VPN - SSH Sentinel and LinkSys RV042 VPN Router

This is Interesting: Free IT Magazines  
Home > Archive > VPN > May 2005 > SSH Sentinel and LinkSys RV042 VPN Router





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author SSH Sentinel and LinkSys RV042 VPN Router
j_racicot@hotmail.com

2005-05-23, 5:49 pm

Hi all,

I'm new to this VPN setup stuff and I'm trying to learn all I can as
Iset this up for a non-profit I'm working with.

I've been beating my head all day on this and I still can't seem to get
the SSH VN client to connect to the VPN router. I went through the
setup tutorial at http://www.homenethelp.com/vpn/router-client-v13.asp
several times and still no joy.

The client is configured as described in the tutorial and the router as
well. Both have the correct configuration re: the lan at the router
end (local group on router = 192.168.2.0 subnet 255.255.255.0) and on
the client end (remote network = 192.168.2.0 subnet 255.255.255.0)

The SSH IKE Log shows the following:
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Start isakmp sa negotiation
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Version = 1.0, Input packet
fields = 0000
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Encode packet, version =
1.0, flags = 0x00000000
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 5
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 4
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 3
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 2
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 1
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Removing negotiation
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Connection timed out or
error, calling callback
Phase-1 [initiator] between ipv4(udp:500,[0..3]=192.168.3.54) and
ipv4(udp:500,[0..3]=xxx.xxx.xxx.xxx) failed; Timeout.
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Deleting negotiation


And the system log at the router end shows the following:
May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
[SSH Communications Security IPSEC Express version 4.1.0]
May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
[draft-stenberg-ipsec-nat-traversal-01]
May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
[draft-stenberg-ipsec-nat-traversal-02]
May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
[draft-ietf-ipsec-nat-t-ike-00]
May 23 09:41:20 2005 VPN Log [Tunnel Negotiation Info] <<<
Responder Received Aggressive Mode 1st packet
May 23 09:41:20 2005 VPN Log Initial Aggressive Mode message
from 67.70.131.192 but no (wildcard) connection has been configured

I can't fgure out what's causing the error shown in the VPN router
system log (last line). Any ideas?

Thanks

Joel

Ed

2005-05-26, 8:46 pm

j_racicot@hotmail.com wrote:
> Hi all,
>
> I'm new to this VPN setup stuff and I'm trying to learn all I can as
> Iset this up for a non-profit I'm working with.
>
> I've been beating my head all day on this and I still can't seem to get
> the SSH VN client to connect to the VPN router. I went through the
> setup tutorial at http://www.homenethelp.com/vpn/router-client-v13.asp
> several times and still no joy.
>
> The client is configured as described in the tutorial and the router as
> well. Both have the correct configuration re: the lan at the router
> end (local group on router = 192.168.2.0 subnet 255.255.255.0) and on
> the client end (remote network = 192.168.2.0 subnet 255.255.255.0)
>
> The SSH IKE Log shows the following:
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Start isakmp sa negotiation
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Version = 1.0, Input packet
> fields = 0000
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Encode packet, version =
> 1.0, flags = 0x00000000
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 5
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 4
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 3
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 2
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 1
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Removing negotiation
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Connection timed out or
> error, calling callback
> Phase-1 [initiator] between ipv4(udp:500,[0..3]=192.168.3.54) and
> ipv4(udp:500,[0..3]=xxx.xxx.xxx.xxx) failed; Timeout.
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Deleting negotiation
>
>
> And the system log at the router end shows the following:
> May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
> [SSH Communications Security IPSEC Express version 4.1.0]
> May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
> [draft-stenberg-ipsec-nat-traversal-01]
> May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
> [draft-stenberg-ipsec-nat-traversal-02]
> May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
> [draft-ietf-ipsec-nat-t-ike-00]
> May 23 09:41:20 2005 VPN Log [Tunnel Negotiation Info] <<<
> Responder Received Aggressive Mode 1st packet
> May 23 09:41:20 2005 VPN Log Initial Aggressive Mode message
> from 67.70.131.192 but no (wildcard) connection has been configured
>
> I can't fgure out what's causing the error shown in the VPN router
> system log (last line). Any ideas?
>
> Thanks
>
> Joel
>

I'm not sure, but since no "expert" responded to your post, I'll suggest
this ---

Change one of the LAN's so that they don't have the same net number.
While testing VPN client software, that was the (apparent) fix for us.

Ed
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com