|
Title: 2.4 Endian IPSec to Draytek 2900 Series router Post by: DFen on Wednesday 21 July 2010, 03:48:42 am Help!
I am trying to configure a connection between a Draytek router and endian 2.4. I am seeing messages I have never come across before: Jul 20 18:26:46 LOCALHOST pluto[18255]: "testusr" #1: initiating Main Mode Jul 20 18:26:46 LOCALHOST ipsec__plutorun: 104 "testusr" #1: STATE_MAIN_I1: initiate Jul 20 18:26:51 LOCALHOST sudo: nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ipsec auto --status Jul 20 18:26:55 LOCALHOST kernel: [464954.150027] ipsec0: no IPv6 routers present Jul 20 18:26:57 LOCALHOST pluto[18255]: packet from ..122.100:500: received Vendor ID payload [Dead Peer Detection] Jul 20 18:26:57 LOCALHOST pluto[18255]: packet from ..122.100:500: received Vendor ID payload [RFC 3947] meth=109, but port floating is off Jul 20 18:26:57 LOCALHOST pluto[18255]: packet from ..122.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off Jul 20 18:26:57 LOCALHOST pluto[18255]: packet from ..122.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off Jul 20 18:26:57 LOCALHOST pluto[18255]: packet from ..122.100:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Jul 20 18:26:57 LOCALHOST pluto[18255]: "testusr" #2: responding to Main Mode Jul 20 18:26:57 LOCALHOST pluto[18255]: "testusr" #2: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM Jul 20 18:26:57 LOCALHOST pluto[18255]: "testusr" #2: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM Jul 20 18:26:57 LOCALHOST pluto[18255]: "testusr" #2: OAKLEY_GROUP 1 not supported. Attribute OAKLEY_GROUP_DESCRIPTION Jul 20 18:26:57 LOCALHOST pluto[18255]: "testusr" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Jul 20 18:26:57 LOCALHOST pluto[18255]: "testusr" #2: STATE_MAIN_R1: sent MR1, expecting MI2 Jul 20 18:26:58 LOCALHOST pluto[18255]: "testusr" #2: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_NAT-D) at the outermost level Jul 20 18:26:58 LOCALHOST pluto[18255]: "testusr" #2: sending notification INVALID_PAYLOAD_TYPE to ..122.100:500 I have tried patching nat_traversal=no into ipsec.conf but this makes no difference. Can anyone suggest a solution? Has anybody successfully connected by IPSec from endian 2.4 to a Draytek router? |