Oct 17 13:36:04 nethserver.ZZZZZz.com pluto[19315]: “myvpn_ipsec-tunnel/1x1” #88: ERROR: asynchronous network error report on ens192 (sport=500) for message to 192.168.10.254 port 500, complainant 192.168.88.230: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Oct 17 13:36:08 nethserver.ZZZZZz.com pluto[19315]: “myvpn_ipsec-tunnel/1x1” #88: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Oct 17 13:36:08 nethserver.ZZZZZz.com pluto[19315]: ERROR: “myvpn_ipsec-tunnel/1x1” #88: sendto on ens192 to 192.168.10.254:500 failed in EVENT_v1_RETRANSMIT. Errno 1: Operation not permitted
Oct 17 13:36:08 nethserver.ZZZZZz.com pluto[19315]: “myvpn_ipsec-tunnel/1x1” #88: ERROR: asynchronous network error report on ens192 (sport=500) for message to 192.168.10.254 port 500, complainant 192.168.88.230: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Oct 17 13:36:16 nethserver.ZZZZZz.com pluto[19315]: “myvpn_ipsec-tunnel/1x1” #88: STATE_MAIN_I1: retransmission; will wait 16 seconds for response
Oct 17 13:36:16 nethserver.ZZZZZz.com pluto[19315]: ERROR: “myvpn_ipsec-tunnel/1x1” #88: sendto on ens192 to 192.168.10.254:500 failed in EVENT_v1_RETRANSMIT. Errno 1: Operation not permitted
Oct 17 13:36:16 nethserver.ZZZZZz.com pluto[19315]: “myvpn_ipsec-tunnel/1x1” #88: ERROR: asynchronous network error report on ens192 (sport=500) for message to 192.168.10.254 port 500, complainant 192.168.88.230: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Oct 17 13:36:32 nethserver.ZZZZZz.com pluto[19315]: “myvpn_ipsec-tunnel/1x1” #88: STATE_MAIN_I1: retransmission; will wait 32 seconds for response
Oct 17 13:36:32 nethserver.ZZZZZz.com pluto[19315]: ERROR: “myvpn_ipsec-tunnel/1x1” #88: sendto on ens192 to 192.168.10.254:500 failed in EVENT_v1_RETRANSMIT. Errno 1: Operation not permitted
Oct 17 13:36:32 nethserver.ZZZZZz.com pluto[19315]: “myvpn_ipsec-tunnel/1x1” #88: ERROR: asynchronous network error report on ens192 (sport=500) for message to 192.168.10.254 port 500, complainant 192.168.88.230: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
You used 192.168.10.254 as remote IP on Nethserver but it has to be the public IP of the fritzbox or %any if the fritzbox has a dynamic IP.
The local and remote IDs have to match.
http://docs.nethserver.org/en/v7/vpn.html#id1
You may try the following:
On NS side:
Local ID: @Nethserver
Remote ID: @Fritzbox
On fritzbox side:
localid {
fqdn = "Fritzbox";
}
remoteid {
fqdn = "Nethserver";
}
I have tried every possible solution that you suggested me but still I am unsuccessful.
Greetings,
Adnan
The following logs are showing
Oct 25 12:07:23 nethserver pluto[18655]: shutting down interface lo/lo ::1:500
Oct 25 12:07:23 nethserver pluto[18655]: shutting down interface lo/lo 127.0.0.1:4500
Oct 25 12:07:23 nethserver pluto[18655]: shutting down interface lo/lo 127.0.0.1:500
Oct 25 12:07:23 nethserver pluto[18655]: shutting down interface ens192/ens192 192.168.88.230:4500
Oct 25 12:07:23 nethserver pluto[18655]: shutting down interface ens192/ens192 192.168.88.230:500
Oct 25 12:07:23 nethserver pluto[18655]: shutting down interface br0/br0 192.168.8.230:4500
Oct 25 12:07:23 nethserver pluto[18655]: shutting down interface br0/br0 192.168.8.230:500
Oct 25 12:07:23 nethserver pluto[18655]: leak detective found no leaks
Oct 25 12:07:24 nethserver pluto[22500]: FIPS Product: NO
Oct 25 12:07:24 nethserver pluto[22500]: FIPS Kernel: NO
Oct 25 12:07:24 nethserver pluto[22500]: FIPS Mode: NO
Oct 25 12:07:24 nethserver pluto[22500]: NSS DB directory: sql:/etc/ipsec.d
Oct 25 12:07:24 nethserver pluto[22500]: Initializing NSS
Oct 25 12:07:24 nethserver pluto[22500]: Opening NSS database “sql:/etc/ipsec.d” read-only
Oct 25 12:07:24 nethserver pluto[22500]: NSS initialized
Oct 25 12:07:24 nethserver pluto[22500]: NSS crypto library initialized
Oct 25 12:07:24 nethserver pluto[22500]: FIPS HMAC integrity support [enabled]
Oct 25 12:07:24 nethserver pluto[22500]: FIPS mode disabled for pluto daemon
Oct 25 12:07:24 nethserver pluto[22500]: FIPS HMAC integrity verification self-test passed
Oct 25 12:07:24 nethserver pluto[22500]: libcap-ng support [enabled]
Oct 25 12:07:24 nethserver pluto[22500]: Linux audit support [enabled]
Oct 25 12:07:24 nethserver pluto[22500]: Linux audit activated
Oct 25 12:07:24 nethserver pluto[22500]: Starting Pluto (Libreswan Version 3.25 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO GCC_EXCEPTIONS NSS (AVA copy) (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:22500
Oct 25 12:07:24 nethserver pluto[22500]: core dump dir: /run/pluto
Oct 25 12:07:24 nethserver pluto[22500]: secrets file: /etc/ipsec.secrets
Oct 25 12:07:24 nethserver pluto[22500]: leak-detective enabled
Oct 25 12:07:24 nethserver pluto[22500]: NSS crypto [enabled]
Oct 25 12:07:24 nethserver pluto[22500]: XAUTH PAM support [enabled]
Oct 25 12:07:24 nethserver pluto[22500]: NAT-Traversal support [enabled]
Oct 25 12:07:24 nethserver pluto[22500]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
Oct 25 12:07:24 nethserver pluto[22500]: Encryption algorithms:
Oct 25 12:07:24 nethserver pluto[22500]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm aes_ccm_c)
Oct 25 12:07:24 nethserver pluto[22500]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_b)
Oct 25 12:07:24 nethserver pluto[22500]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_a)
Oct 25 12:07:24 nethserver pluto[22500]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] (3des)
Oct 25 12:07:24 nethserver pluto[22500]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Oct 25 12:07:24 nethserver pluto[22500]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (camellia)
Oct 25 12:07:24 nethserver pluto[22500]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm aes_gcm_c)
Oct 25 12:07:24 nethserver pluto[22500]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_b)
Oct 25 12:07:24 nethserver pluto[22500]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_a)
Oct 25 12:07:24 nethserver pluto[22500]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aesctr)
Oct 25 12:07:24 nethserver pluto[22500]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes)
Oct 25 12:07:24 nethserver pluto[22500]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (serpent)
Oct 25 12:07:24 nethserver pluto[22500]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (twofish)
Oct 25 12:07:24 nethserver pluto[22500]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} (twofish_cbc_ssh)
Oct 25 12:07:24 nethserver pluto[22500]: CAST_CBC IKEv1: ESP IKEv2: ESP {*128} (cast)
Oct 25 12:07:24 nethserver pluto[22500]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} (aes_gmac)
Oct 25 12:07:24 nethserver pluto[22500]: NULL IKEv1: ESP IKEv2: ESP []
Oct 25 12:07:24 nethserver pluto[22500]: Hash algorithms:
Oct 25 12:07:24 nethserver pluto[22500]: MD5 IKEv1: IKE IKEv2:
Oct 25 12:07:24 nethserver pluto[22500]: SHA1 IKEv1: IKE IKEv2: FIPS (sha)
Oct 25 12:07:24 nethserver pluto[22500]: SHA2_256 IKEv1: IKE IKEv2: FIPS (sha2 sha256)
Oct 25 12:07:24 nethserver pluto[22500]: SHA2_384 IKEv1: IKE IKEv2: FIPS (sha384)
Oct 25 12:07:24 nethserver pluto[22500]: SHA2_512 IKEv1: IKE IKEv2: FIPS (sha512)
Oct 25 12:07:24 nethserver pluto[22500]: PRF algorithms:
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_MD5 IKEv1: IKE IKEv2: IKE (md5)
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS (sha sha1)
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS (sha2 sha256 sha2_256)
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS (sha384 sha2_384)
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS (sha512 sha2_512)
Oct 25 12:07:24 nethserver pluto[22500]: AES_XCBC IKEv1: IKEv2: IKE FIPS (aes128_xcbc)
Oct 25 12:07:24 nethserver pluto[22500]: Integrity algorithms:
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (md5 hmac_md5)
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha sha1 sha1_96 hmac_sha1)
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha512 sha2_512 hmac_sha2_512)
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha384 sha2_384 hmac_sha2_384)
Oct 25 12:07:24 nethserver pluto[22500]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha2 sha256 sha2_256 hmac_sha2_256)
Oct 25 12:07:24 nethserver pluto[22500]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH FIPS (aes_xcbc aes128_xcbc aes128_xcbc_96)
Oct 25 12:07:24 nethserver pluto[22500]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_cmac)
Oct 25 12:07:24 nethserver pluto[22500]: NONE IKEv1: ESP IKEv2: ESP FIPS (null)
Oct 25 12:07:24 nethserver pluto[22500]: DH algorithms:
Oct 25 12:07:24 nethserver pluto[22500]: NONE IKEv1: IKEv2: IKE ESP AH (null dh0)
Oct 25 12:07:24 nethserver pluto[22500]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh2)
Oct 25 12:07:24 nethserver pluto[22500]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh5)
Oct 25 12:07:24 nethserver pluto[22500]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh14)
Oct 25 12:07:24 nethserver pluto[22500]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh15)
Oct 25 12:07:24 nethserver pluto[22500]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh16)
Oct 25 12:07:24 nethserver pluto[22500]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh17)
Oct 25 12:07:24 nethserver pluto[22500]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh18)
Oct 25 12:07:24 nethserver pluto[22500]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_256)
Oct 25 12:07:24 nethserver pluto[22500]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_384)
Oct 25 12:07:24 nethserver pluto[22500]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_521)
Oct 25 12:07:24 nethserver pluto[22500]: DH22 IKEv1: IKE ESP AH IKEv2: IKE ESP AH
Oct 25 12:07:24 nethserver pluto[22500]: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
Oct 25 12:07:24 nethserver pluto[22500]: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
Oct 25 12:07:24 nethserver pluto[22500]: starting up 2 crypto helpers
Oct 25 12:07:24 nethserver pluto[22500]: started thread for crypto helper 0
Oct 25 12:07:24 nethserver pluto[22500]: started thread for crypto helper 1
Oct 25 12:07:24 nethserver pluto[22500]: Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-1062.1.2.el7.x86_64
Oct 25 12:07:25 nethserver pluto[22500]: | selinux support is NOT enabled.
Oct 25 12:07:25 nethserver pluto[22500]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Oct 25 12:07:25 nethserver pluto[22500]: watchdog: sending probes every 100 secs
Oct 25 12:07:25 nethserver pluto[22500]: added connection description “myvpn_ipsec-tunnel/1x1”
Oct 25 12:07:25 nethserver pluto[22500]: listening for IKE messages
Oct 25 12:07:25 nethserver pluto[22500]: adding interface br0/br0 192.168.8.230:500
Oct 25 12:07:25 nethserver pluto[22500]: adding interface br0/br0 192.168.8.230:4500
Oct 25 12:07:25 nethserver pluto[22500]: adding interface ens192/ens192 192.168.88.230:500
Oct 25 12:07:25 nethserver pluto[22500]: adding interface ens192/ens192 192.168.88.230:4500
Oct 25 12:07:25 nethserver pluto[22500]: adding interface lo/lo 127.0.0.1:500
Oct 25 12:07:25 nethserver pluto[22500]: adding interface lo/lo 127.0.0.1:4500
Oct 25 12:07:25 nethserver pluto[22500]: adding interface lo/lo ::1:500
Oct 25 12:07:25 nethserver pluto[22500]: | setup callback for interface lo:500 fd 21
Oct 25 12:07:25 nethserver pluto[22500]: | setup callback for interface lo:4500 fd 20
Oct 25 12:07:25 nethserver pluto[22500]: | setup callback for interface lo:500 fd 19
Oct 25 12:07:25 nethserver pluto[22500]: | setup callback for interface ens192:4500 fd 18
Oct 25 12:07:25 nethserver pluto[22500]: | setup callback for interface ens192:500 fd 17
Oct 25 12:07:25 nethserver pluto[22500]: | setup callback for interface br0:4500 fd 16
Oct 25 12:07:25 nethserver pluto[22500]: | setup callback for interface br0:500 fd 15
Oct 25 12:07:25 nethserver pluto[22500]: loading secrets from “/etc/ipsec.secrets”
Oct 25 12:07:25 nethserver pluto[22500]: loading secrets from “/etc/ipsec.d/tunnels.secrets”
Oct 25 12:07:25 nethserver pluto[22500]: initiating all conns with alias=‘myvpn_ipsec-tunnel’
Oct 25 12:07:25 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: initiating Main Mode
Oct 25 12:07:25 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Oct 25 12:07:25 nethserver pluto[22500]: packet from 134.101.186.156:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Oct 25 12:07:25 nethserver pluto[22500]: packet from 134.101.186.156:500: initial Aggressive Mode message from 134.101.186.156 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:07:26 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Oct 25 12:07:27 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Oct 25 12:07:27 nethserver pluto[22500]: packet from 134.101.186.156:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Oct 25 12:07:27 nethserver pluto[22500]: packet from 134.101.186.156:500: initial Aggressive Mode message from 134.101.186.156 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:07:29 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Oct 25 12:07:31 nethserver pluto[22500]: packet from 134.101.186.156:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Oct 25 12:07:31 nethserver pluto[22500]: packet from 134.101.186.156:500: initial Aggressive Mode message from 134.101.186.156 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:07:33 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Oct 25 12:07:36 nethserver sudo: pam_unix(sudo:session): session closed for user root
Oct 25 12:07:36 nethserver sudo: root : TTY=unknown ; PWD=/run/user/0 ; USER=root ; COMMAND=/usr/libexec/nethserver/api/nethserver-vpn-ui/ipsec/read
Oct 25 12:07:36 nethserver sudo: pam_unix(sudo:session): session opened for user root by root(uid=0)
Oct 25 12:07:36 nethserver sudo: pam_unix(sudo:session): session closed for user root
Oct 25 12:07:39 nethserver pluto[22500]: packet from 134.101.186.156:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Oct 25 12:07:39 nethserver pluto[22500]: packet from 134.101.186.156:500: initial Aggressive Mode message from 134.101.186.156 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:07:41 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: STATE_MAIN_I1: retransmission; will wait 16 seconds for response
Oct 25 12:07:47 nethserver pluto[22500]: packet from 82.207.19.25:500: initial Aggressive Mode message from 82.207.19.25 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:07:49 nethserver pluto[22500]: packet from 82.207.19.25:500: initial Aggressive Mode message from 82.207.19.25 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:07:53 nethserver pluto[22500]: packet from 82.207.19.25:500: initial Aggressive Mode message from 82.207.19.25 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:07:57 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: STATE_MAIN_I1: retransmission; will wait 32 seconds for response
Oct 25 12:08:07 nethserver pluto[22500]: packet from 82.207.19.25:500: initial Aggressive Mode message from 82.207.19.25 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:08:09 nethserver pluto[22500]: packet from 82.207.19.25:500: initial Aggressive Mode message from 82.207.19.25 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:08:11 nethserver pluto[22500]: packet from 134.101.186.156:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Oct 25 12:08:11 nethserver pluto[22500]: packet from 134.101.186.156:500: initial Aggressive Mode message from 134.101.186.156 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:08:13 nethserver pluto[22500]: packet from 134.101.186.156:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Oct 25 12:08:13 nethserver pluto[22500]: packet from 134.101.186.156:500: initial Aggressive Mode message from 134.101.186.156 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:08:13 nethserver pluto[22500]: packet from 82.207.19.25:500: initial Aggressive Mode message from 82.207.19.25 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:08:17 nethserver pluto[22500]: packet from 134.101.186.156:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Oct 25 12:08:17 nethserver pluto[22500]: packet from 134.101.186.156:500: initial Aggressive Mode message from 134.101.186.156 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:08:25 nethserver pluto[22500]: packet from 134.101.186.156:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Oct 25 12:08:25 nethserver pluto[22500]: packet from 134.101.186.156:500: initial Aggressive Mode message from 134.101.186.156 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Oct 25 12:08:29 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: STATE_MAIN_I1: 60 second timeout exceeded after 7 retransmits. No response (or no acceptable response) to our first IKEv1 message
Oct 25 12:08:29 nethserver pluto[22500]: “myvpn_ipsec-tunnel/1x1” #1: starting keying attempt 2 of an unlimited numbe
Why aggressive mode?
How to disable aggressive mode?? I can’t enable aggressive mode rather it’s enabled by default.
What is “it”? Fritzbox?
In my experience, NethServer should not support Aggressive Mode…
Yes,I am connecting NethServer Ipsec tunnel to Fritzbox.
while disabling aggressive mode on NethServer using these commands
db vpn setprop nethesis-test Custom_aggrmode no
signal-event nethserver-ipsec-save
When I entered the second line I got this error.
Can’t open directory /etc/e-smith/events/nethserver-ipsec-save
My bad. NethServer do support aggressive mode, but via a custom command on shell.
https://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-ipsec-tunnels.html
https://docs.nethserver.org/en/v7/vpn.html#id1
I were not able to find documentation for Fritz, nor i have any device test.
Did you replace nethesis-test with the name of your IPSEC VPN?
The second line should be: (changed from NS6 to NS7)
signal-event nethserver-ipsec-tunnels-save
This error occured in this thread too.
To get the custom properties as shown here: (I assumed 192.168.8.1 is the Nethserver green interface)
db vpn setprop <YOUR_IPSEC_VPN> Custom_aggrmode yes Custom_left %defaultroute Custom_leftnexthop %defaultroute Custom_leftsourceip 192.168.8.1
signal-event nethserver-ipsec-tunnels-save
For more information about the ipsec options you may have a look at the ipsec.conf manpage.