[Swan] Unable to go further than phase 1 - Zyxel firewall
venstiven
venstiven at protonmail.com
Sat Apr 11 04:29:07 UTC 2020
Hello everybody,
I am new to l2tp/ipsec vpn, i've been trying to connect to a Zyxel USG firewall for hours...
I was given ikev1 credentials (psk, username, password, public IP) and an IP range I will have access to (192.168.157.X). I've tried the credentials on windows, they work.
I am trying to connect from a Debian 10 VPS. I've tried a lot of settings and none of them let me go further than phase 1.
The first phase uses 3des, sha1, modp1024. I tried that for the esp parameter with no luck, leaving it empty also doesn't work.
I don't have access to the firewall's log, also zyxel doesn't provide much documentation...
Thanks in advance
Steve
IPSEC.CONF FILE:
---
# /etc/ipsec.conf - Libreswan IPsec configuration file
#
# see 'man ipsec.conf' and 'man pluto' for more information
#
# For example configurations and documentation, see https://libreswan.org/wiki/
config setup
uniqueids=no
conn lug-vpn
ike=3des-sha1;modp1024
esp=3des-sha1;modp1024
right=12.34.567.89
left=98.76.54.321
leftprotoport=17/1701
rightprotoport=17/1701
initial_contact=yes
authby=secret
auto=add
# if it exists, include system wide crypto-policy defaults
# include /etc/crypto-policies/back-ends/libreswan.config
# It is best to add your IPsec connections as separate files in /etc/ipsec.d/
include /etc/ipsec.d/*.conf
---
OUTPUT WHEN STARTING CONNECTION:
---
root at DebianVPS:~# ipsec auto --up lug-vpn
002 "lug-vpn" #1: initiating Main Mode
104 "lug-vpn" #1: STATE_MAIN_I1: initiate
003 "lug-vpn" #1: ignoring unknown Vendor ID payload [f758f22668750f03b08df6ebe1d00403]
003 "lug-vpn" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
003 "lug-vpn" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
106 "lug-vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "lug-vpn" #1: sending INITIAL_CONTACT
108 "lug-vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "lug-vpn" #1: Peer ID is ID_IPV4_ADDR: '12.34.567.89'
004 "lug-vpn" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP1024}
002 "lug-vpn" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:4a9d69bc proposal=3DES_CBC-HMAC_SHA1_96-MODP1024 pfsgroup=MODP1024}
117 "lug-vpn" #2: STATE_QUICK_I1: initiate
010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 4 seconds for response
010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 8 seconds for response
010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 16 seconds for response
010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 32 seconds for response
031 "lug-vpn" #2: STATE_QUICK_I1: 60 second timeout exceeded after 7 retransmits. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
000 "lug-vpn" #2: starting keying attempt 2 of an unlimited number, but releasing whack
root at DebianVPS:~#
---
LOG OUTPUT:
---
root at DebianVPS:~# ipsec pluto --stderrlog --config /etc/ipsec.conf --nofork
Pluto initialized
Apr 11 05:38:54.437006: NSS DB directory: sql:/var/lib/ipsec/nss
Apr 11 05:38:54.437199: Initializing NSS
Apr 11 05:38:54.437215: Opening NSS database "sql:/var/lib/ipsec/nss" read-only
Apr 11 05:38:54.441722: NSS initialized
Apr 11 05:38:54.441776: NSS crypto library initialized
Apr 11 05:38:54.441791: FIPS HMAC integrity support [disabled]
Apr 11 05:38:54.442076: libcap-ng support [enabled]
Apr 11 05:38:54.442130: Linux audit support [enabled]
Apr 11 05:38:54.442170: Linux audit activated
Apr 11 05:38:54.442186: Starting Pluto (Libreswan Version 3.27 XFRM(netkey) FORK PTHREAD_SETSCHEDPRIO NSS DNSSEC SYSTEMD_WATCHDOG LABELED_IPSEC LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:2820
Apr 11 05:38:54.442194: core dump dir: /run/pluto
Apr 11 05:38:54.442227: secrets file: /etc/ipsec.secrets
Apr 11 05:38:54.442244: leak-detective disabled
Apr 11 05:38:54.442251: NSS crypto [enabled]
Apr 11 05:38:54.442260: XAUTH PAM support [enabled]
Apr 11 05:38:54.442417: NAT-Traversal support [enabled]
Apr 11 05:38:54.442556: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Apr 11 05:38:54.442870: Encryption algorithms:
Apr 11 05:38:54.442915: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c
Apr 11 05:38:54.442938: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b
Apr 11 05:38:54.442948: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a
Apr 11 05:38:54.442956: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des
Apr 11 05:38:54.442983: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Apr 11 05:38:54.443012: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia
Apr 11 05:38:54.443037: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c
Apr 11 05:38:54.443066: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b
Apr 11 05:38:54.443088: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a
Apr 11 05:38:54.443104: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr
Apr 11 05:38:54.443120: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes
Apr 11 05:38:54.443212: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent
Apr 11 05:38:54.443237: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish
Apr 11 05:38:54.443255: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh
Apr 11 05:38:54.443335: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} aes_gmac
Apr 11 05:38:54.443358: NULL IKEv1: ESP IKEv2: ESP []
Apr 11 05:38:54.443392: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305
Apr 11 05:38:54.443415: Hash algorithms:
Apr 11 05:38:54.443475: MD5 IKEv1: IKE IKEv2:
Apr 11 05:38:54.443492: SHA1 IKEv1: IKE IKEv2: FIPS sha
Apr 11 05:38:54.443507: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256
Apr 11 05:38:54.443522: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384
Apr 11 05:38:54.443536: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512
Apr 11 05:38:54.443571: PRF algorithms:
Apr 11 05:38:54.443597: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5
Apr 11 05:38:54.443624: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1
Apr 11 05:38:54.443651: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256
Apr 11 05:38:54.443666: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384
Apr 11 05:38:54.443680: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512
Apr 11 05:38:54.443695: AES_XCBC IKEv1: IKEv2: IKE FIPS aes128_xcbc
Apr 11 05:38:54.443721: Integrity algorithms:
Apr 11 05:38:54.443739: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5
Apr 11 05:38:54.443756: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1
Apr 11 05:38:54.443771: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, hmac_sha2_512
Apr 11 05:38:54.443786: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, hmac_sha2_384
Apr 11 05:38:54.443801: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, hmac_sha2_256
Apr 11 05:38:54.443816: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Apr 11 05:38:54.443831: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH FIPS aes_xcbc, aes128_xcbc, aes128_xcbc_96
Apr 11 05:38:54.443846: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Apr 11 05:38:54.443888: NONE IKEv1: ESP IKEv2: ESP FIPS null
Apr 11 05:38:54.443930: DH algorithms:
Apr 11 05:38:54.443946: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0
Apr 11 05:38:54.443961: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2
Apr 11 05:38:54.443976: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5
Apr 11 05:38:54.444003: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14
Apr 11 05:38:54.444098: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15
Apr 11 05:38:54.444127: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16
Apr 11 05:38:54.444143: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17
Apr 11 05:38:54.444158: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18
Apr 11 05:38:54.444172: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256
Apr 11 05:38:54.444186: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384
Apr 11 05:38:54.444201: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521
Apr 11 05:38:54.444215: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519
Apr 11 05:38:54.447341: starting up 4 crypto helpers
Apr 11 05:38:54.447446: started thread for crypto helper 0
Apr 11 05:38:54.447542: seccomp security for crypto helper not supported
Apr 11 05:38:54.447564: started thread for crypto helper 1
Apr 11 05:38:54.447685: started thread for crypto helper 2
Apr 11 05:38:54.447766: seccomp security for crypto helper not supported
Apr 11 05:38:54.447775: started thread for crypto helper 3
Apr 11 05:38:54.447825: seccomp security for crypto helper not supported
Apr 11 05:38:54.447852: Using Linux XFRM/NETKEY IPsec interface code on 4.19.0-8-amd64
Apr 11 05:38:54.448437: | selinux support is NOT enabled.
Apr 11 05:38:54.448463: systemd watchdog not enabled - not sending watchdog keepalives
Apr 11 05:38:54.447790: seccomp security for crypto helper not supported
Apr 11 05:38:54.450751: seccomp security not supported
warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 11 05:38:54.460151: added connection description "lug-vpn"
Apr 11 05:38:54.460315: listening for IKE messages
Apr 11 05:38:54.460536: adding interface eth0/eth0 98.76.54.321:500
Apr 11 05:38:54.460604: adding interface eth0/eth0 98.76.54.321:4500
Apr 11 05:38:54.460657: adding interface lo/lo 127.0.0.1:500
Apr 11 05:38:54.460706: adding interface lo/lo 127.0.0.1:4500
Apr 11 05:38:54.460840: adding interface lo/lo ::1:500
Apr 11 05:38:54.460887: | setup callback for interface lo:500 fd 18
Apr 11 05:38:54.460909: | setup callback for interface lo:4500 fd 17
Apr 11 05:38:54.460927: | setup callback for interface lo:500 fd 16
Apr 11 05:38:54.460940: | setup callback for interface eth0:4500 fd 15
Apr 11 05:38:54.460958: | setup callback for interface eth0:500 fd 14
Apr 11 05:38:54.461017: loading secrets from "/etc/ipsec.secrets"
Apr 11 05:38:54.461096: no secrets filename matched "/etc/ipsec.d/*.secrets"
Apr 11 05:39:03.703987: "lug-vpn" #1: initiating Main Mode
Apr 11 05:39:03.735890: "lug-vpn" #1: ignoring unknown Vendor ID payload [f758f22668750f03b08df6ebe1d00403]
Apr 11 05:39:03.735945: "lug-vpn" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
Apr 11 05:39:03.735977: "lug-vpn" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
Apr 11 05:39:03.737610: "lug-vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 11 05:39:04.024168: "lug-vpn" #1: sending INITIAL_CONTACT
Apr 11 05:39:04.024382: "lug-vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 11 05:39:04.055249: "lug-vpn" #1: Peer ID is ID_IPV4_ADDR: '12.34.567.89'
Apr 11 05:39:04.055617: "lug-vpn" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP1024}
Apr 11 05:39:04.055664: "lug-vpn" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:4a9d69bc proposal=3DES_CBC-HMAC_SHA1_96-MODP1024 pfsgroup=MODP1024}
Apr 11 05:39:04.091149: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:39:04.091316: | ISAKMP Notification Payload
Apr 11 05:39:04.091437: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:39:04.091516: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:39:04.556206: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 11 05:39:04.585858: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:39:04.586012: | ISAKMP Notification Payload
Apr 11 05:39:04.586184: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:39:04.586354: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:39:05.059252: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 11 05:39:05.088221: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:39:05.088511: | ISAKMP Notification Payload
Apr 11 05:39:05.088717: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:39:05.088852: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:39:06.062157: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
Apr 11 05:39:06.091800: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:39:06.092138: | ISAKMP Notification Payload
Apr 11 05:39:06.092394: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:39:06.092595: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:39:08.066882: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 4 seconds for response
Apr 11 05:39:08.096768: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:39:08.096835: | ISAKMP Notification Payload
Apr 11 05:39:08.096849: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:39:08.096863: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:39:12.069061: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 8 seconds for response
Apr 11 05:39:12.098609: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:39:12.098659: | ISAKMP Notification Payload
Apr 11 05:39:12.098674: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:39:12.098690: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:39:20.078955: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 16 seconds for response
Apr 11 05:39:20.108659: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:39:20.108737: | ISAKMP Notification Payload
Apr 11 05:39:20.108768: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:39:20.108798: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:39:36.078997: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 32 seconds for response
Apr 11 05:39:36.108354: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:39:36.108457: | ISAKMP Notification Payload
Apr 11 05:39:36.108508: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:39:36.108542: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:40:08.082632: "lug-vpn" #2: STATE_QUICK_I1: 60 second timeout exceeded after 7 retransmits. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Apr 11 05:40:08.082791: "lug-vpn" #2: starting keying attempt 2 of an unlimited number, but releasing whack
Apr 11 05:40:08.082911: "lug-vpn" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 {using isakmp#1 msgid:ca9552f9 proposal=3DES_CBC-HMAC_SHA1_96-MODP1024 pfsgroup=MODP1024}
Apr 11 05:40:08.082979: "lug-vpn" #2: deleting state (STATE_QUICK_I1) and NOT sending notification
Apr 11 05:40:08.119018: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:40:08.119063: | ISAKMP Notification Payload
Apr 11 05:40:08.119080: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:40:08.119098: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:40:08.583763: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 11 05:40:08.613311: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:40:08.613407: | ISAKMP Notification Payload
Apr 11 05:40:08.613442: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:40:08.613475: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:40:09.086192: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 11 05:40:09.114992: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:40:09.115042: | ISAKMP Notification Payload
Apr 11 05:40:09.115065: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:40:09.115086: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:40:10.084265: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
Apr 11 05:40:10.113535: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:40:10.113620: | ISAKMP Notification Payload
Apr 11 05:40:10.113654: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:40:10.113686: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:40:12.086696: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 4 seconds for response
Apr 11 05:40:12.115891: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:40:12.115939: | ISAKMP Notification Payload
Apr 11 05:40:12.115956: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:40:12.115974: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:40:16.088303: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 8 seconds for response
Apr 11 05:40:16.117146: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:40:16.117192: | ISAKMP Notification Payload
Apr 11 05:40:16.117208: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:40:16.117226: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 11 05:40:24.090664: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 16 seconds for response
Apr 11 05:40:24.120254: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66
Apr 11 05:40:24.120331: | ISAKMP Notification Payload
Apr 11 05:40:24.120350: | 00 00 00 42 00 00 00 01 03 04 00 0e
Apr 11 05:40:24.120369: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
^C
root at DebianVPS:~#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200411/ee0da74f/attachment-0001.html>
More information about the Swan
mailing list