8cfcf 094fdf7d 5f3e7678 470ca93a 3acc73e2 f790b9fc 6fc5f84f
23:20:57 ipsec,debug,packet eb68c7ad a0936355 8361ed31 c887a57a f3abf2a4 ceb4aa0e d73174b2 b725ffd8
23:20:57 ipsec,debug,packet f2bc4398 ddfeaae3 4845e2dc 2dedd6af eac6247d 02d52a34 15696ff5 8f692008
23:20:57 ipsec,debug,packet eafdb14e 75c39db9 a234eef5 9e42d13e 26ca7687 414c548d 02fd47a6 4d4d5e18
23:20:57 ipsec,debug,packet compute DH's public.
23:20:57 ipsec,debug,packet 59f604f6 e8f103a4 9dd6e03a 32a4397a a41e8456 467fc0ad 089e3bd8 b84407cf
23:20:57 ipsec,debug,packet c405cc24 ed509a5f 669b6e04 9feb157e 40ddf611 156f7dbd eb66e813 5d923832
23:20:57 ipsec,debug,packet e44da643 6eb9a822 1696cac1 7590f9de 5f3e43d8 f4155a77 6fb92e7c 58df6570
23:20:57 ipsec,debug,packet 3567098d 22417168 3d4ddffe 252694ad 9ba53162 694c008f a1ede031 7b24ee90
23:20:57 ipsec,debug Hashing A.B.C.D[500] with algo #2
23:20:57 ipsec,debug,packet hash(sha1)
23:20:57 ipsec,debug Hashing 192.168.0.223[500] with algo #2
23:20:57 ipsec,debug,packet hash(sha1)
23:20:57 ipsec,debug Adding remote and local NAT-D payloads.
23:20:57 ipsec,debug,packet add payload of len 128, next type 10
23:20:57 ipsec,debug,packet add payload of len 24, next type 20
23:20:57 ipsec,debug,packet add payload of len 20, next type 20
23:20:57 ipsec,debug,packet add payload of len 20, next type 0
23:20:57 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:57 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:57 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:57 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:57 ipsec,debug,packet src4 192.168.0.223[500]
23:20:57 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:57 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:57 ipsec,debug,packet 629bf094 78fd27f0 35798ff0 57ef2202 04100200 00000000 000000ec 0a000084
23:20:57 ipsec,debug,packet 59f604f6 e8f103a4 9dd6e03a 32a4397a a41e8456 467fc0ad 089e3bd8 b84407cf
23:20:57 ipsec,debug,packet c405cc24 ed509a5f 669b6e04 9feb157e 40ddf611 156f7dbd eb66e813 5d923832
23:20:57 ipsec,debug,packet e44da643 6eb9a822 1696cac1 7590f9de 5f3e43d8 f4155a77 6fb92e7c 58df6570
23:20:57 ipsec,debug,packet 3567098d 22417168 3d4ddffe 252694ad 9ba53162 694c008f a1ede031 7b24ee90
23:20:57 ipsec,debug,packet 1400001c be7d309f 2b5cfd50 6321bad9 72d4e137 a0725597 64e4eae0 14000018
23:20:57 ipsec,debug,packet 0ce33cb6 1a339e82 49037402 8ff78350 669ecb04 00000018 af6314fd 27863721
23:20:57 ipsec,debug,packet 0bfebacd ae930804 da004e46
23:20:57 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 629bf09478fd27f0:35798ff057ef2202
23:21:07 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:21:07 ipsec,debug,packet sockname 192.168.0.223[500]
23:21:07 ipsec,debug,packet send packet from 192.168.0.223[500]
23:21:07 ipsec,debug,packet send packet to A.B.C.D[500]
23:21:07 ipsec,debug,packet src4 192.168.0.223[500]
23:21:07 ipsec,debug,packet dst4 A.B.C.D[500]
23:21:07 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:21:07 ipsec,debug,packet 629bf094 78fd27f0 35798ff0 57ef2202 04100200 00000000 000000ec 0a000084
23:21:07 ipsec,debug,packet 59f604f6 e8f103a4 9dd6e03a 32a4397a a41e8456 467fc0ad 089e3bd8 b84407cf
23:21:07 ipsec,debug,packet c405cc24 ed509a5f 669b6e04 9feb157e 40ddf611 156f7dbd eb66e813 5d923832
23:21:07 ipsec,debug,packet e44da643 6eb9a822 1696cac1 7590f9de 5f3e43d8 f4155a77 6fb92e7c 58df6570
23:21:07 ipsec,debug,packet 3567098d 22417168 3d4ddffe 252694ad 9ba53162 694c008f a1ede031 7b24ee90
23:21:07 ipsec,debug,packet 1400001c be7d309f 2b5cfd50 6321bad9 72d4e137 a0725597 64e4eae0 14000018
23:21:07 ipsec,debug,packet 0ce33cb6 1a339e82 49037402 8ff78350 669ecb04 00000018 af6314fd 27863721
23:21:07 ipsec,debug,packet 0bfebacd ae930804 da004e46
23:21:07 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 629bf09478fd27f0:35798ff057ef2202

So it seems that phase1 gets started (and some parts of phase2, as the log shows:
An acceptable proposal found.
and the proposal is only linked from the policy...

But when I try to start the L2TP client:
Code: Select all
23:24:29 l2tp,debug,packet sent control message to A.B.C.D:1701
23:24:29 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
23:24:29 l2tp,debug,packet     (M) Message-Type=SCCRQ
23:24:29 l2tp,debug,packet     (M) Protocol-Version=0x01:00
23:24:29 l2tp,debug,packet     (M) Framing-Capabilities=0x1
23:24:29 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
23:24:29 l2tp,debug,packet     Firmware-Revision=0x1
23:24:29 l2tp,debug,packet     (M) Host-Name="myGW"
23:24:29 l2tp,debug,packet     Vendor-Name="MikroTik"
23:24:29 l2tp,debug,packet     (M) Assigned-Tunnel-ID=1
23:24:29 l2tp,debug,packet     (M) Receive-Window-Size=4
23:24:33 l2tp,debug,packet sent control message to A.B.C.D:1701
23:24:33 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
23:24:33 l2tp,debug,packet     (M) Message-Type=SCCRQ
23:24:33 l2tp,debug,packet     (M) Protocol-Version=0x01:00
23:24:33 l2tp,debug,packet     (M) Framing-Capabilities=0x1
23:24:33 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
23:24:33 l2tp,debug,packet     Firmware-Revision=0x1
23:24:33 l2tp,debug,packet     (M) Host-Name="myGW"
23:24:33 l2tp,debug,packet     Vendor-Name="MikroTik"
23:24:33 l2tp,debug,packet     (M) Assigned-Tunnel-ID=1
23:24:33 l2tp,debug,packet     (M) Receive-Window-Size=4
And the packet capture shows that the LCP packets are sent directly to A.B.C.D:1701
instead of being encapsulated in the IPsec packets on port 500. Ie, they are visible to my
tcpdump:
Code: Select all
23:25:41.025550 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) 192.168.0.223.1701 > A.B.C.D.1701: [udp sum ok]  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() FIRM_VER(1) *HOST_NAME(myGW) VENDOR_NAME(MikroTik) *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)
23:25:42.023463 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) 192.168.0.223.1701 > A.B.C.D.1701: [udp sum ok]  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() FIRM_VER(1) *HOST_NAME(myGW) VENDOR_NAME(MikroTik) *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)
23:25:43.023322 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) 192.168.0.223.1701 > A.B.C.D.1701: [udp sum ok]  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() FIRM_VER(1) *HOST_NAME(myGW) VENDOR_NAME(MikroTik) *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)
23:25:45.024202 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) 192.168.0.223.1701 > A.B.C.D.1701: [udp sum ok]  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() FIRM_VER(1) *HOST_NAME(myGW) VENDOR_NAME(MikroTik) *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)

I tried this also with
Code: Select all
tunnel=no

Where am I going wrong?
Top
Locked
  4. RouterOS
  5. Beginner Basics