Showing results for 
Search instead for 
Do you mean 
Reply
Dana Stille
Posts: 4
Registered: ‎10-24-2007

VPN between 2 WRSV4400N's fails

I have configured 2 WRSV4400N wireless routers for a VPN connect per the linksys instructions. However, I cannot obtain a connection from either side. I can ping from each end successfully. What am I doing wrong. The following is a log of the VPN connection attempt:
 
Jan 17 15:44:32 - [VPN Log]: Changing to directory '/etc/ipsec.d/cacerts'
Jan 17 15:44:32 - [VPN Log]: Changing to directory '/etc/ipsec.d/aacerts'
Jan 17 15:44:32 - [VPN Log]: Changing to directory '/etc/ipsec.d/ocspcerts'
Jan 17 15:44:32 - [VPN Log]: Changing to directory '/etc/ipsec.d/crls'
Jan 17 15:44:32 - [VPN Log]: Warning: empty directory
Jan 17 15:44:32 - [VPN Log]: added connection description "SCHTunnel"
Jan 17 15:44:32 - [VPN Log]: listening for IKE messages
Jan 17 15:44:32 - [VPN Log]: adding interface ipsec0/ppp0 74.167.18.160:500
Jan 17 15:44:32 - [VPN Log]: adding interface ipsec0/ppp0 74.167.18.160:4500
Jan 17 15:44:32 - [VPN Log]: loading secrets from "/etc/ipsec.secrets"
Jan 17 15:44:34 - [VPN Log]: "SCHTunnel": route-client output: 0
Jan 17 15:44:34 - [VPN Log]: "SCHTunnel" #1: initiating Aggressive Mode #1, connection "SCHTunnel"
Jan 17 15:44:34 - [VPN Log]: "SCHTunnel" #1: received Vendor ID payload [Dead Peer Detection]
Jan 17 15:44:34 - [VPN Log]: "SCHTunnel" #1: Aggressive mode peer ID is ID_IPV4_ADDR: '75.90.123.197'
Jan 17 15:44:34 - [VPN Log]: "SCHTunnel" #1: Aggressive mode peer ID is ID_IPV4_ADDR: '75.90.123.197'
Jan 17 15:44:34 - [VPN Log]: "SCHTunnel" #1: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
Jan 17 15:44:34 - [VPN Log]: "SCHTunnel" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp768}
Jan 17 15:44:34 - [VPN Log]: "SCHTunnel" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK+DONTREKEY+UP+AGGRESSIVE {using isakmp#1}
Jan 17 15:44:34 - [VPN Log]: "SCHTunnel" #1: ISAKMP SA expired (--dontrekey)
Jan 17 15:44:34 - [VPN Log]: packet from 75.90.123.197:500: Informational Exchange is for an unknown (expired?) SA
Jan 17 15:45:44 - [VPN Log]: "SCHTunnel" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Jan 17 15:46:19 - [VPN Log]: packet from 75.90.123.197:500: received Vendor ID payload [Dead Peer Detection]
Jan 17 15:46:19 - [VPN Log]: packet from 75.90.123.197:500: received Vendor ID payload [RFC 3947] method set to=109
Jan 17 15:46:19 - [VPN Log]: packet from 75.90.123.197:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Jan 17 15:46:19 - [VPN Log]: packet from 75.90.123.197:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Jan 17 15:46:19 - [VPN Log]: packet from 75.90.123.197:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jan 17 15:46:19 - [VPN Log]: "SCHTunnel" #3: Aggressive mode peer ID is ID_IPV4_ADDR: '75.90.123.197'
Jan 17 15:46:19 - [VPN Log]: "SCHTunnel" #3: responding to Aggressive Mode, state #3, connection "SCHTunnel" from 75.90.123.197
Jan 17 15:46:19 - [VPN Log]: "SCHTunnel" #3: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
Jan 17 15:46:19 - [VPN Log]: "SCHTunnel" #3: STATE_AGGR_R1: sent AR1, expecting AI2
Jan 17 15:46:19 - [VPN Log]: "SCHTunnel" #3: Aggressive mode peer ID is ID_IPV4_ADDR: '75.90.123.197'
Jan 17 15:46:19 - [VPN Log]: "SCHTunnel" #3: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2
Jan 17 15:46:19 - [VPN Log]: "SCHTunnel" #3: STATE_AGGR_R2: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp768}
Jan 17 15:46:19 - [VPN Log]: "SCHTunnel" #3: ISAKMP SA expired (--dontrekey)
Jan 17 15:46:19 - [VPN Log]: packet from 75.90.123.197:500: Informational Exchange is for an unknown (expired?) SA
Jan 17 15:46:19 - [VPN Log]: packet from 75.90.123.197:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Jan 17 15:46:29 - [VPN Log]: packet from 75.90.123.197:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Jan 17 15:46:32 - [VPN Log]: "SCHTunnel" #4: initiating Aggressive Mode #4, connection "SCHTunnel"
Jan 17 15:46:32 - [VPN Log]: "SCHTunnel" #4: received Vendor ID payload [Dead Peer Detection]
Jan 17 15:46:32 - [VPN Log]: "SCHTunnel" #4: Aggressive mode peer ID is ID_IPV4_ADDR: '75.90.123.197'
Jan 17 15:46:32 - [VPN Log]: "SCHTunnel" #4: Aggressive mode peer ID is ID_IPV4_ADDR: '75.90.123.197'
Jan 17 15:46:32 - [VPN Log]: "SCHTunnel" #4: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
Jan 17 15:46:32 - [VPN Log]: "SCHTunnel" #4: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp768}
Jan 17 15:46:32 - [VPN Log]: "SCHTunnel" #5: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK+DONTREKEY+UP+AGGRESSIVE {using isakmp#4}
Jan 17 15:46:32 - [VPN Log]: "SCHTunnel" #4: ISAKMP SA expired (--dontrekey)
Jan 17 15:46:32 - [VPN Log]: packet from 75.90.123.197:500: Informational Exchange is for an unknown (expired?) SA
Jan 17 15:46:50 - [VPN Log]: packet from 75.90.123.197:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Jan 17 15:47:42 - [VPN Log]: "SCHTunnel" #5: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
NervusBre_kdown
Posts: 371
Registered: ‎07-20-2007

Re: VPN between 2 WRSV4400N's fails

may i know the status of your tunnel? is it connected or up?
you can try adjusting your MTU and observe if you can get it to ping...
make sure that you dont have any firewall enabled on both networks
Dana Stille
Posts: 4
Registered: ‎10-24-2007

Re: VPN between 2 WRSV4400N's fails

The tunnel is always down. I have tried adjusting the MTU but it did not seem to make any difference. I have already tried pinging from both sides and I always get a good response.