<div><br></div><div class="protonmail_signature_block"><div class="protonmail_signature_block-user protonmail_signature_block-empty"><br></div></div><p>Hello everybody,<br></p><p>I am new to l2tp/ipsec vpn, i've been trying to connect to a Zyxel USG firewall for hours...<br></p><p>I was given ikev1 credentials (psk, username, password, public IP) and an IP range I will have access to (<span lang="EN-US">192.168.157.X</span>). I've tried the credentials on windows, they work.<br></p><p>I am trying to connect from a Debian 10 VPS. I've tried a lot of settings and none of them let me go further than phase 1.<br></p><p>The first phase uses 3des, sha1, modp1024. I tried that for the esp parameter with no luck, leaving it empty also doesn't work.<br></p><p>I don't have access to the firewall's log, also zyxel doesn't provide much documentation...<br></p><p>Thanks in advance<br></p><p>Steve<br></p><p><br></p><p><br></p><div>IPSEC.CONF FILE:<br></div><div> <br></div><div> ---<br></div><div> <br></div><div> # /etc/ipsec.conf - Libreswan IPsec configuration file<br></div><div> #<br></div><div> # see 'man ipsec.conf' and 'man pluto' for more information<br></div><div> #<br></div><div> # For example configurations and documentation, see <a href="https://libreswan.org/wiki/">https://libreswan.org/wiki/</a><br></div><div> <br></div><div> config setup<br></div><div> uniqueids=no<br></div><div> <br></div><div> conn lug-vpn<br></div><div> ike=3des-sha1;modp1024<br></div><div> esp=3des-sha1;modp1024<br></div><div> right=12.34.567.89<br></div><div> left=98.76.54.321<br></div><div> leftprotoport=17/1701<br></div><div> rightprotoport=17/1701<br></div><div> initial_contact=yes<br></div><div> authby=secret<br></div><div> auto=add<br></div><div> <br></div><div> # if it exists, include system wide crypto-policy defaults<br></div><div> # include /etc/crypto-policies/back-ends/libreswan.config<br></div><div> <br></div><div> # It is best to add your IPsec connections as separate files in /etc/ipsec.d/<br></div><div> include /etc/ipsec.d/*.conf<br></div><div> <br></div><div> ---<br></div><div> <br></div><div> OUTPUT WHEN STARTING CONNECTION:<br></div><div> <br></div><div> ---<br></div><div> <br></div><div> root@DebianVPS:~# ipsec auto --up lug-vpn<br></div><div> 002 "lug-vpn" #1: initiating Main Mode<br></div><div> 104 "lug-vpn" #1: STATE_MAIN_I1: initiate<br></div><div> 003 "lug-vpn" #1: ignoring unknown Vendor ID payload [f758f22668750f03b08df6ebe1d00403]<br></div><div> 003 "lug-vpn" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]<br></div><div> 003 "lug-vpn" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]<br></div><div> 106 "lug-vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br></div><div> 002 "lug-vpn" #1: sending INITIAL_CONTACT<br></div><div> 108 "lug-vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br></div><div> 002 "lug-vpn" #1: Peer ID is ID_IPV4_ADDR: '12.34.567.89'<br></div><div> 004 "lug-vpn" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP1024}<br></div><div> 002 "lug-vpn" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#1 msgid:4a9d69bc proposal=3DES_CBC-HMAC_SHA1_96-MODP1024
pfsgroup=MODP1024}<br></div><div> 117 "lug-vpn" #2: STATE_QUICK_I1: initiate<br></div><div> 010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response<br></div><div> 010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response<br></div><div> 010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response<br></div><div> 010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 4 seconds for response<br></div><div> 010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 8 seconds for response<br></div><div> 010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 16 seconds for response<br></div><div> 010 "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 32 seconds for response<br></div><div> 031 "lug-vpn" #2: STATE_QUICK_I1: 60 second timeout exceeded after 7
retransmits. No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal<br></div><div> 000 "lug-vpn" #2: starting keying attempt 2 of an unlimited number, but releasing whack<br></div><div> root@DebianVPS:~# <br></div><div> <br></div><div> ---<br></div><div> <br></div><div> LOG OUTPUT:<br></div><div> <br></div><div> ---<br></div><div> <br></div><div> root@DebianVPS:~# ipsec pluto --stderrlog --config /etc/ipsec.conf --nofork<br></div><div> Pluto initialized<br></div><div> Apr 11 05:38:54.437006: NSS DB directory: sql:/var/lib/ipsec/nss<br></div><div> Apr 11 05:38:54.437199: Initializing NSS<br></div><div> Apr 11 05:38:54.437215: Opening NSS database "sql:/var/lib/ipsec/nss" read-only<br></div><div> Apr 11 05:38:54.441722: NSS initialized<br></div><div> Apr 11 05:38:54.441776: NSS crypto library initialized<br></div><div> Apr 11 05:38:54.441791: FIPS HMAC integrity support [disabled]<br></div><div> Apr 11 05:38:54.442076: libcap-ng support [enabled]<br></div><div> Apr 11 05:38:54.442130: Linux audit support [enabled]<br></div><div> Apr 11 05:38:54.442170: Linux audit activated<br></div><div> Apr 11 05:38:54.442186: Starting Pluto (Libreswan Version 3.27
XFRM(netkey) FORK PTHREAD_SETSCHEDPRIO NSS DNSSEC SYSTEMD_WATCHDOG
LABELED_IPSEC LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER
CURL(non-NSS) LDAP(non-NSS)) pid:2820<br></div><div> Apr 11 05:38:54.442194: core dump dir: /run/pluto<br></div><div> Apr 11 05:38:54.442227: secrets file: /etc/ipsec.secrets<br></div><div> Apr 11 05:38:54.442244: leak-detective disabled<br></div><div> Apr 11 05:38:54.442251: NSS crypto [enabled]<br></div><div> Apr 11 05:38:54.442260: XAUTH PAM support [enabled]<br></div><div> Apr 11 05:38:54.442417: NAT-Traversal support [enabled]<br></div><div> Apr 11 05:38:54.442556: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)<br></div><div> Apr 11 05:38:54.442870: Encryption algorithms:<br></div><div> Apr 11 05:38:54.442915: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c<br></div><div> Apr 11 05:38:54.442938: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b<br></div><div> Apr 11 05:38:54.442948: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a<br></div><div> Apr 11 05:38:54.442956: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des<br></div><div> Apr 11 05:38:54.442983: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}<br></div><div> Apr 11 05:38:54.443012: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia<br></div><div> Apr 11 05:38:54.443037: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c<br></div><div> Apr 11 05:38:54.443066: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b<br></div><div> Apr 11 05:38:54.443088: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a<br></div><div> Apr 11 05:38:54.443104: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr<br></div><div> Apr 11 05:38:54.443120: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes<br></div><div> Apr 11 05:38:54.443212: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent<br></div><div> Apr 11 05:38:54.443237: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish<br></div><div> Apr 11 05:38:54.443255: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh<br></div><div> Apr 11 05:38:54.443335: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} aes_gmac<br></div><div> Apr 11 05:38:54.443358: NULL IKEv1: ESP IKEv2: ESP []<br></div><div> Apr 11 05:38:54.443392: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305<br></div><div> Apr 11 05:38:54.443415: Hash algorithms:<br></div><div> Apr 11 05:38:54.443475: MD5 IKEv1: IKE IKEv2: <br></div><div> Apr 11 05:38:54.443492: SHA1 IKEv1: IKE IKEv2: FIPS sha<br></div><div> Apr 11 05:38:54.443507: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256<br></div><div> Apr 11 05:38:54.443522: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384<br></div><div> Apr 11 05:38:54.443536: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512<br></div><div> Apr 11 05:38:54.443571: PRF algorithms:<br></div><div> Apr 11 05:38:54.443597: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5<br></div><div> Apr 11 05:38:54.443624: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1<br></div><div> Apr 11 05:38:54.443651: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256<br></div><div> Apr 11 05:38:54.443666: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384<br></div><div> Apr 11 05:38:54.443680: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512<br></div><div> Apr 11 05:38:54.443695: AES_XCBC IKEv1: IKEv2: IKE FIPS aes128_xcbc<br></div><div> Apr 11 05:38:54.443721: Integrity algorithms:<br></div><div> Apr 11 05:38:54.443739: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5<br></div><div> Apr 11 05:38:54.443756: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1<br></div><div> Apr 11 05:38:54.443771: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, hmac_sha2_512<br></div><div> Apr 11 05:38:54.443786: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, hmac_sha2_384<br></div><div> Apr 11 05:38:54.443801: HMAC_SHA2_256_128 IKEv1: IKE ESP AH
IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, hmac_sha2_256<br></div><div> Apr 11 05:38:54.443816: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH <br></div><div> Apr 11 05:38:54.443831: AES_XCBC_96 IKEv1: ESP AH
IKEv2: IKE ESP AH FIPS aes_xcbc, aes128_xcbc, aes128_xcbc_96<br></div><div> Apr 11 05:38:54.443846: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac<br></div><div> Apr 11 05:38:54.443888: NONE IKEv1: ESP IKEv2: ESP FIPS null<br></div><div> Apr 11 05:38:54.443930: DH algorithms:<br></div><div> Apr 11 05:38:54.443946: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0<br></div><div> Apr 11 05:38:54.443961: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2<br></div><div> Apr 11 05:38:54.443976: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5<br></div><div> Apr 11 05:38:54.444003: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14<br></div><div> Apr 11 05:38:54.444098: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15<br></div><div> Apr 11 05:38:54.444127: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16<br></div><div> Apr 11 05:38:54.444143: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17<br></div><div> Apr 11 05:38:54.444158: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18<br></div><div> Apr 11 05:38:54.444172: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256<br></div><div> Apr 11 05:38:54.444186: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384<br></div><div> Apr 11 05:38:54.444201: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521<br></div><div> Apr 11 05:38:54.444215: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519<br></div><div> Apr 11 05:38:54.447341: starting up 4 crypto helpers<br></div><div> Apr 11 05:38:54.447446: started thread for crypto helper 0<br></div><div> Apr 11 05:38:54.447542: seccomp security for crypto helper not supported<br></div><div> Apr 11 05:38:54.447564: started thread for crypto helper 1<br></div><div> Apr 11 05:38:54.447685: started thread for crypto helper 2<br></div><div> Apr 11 05:38:54.447766: seccomp security for crypto helper not supported<br></div><div> Apr 11 05:38:54.447775: started thread for crypto helper 3<br></div><div> Apr 11 05:38:54.447825: seccomp security for crypto helper not supported<br></div><div> Apr 11 05:38:54.447852: Using Linux XFRM/NETKEY IPsec interface code on 4.19.0-8-amd64<br></div><div> Apr 11 05:38:54.448437: | selinux support is NOT enabled.<br></div><div> Apr 11 05:38:54.448463: systemd watchdog not enabled - not sending watchdog keepalives<br></div><div> Apr 11 05:38:54.447790: seccomp security for crypto helper not supported<br></div><div> Apr 11 05:38:54.450751: seccomp security not supported<br></div><div> warning: could not open include filename: '/etc/ipsec.d/*.conf'<br></div><div> Apr 11 05:38:54.460151: added connection description "lug-vpn"<br></div><div> Apr 11 05:38:54.460315: listening for IKE messages<br></div><div> Apr 11 05:38:54.460536: adding interface eth0/eth0 98.76.54.321:500<br></div><div> Apr 11 05:38:54.460604: adding interface eth0/eth0 98.76.54.321:4500<br></div><div> Apr 11 05:38:54.460657: adding interface lo/lo 127.0.0.1:500<br></div><div> Apr 11 05:38:54.460706: adding interface lo/lo 127.0.0.1:4500<br></div><div> Apr 11 05:38:54.460840: adding interface lo/lo ::1:500<br></div><div> Apr 11 05:38:54.460887: | setup callback for interface lo:500 fd 18<br></div><div> Apr 11 05:38:54.460909: | setup callback for interface lo:4500 fd 17<br></div><div> Apr 11 05:38:54.460927: | setup callback for interface lo:500 fd 16<br></div><div> Apr 11 05:38:54.460940: | setup callback for interface eth0:4500 fd 15<br></div><div> Apr 11 05:38:54.460958: | setup callback for interface eth0:500 fd 14<br></div><div> Apr 11 05:38:54.461017: loading secrets from "/etc/ipsec.secrets"<br></div><div> Apr 11 05:38:54.461096: no secrets filename matched "/etc/ipsec.d/*.secrets"<br></div><div> Apr 11 05:39:03.703987: "lug-vpn" #1: initiating Main Mode<br></div><div> Apr 11 05:39:03.735890: "lug-vpn" #1: ignoring unknown Vendor ID payload [f758f22668750f03b08df6ebe1d00403]<br></div><div> Apr 11 05:39:03.735945: "lug-vpn" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]<br></div><div> Apr 11 05:39:03.735977: "lug-vpn" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]<br></div><div> Apr 11 05:39:03.737610: "lug-vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br></div><div> Apr 11 05:39:04.024168: "lug-vpn" #1: sending INITIAL_CONTACT<br></div><div> Apr 11 05:39:04.024382: "lug-vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br></div><div> Apr 11 05:39:04.055249: "lug-vpn" #1: Peer ID is ID_IPV4_ADDR: '12.34.567.89'<br></div><div> Apr 11 05:39:04.055617: "lug-vpn" #1: STATE_MAIN_I4: ISAKMP SA
established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1
group=MODP1024}<br></div><div> Apr 11 05:39:04.055664: "lug-vpn" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#1 msgid:4a9d69bc proposal=3DES_CBC-HMAC_SHA1_96-MODP1024
pfsgroup=MODP1024}<br></div><div> Apr 11 05:39:04.091149: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:39:04.091316: | ISAKMP Notification Payload<br></div><div> Apr 11 05:39:04.091437: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:39:04.091516: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:39:04.556206: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response<br></div><div> Apr 11 05:39:04.585858: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:39:04.586012: | ISAKMP Notification Payload<br></div><div> Apr 11 05:39:04.586184: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:39:04.586354: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:39:05.059252: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response<br></div><div> Apr 11 05:39:05.088221: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:39:05.088511: | ISAKMP Notification Payload<br></div><div> Apr 11 05:39:05.088717: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:39:05.088852: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:39:06.062157: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response<br></div><div> Apr 11 05:39:06.091800: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:39:06.092138: | ISAKMP Notification Payload<br></div><div> Apr 11 05:39:06.092394: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:39:06.092595: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:39:08.066882: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 4 seconds for response<br></div><div> Apr 11 05:39:08.096768: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:39:08.096835: | ISAKMP Notification Payload<br></div><div> Apr 11 05:39:08.096849: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:39:08.096863: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:39:12.069061: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 8 seconds for response<br></div><div> Apr 11 05:39:12.098609: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:39:12.098659: | ISAKMP Notification Payload<br></div><div> Apr 11 05:39:12.098674: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:39:12.098690: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:39:20.078955: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 16 seconds for response<br></div><div> Apr 11 05:39:20.108659: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:39:20.108737: | ISAKMP Notification Payload<br></div><div> Apr 11 05:39:20.108768: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:39:20.108798: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:39:36.078997: "lug-vpn" #2: STATE_QUICK_I1: retransmission; will wait 32 seconds for response<br></div><div> Apr 11 05:39:36.108354: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:39:36.108457: | ISAKMP Notification Payload<br></div><div> Apr 11 05:39:36.108508: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:39:36.108542: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:40:08.082632: "lug-vpn" #2: STATE_QUICK_I1: 60 second timeout
exceeded after 7 retransmits. No acceptable response to our first Quick
Mode message: perhaps peer likes no proposal<br></div><div> Apr 11 05:40:08.082791: "lug-vpn" #2: starting keying attempt 2 of an unlimited number, but releasing whack<br></div><div> Apr 11 05:40:08.082911: "lug-vpn" #3: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #2 {using isakmp#1 msgid:ca9552f9
proposal=3DES_CBC-HMAC_SHA1_96-MODP1024 pfsgroup=MODP1024}<br></div><div> Apr 11 05:40:08.082979: "lug-vpn" #2: deleting state (STATE_QUICK_I1) and NOT sending notification<br></div><div> Apr 11 05:40:08.119018: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:40:08.119063: | ISAKMP Notification Payload<br></div><div> Apr 11 05:40:08.119080: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:40:08.119098: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:40:08.583763: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response<br></div><div> Apr 11 05:40:08.613311: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:40:08.613407: | ISAKMP Notification Payload<br></div><div> Apr 11 05:40:08.613442: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:40:08.613475: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:40:09.086192: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 1 seconds for response<br></div><div> Apr 11 05:40:09.114992: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:40:09.115042: | ISAKMP Notification Payload<br></div><div> Apr 11 05:40:09.115065: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:40:09.115086: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:40:10.084265: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 2 seconds for response<br></div><div> Apr 11 05:40:10.113535: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:40:10.113620: | ISAKMP Notification Payload<br></div><div> Apr 11 05:40:10.113654: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:40:10.113686: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:40:12.086696: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 4 seconds for response<br></div><div> Apr 11 05:40:12.115891: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:40:12.115939: | ISAKMP Notification Payload<br></div><div> Apr 11 05:40:12.115956: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:40:12.115974: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:40:16.088303: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 8 seconds for response<br></div><div> Apr 11 05:40:16.117146: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:40:16.117192: | ISAKMP Notification Payload<br></div><div> Apr 11 05:40:16.117208: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:40:16.117226: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> Apr 11 05:40:24.090664: "lug-vpn" #3: STATE_QUICK_I1: retransmission; will wait 16 seconds for response<br></div><div> Apr 11 05:40:24.120254: "lug-vpn" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=66<br></div><div> Apr 11 05:40:24.120331: | ISAKMP Notification Payload<br></div><div> Apr 11 05:40:24.120350: | 00 00 00 42 00 00 00 01 03 04 00 0e<br></div><div> Apr 11 05:40:24.120369: "lug-vpn" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN<br></div><div> ^C<br></div><div> root@DebianVPS:~# <br></div>