DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Vpn log query

  • oliverm
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
05 Jul 2013 22:26 #76890 by oliverm
Vpn log query was created by oliverm
Hi

Can someone help explain to me why the draytek VPN is failing? It would seem that no matter what I try it always stops at the same point in the logs. We have a 2830.

Here's the log output.

******

2013-07-05 21:57:38 IKE <==, Next Payload=ISAKMP_NEXT_N, Exchange Type = 0x5, Message ID = 0xb5bcd68
2013-07-05 21:57:38 IKE ==>, Next Payload=ISAKMP_NEXT_ID, Exchange Type = 0x2, Message ID = 0x0
2013-07-05 21:57:38 IKE <==, Next Payload=ISAKMP_NEXT_KE, Exchange Type = 0x2, Message ID = 0x0
2013-07-05 21:57:38 IKE ==>, Next Payload=ISAKMP_NEXT_KE, Exchange Type = 0x2, Message ID = 0x0
2013-07-05 21:57:38 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
2013-07-05 21:57:38 IKE ==>, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
2013-07-05 21:57:38 Initiating IKE Main Mode to 123.123.123.123
2013-07-05 21:57:38 Dialing Node1 (CLIENTA) : 123.123.123.123
*******

The last line is "2013-07-05 21:57:38 IKE <==, Next Payload=ISAKMP_NEXT_N, Exchange Type = 0x5, Message ID = 0xb5bcd68".

Can anyone help?

Olly

Please Log in or Create an account to join the conversation.

More
08 Jul 2013 10:20 #76908 by sicon
Replied by sicon on topic Re: Vpn log query
looks like the ISA (Phase1) not is not matching up, do the configs match both ends

Please Log in or Create an account to join the conversation.

  • oliverm
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
08 Jul 2013 10:27 #76909 by oliverm
Replied by oliverm on topic Re: Vpn log query
Yep, at least over the phone. We've checked it all through, checked the passphrase and all the settings.

Is there a way to find out from the logs what it's failing on?

Olly

Please Log in or Create an account to join the conversation.

More
08 Jul 2013 15:14 #76914 by voodle
Replied by voodle on topic Re: Vpn log query
get the output of "log -ct" and "log -wt" after the VPN fails to connect, with it being the only active VPN on the router at the time.
This document shows how to read it, certainly not very readable but generally you can tell where it's failing by comparing with the log shown in the document:
http://www.draytek.com/index.php?option=com_k2&view=item&id=2065

Please Log in or Create an account to join the conversation.

  • oliverm
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
09 Jul 2013 08:53 #76917 by oliverm
Replied by oliverm on topic Re: Vpn log query
Thanks for that. I think it matches the "log 1" example.

The problem is that the document doesn't tell you what the VID hex pairs relate to.

It says....

The Vendor ID Payloads indicate the following protocols are supported:
Dead Peer Detection,
NAT-T rfc 3947,
NAT-T draft 03,
NAT-T draft 02,
NAT-T draft 02,
NAT-T draft 00.

But it doesn't tell you, in that example, how it converted the VID hex pairs to those settings, or how I can convert my hex pairs to find out what settings the other side state they support.

Any ideas?

(I have to say it surely can't be beyond draytek to put this in a readable form so it's much easier, other vendors manage to do just that).

Olly

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami