› Forums › Network Management › ZeroShell › problem with host to lan vpn L2tp/ipsec
- This topic is empty.
-
AuthorPosts
-
February 12, 2008 at 4:25 am #40911
Lordnet
Member190.161.x.x it’s the client modem ip. dmz host disabled
192.168.10.103 it’s the lan ip of the client, conected to internet by a linksys router
201.222x.x is the ip of modem where zeroshell is instaled
192.168.1.150 is the internal LAN IP of zeroshell (only one network card conected). dmz host enabled on this ip. conected with a linksys router00:52:04 INFO: respond new phase 1 negotiation: 192.168.1.150[500]<=>190.161.x.x[500]
00:52:04 INFO: begin Identity Protection mode.
00:52:04 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
00:52:04 INFO: received Vendor ID: FRAGMENTATION
00:52:04 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
00:52:04 INFO: ISAKMP-SA established 192.168.1.150[500]-190.161.x.x[500] spi:73fe0b96fd5e5d44:72dfcd932f42408b
00:52:04 INFO: respond new phase 2 negotiation: 192.168.1.150[500]<190>192.168.1.150[0] spi=240080123(0xe4f54fb)
00:52:05 INFO: IPsec-SA established: ESP/Transport 192.168.1.150[0]->190.161.xx[0] spi=3021131808(0xb412d020)
00:52:05 ERROR: such policy does not already exist: “192.168.10.103/32[1701] 201.222.xx/32[1701] proto=udp dir=in”
00:52:05 ERROR: such policy does not already exist: “201.222.xx/32[1701] 192.168.xx/32[1701] proto=udp dir=out”
00:52:41 INFO: purging ISAKMP-SA spi=73fe0b96fd5e5d44:72dfcd932f42408b.
00:52:41 INFO: purged ISAKMP-SA spi=73fe0b96fd5e5d44:72dfcd932f42408b.
00:52:41 ERROR: unknown Informational exchange received.
00:52:42 INFO: ISAKMP-SA deleted 192.168.1.150[500]-190.161.xxx[500] spi:73fe0b96fd5e5d44:72dfcd932f42408b01:36:39 INFO: respond new phase 1 negotiation: 192.168.1.150[500]<=>190.161.x[500]
01:36:39 INFO: begin Identity Protection mode.
01:36:39 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
01:36:39 INFO: received Vendor ID: FRAGMENTATION
01:36:39 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
01:36:39 NOTIFY: the packet is retransmitted by 190.161.x[500].
01:36:39 NOTIFY: the packet is retransmitted by 190.161.x[500].
01:36:39 INFO: ISAKMP-SA established 192.168.1.150[500]-190.161.x[500] spi:3aa854e7edd968ee:45a49de9cc9ffb5d
01:36:39 INFO: respond new phase 2 negotiation: 192.168.1.150[500]<190>192.168.1.150[0] spi=45280013(0x2b2eb0d)
01:36:39 INFO: IPsec-SA established: ESP/Transport 192.168.1.150[0]->190.161.x[0] spi=1784062332(0x6a56a17c)
01:36:39 ERROR: such policy does not already exist: “192.168.10.103/32[1701] 201.222.x/32[1701] proto=udp dir=in”
01:36:39 ERROR: such policy does not already exist: “201.222.x/32[1701] 192.168.10.103/32[1701] proto=udp dir=out”
01:37:14 INFO: purging ISAKMP-SA spi=3aa854e7edd968ee:45a49de9cc9ffb5d.
01:37:14 INFO: purged ISAKMP-SA spi=3aa854e7edd968ee:45a49de9cc9ffb5d.
01:37:15 INFO: ISAKMP-SA deleted 192.168.1.150[500]-190.161.x[500] spi:3aa854e7edd968ee:45a49de9cc9ffb5dApril 1, 2008 at 7:53 pm #46163carlosczar
MemberHey Lord.
I’ve the same problem in my net.Have you found a solution for? I was implemented the /etc/ipsec.conf file and execute setkey with -f option, but without sucesses.
Can you help me?
ThanksOctober 8, 2009 at 3:33 am #46164cowking2009
MemberDear all,
I have the same problem of you while using NAT-T. Any ideas?
11:28:53 INFO: Hashing 140.116.103.162[43166] with algo #1
11:28:53 INFO: Hashing 140.116.103.164[500] with algo #1
11:28:53 INFO: Adding remote and local NAT-D payloads.
11:28:53 INFO: NAT-T: ports changed to: 140.116.103.162[43270]140.116.103.164[4500]
11:28:53 INFO: KA list add: 140.116.103.164[4500]->140.116.103.162[43270]
11:28:53 INFO: ISAKMP-SA established 140.116.103.164[4500]-140.116.103.162[43270] spi:70a96c3f3f6e6c15:8a639dc973d76474
11:28:54 INFO: respond new phase 2 negotiation: 140.116.103.164[4500]140.116.103.162[43270]
11:28:54 INFO: no policy found, try to generate the policy : 140.116.103.162/32[43270] 140.116.103.164/32[1701] proto=udp dir=in
11:28:54 INFO: Adjusting my encmode UDP-Transport->Transport
11:28:54 INFO: Adjusting peer’s encmode UDP-Transport(61444)->Transport(2)
11:28:54 INFO: IPsec-SA established: ESP/Transport 140.116.103.162[43270]->140.116.103.164[4500] spi=120777682(0x732ebd2)
11:28:54 INFO: IPsec-SA established: ESP/Transport 140.116.103.164[4500]->140.116.103.162[43270] spi=592665891(0x23535d23)
11:28:54 ERROR: such policy does not already exist: “140.116.103.162/32[43270] 140.116.103.164/32[1701] proto=udp dir=in”
11:28:54 ERROR: such policy does not already exist: “140.116.103.164/32[1701] 140.116.103.162/32[43270] proto=udp dir=out”
11:29:29 INFO: purging ISAKMP-SA spi=70a96c3f3f6e6c15:8a639dc973d76474.
11:29:29 INFO: purged ISAKMP-SA spi=70a96c3f3f6e6c15:8a639dc973d76474.
11:29:30 INFO: ISAKMP-SA deleted 140.116.103.164[4500]-140.116.103.162[43270] spi:70a96c3f3f6e6c15:8a639dc973d76474Any ideas?
Thanks and regards,
Cowking -
AuthorPosts
- You must be logged in to reply to this topic.