DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
VPN Tracker 6 -> 2820
- mpkayeuk
- Topic Author
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
27 Feb 2010 18:49 #60839
by mpkayeuk
VPN Tracker 6 -> 2820 was created by mpkayeuk
I'm using VPN Tracker 6 client for Mac OS X and trying to connect to a Vigor 2820 over IPSec. When I try and save the Pre-shared key in the Remote User config it doesn't seem to save. Nor does it save the IPSec Security Method settings.
I'm not sure if the above is related, I suspect so, but anyhow it's not connecting.
I'm not sure if the above is related, I suspect so, but anyhow it's not connecting.
Code:
18:42:36 VPN Connection Requested
18:42:36 Action on error is now stop
18:42:36 Preparing Connection
18:42:37 Local network identifier is NETWORK-SIGNATURE://Modem.RemoteAddress=*99***1#
18:42:37 Next step: Welcoming connectiond on socket 11
18:42:37 Next step: Updating connectiond process info
18:42:37 Configuring
18:42:37 call pfkey_send_register for AH (349)
18:42:37 call pfkey_send_register for ESP (349)
18:42:37 call pfkey_send_register for IPCOMP (349)
18:42:37 Next step: Sending connectiond config
18:42:37 Saving cached local endpoint 10.57.33.124
18:42:38 Phase 1 Started
18:42:38 Next step: Processing connectiond connection request
18:42:38 Next step: Starting Phase 1
18:42:38 Next step: Starting connectiond timeout
18:42:38 initiate new phase 1 negotiation: 10.57.33.124[500]<=>93.97.166.225[500] (1049)
18:42:38 begin Aggressive mode. (1054)
18:42:38 === Phase 1 aggressive exchange / initiator / send 1 (106)
18:42:38 new cookie: 5fe34d2216ce598c (2163)
18:42:38 local ID: vpntracker (FQDN) (3687)
18:42:38 created transform #1 len=32 (2812)
18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198)
18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198)
18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC (1) (2198)
18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198)
18:42:38 type=Hash Algorithm, flag=0x8000, lorv=SHA (2) (2198)
18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198)
18:42:38 created transform #2 len=32 (2812)
18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198)
18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198)
18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC (1) (2198)
18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198)
18:42:38 type=Hash Algorithm, flag=0x8000, lorv=MD5 (1) (2198)
18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198)
18:42:38 created transform #3 len=32 (2812)
18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198)
18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198)
18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC (5) (2198)
18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198)
18:42:38 type=Hash Algorithm, flag=0x8000, lorv=SHA (2) (2198)
18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198)
18:42:38 created transform #4 len=32 (2812)
18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198)
18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198)
18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC (5) (2198)
18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198)
18:42:38 type=Hash Algorithm, flag=0x8000, lorv=MD5 (1) (2198)
18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198)
18:42:38 created transform #5 len=36 (2812)
18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198)
18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198)
18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC (7) (2198)
18:42:38 type=Key Length, flag=0x8000, lorv=128 (128) (2198)
18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198)
18:42:38 type=Hash Algorithm, flag=0x8000, lorv=SHA (2) (2198)
18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198)
18:42:38 created transform #6 len=36 (2812)
18:42:38 type=Life Type, flag=0x8000, lorv=seconds (1) (2198)
18:42:38 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198)
18:42:38 type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC (7) (2198)
18:42:38 type=Key Length, flag=0x8000, lorv=128 (128) (2198)
18:42:38 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198)
18:42:38 type=Hash Algorithm, flag=0x8000, lorv=MD5 (1) (2198)
18:42:38 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198)
18:42:38 created proposal #1 len=208 (2833)
18:42:38 add payload of len 216, next type sa (2293)
18:42:38 add payload of len 128, next type ke (2293)
18:42:38 add payload of len 16, next type nonce (2293)
18:42:38 add payload of len 14, next type id (2293)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-00 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-01 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-02 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-02\n (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-03 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-04 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-05 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-06 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-07 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: draft-ietf-ipsec-nat-t-ike-08 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: RFC 3947 (2315)
18:42:38 add payload of len 16, next type vid (2293)
18:42:38 added vendor id is: Dead Peer Detection (2315)
18:42:38 send phase1 packet from 10.57.33.124[500] to 93.97.166.225[500] (5fe34d2216ce598c:0000000000000000) (1590)
18:42:39 Phase 1 in Progress
18:42:39 === Phase 1 aggressive exchange / initiator / receive 2 (368)
18:42:39 seen nptype=1(sa) (1402)
18:42:39 seen nptype=4(ke) (1402)
18:42:39 seen nptype=10(nonce) (1402)
18:42:39 seen nptype=5(id) (1402)
18:42:39 seen nptype=8(hash) (1402)
18:42:39 seen nptype=13(vid) (1402)
18:42:39 seen nptype=13(vid) (1402)
18:42:39 seen nptype=20(natd (rfc)) (1402)
18:42:39 seen nptype=20(natd (rfc)) (1402)
18:42:39 received Vendor ID: Dead Peer Detection (349)
18:42:39 received Vendor ID: RFC 3947 (349)
18:42:39 remote gateway is NAT-T capable (13/new) (2737)
18:42:39 remote ID: 93.97.166.225 (IPv4_address) (3559)
18:42:39 seen nptype=2(prop) (1402)
18:42:39 proposal #1 len=40 (1482)
18:42:39 seen nptype=3(trns) (1402)
18:42:39 transform #1 len=32 (1628)
18:42:39 type=Life Type, flag=0x8000, lorv=seconds (1) (2198)
18:42:39 type=Life Duration, flag=0x8000, lorv=28800 (28800) (2198)
18:42:39 type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC (1) (2198)
18:42:39 type=Authentication Method, flag=0x8000, lorv=pre-shared key (1) (2198)
18:42:39 type=Hash Algorithm, flag=0x8000, lorv=SHA (2) (2198)
18:42:39 type=Group Description, flag=0x8000, lorv=1024-bit MODP group (2) (2198)
18:42:39 pair 1: (1525)
18:42:39 0x204620: next=0x0 tnext=0x0 (908)
18:42:39 proposal #1: 1 transform (1560)
18:42:39 prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1 (327)
18:42:39 trns#=1, trns-id=IKE (332)
18:42:39 Compared: DB:Peer (343)
18:42:39 (lifetime = 28800:28800) (346)
18:42:39 (lifebyte = 0:0) (354)
18:42:39 enctype = DES-CBC:DES-CBC (362)
18:42:39 (encklen = 0:0) (376)
18:42:39 hashtype = SHA:SHA (384)
18:42:39 authmethod = pre-shared key:pre-shared key (398)
18:42:39 dh_group = 1024-bit MODP group:1024-bit MODP group (412)
18:42:39 acceptable proposal found. (243)
18:42:39 manipulating local natd to enforce NAT-T being used (233)
18:42:39 natd payload matches no address (143)
18:42:39 manipulating local natd to enforce NAT-T being used (233)
18:42:39 natd payload matches remote address (136)
18:42:39 Next step: Sending PSK to connectiond
18:42:39 Next step: Sending PSK request to UI
18:42:46 Next step: Forwarding PSK reply from UI to connectiond
18:42:46 Received PSK reply (216)
18:42:46 pre-shared key found. (2542)
18:42:46 detected NAT, switching to ports (new ports 4500 ---> 4500) (346)
18:42:46 HASH mismatched, check your pre-shared key. (1449)
18:42:46 Hash Mismatch
The VPN gateway notified VPN Tracker that the hash derived from the pre-shared key does not match its own hash. Almost always this happens because the pre-shared key was entered incorrectly in VPN Tracker.
• Please enter the pre-shared key again to make sure it matches the pre-shared key on the VPN gateway
If this does not help:
• It is possible that the Diffie-Hellman group used to create the hash from the pre-shared key does not match its counterpart on the gateway. Please compare the settings
• If the pre-shared key contains non-alphanumeric (special) characters, VPN Tracker and the gateway might choose different encodings for these characters. Please try a pre-shared key that contains only numbers and letters
• There may be more than one VPN connection configured on the gateway, and the gateway picked the wrong one based on the identifiers sent by VPN Tracker. Please make sure that your pre-shared key and identifiers belong to the intended VPN connection on the gateway
Status: 0x90508 (PHASE1_HASH_MISMATCH)
18:42:46 About to Disconnect (Error)
18:42:46 Disconnecting (Error)
18:42:46 connectiond received signal 3, terminating (978)
18:42:46 sendto Information notify. (1159)
18:42:46 Next step: Processing connectiond connection request
18:42:46 Next step: Deleting SAs
18:42:46 Next step: Removing SA 10.57.33.124 <---> 93.97.166.225
18:42:46 Next step: Cleaning status information after stop
18:42:46 Next step: Removing connectiond info
18:42:46 Next step: Removing reachability check for VPN gateway
18:42:46 Not Connected
18:42:46 connectiond shutdown (165)
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek