Hi,
I would just like to say thank you to everyone. On point irony, I learned
yesterday that today the office network is being upgraded and the current
VPN will no longer work.
Thank you for your help, I'm sorry I can report back a solution. I wish
you all the best.
--
Kind regards
Stephen Feyrer.
On Mon, 20 Apr 2015 12:02:36 +0100, Noel Kuntze n...@familie-kuntze.de
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Stephen,
Your original configuration looks like l2tp/IPsec.
Your configuration was correct for that purpose.
Where this is going right now, is a general roadwarrior configuration
for IKEv1.
Please check what is actually configured on the IOS device, so
we can solve this quickly.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 20.04.2015 um 11:01 schrieb Stephen Feyrer:
Hi Miroslav,
Thank you.
We've made progress. I haven't included the any of the log file as it
is very verbose (24488 lines - for ipsec up, statusall, down). Please
let me know which sections to look at and I'll grab those.
As you can see below the transaction request below seems to be very
laboured but does result in a success statement. Following that I have
tried to test with openl2tp to create the l2tp ppp tunnel. Openl2tp
seems create this tunnel but ifconfig does not show any ppp interfaces.
The lines in the conn left/rightprotoport do not seem to affect the
outcome whether included or not. The charondebug line when uncommented
prevents any output and I suspect that the syntax is wrong there.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
#charondebug=ike 3, cfg 3, app 3, chd 3, dmn 3, net 3
conn VPN-OFFICE-COM
keyexchange=ikev1
type=tunnel
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%any
leftsourceip=%config
# leftprotoport=udp/l2tp
right=vpn.office.com
# rightprotoport=udp/l2tp
rightid=17.11.7.5
rightsubnet=0.0.0.0/0
auto=add
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [HIDDEN]
received unknown vendor ID: [HIDDEN]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating TRANSACTION request [HIDDEN] [ HASH CPRQ(ADDR DNS U_SPLITINC
U_LOCALLAN) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
sending retransmit 1 of request message ID [HIDDEN], seq 4
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
sending retransmit 2 of request message ID [HIDDEN], seq 4
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
sending retransmit 3 of request message ID [HIDDEN], seq 4
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed INFORMATIONAL_V1 request [HIDDEN] [ HASH N(DPD) ]
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed INFORMATIONAL_V1 request [HIDDEN] [ HASH N(DPD) ]
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed INFORMATIONAL_V1 request [HIDDEN] [ HASH N(DPD) ]
sending keep alive to 17.11.7.5[4500]
sending retransmit 4 of request message ID [HIDDEN], seq 4
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed INFORMATIONAL_V1 request [HIDDEN] [ HASH D ]
received DELETE for IKE_SA VPN-OFFICE-COM[1]
deleting IKE_SA VPN-OFFICE-COM[1] between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
initiating Main Mode IKE_SA VPN-OFFICE-COM[2] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
connection 'VPN-OFFICE-COM' established successfully
# ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.2, Linux 3.16.5-gentoo,
x86_64):
uptime: 112 seconds, since Apr 20