DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

VPN Tracker 6 -> 2820

  • mpkayeuk
  • Topic Author
  • Offline
  • New Member
  • New Member
More
27 Feb 2010 18:49 #60839 by mpkayeuk
VPN Tracker 6 -> 2820 was created by mpkayeuk
I'm using VPN Tracker 6 client for Mac OS X and trying to connect to a Vigor 2820 over IPSec. When I try and save the Pre-shared key in the Remote User config it doesn't seem to save. Nor does it save the IPSec Security Method settings.

I'm not sure if the above is related, I suspect so, but anyhow it's not connecting.

Code:
18:42:36 VPN Connection Requested 18:42:36 Action on error is now stop 18:42:36 Preparing Connection 18:42:37 Local network identifier is NETWORK-SIGNATURE://Modem.RemoteAddress=*99***1# 18:42:37 Next step: Welcoming connectiond on socket 11 18:42:37 Next step: Updating connectiond process info 18:42:37 Configuring 18:42:37 call pfkey_send_register for AH (349) 18:42:37 call pfkey_send_register for ESP (349) 18:42:37 call pfkey_send_register for IPCOMP (349) 18:42:37 Next step: Sending connectiond config 18:42:37 Saving cached local endpoint 10.57.33.124 18:42:38 Phase 1 Started 18:42:38 Next step: Processing connectiond connection request 18:42:38 Next step: Starting Phase 1 18:42:38 Next step: Starting connectiond timeout 18:42:38 initiate new phase 1 negotiation: 10.57.33.124[500]<=>93.97.166.225[500] (1049) 18:42:38 begin Aggressive mode. (1054) 18:42:38 === Phase 1 aggressive exchange / initiator / send 1 (106) 18:42:38 new cookie: 5fe34d2216ce598c (2163) 18:42:38 local ID: vpntracker (FQDN) (3687) 18:42:38 created transform #1 len=32 (2812) 18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198) 18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198) 18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC (1) (2198) 18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198) 18:42:38 type=Hash Algorithm, flag=0x8000, lorv=SHA (2) (2198) 18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198) 18:42:38 created transform #2 len=32 (2812) 18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198) 18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198) 18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC (1) (2198) 18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198) 18:42:38 type=Hash Algorithm, flag=0x8000, lorv=MD5 (1) (2198) 18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198) 18:42:38 created transform #3 len=32 (2812) 18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198) 18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198) 18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC (5) (2198) 18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198) 18:42:38 type=Hash Algorithm, flag=0x8000, lorv=SHA (2) (2198) 18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198) 18:42:38 created transform #4 len=32 (2812) 18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198) 18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198) 18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC (5) (2198) 18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198) 18:42:38 type=Hash Algorithm, flag=0x8000, lorv=MD5 (1) (2198) 18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198) 18:42:38 created transform #5 len=36 (2812) 18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198) 18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198) 18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC (7) (2198) 18:42:38 type=Key Length, flag=0x8000, lorv=128 (128) (2198) 18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198) 18:42:38 type=Hash Algorithm, flag=0x8000, lorv=SHA (2) (2198) 18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198) 18:42:38 created transform #6 len=36 (2812) 18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198) 18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198) 18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC (7) (2198) 18:42:38 type=Key Length, flag=0x8000, lorv=128 (128) (2198) 18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198) 18:42:38 type=Hash Algorithm, flag=0x8000, lorv=MD5 (1) (2198) 18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198) 18:42:38 created proposal #1 len=208 (2833) 18:42:38 add payload of len 216, next type sa (2293) 18:42:38 add payload of len 128, next type ke (2293) 18:42:38 add payload of len 16, next type nonce (2293) 18:42:38 add payload of len 14, next type id (2293) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-00 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-01 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-02 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-02\n (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-03 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-04 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-05 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-06 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-07 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-08 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: RFC 3947 (2315) 18:42:38 add payload of len 16, next type vid (2293) 18:42:38 added vendor id is: Dead Peer Detection (2315) 18:42:38 send phase1 packet from 10.57.33.124[500] to 93.97.166.225[500] (5fe34d2216ce598c:0000000000000000) (1590) 18:42:39 Phase 1 in Progress 18:42:39 === Phase 1 aggressive exchange / initiator / receive 2 (368) 18:42:39 seen nptype=1(sa) (1402) 18:42:39 seen nptype=4(ke) (1402) 18:42:39 seen nptype=10(nonce) (1402) 18:42:39 seen nptype=5(id) (1402) 18:42:39 seen nptype=8(hash) (1402) 18:42:39 seen nptype=13(vid) (1402) 18:42:39 seen nptype=13(vid) (1402) 18:42:39 seen nptype=20(natd (rfc)) (1402) 18:42:39 seen nptype=20(natd (rfc)) (1402) 18:42:39 received Vendor ID: Dead Peer Detection (349) 18:42:39 received Vendor ID: RFC 3947 (349) 18:42:39 remote gateway is NAT-T capable (13/new) (2737) 18:42:39 remote ID: 93.97.166.225 (IPv4_address) (3559) 18:42:39 seen nptype=2(prop) (1402) 18:42:39 proposal #1 len=40 (1482) 18:42:39 seen nptype=3(trns) (1402) 18:42:39 transform #1 len=32 (1628) 18:42:39 type=Life Type, flag=0x8000, lorv=seconds (1) (2198) 18:42:39 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198) 18:42:39 type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC (1) (2198) 18:42:39 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198) 18:42:39 type=Hash Algorithm, flag=0x8000, lorv=SHA (2) (2198) 18:42:39 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198) 18:42:39 pair 1: (1525) 18:42:39 0x204620: next=0x0 tnext=0x0 (908) 18:42:39 proposal #1: 1 transform (1560) 18:42:39 prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1 (327) 18:42:39 trns#=1, trns-id=IKE (332) 18:42:39 Compared: DB:Peer (343) 18:42:39 (lifetime = 28800:28800) (346) 18:42:39 (lifebyte = 0:0) (354) 18:42:39 enctype = DES-CBC:DES-CBC (362) 18:42:39 (encklen = 0:0) (376) 18:42:39 hashtype = SHA:SHA (384) 18:42:39 authmethod = pre-shared key:pre-shared key (398) 18:42:39 dh_group = 1024-bit MODP group:1024-bit MODP group (412) 18:42:39 acceptable proposal found. (243) 18:42:39 manipulating local natd to enforce NAT-T being used (233) 18:42:39 natd payload matches no address (143) 18:42:39 manipulating local natd to enforce NAT-T being used (233) 18:42:39 natd payload matches remote address (136) 18:42:39 Next step: Sending PSK to connectiond 18:42:39 Next step: Sending PSK request to UI 18:42:46 Next step: Forwarding PSK reply from UI to connectiond 18:42:46 Received PSK reply (216) 18:42:46 pre-shared key found. (2542) 18:42:46 detected NAT, switching to ports (new ports 4500 ---> 4500) (346) 18:42:46 HASH mismatched, check your pre-shared key. (1449) 18:42:46 Hash Mismatch The VPN gateway notified VPN Tracker that the hash derived from the pre-shared key does not match its own hash. Almost always this happens because the pre-shared key was entered incorrectly in VPN Tracker. • Please enter the pre-shared key again to make sure it matches the pre-shared key on the VPN gateway If this does not help: • It is possible that the Diffie-Hellman group used to create the hash from the pre-shared key does not match its counterpart on the gateway. Please compare the settings • If the pre-shared key contains non-alphanumeric (special) characters, VPN Tracker and the gateway might choose different encodings for these characters. Please try a pre-shared key that contains only numbers and letters • There may be more than one VPN connection configured on the gateway, and the gateway picked the wrong one based on the identifiers sent by VPN Tracker. Please make sure that your pre-shared key and identifiers belong to the intended VPN connection on the gateway Status: 0x90508 (PHASE1_HASH_MISMATCH) 18:42:46 About to Disconnect (Error) 18:42:46 Disconnecting (Error) 18:42:46 connectiond received signal 3, terminating (978) 18:42:46 sendto Information notify. (1159) 18:42:46 Next step: Processing connectiond connection request 18:42:46 Next step: Deleting SAs 18:42:46 Next step: Removing SA 10.57.33.124 <---> 93.97.166.225 18:42:46 Next step: Cleaning status information after stop 18:42:46 Next step: Removing connectiond info 18:42:46 Next step: Removing reachability check for VPN gateway 18:42:46 Not Connected 18:42:46 connectiond shutdown (165)

Please Log in or Create an account to join the conversation.

Moderators: Sami