[ previous ] [ next ] [ threads ]
 
 From:  wmorgan at ffpir dot org
 To:  "Eric Adler" <eadler at sarlog dot de>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VPN - IPsec break down without changing anything
 Date:  Fri, 4 Apr 2008 07:03:32 -0600 
glad to hear it!

On 4/4/08, Eric Adler <eadler at sarlog dot de> wrote:
> Thank you very much. It works!!!!!
>
> Mit freundlichen Gruessen  /  Best Regards
>
>
>
> Eric Adler
>
>
> -----Ursprüngliche Nachricht-----
> Von: cap10morgan at gmail dot com [mailto:cap10morgan at gmail dot com] Im Auftrag von
> wmorgan at ffpir dot org
> Gesendet: Freitag, 4. April 2008 14:41
> An: Eric Adler; m0n0wall at lists dot m0n0 dot ch
> Betreff: Re: [m0n0wall] VPN - IPsec break down without changing anything
>
> It looks like the other end of the connection is only offering to use
> DES encryption and a 768-bit DH group. This is _not_ secure, but some
> older hardware (notably Cisco) doesn't support anything better.
>
> I'd start by seeing if you can turn on 3DES or AES encryption and at
> least a 1024-bit DH (aka MODP) group on the other end for the phase 1
> negotiation.
> Wes
>
>
> On 4/4/08, Eric Adler <eadler at sarlog dot de> wrote:
> > Hello all,
> >
> >
> >
> > maybe somebody can help me in that case. IPsec (static IP - each site) -
> all
> > other setting's are okay, as usual. Suddenly the VPN was down. Nobody
> knows
> > why.
> >
> >
> >
> > I deleted, created new, changed the pre-shared-key (both sides) deleted
> SPD
> > - hardware reset (incl. disconnected power link)
> >
> >
> >
> > No result. I copied in my logs. Maybe somebody can read this
> >
> >
> >
> >
> >
> >
> > Apr 4 13:45:12
> >
> > racoon: INFO: request for establishing IPsec-SA was queued due to no
> phase1
> > found.
> >
> >
> > Apr 4 13:45:17
> >
> > racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
> >
> >
> > Apr 4 13:45:17
> >
> > racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
> >
> >
> > Apr 4 13:45:17
> >
> > racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
> >
> >
> > Apr 4 13:45:17
> >
> > racoon: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#1) =
> > 3DES-CBC:DES-CBC
> >
> >
> > Apr 4 13:45:17
> >
> > racoon: ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) =
> > 1024-bit MODP group:768-bit MODP group
> >
> >
> > Apr 4 13:45:17
> >
> > racoon: ERROR: no suitable proposal found.
> >
> >
> > Apr 4 13:45:17
> >
> > racoon: ERROR: failed to get valid proposal.
> >
> >
> > Apr 4 13:45:27
> >
> > racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
> >
> >
> > Apr 4 13:45:27
> >
> > racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
> >
> >
> > Apr 4 13:45:27
> >
> > racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
> >
> >
> > Apr 4 13:45:27
> >
> > racoon: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#1) =
> > 3DES-CBC:DES-CBC
> >
> >
> > Apr 4 13:45:27
> >
> > racoon: ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) =
> > 1024-bit MODP group:768-bit MODP group
> >
> >
> > Apr 4 13:45:27
> >
> > racoon: ERROR: no suitable proposal found.
> >
> >
> > Apr 4 13:45:27
> >
> > racoon: ERROR: failed to get valid proposal.
> >
> >
> > Apr 4 13:45:38
> >
> > racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
> >
> >
> > Apr 4 13:45:38
> >
> > racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
> >
> >
> > Apr 4 13:45:38
> >
> > racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
> >
> >
> > Apr 4 13:45:38
> >
> > racoon: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#1) =
> > 3DES-CBC:DES-CBC
> >
> >
> > Apr 4 13:45:38
> >
> > racoon: ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) =
> > 1024-bit MODP group:768-bit MODP group
> >
> >
> > Apr 4 13:45:38
> >
> > racoon: ERROR: no suitable proposal found.
> >
> >
> > Apr 4 13:45:38
> >
> > racoon: ERROR: failed to get valid proposal.
> >
> >
> > Apr 4 13:45:43
> >
> > racoon: ERROR: phase2 negotiation failed due to time up waiting for
> phase1.
> > ESP 194.151.13.99[500]->88.79.85.204[500]
> >
> >
> > Apr 4 13:45:43
> >
> > racoon: INFO: delete phase 2 handler.
> >
> >
> >
> >
> >
> > Please help me with this problem
> >
> >
> >
> > Mit freundlichen Gruessen  /  Best Regards
> >
> >
> >
> > Eric Adler
> >
> >
>
>
> --
> "Small acts of humanity amid the chaos of inhumanity provide hope. But
> small acts are insufficient."
>
> - Paul Rusesabagina, Rwandan and former hotel manager whose actions
> inspired the movie Hotel Rwanda
>
>


-- 
"Small acts of humanity amid the chaos of inhumanity provide hope. But
small acts are insufficient."

- Paul Rusesabagina, Rwandan and former hotel manager whose actions
inspired the movie Hotel Rwanda