Re: How to configure OpenBSD L2TP/IPSEC VPN to work with Windows 10?

Thu, 04 Aug 2016 09:58:18 -0700 

ike passive esp transport proto udp from egress to 0.0.0.0/0 port 1701 \
       main auth hmac-sha1 enc 3des group modp2048 \
       quick auth hmac-sha1 enc 3des psk "YOURSECRET"


You are welcome

(:

2016-08-04 13:15 GMT-03:00 Sebastian Wain <sebastian.w...@nektra.com>:

> I can't figure out how to make an OpenBSD VPN work. I followed the guide at
> [1] to set up
> a VPN, modified the network interface there to tun0 instead of pppoe0, and
> didn't
> configure the pf.conf. When I tried to connect from Win10 using the
> "L2TP/IPsec with pre-shared key" VPN type I see the issues below in phase
> 2:
>
> Thanks
> Sebastian
>
> [1] http://blog.fuckingwith.it/2015/08/openbsd-l2tpipsec-vpn-
> works-with.html
>
>     Aug  3 responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs:
> initiator id 192.168.0.129, responder id 192.168.0.253
>     Aug  3 11:17:13 fw isakmpd[7947]: dropped message from 192.168.0.129
> port 500 due to notification type INVALID_ID_INFORMATION
>     Aug  3 11:17:14 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
> 192.168.0.253
>     Aug  3 11:17:14 fw isakmpd[7947]: dropped message from 192.168.0.129
> port 500 due to notification type INVALID_ID_INFORMATION
>     Aug  3 11:17:15 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
> 192.168.0.253
>     Aug  3 11:17:15 fw isakmpd[7947]: dropped message from 192.168.0.129
> port 500 due to notification type INVALID_ID_INFORMATION
>     Aug  3 11:17:18 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
> 192.168.0.253
>     Aug  3 11:17:18 fw isakmpd[7947]: dropped message from 192.168.0.129
> port 500 due to notification type INVALID_ID_INFORMATION
>     Aug  3 11:17:25 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
> 192.168.0.253
>     Aug  3 11:17:25 fw isakmpd[7947]: dropped message from 192.168.0.129
> port 500 due to notification type INVALID_ID_INFORMATION
>     Aug  3 11:17:40 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
> 192.168.0.253
>     Aug  3 11:17:40 fw isakmpd[7947]: dropped message from 192.168.0.129
> port 500 due to notification type INVALID_ID_INFORMATION
>     Aug  3 11:17:55 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
> 192.168.0.253
>     Aug  3 11:17:55 fw isakmpd[7947]: dropped message from 192.168.0.129
> port 500 due to notification type INVALID_ID_INFORMATION
>     Aug  3 11:18:38 fw isakmpd[7947]: transport_send_messages: giving up on
> exchange peer-default, no response from peer 192.168.0.129:500

Reply via email to