• March 28, 2024, 07:33:26 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: VPN Troubleshooting  (Read 5546 times)

kfritz

  • Level 1 Member
  • *
  • Posts: 6
VPN Troubleshooting
« on: July 14, 2017, 12:31:15 AM »

Hi all,

I'm trying to get an L2TP/IPSec VPN established on my DSR250.  It's brand new, firmware 2.11_WW.

I followed the configuration found at http://forums.dlink.com/index.php?topic=65697.0 with the exception of downgrading the firmware.  I can't do that, due to the fact that I have the A4 hardware revision and no other firmware is available.

Here's the log messages I'm seeing - any ideas?  TIA!

VPN        Information        [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: an undead schedule has been deleted: 'quick_r1prep'.]
VPN        Information        [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=2640381144(0x9d6104d8).]
VPN        Information        [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send SM]
VPN        Information        [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send Tra]
VPN        Information        [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Purged ISAKMP-SA with proto_id=ISAKMP and spi=4a5bc20f043b6714:83e3354b10d7e747.]
VPN        Information        [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: ISAKMP-SA deleted for 69.253.78.23[4500]-166.177.59.96[22323] with spi:4a5bc20f043b6714:83e3354b10d7e747]
VPN        Information        [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send SM]
VPN        Information        [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send Tra]
VPN        Information        [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: KA remove: 69.253.78.23[4500]->166.177.59.96[22323]]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Anonymous configuration selected for 166.177.59.96[56287].]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received request for new phase 1 negotiation: 69.253.78.23[500]<=>166.177.59.96[56287]]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Beginning Identity Protection mode.]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received Vendor ID: MS NT5 ISAKMPOAKLEY]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received Vendor ID: RFC 3947]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [For 166.177.59.96[56287], Selected NAT-T version: RFC 3947]
VPN        Error        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [invalid DH group 20.]
VPN        Error        [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [invalid DH group 19.]
VPN        Information        [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [NAT-D payload matches for 69.253.78.23[500]]
VPN        Information        [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [NAT-D payload does not match for 166.177.59.96[56287]]
VPN        Information        [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [NAT detected: PEER]
VPN        Information        [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Floating ports for NAT-T with peer 166.177.59.96[22323]]
VPN        Information        [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [KA list add: 69.253.78.23[4500]->166.177.59.96[22323]]
VPN        Information        [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [ISAKMP-SA established for 69.253.78.23[4500]-166.177.59.96[22323] with spi:4285e26594dd5819:d99a16461024d8fe]
VPN        Information        [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Sending Informational Exchange: notify payload[608]]
VPN        Information        [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Responding to new phase 2 negotiation: 69.253.78.23[0]<=>166.177.59.96[0]]
VPN        Information        [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Using IPsec SA configuration: anonymous]
VPN        Information        [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [No policy found, generating the policy : 192.168.43.235/32[1701] 69.253.78.23/32[1701] proto=udp dir=in]
VPN        Information        [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [No policy found, adjusting source address for generating the policy incase of NAT-T in Transport Mode: 166.177.59.96/32[1701] 69.253.78.23/32[1701] proto=udp dir=in]
VPN        Information        [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Adjusting peer's encmode 4(4)->Transport(2)]
VPN        Warning        [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [less key length proposed, mine:128 peer:256.  Use initiaotr's one.]
VPN        Information        [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IPsec-SA established[UDP encap 22323->4500]: ESP/Transport 166.177.59.96->69.253.78.23 with spi=14681761(0xe006a1)]
VPN        Information        [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send SMS]
VPN        Information        [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send Trap]
VPN        Error        [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [No policy found: id:24.]
VPN        Information        [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IPsec-SA established[UDP encap 4500->22323]: ESP/Transport 69.253.78.23->166.177.59.96 with spi=2677474934(0x9f970676)]
VPN        Information        [Fri Jul 14 03:29:10 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send SMS]
VPN        Information        [Fri Jul 14 03:29:10 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send Trap]
VPN        Error        [Fri Jul 14 03:29:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Error] [L2TP_CLIENT] [Exec failed : iptables -D FORWARD -d 0.0.0.0/0 ! -o ppp88 -j DROP]
VPN        Information        [Fri Jul 14 03:28:41 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Loaded VPN Configuration]
VPN        Information        [Fri Jul 14 03:28:42 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [VPN Policy:VPNPolicyName(Client) nodeId(3) status(Enabled) ikePolicyName(Client)]
VPN        Information        [Fri Jul 14 03:28:42 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [policyType(Auto) clientPolicy(Yes) KA(Disabled)]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Phase 1 negotiation failed due to time up for 166.177.59.96[56287]. 717afb0fb19478a2:b9e4efb75bd6e4be]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Anonymous configuration selected for 166.177.59.96[56287].]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received request for new phase 1 negotiation: 69.253.78.23[500]<=>166.177.59.96[56287]]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Beginning Identity Protection mode.]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received Vendor ID: MS NT5 ISAKMPOAKLEY]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received Vendor ID: RFC 3947]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: For 166.177.59.96[56287], Selected NAT-T version: RFC 3947]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: invalid DH group 20.]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: invalid DH group 19.]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: NAT-D payload matches for 69.253.78.23[500]]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: NAT-D payload does not match for 166.177.59.96[56287]]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: NAT detected: PEER]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Floating ports for NAT-T with peer 166.177.59.96[22323]]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: KA list add: 69.253.78.23[4500]->166.177.59.96[22323]]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: ISAKMP-SA established for 69.253.78.23[4500]-166.177.59.96[22323] with spi:4285e26594dd5819:d99a16461024d8fe]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Sending Informational Exchange: notify payload[608]]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Responding to new phase 2 negotiation: 69.253.78.23[0]<=>166.177.59.96[0]]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Using IPsec SA configuration: anonymous]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: No policy found, generating the policy : 192.168.43.235/32[1701] 69.253.78.23/32[1701] proto=udp dir=in]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: No policy found, adjusting source address for generating the policy incase of NAT-T in Transport Mode: 166.177.59.96/32[1701] 69.253.78.23/32[1701] proto=udp dir=in]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Adjusting peer's encmode 4(4)->Transport(2)]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: less key length proposed, mine:128 peer:256.  Use initiaotr's one.]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: IPsec-SA established[UDP encap 22323->4500]: ESP/Transport 166.177.59.96->69.253.78.23 with spi=14681761(0xe006a1)]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send SMS]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send Trap]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: No policy found: id:24.]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: IPsec-SA established[UDP encap 4500->22323]: ESP/Transport 69.253.78.23->166.177.59.96 with spi=2677474934(0x9f970676)]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send SM]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send Tra]
VPN        Information        [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Deleting generated policy for 166.177.59.96[0]]
VPN        Information        [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [an undead schedule has been deleted: 'pk_recvupdate'.]
VPN        Information        [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [[IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=2677474934(0x9f970676).]
VPN        Information        [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send SMS]
VPN        Information        [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send Trap]
VPN        Information        [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Purged ISAKMP-SA with proto_id=ISAKMP and spi=4285e26594dd5819:d99a16461024d8fe.]
VPN        Information        [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [ISAKMP-SA deleted for 69.253.78.23[4500]-166.177.59.96[22323] with spi:4285e26594dd5819:d99a16461024d8fe]
VPN        Information        [Fri Jul 14 03:30:24 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send SMS]
VPN        Information        [Fri Jul 14 03:30:24 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send Trap]
VPN        Information        [Fri Jul 14 03:30:24 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [KA remove: 69.253.78.23[4500]->166.177.59.96[22323]]


Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: VPN Troubleshooting
« Reply #1 on: July 14, 2017, 06:49:52 AM »

Welcome!
What region are you located?

I recommend phone contacting your regional D-Link support office and get more help and information on this.

FYI:
http://forums.dlink.com/index.php?topic=66975.msg283472#msg283472
« Last Edit: July 14, 2017, 06:51:41 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

kfritz

  • Level 1 Member
  • *
  • Posts: 6
Re: VPN Troubleshooting
« Reply #2 on: July 14, 2017, 10:23:37 AM »

I'm in the US.  I will try giving them a call.  Thanks!
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: VPN Troubleshooting
« Reply #3 on: July 14, 2017, 12:06:32 PM »

Let us know how it goes.  ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

fabravo

  • Level 1 Member
  • *
  • Posts: 2
Re: VPN Troubleshooting
« Reply #4 on: October 24, 2017, 05:43:24 AM »

I'm in the US.  I will try giving them a call.  Thanks!

Did you ever get this to work? Totally missed this post when I posted a similar issue last night on this forum.

I called support and after an hour they thought my unit was damaged. Don't want to go through the hassle of returning... would rather fix. Thanks!
Logged

fabravo

  • Level 1 Member
  • *
  • Posts: 2
Re: VPN Troubleshooting
« Reply #5 on: October 24, 2017, 08:28:37 AM »

Just to close the loop... the issue ended up being on the 'remote' site. I blew away all the settings there and recreated and it is working now.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: VPN Troubleshooting
« Reply #6 on: October 24, 2017, 10:04:35 AM »

Glad you got if figured out. Thanks for posting.
Enjoy.  ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.