Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

VPN L2TP/IPSec between RV340 and Android 8.0/ Windows 7 clients (partially solved)

ridellec@gmail.com
Level 1
Level 1

‎02-09-2019 07:43 AM - edited ‎02-14-2019 09:59 AM

Hello everyone,

I have a RV340 version 1.0.02.16 (new firmware) and I am trying to create a L2TP / IPSec vpn for Windows 7 and Android 8.0 clients.
In Android, the vpn was created and disconnected as quickly. Under windows I always have a 789 error.

I test between 2 local routers (B-Box Proximus and RV340)
B-Box has IP 192.168.1.254 in Wan and 172.31.1.1 in LAN
B-Box has a DMZ configured to RV340 in 192.168.1.254

What's the problem ?

thank you in advance

Here is Config and Log of RV340

configuration IPSEC Profiles
-----------------------------
profile name : test
Keying mode : auto
IKE Version : IKEv1

Phase 1 Options
DH Group : Group2 - 1024bit
Encryption : 3DES
Authtentification : MD5
SA Lifetime : 3600

Phase 2 Options
Protocol Selection: ESP
Encryption : 3DES
Authtentification : MD5
SA Lifetime : 3600
Perfect Forwar secrecy : disable

Configuration L2TP server
-------------------------
L2TP Server : On
MTU : 1400

Adress Pool
Start IP Adress : 192.168.31.1
End IP Adress : 192.168.31.25
DNS1 IP Adresse : 8.8.8.8
DNS2 IP Adresse : 195.238.2.21
IPSec : On
IPSec Profile : test
Pre-shared Key : *****************

2019-02-08T18:10:04+01:00 <info>charon: 15[IKE] CHILD_SA l2tp_l2tpOverIpsec_wan1{11} established with SPIs c8b7d27a_i 0ffc93dd_o and TS 192.168.1.254/32[udp/l2f] === 192.168.1.41/32[udp]
2019-02-08T18:10:07+01:00 <info>charon: 11[IKE] deleting IKE_SA l2tp_l2tpOverIpsec_wan1[122] between 192.168.1.254[192.168.1.254]...192.168.1.41[192.168.1.41]

2019-02-08T18:10:02+01:00 <info>charon: 09[NET] received packet: from 192.168.1.41[500] to 192.168.1.254[500] (724 bytes)
2019-02-08T18:10:02+01:00 <info>charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] received NAT-T (RFC 3947) vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] received FRAGMENTATION vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] received DPD vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] 192.168.1.41 is initiating a Main Mode IKE_SA
2019-02-08T18:10:02+01:00 <info>charon: Last message '09[IKE] 192.168.1.41' repeated 1 times, supressed by syslog-ng on router4460AF
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] IKE_SA (unnamed)[122] state change: CREATED => CONNECTING
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] sending XAuth vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] sending DPD vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] sending Cisco Unity vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] sending FRAGMENTATION vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[IKE] sending NAT-T (RFC 3947) vendor ID
2019-02-08T18:10:02+01:00 <info>charon: 09[ENC] generating ID_PROT response 0 [ SA V V V V V ]
2019-02-08T18:10:02+01:00 <info>charon: 09[NET] sending packet: from 192.168.1.254[500] to 192.168.1.41[500] (176 bytes)
2019-02-08T18:10:02+01:00 <info>charon: 10[NET] received packet: from 192.168.1.41[500] to 192.168.1.254[500] (220 bytes)
2019-02-08T18:10:02+01:00 <info>charon: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
2019-02-08T18:10:03+01:00 <info>charon: 10[IKE] FSLDBG: Now searching for PSK with :my_id,me,other_id,other: '192.168.1.254'[192.168.1.254] - '(null)'[192.168.1.41]
2019-02-08T18:10:03+01:00 <info>charon: 10[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
2019-02-08T18:10:03+01:00 <info>charon: 10[NET] sending packet: from 192.168.1.254[500] to 192.168.1.41[500] (236 bytes)
2019-02-08T18:10:03+01:00 <info>charon: 06[NET] received packet: from 192.168.1.41[500] to 192.168.1.254[500] (76 bytes)
2019-02-08T18:10:03+01:00 <info>charon: 06[ENC] parsed ID_PROT request 0 [ ID HASH ]
2019-02-08T18:10:03+01:00 <info>charon: 06[CFG] looking for pre-shared key peer configs matching 192.168.1.254...192.168.1.41[192.168.1.41]
2019-02-08T18:10:03+01:00 <info>charon: 06[CFG] selected peer config l2tp_l2tpOverIpsec_wan1
2019-02-08T18:10:03+01:00 <info>charon: 06[IKE] IKE_SA l2tp_l2tpOverIpsec_wan1[122] established between 192.168.1.254[192.168.1.254]...192.168.1.41[192.168.1.41]
2019-02-08T18:10:03+01:00 <info>charon: Last message '06[IKE] IKE_SA l2tp_' repeated 1 times, supressed by syslog-ng on router4460AF
2019-02-08T18:10:03+01:00 <info>charon: 06[IKE] IKE_SA l2tp_l2tpOverIpsec_wan1[122] state change: CONNECTING => ESTABLISHED
2019-02-08T18:10:03+01:00 <info>charon: 06[IKE] scheduling reauthentication in 3271s
2019-02-08T18:10:03+01:00 <info>charon: 06[IKE] maximum IKE_SA lifetime 3451s
2019-02-08T18:10:03+01:00 <info>charon: 06[ENC] generating ID_PROT response 0 [ ID HASH ]
2019-02-08T18:10:03+01:00 <info>charon: 06[NET] sending packet: from 192.168.1.254[500] to 192.168.1.41[500] (68 bytes)
2019-02-08T18:10:03+01:00 <info>charon: 13[NET] received packet: from 192.168.1.41[500] to 192.168.1.254[500] (92 bytes)
2019-02-08T18:10:03+01:00 <info>charon: 13[ENC] parsed INFORMATIONAL_V1 request 2236545441 [ HASH N(INITIAL_CONTACT) ]
2019-02-08T18:10:04+01:00 <info>charon: 08[NET] received packet: from 192.168.1.41[500] to 192.168.1.254[500] (652 bytes)
2019-02-08T18:10:04+01:00 <info>charon: 08[ENC] parsed QUICK_MODE request 3560604964 [ HASH SA No ID ID ]
2019-02-08T18:10:04+01:00 <info>charon: 08[IKE] received 28800s lifetime, configured 3600s
2019-02-08T18:10:04+01:00 <info>charon: 08[ENC] generating QUICK_MODE response 3560604964 [ HASH SA No ID ID ]
2019-02-08T18:10:04+01:00 <info>charon: 08[NET] sending packet: from 192.168.1.254[500] to 192.168.1.41[500] (164 bytes)
2019-02-08T18:10:04+01:00 <info>charon: 15[NET] received packet: from 192.168.1.41[500] to 192.168.1.254[500] (60 bytes)
2019-02-08T18:10:04+01:00 <info>charon: 15[ENC] parsed QUICK_MODE request 3560604964 [ HASH ]
2019-02-08T18:10:04+01:00 <info>charon: 15[CHD]   using 3DES_CBC for encryption
2019-02-08T18:10:04+01:00 <info>charon: 15[CHD]   using HMAC_MD5_96 for integrity
2019-02-08T18:10:04+01:00 <info>charon: 15[CHD] adding inbound ESP SA
2019-02-08T18:10:04+01:00 <info>charon: 15[CHD]   SPI 0xc8b7d27a, src 192.168.1.41 dst 192.168.1.254
2019-02-08T18:10:04+01:00 <info>charon: 15[CHD] adding outbound ESP SA
2019-02-08T18:10:04+01:00 <info>charon: 15[CHD]   SPI 0x0ffc93dd, src 192.168.1.254 dst 192.168.1.41
2019-02-08T18:10:04+01:00 <info>charon: 15[IKE] CHILD_SA l2tp_l2tpOverIpsec_wan1{11} established with SPIs c8b7d27a_i 0ffc93dd_o and TS 192.168.1.254/32[udp/l2f] === 192.168.1.41/32[udp]
2019-02-08T18:10:04+01:00 <info>charon: Last message '15[IKE] CHILD_SA l2t' repeated 1 times, supressed by syslog-ng on router4460AF
2019-02-08T18:10:04+01:00 <info>charon: 15[CHD] updown: uci: Entry not found
2019-02-08T18:10:06+01:00 <debug>xl2tpd: control_finish: Peer requested tunnel 60818 twice, ignoring second one.
2019-02-08T18:10:06+01:00 <notice>xl2tpd: Connection established to 192.168.1.41, 42483.  Local: 5655, Remote: 60818 (ref=0/0).  LNS session is 'default'
2019-02-08T18:10:06+01:00 <warning>xl2tpd: L2TP tunnels used:0.
2019-02-08T18:10:06+01:00 <debug>xl2tpd: start_pppd: I'm running:
2019-02-08T18:10:06+01:00 <debug>xl2tpd: /usr/sbin/pppd
2019-02-08T18:10:06+01:00 <debug>xl2tpd: passive
2019-02-08T18:10:06+01:00 <debug>xl2tpd: nodetach
2019-02-08T18:10:06+01:00 <debug>xl2tpd: 192.168.31.1:192.168.31.2
2019-02-08T18:10:06+01:00 <debug>xl2tpd: auth
2019-02-08T18:10:06+01:00 <debug>xl2tpd: require-pap
2019-02-08T18:10:06+01:00 <debug>xl2tpd: require-chap
2019-02-08T18:10:06+01:00 <debug>xl2tpd: name
2019-02-08T18:10:06+01:00 <debug>xl2tpd: l2tpsrvgw
2019-02-08T18:10:06+01:00 <debug>xl2tpd: debug
2019-02-08T18:10:06+01:00 <debug>xl2tpd: file
2019-02-08T18:10:06+01:00 <debug>xl2tpd: /etc/ppp/options.xl2tpd
2019-02-08T18:10:06+01:00 <debug>xl2tpd: ipparam
2019-02-08T18:10:06+01:00 <debug>xl2tpd: 192.168.1.41
2019-02-08T18:10:06+01:00 <debug>xl2tpd: plugin
2019-02-08T18:10:06+01:00 <debug>xl2tpd: pppol2tp.so
2019-02-08T18:10:06+01:00 <debug>xl2tpd: pppol2tp
2019-02-08T18:10:06+01:00 <debug>xl2tpd: 9
2019-02-08T18:10:06+01:00 <notice>xl2tpd: Call established with 192.168.1.41, Local: 51193, Remote: 7658, Serial: -795679477
2019-02-08T18:10:07+01:00 <info>charon: 13[KNL] interface ppp0 deleted
2019-02-08T18:10:07+01:00 <debug>xl2tpd: child_handler : pppd exited for call 7658 with code 11
2019-02-08T18:10:07+01:00 <info>xl2tpd: call_close: Call 51193 to 192.168.1.41 disconnected
2019-02-08T18:10:07+01:00 <debug>xl2tpd: result_code_avp: avp is incorrect size.  8 < 10
2019-02-08T18:10:07+01:00 <warning>xl2tpd: handle_avps: Bad exit status handling attribute 1 (Result Code) on mandatory packet.
2019-02-08T18:10:07+01:00 <debug>xl2tpd: Terminating pppd: sending TERM signal to pid 7000
2019-02-08T18:10:07+01:00 <info>xl2tpd: Connection 60818 closed to 192.168.1.41, port 42483 (Result Code: expected at least 10, got 8)
2019-02-08T18:10:07+01:00 <warning>xl2tpd: network_thread: recvfrom returned error 111 (Connection refused)
2019-02-08T18:10:07+01:00 <info>charon: 08[IKE] keeping connection path 192.168.1.254 - 192.168.1.41
2019-02-08T18:10:07+01:00 <info>charon: 15[NET] received packet: from 192.168.1.41[500] to 192.168.1.254[500] (76 bytes)
2019-02-08T18:10:07+01:00 <info>charon: 15[ENC] parsed INFORMATIONAL_V1 request 2190434216 [ HASH D ]
2019-02-08T18:10:07+01:00 <info>charon: 15[IKE] received DELETE for ESP CHILD_SA with SPI 0ffc93dd
2019-02-08T18:10:07+01:00 <info>charon: 15[IKE] closing CHILD_SA l2tp_l2tpOverIpsec_wan1{11} with SPIs c8b7d27a_i (0 bytes) 0ffc93dd_o (0 bytes) and TS 192.168.1.254/32[udp/l2f] === 192.168.1.41/32[udp]
2019-02-08T18:10:07+01:00 <info>charon: Last message '15[IKE] closing CHIL' repeated 1 times, supressed by syslog-ng on router4460AF
2019-02-08T18:10:07+01:00 <info>charon: 15[CHD] updown: uci: Entry not found
2019-02-08T18:10:07+01:00 <info>charon: 11[NET] received packet: from 192.168.1.41[500] to 192.168.1.254[500] (92 bytes)
2019-02-08T18:10:07+01:00 <info>charon: 11[ENC] parsed INFORMATIONAL_V1 request 3378295642 [ HASH D ]
2019-02-08T18:10:07+01:00 <info>charon: 11[IKE] received DELETE for IKE_SA l2tp_l2tpOverIpsec_wan1[122]
2019-02-08T18:10:07+01:00 <info>charon: 11[IKE] deleting IKE_SA l2tp_l2tpOverIpsec_wan1[122] between 192.168.1.254[192.168.1.254]...192.168.1.41[192.168.1.41]
2019-02-08T18:10:07+01:00 <info>charon: Last message '11[IKE] deleting IKE' repeated 1 times, supressed by syslog-ng on router4460AF
2019-02-08T18:10:07+01:00 <info>charon: 11[IKE] IKE_SA l2tp_l2tpOverIpsec_wan1[122] state change: ESTABLISHED => DELETING
2019-02-08T18:10:07+01:00 <info>charon: 11[IKE] IKE_SA l2tp_l2tpOverIpsec_wan1[122] state change: DELETING => DELETING
2019-02-08T18:10:07+01:00 <info>charon: 11[IKE] IKE_SA l2tp_l2tpOverIpsec_wan1[122] state change: DELETING => DESTROYING
2019-02-08T18:10:12+01:00 <debug>xl2tpd: Unable to deliver closing message for tunnel 5655. Destroying anyway.

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic