Re: VPN ins OS X Server 10.9

LuKreme Tue, 04 Mar 2014 19:16:23 -0800

On 04 Mar 2014, at 18:44 , Gilbert Wilson <[email protected]> wrote:
> On Mar 4, 2014, at 2:03 PM, LuKreme <[email protected]> wrote:
>> On 04 Mar 2014, at 11:33 , Gilbert Wilson <[email protected]> wrote:
>> 
>>> So, if you’re not seeing anything on the server side in 
>>> /var/log/ppp/vpnd.log double-check system.log for messages from racoon and 
>>> vpnd (although from the sound of what you’ve described I’d hazard the guess 
>>> that you’ll only see logs from racoon, if anything at all).
>> 
>> When I try to connect with the phone I get:
>> 
>> [snipped, see below]
> 
> For the iPhone connection above can you include the stuff you cut out?


I can, but it is hundreds of lines that look much like the next two, reject of 
hash, reject of prf.

> My best guess at this point is that the iPhone is having some sort of issue 
> traversing NAT. You are using the iPhone’s built-in L2TP/ipsec client, 
> correct?

Yes.

> I would be surprised if Apple did something to break phase1 negotiation 
> between an iPhone and OS X Server’s VPN. It may be worth testing it from 
> different networks (including the cell network)

Yes, I am testing from the iPhone via LTE and via the LAN with no difference in 
results.

> to see if the messages are different. Also, what versions of iOS and OS 
> X/Server are you using?

10.9.2/7.1, Server is whatever version was part of 10.9.2, but I don’t have 
that number in front of me. I know, you’re thinking, “Ahah! iOS 7.1!” but the 
exact same thing same thing happens with the iPad on iOS 7.0.6.

Log lines follow (pasting them as quoted so that hopefully most people will see 
them folded)

> Mar  4 13:19:31 www.kreme.com racoon[224]: Connecting.
> Mar  4 13:19:31 www.kreme.com racoon[224]: Invalid exchange type 243 from 
> 212.24.148.213[130].
> Mar  4 13:19:31 www.kreme.com racoon[224]: IPSec Phase 1 started (Initiated 
> by peer).
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#1):Peer(prop#1:trns#1) = pre-shared key:XAuth pskey client
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#2):Peer(prop#1:trns#1) = pre-shared key:XAuth pskey client
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected hashtype: 
> DB(prop#1:trns#2):Peer(prop#1:trns#1) = MD5:SHA
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#2):Peer(prop#1:trns#1) = MD5.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#3):Peer(prop#1:trns#1) = pre-shared key:XAuth pskey client
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#3):Peer(prop#1:trns#1) = SHA.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#4):Peer(prop#1:trns#1) = pre-shared key:XAuth pskey client
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected hashtype: 
> DB(prop#1:trns#4):Peer(prop#1:trns#1) = MD5:SHA
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#4):Peer(prop#1:trns#1) = MD5.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected enctype: 
> DB(prop#1:trns#5):Peer(prop#1:trns#1) = 3DES-CBC:AES-CBC
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#5):Peer(prop#1:trns#1) = pre-shared key:XAuth pskey client
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#5):Peer(prop#1:trns#1) = SHA.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected enctype: 
> DB(prop#1:trns#6):Peer(prop#1:trns#1) = 3DES-CBC:AES-CBC
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#6):Peer(prop#1:trns#1) = pre-shared key:XAuth pskey client
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected hashtype: 
> DB(prop#1:trns#6):Peer(prop#1:trns#1) = MD5:SHA
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#6):Peer(prop#1:trns#1) = MD5.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected enctype: 
> DB(prop#1:trns#1):Peer(prop#1:trns#2) = AES-CBC:3DES-CBC
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#1):Peer(prop#1:trns#2) = pre-shared key:XAuth pskey client
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#1):Peer(prop#1:trns#2) = SHA.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected enctype: 
> DB(prop#1:trns#2):Peer(prop#1:trns#2) = AES-CBC:3DES-CBC
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#2):Peer(prop#1:trns#2) = pre-shared key:XAuth pskey client
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected hashtype: 
> DB(prop#1:trns#2):Peer(prop#1:trns#2) = MD5:SHA
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#2):Peer(prop#1:trns#2) = MD5.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected enctype: 
> DB(prop#1:trns#3):Peer(prop#1:trns#2) = AES-CBC:3DES-CBC
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#3):Peer(prop#1:trns#2) = pre-shared key:XAuth pskey client
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#3):Peer(prop#1:trns#2) = SHA.0:0.0

And on and on until we get to the end:

> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#3):Peer(prop#1:trns#4) = pre-shared key:RSA signatures
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#3):Peer(prop#1:trns#4) = SHA.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected enctype: 
> DB(prop#1:trns#4):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC

> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#4):Peer(prop#1:trns#4) = pre-shared key:RSA signatures
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected hashtype: 
> DB(prop#1:trns#4):Peer(prop#1:trns#4) = MD5:SHA
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#4):Peer(prop#1:trns#4) = MD5.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#5):Peer(prop#1:trns#4) = pre-shared key:RSA signatures
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#5):Peer(prop#1:trns#4) = SHA.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected authmethod: 
> DB(prop#1:trns#6):Peer(prop#1:trns#4) = pre-shared key:RSA signatures
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected hashtype: 
> DB(prop#1:trns#6):Peer(prop#1:trns#4) = MD5:SHA
> Mar  4 13:19:31 www.kreme.com racoon[224]: rejected prf: 
> DB(prop#1:trns#6):Peer(prop#1:trns#4) = MD5.0:0.0
> Mar  4 13:19:31 www.kreme.com racoon[224]: no suitable proposal found.
> Mar  4 13:19:31 www.kreme.com racoon[224]: failed to get valid proposal.
> Mar  4 13:19:31 www.kreme.com racoon[224]: IKE Packet: receive failed. 
> (Responder, Main-Mode Message 1).
> Mar  4 13:19:31 www.kreme.com racoon[224]: failed to pre-process packet.
> Mar  4 13:19:31 www.kreme.com racoon[224]: Phase 1 negotiation failed.

-- 
The Force can have a strong influence on a weak mind.

_______________________________________________
MacOSX-admin mailing list
[email protected]
http://www.omnigroup.com/mailman/listinfo/macosx-admin

Re: VPN ins OS X Server 10.9

Reply via email to