• November 15, 2018, 04:49:23 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Issues with establishing VPN IP Sec between 2 DSR-500(N)  (Read 451 times)

mmolvid

  • Level 1 Member
  • *
  • Posts: 8
Issues with establishing VPN IP Sec between 2 DSR-500(N)
« on: September 11, 2018, 06:31:45 AM »

Hi!

I have recently bought a second DSR-500, this time a DSR-500N to set up in my summer house. Now I want to establish a VPN via IP Sec. I have followed the guides that are online but they don´t establish the connection.

Can someone that can understand a logfile please inform me what the probelm is? Log file:

[Tue Sep 11 12:03:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:04:24 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [accept a request to establish IKE-SA: gotland.molvidson.net]
[Tue Sep 11 12:05:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:05:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:05:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [FOUND]
[Tue Sep 11 12:05:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [remote configuration for identifier "gotland.molvidson.net" found]     
[Tue Sep 11 12:05:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [Initiating new phase 2 negotiation: 79.136.12.235[500]<=>85.194.0.103[0]]
[Tue Sep 11 12:05:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [Adjusting encryption mode to use UDP encapsulation]
[Tue Sep 11 12:07:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:07:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [IKE: accept a request to establish IKE-SA: gotland.molvidson.net]
[Tue Sep 11 12:07:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: suitable outbound SP found: 10.1.10.1/32[0] 10.1.50.1/32[0] proto=any dir=out.
: admin.c:1172:ipsecSaCreate(]
[Tue Sep 11 12:07:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: suitable inbound SP found: 10.1.50.1/32[0] 10.1.10.1/32[0] proto=any dir=in.
: admin.c:1185:ipsecSaCreate(]
[Tue Sep 11 12:07:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: new acquire 10.1.10.1/32[0] 10.1.50.1/32[0] proto=any dir=out
: admin.c:1228:ipsecSaCreate(] 
[Tue Sep 11 12:07:04 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [IKE: FOUND]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [IKE: remote configuration for identifier "gotland.molvidson.net" found]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=1:1)
: proposal.c:902:printsaproto(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=DES encklen=0 authtype=hmac-md5)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=DES encklen=0 authtype=hmac-sha)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=3DES encklen=0 authtype=hmac-md5)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=3DES encklen=0 authtype=hmac-sha)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=RIJNDAEL encklen=128 authtype=hmac-md5)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=RIJNDAEL encklen=128 authtype=hmac-sha)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=RIJNDAEL encklen=192 authtype=hmac-md5)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=RIJNDAEL encklen=192 authtype=hmac-sha)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=RIJNDAEL encklen=256 authtype=hmac-md5)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE:   (trns_id=RIJNDAEL encklen=256 authtype=hmac-sha)
: proposal.c:936:printsatrns(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [IKE: remote configuration for identifier "gotland.molvidson.net" found]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: begin QUICK mode.
: isakmp.c:2340:isakmp_post_acquire(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: ===
: isakmp.c:1258:isakmp_ph2begin_i(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: begin QUICK mode.
: isakmp.c:1259:isakmp_ph2begin_i(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [IKE: Initiating new phase 2 negotiation: 79.136.12.235[500]<=>85.194.0.103[0]]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: New PH2 inserted with msgid:0
: handler.c:1019:bindph12(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: compute IV for phase2
: oakley.c:3391:oakley_newiv2(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: phase1 last IV:
: oakley.c:3392:oakley_newiv2(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: hash(md5)
: algorithm.c:401:alg_oakley_hashdef(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: encryption(des)
: algorithm.c:576:alg_oakley_encdef(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: phase2 IV computed:
: oakley.c:3429:oakley_newiv2(]
[Tue Sep 11 12:07:05 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: call pfkey_send_getspi
: pfkey.c:1334:pk_sendgetspi(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: pfkey GETSPI sent: ESP/Tunnel 85.194.0.103->79.136.12.235
: pfkey.c:1347:pk_sendgetspi(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: pfkey getspi sent.
: isakmp_quick.c:183:quick_i1prep(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: pk_recv: retry[0] recv()
: pfkey.c:4271:pk_recv(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: get pfkey GETSPI message
: pfkey.c:311:pfkey_handler(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: pfkey GETSPI succeeded: ESP/Tunnel 85.194.0.103->79.136.12.235 with spi=166753809(0x9f07611)
: pfkey.c:1575:pk_recvgetspi(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [IKE: Adjusting encryption mode to use UDP encapsulation]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Adjusting encmode 1->3
: ipsec_doi.c:3091:ipsecdoi_setph2proposal(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: use local ID type IPv4_address
: ipsec_doi.c:3797:ipsecdoi_setid2(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: use remote ID type IPv4_address
: ipsec_doi.c:3817:ipsecdoi_setid2(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: IDci:: isakmp_quick.c:260:quick_i1send(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: IDcr:: isakmp_quick.c:262:quick_i1send(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: add payload of len 284, next type 10
: isakmp.c:2802:set_isakmp_payload(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: add payload of len 16, next type 5
: isakmp.c:2802:set_isakmp_payload(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: add payload of len 8, next type 5
: isakmp.c:2802:set_isakmp_payload(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: add payload of len 8, next type 0
: isakmp.c:2802:set_isakmp_payload(] 
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: HASH with:
: oakley.c:1426:oakley_compute_hash1(] 
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: hmac(hmac_md5)
: algorithm.c:471:alg_oakley_hmacdef(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: HASH computed:
: oakley.c:1436:oakley_compute_hash1(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: add payload of len 16, next type 1
: isakmp.c:2802:set_isakmp_payload(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: begin encryption.
: oakley.c:3667:oakley_do_encrypt(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: encryption(des)
: algorithm.c:576:alg_oakley_encdef(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: ISAKMP: len:352 blen:8
: oakley.c:3683:oakley_do_encrypt(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: pad length = 8
: oakley.c:3684:oakley_do_encrypt(]
[Tue Sep 11 12:07:06 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: encrypted payload by IV:
: oakley.c:3728:oakley_do_encrypt(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: encryption(des)
: algorithm.c:576:alg_oakley_encdef(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: with key:
: oakley.c:3739:oakley_do_encrypt(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: save IV for next:
: oakley.c:3753:oakley_do_encrypt(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: encrypted.
: oakley.c:3790:oakley_do_encrypt(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Adding NON-ESP marker
: isakmp.c:1808:isakmp_send(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: sockname 79.136.12.235[4500]
: sockmisc.c:468:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet from 79.136.12.235[4500]
: sockmisc.c:470:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet to 85.194.0.103[43771]
: sockmisc.c:472:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: 1 times of 392 bytes message will be sent to 85.194.0.103[43771]
: sockmisc.c:632:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: resend phase2 packet 857615c62851d5d1:61a0af88ab1fc1f7:a2ea6660
: isakmp.c:1939:isakmp_ph2resend(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Adding NON-ESP marker
: isakmp.c:1808:isakmp_send(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: sockname 79.136.12.235[4500]
: sockmisc.c:468:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet from 79.136.12.235[4500]
: sockmisc.c:470:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet to 85.194.0.103[43771]
: sockmisc.c:472:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: 1 times of 392 bytes message will be sent to 85.194.0.103[43771]
: sockmisc.c:632:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: resend phase2 packet 857615c62851d5d1:61a0af88ab1fc1f7:a2ea6660
: isakmp.c:1939:isakmp_ph2resend(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Adding NON-ESP marker
: isakmp.c:1808:isakmp_send(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: sockname 79.136.12.235[4500]
: sockmisc.c:468:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet from 79.136.12.235[4500]
: sockmisc.c:470:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet to 85.194.0.103[43771]
: sockmisc.c:472:sendfromto(]
[Tue Sep 11 12:07:07 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: 1 times of 392 bytes message will be sent to 85.194.0.103[43771]
: sockmisc.c:632:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: resend phase2 packet 857615c62851d5d1:61a0af88ab1fc1f7:a2ea6660
: isakmp.c:1939:isakmp_ph2resend(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Adding NON-ESP marker
: isakmp.c:1808:isakmp_send(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: sockname 79.136.12.235[4500]
: sockmisc.c:468:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet from 79.136.12.235[4500]
: sockmisc.c:470:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet to 85.194.0.103[43771]
: sockmisc.c:472:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: 1 times of 392 bytes message will be sent to 85.194.0.103[43771]
: sockmisc.c:632:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: resend phase2 packet 857615c62851d5d1:61a0af88ab1fc1f7:a2ea6660
: isakmp.c:1939:isakmp_ph2resend(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Adding NON-ESP marker
: isakmp.c:1808:isakmp_send(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: sockname 79.136.12.235[4500]
: sockmisc.c:468:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet from 79.136.12.235[4500]
: sockmisc.c:470:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet to 85.194.0.103[43771]
: sockmisc.c:472:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: 1 times of 392 bytes message will be sent to 85.194.0.103[43771]
: sockmisc.c:632:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: resend phase2 packet 857615c62851d5d1:61a0af88ab1fc1f7:a2ea6660
: isakmp.c:1939:isakmp_ph2resend(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Adding NON-ESP marker

Many thanks!!

//Matt
Logged

mmolvid

  • Level 1 Member
  • *
  • Posts: 8
Re: Issues with establishing VPN IP Sec between 2 DSR-500(N)
« Reply #1 on: September 11, 2018, 06:34:11 AM »

PART 2

: isakmp.c:1808:isakmp_send(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: sockname 79.136.12.235[4500]
: sockmisc.c:468:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet from 79.136.12.235[4500]
: sockmisc.c:470:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet to 85.194.0.103[43771]
: sockmisc.c:472:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: 1 times of 392 bytes message will be sent to 85.194.0.103[43771]
: sockmisc.c:632:sendfromto(]
[Tue Sep 11 12:07:08 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: resend phase2 packet 857615c62851d5d1:61a0af88ab1fc1f7:a2ea6660
: isakmp.c:1939:isakmp_ph2resend(]
VPN        Error       
[Tue Sep 11 12:07:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Error] [IPSEC] [Giving up on 85.194.0.103 to set up IPsec-SA due to time up]
[Tue Sep 11 12:07:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [an undead schedule has been deleted: 'isakmp_ph2resend'.]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Adding NON-ESP marker
: isakmp.c:1808:isakmp_send(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: sockname 79.136.12.235[4500]
: sockmisc.c:468:sendfromto(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet from 79.136.12.235[4500]
: sockmisc.c:470:sendfromto(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet to 85.194.0.103[43771]
: sockmisc.c:472:sendfromto(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: 1 times of 392 bytes message will be sent to 85.194.0.103[43771]
: sockmisc.c:632:sendfromto(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: resend phase2 packet 857615c62851d5d1:61a0af88ab1fc1f7:a2ea6660
: isakmp.c:1939:isakmp_ph2resend(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Adding NON-ESP marker
: isakmp.c:1808:isakmp_send(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: sockname 79.136.12.235[4500]
: sockmisc.c:468:sendfromto(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet from 79.136.12.235[4500]
: sockmisc.c:470:sendfromto(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: send packet to 85.194.0.103[43771]
: sockmisc.c:472:sendfromto(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: 1 times of 392 bytes message will be sent to 85.194.0.103[43771]
: sockmisc.c:632:sendfromto(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: resend phase2 packet 857615c62851d5d1:61a0af88ab1fc1f7:a2ea6660
: isakmp.c:1939:isakmp_ph2resend(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [IKE: Giving up on 85.194.0.103 to set up IPsec-SA due to time up]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: **********REQUEST TO DELETE PH2 WITH MSGID:2733270624********
: handler.c:1029:unbindph12(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Information] [IPSEC] [IKE: an undead schedule has been deleted: 'isakmp_ph2resend'.]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: pk_recv: retry[0] recv()
: pfkey.c:4271:pk_recv(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: get pfkey ACQUIRE message
: pfkey.c:311:pfkey_handler(]
[Tue Sep 11 12:09:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: pfkey ACQUIRE failed: Invalid argument
: pfkey.c:328:pfkey_handler(]
[Tue Sep 11 12:11:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:11:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:13:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:13:09 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]   
[Tue Sep 11 12:15:10 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
[Tue Sep 11 12:15:10 2018(GMT+0100)] [DSR-500] [2.11B201C] [VPN] [Debugging] [IPSEC] [IKE: Domain name gotland.molvidson.net resolved to 85.194.0.103
: remIdentLib.c:505:remIdentResolv(]
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46150
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Issues with establishing VPN IP Sec between 2 DSR-500(N)
« Reply #2 on: September 11, 2018, 07:03:10 AM »

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?


Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have at each location?
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

mmolvid

  • Level 1 Member
  • *
  • Posts: 8
Re: Issues with establishing VPN IP Sec between 2 DSR-500(N)
« Reply #3 on: September 13, 2018, 12:13:53 PM »

I am located in europe but I brought with me my DSR-500 that I bought while living in the US. You helped me with a different problem I had about a year ago with setting up different VLANs on this forum.

FW 2.13WW
ISP is fiber direct via media converter.

The problem has now evolved, the IPSec tunnel now connects but I am instead having different issues:

DSR-500 #1 is on IP 10.1.10.1, DSR-500  #2 is on IP 10.1.50.1

I can ping the devices from each other and from behind DSR#1 LAN on IP 10.1.10.10 I ping the 10.1.50.1 (i.e. DSR #2) and DSR#1. But, from DSR #2 LAN (IP 10.1.50.100) I can ping DSR #2 but not DSR#1, what happens is that when I type 10.1.10.1 from behind DSR#2 LAN it somehow shows the loginscreen for DSR#2 on the DSR#1 IP 10.1.10.1 as opposed when I am on LAN behind DSR#1 (IP 10.1.10.10) I can se both 10.1.10.1 (DSR#1) correctly and 10.1.50.1 (DSR#2) correctly.

I am also not abel to se any of the computers behind any of the routers on either side. So that is also an issue. I suspect that the tunnel works as it should but som other settings in the DSR ar incorrect. I have tried to compare the 2 but find nothing that I can see is incorrect…

Many thanks for help.

//Matt

PS. Here in sweden where i live now ther is no dlink phone support other than for large companys..
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 406
Re: Issues with establishing VPN IP Sec between 2 DSR-500(N)
« Reply #4 on: September 16, 2018, 04:20:12 AM »

Hi,

unfortunately your problem description is not very precise, hence it is quite difficult to deduce what might be wrong.

E.g. what do you mean when saying "... when I type 10.1.10.1 from behind ..."? Where do you type the address - in a web browser's address bar? As an argument of the ping command? ... Or what do you mean with "I am also not able to see any of the computers behind ..."? You can't "see" them in a Windows explorer's network neighborhood? Or you can't ping them? Or ... what?

I'm not an DSR-500 expert, I can only tell about IPsec site-to-site connections between two IPsec VPN gateways (DSR500#1, DSR500#2) in general:
  • Within each VPN gateway you have to define traffic selectors which tell the gateway when to establish a tunnel (if it not already exists) and which IP traffic to send through this tunnel (and which traffic to bypass, e.g. local traffic destined for the Internet). In your case on gateway #1 this traffic selector is any traffic from 10.0.1.0/24 (local) to 10.0.50.0/24 (remote) and vice versa on gateway #2.
  • Within each gateway you have to configure IP routes which tell the gateway to route IP traffic for the remote site (gateway #1: remote site = 10.0.50.0/24, gateway #2: remote site = 10.0.1.0/24) throught the tunnel via the local IPsec VPN tunnel interface.
  • If at any site there is another IP router (besides the DSR500) you have to configure static IP routes for the remote site's IP range within that other router and/or within end devices. E.g. if at site #2 there is another router used as default gateway by end devices you have to configure a static route for 10.0.1.0/24 (next hop 10.0.50.1) either within that other router or (alternatively) within each end device.

PT
« Last Edit: September 16, 2018, 04:32:14 AM by PacketTracer »
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 406
Re: Issues with establishing VPN IP Sec between 2 DSR-500(N)
« Reply #5 on: September 17, 2018, 05:14:39 PM »

Hi again,

just have looked at the PDFs you sent me via personal message:

  • "Mode Config" is for client-to-site IPsec-VPNs where single IPsec VPN clients use this method to get an IP address (and other parameters) for use inside the tunnel. But your scenario is different: You have a site-to-site IPsec-VPN and the clients at both sites aren't IPsec-VPN-Clients which have to get IP addresses via "Mode Config". They are LAN cllients that get their addresses via DHCP (nothing to do with IPsec) or are statically configured. If you define an IP range for "Mode Config" that corresponds to the IP addresses used in the LAN (at the opposite site), the DSR 500 will probably not route those addresses through your IPsec tunnel. Hence: Do _not_ configure "Mode Config" (leave fields blank) - you don't need it.
  • Either you won't use "DHCP oder IPsec" hence don't configure it.
  • I don't understand what "IPsec One to One Mapping" shall be good for - I wouldn't configure that

PT
Logged

mmolvid

  • Level 1 Member
  • *
  • Posts: 8
Re: Issues with establishing VPN IP Sec between 2 DSR-500(N)
« Reply #6 on: September 17, 2018, 11:55:53 PM »

Big thank you for your help, I am traveling this week so I will test your suggestions after that and se if I get things to work properly.

//Matt
Logged

mmolvid

  • Level 1 Member
  • *
  • Posts: 8
Re: Issues with establishing VPN IP Sec between 2 DSR-500(N)
« Reply #7 on: October 14, 2018, 01:57:50 PM »

Now it is all working, thanks for all your help!

//Matt
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 406
Re: Issues with establishing VPN IP Sec between 2 DSR-500(N)
« Reply #8 on: October 14, 2018, 02:06:02 PM »

Just online...
Have Fun!
PT
Logged