RB2011 as Cisco VPN (L2TP/IPSec) client
Posted: Mon Dec 29, 2014 5:58 am
[something went wron with the previous attempt at posting this. Here is try #2]:
I am trying to configure my RB2011 as a client to out HQ's Cisco VPN.
We were given the following information for configuration
(with samples fow both Win and Mac)
That is basically all.
Note that my RB2011 is not at this point actually my router. I just connected
it to the LAN. Thus I opened up 'VPN Passthrough' for both IPsec and L2TP.
The RB2011 uses 192.168.0.233 as source IP, which is NATed on my existing
router.
... Ultimately I will use the WAN port when the RB2011 becomes my actual
router, but I am not that far yet...
I configured the following:
When I enable the ipsec peer, I see:
A tcpdump on my current DD-WRT router shows:
after this is seems to simply continue:
So it seems that phase1 gets started (and some parts of phase2, as the log shows:
An acceptable proposal found.
and the proposal is only linked from the policy...
But when I try to start the L2TP client:
And the packet capture shows that the LCP packets are sent directly to A.B.C.D:1701
instead of being encapsulated in the IPsec packets on port 500. Ie, they are visible to my
tcpdump:
I tried this also with
Where am I going wrong?
I am trying to configure my RB2011 as a client to out HQ's Cisco VPN.
We were given the following information for configuration
(with samples fow both Win and Mac)
Code: Select all
Server IP address [A.B.C.D in my sample code below]
username
password
IPsec preshared key
Note that my RB2011 is not at this point actually my router. I just connected
it to the LAN. Thus I opened up 'VPN Passthrough' for both IPsec and L2TP.
The RB2011 uses 192.168.0.233 as source IP, which is NATed on my existing
router.
... Ultimately I will use the WAN port when the RB2011 becomes my actual
router, but I am not that far yet...
I configured the following:
Code: Select all
/ip ipsec peer
add address=A.B.C.D/32 disabled=yes enc-algorithm=3des lifetime=1h secret=XXXXX
Code: Select all
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add dst-address=A.B.C.D/32 proposal=myproposal sa-dst-address=A.B.C.D sa-src-address=0.0.0.0 src-address=192.168.0.233/32 tunnel=yes
Code: Select all
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc
add auth-algorithms=md5,sha1 comment=HQ enc-algorithms=3des,aes-128-cbc,aes-256-cbc name=myproposal
Code: Select all
/interface l2tp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 comment=HQ connect-to=A.B.C.D dial-on-demand=no disabled=yes keepalive-timeout=60 max-mru=1450 max-mtu=1450 mrru=disabled name=HQ \
password=hyid@HERN profile=default-encryption user=mathias
Code: Select all
23:18:36 system,info ipsec peer changed by admin
23:18:36 ipsec,debug,packet ===
23:18:36 ipsec,debug initiate new phase 1 negotiation: 192.168.0.223[500]<=>A.B.C.D[500]
23:18:36 ipsec,debug begin Identity Protection mode.
23:18:36 ipsec,debug,packet new cookie:
23:18:36 ipsec,debug,packet 0c7a009377266782
23:18:36 ipsec,debug,packet add payload of len 48, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 13
23:18:36 ipsec,debug,packet add payload of len 16, next type 0
23:18:36 ipsec,debug,packet 340 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:18:36 ipsec,debug,packet sockname 192.168.0.223[500]
23:18:36 ipsec,debug,packet send packet from 192.168.0.223[500]
23:18:36 ipsec,debug,packet send packet to A.B.C.D[500]
23:18:36 ipsec,debug,packet src4 192.168.0.223[500]
23:18:36 ipsec,debug,packet dst4 A.B.C.D[500]
23:18:36 ipsec,debug,packet 1 times of 340 bytes message will be sent to A.B.C.D[500]
23:18:36 ipsec,debug,packet 0c7a0093 77266782 00000000 00000000 01100200 00000000 00000154 0d000034
23:18:36 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c0e10
23:18:36 ipsec,debug,packet 80010005 80030001 80020002 80040002 0d000014 4a131c81 07035845 5c5728f2
23:18:36 ipsec,debug,packet 0e95452f 0d000014 8f8d8382 6d246b6f c7a8a6a4 28c11de8 0d000014 439b59f8
23:18:36 ipsec,debug,packet ba676c4c 7737ae22 eab8f582 0d000014 4d1e0e13 6deafa34 c4f3ea9f 02ec7285
23:18:36 ipsec,debug,packet 0d000014 80d0bb3d ef54565e e84645d4 c85ce3ee 0d000014 9909b64e ed937c65
23:18:36 ipsec,debug,packet 73de52ac e952fa6b 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014
23:18:36 ipsec,debug,packet cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e 086381b5
23:18:36 ipsec,debug,packet ec427b1f 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862 0d000014 4485152d
23:18:36 ipsec,debug,packet 18b6bbcd 0be8a846 9579ddcc 0d000014 12f5f28c 457168a9 702d9fe2 74cc0100
23:18:36 ipsec,debug,packet 00000014 afcad713 68a1f1c9 6b8696fc 77570100
23:18:36 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:0000000000000000
23:18:37 ipsec,debug,packet ==========
23:18:37 ipsec,debug,packet 100 bytes message received from A.B.C.D[500] to 192.168.0.223[500]
23:18:37 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 01100200 00000000 00000064 0d000034
23:18:37 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:18:37 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10 00000014 4a131c81 07035845 5c5728f2
23:18:37 ipsec,debug,packet 0e95452f
23:18:37 ipsec,debug,packet begin.
23:18:37 ipsec,debug,packet seen nptype=1(sa)
23:18:37 ipsec,debug,packet seen nptype=13(vid)
23:18:37 ipsec,debug,packet succeed.
23:18:37 ipsec,debug received Vendor ID: RFC 3947
23:18:37 ipsec,debug Selected NAT-T version: RFC 3947
23:18:37 ipsec,debug,packet total SA len=48
23:18:37 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:18:37 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10
23:18:37 ipsec,debug,packet begin.
23:18:37 ipsec,debug,packet seen nptype=2(prop)
23:18:37 ipsec,debug,packet succeed.
23:18:37 ipsec,debug,packet proposal #1 len=40
23:18:37 ipsec,debug,packet begin.
23:18:37 ipsec,debug,packet seen nptype=3(trns)
23:18:37 ipsec,debug,packet succeed.
23:18:37 ipsec,debug,packet transform #1 len=32
23:18:37 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:18:37 ipsec,debug,packet encryption(3des)
23:18:37 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:18:37 ipsec,debug,packet hash(sha1)
23:18:37 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:18:37 ipsec,debug,packet dh(modp1024)
23:18:37 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:18:37 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:18:37 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:18:37 ipsec,debug,packet pair 1:
23:18:37 ipsec,debug,packet 0x478c00: next=(nil) tnext=(nil)
23:18:37 ipsec,debug,packet proposal #1: 1 transform
23:18:37 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
23:18:37 ipsec,debug,packet trns#=1, trns-id=IKE
23:18:37 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:18:37 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:18:37 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:18:37 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:18:37 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:18:37 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:18:37 ipsec,debug,packet Compared: Local:Peer
23:18:37 ipsec,debug,packet (lifetime = 3600:3600)
23:18:37 ipsec,debug,packet (lifebyte = 0:0)
23:18:37 ipsec,debug,packet enctype = 3DES-CBC:3DES-CBC
23:18:37 ipsec,debug,packet (encklen = 0:0)
23:18:37 ipsec,debug,packet hashtype = SHA:SHA
23:18:37 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
23:18:37 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
23:18:37 ipsec,debug,packet an acceptable proposal found.
23:18:37 ipsec,debug,packet dh(modp1024)
23:18:37 ipsec,debug,packet agreed on pre-shared key auth.
23:18:37 ipsec,debug,packet ===
23:18:37 ipsec,debug,packet compute DH's private.
23:18:37 ipsec,debug,packet 73fe0535 fcf284d3 3d9b9c94 30b7e7e0 d44c6ed6 a715808b 2db299b1 b7f2415a
23:18:37 ipsec,debug,packet 59a2639f 4fa09b7c aadf5bf8 199c5fcf 5b98eeb3 6b00da14 f5355a16 84e433f3
23:18:37 ipsec,debug,packet bfa7c733 9f1d555f 5ff4ad53 c18d7ad9 fc9a0008 30ac6500 7fd08293 f1c309e6
23:18:37 ipsec,debug,packet 6a96dec5 b485dbd7 705a0ccd 1acec986 189abc7a c4f3ab5c 37aa61f2 86c1e861
23:18:37 ipsec,debug,packet compute DH's public.
23:18:37 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:18:37 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:18:37 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:18:37 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:18:37 ipsec,debug Hashing A.B.C.D[500] with algo #2
23:18:37 ipsec,debug,packet hash(sha1)
23:18:37 ipsec,debug Hashing 192.168.0.223[500] with algo #2
23:18:37 ipsec,debug,packet hash(sha1)
23:18:37 ipsec,debug Adding remote and local NAT-D payloads.
23:18:37 ipsec,debug,packet add payload of len 128, next type 10
23:18:37 ipsec,debug,packet add payload of len 24, next type 20
23:18:37 ipsec,debug,packet add payload of len 20, next type 20
23:18:37 ipsec,debug,packet add payload of len 20, next type 0
23:18:37 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:18:37 ipsec,debug,packet sockname 192.168.0.223[500]
23:18:37 ipsec,debug,packet send packet from 192.168.0.223[500]
23:18:37 ipsec,debug,packet send packet to A.B.C.D[500]
23:18:37 ipsec,debug,packet src4 192.168.0.223[500]
23:18:37 ipsec,debug,packet dst4 A.B.C.D[500]
23:18:37 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:18:37 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:18:37 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:18:37 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:18:37 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:18:37 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:18:37 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:18:37 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:18:37 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:18:37 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
Code: Select all
23:18:15.927375 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 368) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))))
(vid: len=16 4a131c81070358455c5728f20e95452f)
(vid: len=16 8f8d83826d246b6fc7a8a6a428c11de8)
(vid: len=16 439b59f8ba676c4c7737ae22eab8f582)
(vid: len=16 4d1e0e136deafa34c4f3ea9f02ec7285)
(vid: len=16 80d0bb3def54565ee84645d4c85ce3ee)
(vid: len=16 9909b64eed937c6573de52ace952fa6b)
(vid: len=16 7d9419a65310ca6f2c179d9215529d56)
(vid: len=16 cd60464335df21f87cfdb2fc68b6a448)
(vid: len=16 90cb80913ebb696e086381b5ec427b1f)
(vid: len=16 16f6ca16e4a4066d83821a0f0aeaa862)
(vid: len=16 4485152d18b6bbcd0be8a8469579ddcc)
(vid: len=16 12f5f28c457168a9702d9fe274cc0100)
(vid: len=16 afcad71368a1f1c96b8696fc77570100)
23:18:16.128493 IP (tos 0x0, ttl 245, id 46454, offset 0, flags [none], proto UDP (17), length 128) A.B.C.D.500 > 192.168.0.223.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 R ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration value=0e10))))
(vid: len=16 4a131c81070358455c5728f20e95452f)
23:18:16.216888 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
(nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
(#20)
(#20)
23:18:26.228340 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
(nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
(#20)
(#20)
23:18:36.225949 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
(nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
(#20)
(#20)
23:18:46.235812 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
(nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
(#20)
(#20)
23:18:56.232991 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
(nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
(#20)
(#20)
23:19:06.241004 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(ke: key len=128 78baf21cddb1f8a923ee411b8d901a4fe44565d6c78ff0416741e94e00b9ecd5b32fd0b8268f6fb9f247ad54735c3acb92c1e4e45ad8a3e18d3ae16ff5c6f05a09b745cc58867d6787ec22502e9a55cc08d94c660611cb8ff080a1ed618647d8379b34a91f45abecbb69d3d284807a41d6b2629650f75f768b4f29635a9eac21)
(nonce: n len=24 86f66937034feb62a13aabafdba11376670c2442a85fac5b)
(#20)
(#20)
23:19:25.920422 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 368) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))))
(vid: len=16 4a131c81070358455c5728f20e95452f)
(vid: len=16 8f8d83826d246b6fc7a8a6a428c11de8)
(vid: len=16 439b59f8ba676c4c7737ae22eab8f582)
(vid: len=16 4d1e0e136deafa34c4f3ea9f02ec7285)
(vid: len=16 80d0bb3def54565ee84645d4c85ce3ee)
(vid: len=16 9909b64eed937c6573de52ace952fa6b)
(vid: len=16 7d9419a65310ca6f2c179d9215529d56)
(vid: len=16 cd60464335df21f87cfdb2fc68b6a448)
(vid: len=16 90cb80913ebb696e086381b5ec427b1f)
(vid: len=16 16f6ca16e4a4066d83821a0f0aeaa862)
(vid: len=16 4485152d18b6bbcd0be8a8469579ddcc)
(vid: len=16 12f5f28c457168a9702d9fe274cc0100)
(vid: len=16 afcad71368a1f1c96b8696fc77570100)
23:19:26.133409 IP (tos 0x0, ttl 245, id 46650, offset 0, flags [none], proto UDP (17), length 128) A.B.C.D.500 > 192.168.0.223.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 R ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration value=0e10))))
(vid: len=16 4a131c81070358455c5728f20e95452f)
23:19:26.220992 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(ke: key len=128 229b788f106362f6edb6d6ede586f1ddfd81927ac67c8ace4fa68862ab34e9bd86ecc52d0831d5e775fdd5e8cc016f0de1eb58f691929c9027a32f421814fd6c984d693025836d863a8fd9c12268c94bc7e324bd16249fcc9221a03f79fc4cf360df3d073dd4a22243709dcf4a1b82be8f9a5db1042a3e5870a94480f75d7991)
(nonce: n len=24 85eca684dcae46c0a90d8f25844f8884d62bc77d7d304e5e)
(#20)
(#20)
23:19:36.223335 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(ke: key len=128 229b788f106362f6edb6d6ede586f1ddfd81927ac67c8ace4fa68862ab34e9bd86ecc52d0831d5e775fdd5e8cc016f0de1eb58f691929c9027a32f421814fd6c984d693025836d863a8fd9c12268c94bc7e324bd16249fcc9221a03f79fc4cf360df3d073dd4a22243709dcf4a1b82be8f9a5db1042a3e5870a94480f75d7991)
(nonce: n len=24 85eca684dcae46c0a90d8f25844f8884d62bc77d7d304e5e)
(#20)
(#20)
23:19:46.226383 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 264) 192.168.0.223.500 > A.B.C.D.500: [udp sum ok] isakmp 1.0 msgid cookie ->: phase 1 I ident:
(ke: key len=128 229b788f106362f6edb6d6ede586f1ddfd81927ac67c8ace4fa68862ab34e9bd86ecc52d0831d5e775fdd5e8cc016f0de1eb58f691929c9027a32f421814fd6c984d693025836d863a8fd9c12268c94bc7e324bd16249fcc9221a03f79fc4cf360df3d073dd4a22243709dcf4a1b82be8f9a5db1042a3e5870a94480f75d7991)
(nonce: n len=24 85eca684dcae46c0a90d8f25844f8884d62bc77d7d304e5e)
(#20)
(#20)
after this is seems to simply continue:
Code: Select all
23:18:47 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:18:47 ipsec,debug,packet sockname 192.168.0.223[500]
23:18:47 ipsec,debug,packet send packet from 192.168.0.223[500]
23:18:47 ipsec,debug,packet send packet to A.B.C.D[500]
23:18:47 ipsec,debug,packet src4 192.168.0.223[500]
23:18:47 ipsec,debug,packet dst4 A.B.C.D[500]
23:18:47 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:18:47 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:18:47 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:18:47 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:18:47 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:18:47 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:18:47 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:18:47 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:18:47 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:18:47 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:18:57 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:18:57 ipsec,debug,packet sockname 192.168.0.223[500]
23:18:57 ipsec,debug,packet send packet from 192.168.0.223[500]
23:18:57 ipsec,debug,packet send packet to A.B.C.D[500]
23:18:57 ipsec,debug,packet src4 192.168.0.223[500]
23:18:57 ipsec,debug,packet dst4 A.B.C.D[500]
23:18:57 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:18:57 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:18:57 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:18:57 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:18:57 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:18:57 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:18:57 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:18:57 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:18:57 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:18:57 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:07 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:07 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:07 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:07 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:07 ipsec,debug,packet src4 192.168.0.223[500]
23:19:07 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:07 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:07 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:19:07 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:19:07 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:19:07 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:19:07 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:19:07 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:19:07 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:19:07 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:19:07 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:17 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:17 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:17 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:17 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:17 ipsec,debug,packet src4 192.168.0.223[500]
23:19:17 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:17 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:17 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:19:17 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:19:17 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:19:17 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:19:17 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:19:17 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:19:17 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:19:17 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:19:17 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:27 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:27 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:27 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:27 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:27 ipsec,debug,packet src4 192.168.0.223[500]
23:19:27 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:27 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:27 ipsec,debug,packet 0c7a0093 77266782 35798ff0 9d8b1073 04100200 00000000 000000ec 0a000084
23:19:27 ipsec,debug,packet 78baf21c ddb1f8a9 23ee411b 8d901a4f e44565d6 c78ff041 6741e94e 00b9ecd5
23:19:27 ipsec,debug,packet b32fd0b8 268f6fb9 f247ad54 735c3acb 92c1e4e4 5ad8a3e1 8d3ae16f f5c6f05a
23:19:27 ipsec,debug,packet 09b745cc 58867d67 87ec2250 2e9a55cc 08d94c66 0611cb8f f080a1ed 618647d8
23:19:27 ipsec,debug,packet 379b34a9 1f45abec bb69d3d2 84807a41 d6b26296 50f75f76 8b4f2963 5a9eac21
23:19:27 ipsec,debug,packet 1400001c 86f66937 034feb62 a13aabaf dba11376 670c2442 a85fac5b 14000018
23:19:27 ipsec,debug,packet 87e2bfea 1120b107 339971df eea01475 734bef02 00000018 de0ab35d c14c1552
23:19:27 ipsec,debug,packet d2d8d978 d4c0f18c 24aabed3
23:19:27 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:37 ipsec,error phase1 negotiation failed due to time up 192.168.0.223[500]<=>A.B.C.D[500] 0c7a009377266782:35798ff09d8b1073
23:19:46 ipsec,debug,packet ===
23:19:46 ipsec,debug initiate new phase 1 negotiation: 192.168.0.223[500]<=>A.B.C.D[500]
23:19:46 ipsec,debug begin Identity Protection mode.
23:19:46 ipsec,debug,packet new cookie:
23:19:46 ipsec,debug,packet 59cf7fc45df2d47d
23:19:46 ipsec,debug,packet add payload of len 48, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 13
23:19:46 ipsec,debug,packet add payload of len 16, next type 0
23:19:46 ipsec,debug,packet 340 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:46 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:46 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:46 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:46 ipsec,debug,packet src4 192.168.0.223[500]
23:19:46 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:46 ipsec,debug,packet 1 times of 340 bytes message will be sent to A.B.C.D[500]
23:19:46 ipsec,debug,packet 59cf7fc4 5df2d47d 00000000 00000000 01100200 00000000 00000154 0d000034
23:19:46 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c0e10
23:19:46 ipsec,debug,packet 80010005 80030001 80020002 80040002 0d000014 4a131c81 07035845 5c5728f2
23:19:46 ipsec,debug,packet 0e95452f 0d000014 8f8d8382 6d246b6f c7a8a6a4 28c11de8 0d000014 439b59f8
23:19:46 ipsec,debug,packet ba676c4c 7737ae22 eab8f582 0d000014 4d1e0e13 6deafa34 c4f3ea9f 02ec7285
23:19:46 ipsec,debug,packet 0d000014 80d0bb3d ef54565e e84645d4 c85ce3ee 0d000014 9909b64e ed937c65
23:19:46 ipsec,debug,packet 73de52ac e952fa6b 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014
23:19:46 ipsec,debug,packet cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e 086381b5
23:19:46 ipsec,debug,packet ec427b1f 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862 0d000014 4485152d
23:19:46 ipsec,debug,packet 18b6bbcd 0be8a846 9579ddcc 0d000014 12f5f28c 457168a9 702d9fe2 74cc0100
23:19:46 ipsec,debug,packet 00000014 afcad713 68a1f1c9 6b8696fc 77570100
23:19:46 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:0000000000000000
23:19:47 ipsec,debug,packet ==========
23:19:47 ipsec,debug,packet 100 bytes message received from A.B.C.D[500] to 192.168.0.223[500]
23:19:47 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 01100200 00000000 00000064 0d000034
23:19:47 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:19:47 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10 00000014 4a131c81 07035845 5c5728f2
23:19:47 ipsec,debug,packet 0e95452f
23:19:47 ipsec,debug,packet begin.
23:19:47 ipsec,debug,packet seen nptype=1(sa)
23:19:47 ipsec,debug,packet seen nptype=13(vid)
23:19:47 ipsec,debug,packet succeed.
23:19:47 ipsec,debug received Vendor ID: RFC 3947
23:19:47 ipsec,debug Selected NAT-T version: RFC 3947
23:19:47 ipsec,debug,packet total SA len=48
23:19:47 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:19:47 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10
23:19:47 ipsec,debug,packet begin.
23:19:47 ipsec,debug,packet seen nptype=2(prop)
23:19:47 ipsec,debug,packet succeed.
23:19:47 ipsec,debug,packet proposal #1 len=40
23:19:47 ipsec,debug,packet begin.
23:19:47 ipsec,debug,packet seen nptype=3(trns)
23:19:47 ipsec,debug,packet succeed.
23:19:47 ipsec,debug,packet transform #1 len=32
23:19:47 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:19:47 ipsec,debug,packet encryption(3des)
23:19:47 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:19:47 ipsec,debug,packet hash(sha1)
23:19:47 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:19:47 ipsec,debug,packet dh(modp1024)
23:19:47 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:19:47 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:19:47 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:19:47 ipsec,debug,packet pair 1:
23:19:47 ipsec,debug,packet 0x47cf08: next=(nil) tnext=(nil)
23:19:47 ipsec,debug,packet proposal #1: 1 transform
23:19:47 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
23:19:47 ipsec,debug,packet trns#=1, trns-id=IKE
23:19:47 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:19:47 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:19:47 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:19:47 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:19:47 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:19:47 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:19:47 ipsec,debug,packet Compared: Local:Peer
23:19:47 ipsec,debug,packet (lifetime = 3600:3600)
23:19:47 ipsec,debug,packet (lifebyte = 0:0)
23:19:47 ipsec,debug,packet enctype = 3DES-CBC:3DES-CBC
23:19:47 ipsec,debug,packet (encklen = 0:0)
23:19:47 ipsec,debug,packet hashtype = SHA:SHA
23:19:47 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
23:19:47 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
23:19:47 ipsec,debug,packet an acceptable proposal found.
23:19:47 ipsec,debug,packet dh(modp1024)
23:19:47 ipsec,debug,packet agreed on pre-shared key auth.
23:19:47 ipsec,debug,packet ===
23:19:47 ipsec,debug,packet compute DH's private.
23:19:47 ipsec,debug,packet 5245f6f9 c33b63e2 a16eee00 9ae2a462 b622d609 1f23080f d84055a9 be03ab5e
23:19:47 ipsec,debug,packet fc282181 50b84ca8 2b7af426 c0176b56 0a02043a b1729c0c 2edc61f3 55eac1df
23:19:47 ipsec,debug,packet 4cf2ffc8 3f065523 44d89ac7 1677c6e4 32f81d88 0e9bc378 90e90913 a4b38d6a
23:19:47 ipsec,debug,packet 7c471249 036f3806 31579302 126c9fa6 60985d1d 8f62e2f4 17fda183 4c491b58
23:19:47 ipsec,debug,packet compute DH's public.
23:19:47 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:19:47 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:19:47 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:19:47 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:19:47 ipsec,debug Hashing A.B.C.D[500] with algo #2
23:19:47 ipsec,debug,packet hash(sha1)
23:19:47 ipsec,debug Hashing 192.168.0.223[500] with algo #2
23:19:47 ipsec,debug,packet hash(sha1)
23:19:47 ipsec,debug Adding remote and local NAT-D payloads.
23:19:47 ipsec,debug,packet add payload of len 128, next type 10
23:19:47 ipsec,debug,packet add payload of len 24, next type 20
23:19:47 ipsec,debug,packet add payload of len 20, next type 20
23:19:47 ipsec,debug,packet add payload of len 20, next type 0
23:19:47 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:47 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:47 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:47 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:47 ipsec,debug,packet src4 192.168.0.223[500]
23:19:47 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:47 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:47 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:19:47 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:19:47 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:19:47 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:19:47 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:19:47 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:19:47 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:19:47 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:19:47 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:19:57 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:19:57 ipsec,debug,packet sockname 192.168.0.223[500]
23:19:57 ipsec,debug,packet send packet from 192.168.0.223[500]
23:19:57 ipsec,debug,packet send packet to A.B.C.D[500]
23:19:57 ipsec,debug,packet src4 192.168.0.223[500]
23:19:57 ipsec,debug,packet dst4 A.B.C.D[500]
23:19:57 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:19:57 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:19:57 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:19:57 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:19:57 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:19:57 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:19:57 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:19:57 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:19:57 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:19:57 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:07 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:07 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:07 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:07 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:07 ipsec,debug,packet src4 192.168.0.223[500]
23:20:07 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:07 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:07 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:20:07 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:20:07 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:20:07 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:20:07 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:20:07 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:20:07 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:20:07 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:20:07 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:17 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:17 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:17 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:17 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:17 ipsec,debug,packet src4 192.168.0.223[500]
23:20:17 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:17 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:17 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:20:17 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:20:17 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:20:17 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:20:17 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:20:17 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:20:17 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:20:17 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:20:17 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:27 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:27 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:27 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:27 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:27 ipsec,debug,packet src4 192.168.0.223[500]
23:20:27 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:27 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:27 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:20:27 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:20:27 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:20:27 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:20:27 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:20:27 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:20:27 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:20:27 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:20:27 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:37 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:37 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:37 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:37 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:37 ipsec,debug,packet src4 192.168.0.223[500]
23:20:37 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:37 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:37 ipsec,debug,packet 59cf7fc4 5df2d47d 35798ff0 6b16adea 04100200 00000000 000000ec 0a000084
23:20:37 ipsec,debug,packet 229b788f 106362f6 edb6d6ed e586f1dd fd81927a c67c8ace 4fa68862 ab34e9bd
23:20:37 ipsec,debug,packet 86ecc52d 0831d5e7 75fdd5e8 cc016f0d e1eb58f6 91929c90 27a32f42 1814fd6c
23:20:37 ipsec,debug,packet 984d6930 25836d86 3a8fd9c1 2268c94b c7e324bd 16249fcc 9221a03f 79fc4cf3
23:20:37 ipsec,debug,packet 60df3d07 3dd4a222 43709dcf 4a1b82be 8f9a5db1 042a3e58 70a94480 f75d7991
23:20:37 ipsec,debug,packet 1400001c 85eca684 dcae46c0 a90d8f25 844f8884 d62bc77d 7d304e5e 14000018
23:20:37 ipsec,debug,packet 2eac25be 3bea470a 303db48c 0fb27da3 03cf2282 00000018 6adedbc9 b264d291
23:20:37 ipsec,debug,packet e8c4e4a6 c3e25061 3599d404
23:20:37 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:47 ipsec,error phase1 negotiation failed due to time up 192.168.0.223[500]<=>A.B.C.D[500] 59cf7fc45df2d47d:35798ff06b16adea
23:20:56 ipsec,debug,packet ===
23:20:56 ipsec,debug initiate new phase 1 negotiation: 192.168.0.223[500]<=>A.B.C.D[500]
23:20:56 ipsec,debug begin Identity Protection mode.
23:20:56 ipsec,debug,packet new cookie:
23:20:56 ipsec,debug,packet 629bf09478fd27f0
23:20:56 ipsec,debug,packet add payload of len 48, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 13
23:20:56 ipsec,debug,packet add payload of len 16, next type 0
23:20:56 ipsec,debug,packet 340 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:56 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:56 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:56 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:56 ipsec,debug,packet src4 192.168.0.223[500]
23:20:56 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:56 ipsec,debug,packet 1 times of 340 bytes message will be sent to A.B.C.D[500]
23:20:56 ipsec,debug,packet 629bf094 78fd27f0 00000000 00000000 01100200 00000000 00000154 0d000034
23:20:56 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c0e10
23:20:56 ipsec,debug,packet 80010005 80030001 80020002 80040002 0d000014 4a131c81 07035845 5c5728f2
23:20:56 ipsec,debug,packet 0e95452f 0d000014 8f8d8382 6d246b6f c7a8a6a4 28c11de8 0d000014 439b59f8
23:20:56 ipsec,debug,packet ba676c4c 7737ae22 eab8f582 0d000014 4d1e0e13 6deafa34 c4f3ea9f 02ec7285
23:20:56 ipsec,debug,packet 0d000014 80d0bb3d ef54565e e84645d4 c85ce3ee 0d000014 9909b64e ed937c65
23:20:56 ipsec,debug,packet 73de52ac e952fa6b 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014
23:20:56 ipsec,debug,packet cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e 086381b5
23:20:56 ipsec,debug,packet ec427b1f 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862 0d000014 4485152d
23:20:56 ipsec,debug,packet 18b6bbcd 0be8a846 9579ddcc 0d000014 12f5f28c 457168a9 702d9fe2 74cc0100
23:20:56 ipsec,debug,packet 00000014 afcad713 68a1f1c9 6b8696fc 77570100
23:20:56 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 629bf09478fd27f0:0000000000000000
23:20:57 ipsec,debug,packet ==========
23:20:57 ipsec,debug,packet 100 bytes message received from A.B.C.D[500] to 192.168.0.223[500]
23:20:57 ipsec,debug,packet 629bf094 78fd27f0 35798ff0 57ef2202 01100200 00000000 00000064 0d000034
23:20:57 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:20:57 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10 00000014 4a131c81 07035845 5c5728f2
23:20:57 ipsec,debug,packet 0e95452f
23:20:57 ipsec,debug,packet begin.
23:20:57 ipsec,debug,packet seen nptype=1(sa)
23:20:57 ipsec,debug,packet seen nptype=13(vid)
23:20:57 ipsec,debug,packet succeed.
23:20:57 ipsec,debug received Vendor ID: RFC 3947
23:20:57 ipsec,debug Selected NAT-T version: RFC 3947
23:20:57 ipsec,debug,packet total SA len=48
23:20:57 ipsec,debug,packet 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020002
23:20:57 ipsec,debug,packet 80040002 80030001 800b0001 800c0e10
23:20:57 ipsec,debug,packet begin.
23:20:57 ipsec,debug,packet seen nptype=2(prop)
23:20:57 ipsec,debug,packet succeed.
23:20:57 ipsec,debug,packet proposal #1 len=40
23:20:57 ipsec,debug,packet begin.
23:20:57 ipsec,debug,packet seen nptype=3(trns)
23:20:57 ipsec,debug,packet succeed.
23:20:57 ipsec,debug,packet transform #1 len=32
23:20:57 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:20:57 ipsec,debug,packet encryption(3des)
23:20:57 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:20:57 ipsec,debug,packet hash(sha1)
23:20:57 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:20:57 ipsec,debug,packet dh(modp1024)
23:20:57 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:20:57 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:20:57 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:20:57 ipsec,debug,packet pair 1:
23:20:57 ipsec,debug,packet 0x47a848: next=(nil) tnext=(nil)
23:20:57 ipsec,debug,packet proposal #1: 1 transform
23:20:57 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
23:20:57 ipsec,debug,packet trns#=1, trns-id=IKE
23:20:57 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
23:20:57 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
23:20:57 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
23:20:57 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
23:20:57 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
23:20:57 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
23:20:57 ipsec,debug,packet Compared: Local:Peer
23:20:57 ipsec,debug,packet (lifetime = 3600:3600)
23:20:57 ipsec,debug,packet (lifebyte = 0:0)
23:20:57 ipsec,debug,packet enctype = 3DES-CBC:3DES-CBC
23:20:57 ipsec,debug,packet (encklen = 0:0)
23:20:57 ipsec,debug,packet hashtype = SHA:SHA
23:20:57 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
23:20:57 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
23:20:57 ipsec,debug,packet an acceptable proposal found.
23:20:57 ipsec,debug,packet dh(modp1024)
23:20:57 ipsec,debug,packet agreed on pre-shared key auth.
23:20:57 ipsec,debug,packet ===
23:20:57 ipsec,debug,packet compute DH's private.
23:20:57 ipsec,debug,packet 45188878 53d8cfcf 094fdf7d 5f3e7678 470ca93a 3acc73e2 f790b9fc 6fc5f84f
23:20:57 ipsec,debug,packet eb68c7ad a0936355 8361ed31 c887a57a f3abf2a4 ceb4aa0e d73174b2 b725ffd8
23:20:57 ipsec,debug,packet f2bc4398 ddfeaae3 4845e2dc 2dedd6af eac6247d 02d52a34 15696ff5 8f692008
23:20:57 ipsec,debug,packet eafdb14e 75c39db9 a234eef5 9e42d13e 26ca7687 414c548d 02fd47a6 4d4d5e18
23:20:57 ipsec,debug,packet compute DH's public.
23:20:57 ipsec,debug,packet 59f604f6 e8f103a4 9dd6e03a 32a4397a a41e8456 467fc0ad 089e3bd8 b84407cf
23:20:57 ipsec,debug,packet c405cc24 ed509a5f 669b6e04 9feb157e 40ddf611 156f7dbd eb66e813 5d923832
23:20:57 ipsec,debug,packet e44da643 6eb9a822 1696cac1 7590f9de 5f3e43d8 f4155a77 6fb92e7c 58df6570
23:20:57 ipsec,debug,packet 3567098d 22417168 3d4ddffe 252694ad 9ba53162 694c008f a1ede031 7b24ee90
23:20:57 ipsec,debug Hashing A.B.C.D[500] with algo #2
23:20:57 ipsec,debug,packet hash(sha1)
23:20:57 ipsec,debug Hashing 192.168.0.223[500] with algo #2
23:20:57 ipsec,debug,packet hash(sha1)
23:20:57 ipsec,debug Adding remote and local NAT-D payloads.
23:20:57 ipsec,debug,packet add payload of len 128, next type 10
23:20:57 ipsec,debug,packet add payload of len 24, next type 20
23:20:57 ipsec,debug,packet add payload of len 20, next type 20
23:20:57 ipsec,debug,packet add payload of len 20, next type 0
23:20:57 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:20:57 ipsec,debug,packet sockname 192.168.0.223[500]
23:20:57 ipsec,debug,packet send packet from 192.168.0.223[500]
23:20:57 ipsec,debug,packet send packet to A.B.C.D[500]
23:20:57 ipsec,debug,packet src4 192.168.0.223[500]
23:20:57 ipsec,debug,packet dst4 A.B.C.D[500]
23:20:57 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:20:57 ipsec,debug,packet 629bf094 78fd27f0 35798ff0 57ef2202 04100200 00000000 000000ec 0a000084
23:20:57 ipsec,debug,packet 59f604f6 e8f103a4 9dd6e03a 32a4397a a41e8456 467fc0ad 089e3bd8 b84407cf
23:20:57 ipsec,debug,packet c405cc24 ed509a5f 669b6e04 9feb157e 40ddf611 156f7dbd eb66e813 5d923832
23:20:57 ipsec,debug,packet e44da643 6eb9a822 1696cac1 7590f9de 5f3e43d8 f4155a77 6fb92e7c 58df6570
23:20:57 ipsec,debug,packet 3567098d 22417168 3d4ddffe 252694ad 9ba53162 694c008f a1ede031 7b24ee90
23:20:57 ipsec,debug,packet 1400001c be7d309f 2b5cfd50 6321bad9 72d4e137 a0725597 64e4eae0 14000018
23:20:57 ipsec,debug,packet 0ce33cb6 1a339e82 49037402 8ff78350 669ecb04 00000018 af6314fd 27863721
23:20:57 ipsec,debug,packet 0bfebacd ae930804 da004e46
23:20:57 ipsec,debug sent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 629bf09478fd27f0:35798ff057ef2202
23:21:07 ipsec,debug,packet 236 bytes from 192.168.0.223[500] to A.B.C.D[500]
23:21:07 ipsec,debug,packet sockname 192.168.0.223[500]
23:21:07 ipsec,debug,packet send packet from 192.168.0.223[500]
23:21:07 ipsec,debug,packet send packet to A.B.C.D[500]
23:21:07 ipsec,debug,packet src4 192.168.0.223[500]
23:21:07 ipsec,debug,packet dst4 A.B.C.D[500]
23:21:07 ipsec,debug,packet 1 times of 236 bytes message will be sent to A.B.C.D[500]
23:21:07 ipsec,debug,packet 629bf094 78fd27f0 35798ff0 57ef2202 04100200 00000000 000000ec 0a000084
23:21:07 ipsec,debug,packet 59f604f6 e8f103a4 9dd6e03a 32a4397a a41e8456 467fc0ad 089e3bd8 b84407cf
23:21:07 ipsec,debug,packet c405cc24 ed509a5f 669b6e04 9feb157e 40ddf611 156f7dbd eb66e813 5d923832
23:21:07 ipsec,debug,packet e44da643 6eb9a822 1696cac1 7590f9de 5f3e43d8 f4155a77 6fb92e7c 58df6570
23:21:07 ipsec,debug,packet 3567098d 22417168 3d4ddffe 252694ad 9ba53162 694c008f a1ede031 7b24ee90
23:21:07 ipsec,debug,packet 1400001c be7d309f 2b5cfd50 6321bad9 72d4e137 a0725597 64e4eae0 14000018
23:21:07 ipsec,debug,packet 0ce33cb6 1a339e82 49037402 8ff78350 669ecb04 00000018 af6314fd 27863721
23:21:07 ipsec,debug,packet 0bfebacd ae930804 da004e46
23:21:07 ipsec,debug resent phase1 packet 192.168.0.223[500]<=>A.B.C.D[500] 629bf09478fd27f0:35798ff057ef2202
So it seems that phase1 gets started (and some parts of phase2, as the log shows:
An acceptable proposal found.
and the proposal is only linked from the policy...
But when I try to start the L2TP client:
Code: Select all
23:24:29 l2tp,debug,packet sent control message to A.B.C.D:1701
23:24:29 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
23:24:29 l2tp,debug,packet (M) Message-Type=SCCRQ
23:24:29 l2tp,debug,packet (M) Protocol-Version=0x01:00
23:24:29 l2tp,debug,packet (M) Framing-Capabilities=0x1
23:24:29 l2tp,debug,packet (M) Bearer-Capabilities=0x0
23:24:29 l2tp,debug,packet Firmware-Revision=0x1
23:24:29 l2tp,debug,packet (M) Host-Name="myGW"
23:24:29 l2tp,debug,packet Vendor-Name="MikroTik"
23:24:29 l2tp,debug,packet (M) Assigned-Tunnel-ID=1
23:24:29 l2tp,debug,packet (M) Receive-Window-Size=4
23:24:33 l2tp,debug,packet sent control message to A.B.C.D:1701
23:24:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
23:24:33 l2tp,debug,packet (M) Message-Type=SCCRQ
23:24:33 l2tp,debug,packet (M) Protocol-Version=0x01:00
23:24:33 l2tp,debug,packet (M) Framing-Capabilities=0x1
23:24:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0
23:24:33 l2tp,debug,packet Firmware-Revision=0x1
23:24:33 l2tp,debug,packet (M) Host-Name="myGW"
23:24:33 l2tp,debug,packet Vendor-Name="MikroTik"
23:24:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=1
23:24:33 l2tp,debug,packet (M) Receive-Window-Size=4
instead of being encapsulated in the IPsec packets on port 500. Ie, they are visible to my
tcpdump:
Code: Select all
23:25:41.025550 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) 192.168.0.223.1701 > A.B.C.D.1701: [udp sum ok] l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() FIRM_VER(1) *HOST_NAME(myGW) VENDOR_NAME(MikroTik) *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)
23:25:42.023463 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) 192.168.0.223.1701 > A.B.C.D.1701: [udp sum ok] l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() FIRM_VER(1) *HOST_NAME(myGW) VENDOR_NAME(MikroTik) *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)
23:25:43.023322 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) 192.168.0.223.1701 > A.B.C.D.1701: [udp sum ok] l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() FIRM_VER(1) *HOST_NAME(myGW) VENDOR_NAME(MikroTik) *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)
23:25:45.024202 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) 192.168.0.223.1701 > A.B.C.D.1701: [udp sum ok] l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() FIRM_VER(1) *HOST_NAME(myGW) VENDOR_NAME(MikroTik) *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)
I tried this also with
Code: Select all
tunnel=no
Where am I going wrong?