D-Link Forums
D-Link VPN Router => DSR-250 => Topic started by: kfritz on July 14, 2017, 12:31:15 AM
-
Hi all,
I'm trying to get an L2TP/IPSec VPN established on my DSR250. It's brand new, firmware 2.11_WW.
I followed the configuration found at http://forums.dlink.com/index.php?topic=65697.0 with the exception of downgrading the firmware. I can't do that, due to the fact that I have the A4 hardware revision and no other firmware is available.
Here's the log messages I'm seeing - any ideas? TIA!
VPN Information [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: an undead schedule has been deleted: 'quick_r1prep'.]
VPN Information [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=2640381144(0x9d6104d8).]
VPN Information [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send SM]
VPN Information [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send Tra]
VPN Information [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Purged ISAKMP-SA with proto_id=ISAKMP and spi=4a5bc20f043b6714:83e3354b10d7e747.]
VPN Information [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: ISAKMP-SA deleted for 69.253.78.23[4500]-166.177.59.96[22323] with spi:4a5bc20f043b6714:83e3354b10d7e747]
VPN Information [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send SM]
VPN Information [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send Tra]
VPN Information [Fri Jul 14 03:29:03 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: KA remove: 69.253.78.23[4500]->166.177.59.96[22323]]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Anonymous configuration selected for 166.177.59.96[56287].]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received request for new phase 1 negotiation: 69.253.78.23[500]<=>166.177.59.96[56287]]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Beginning Identity Protection mode.]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received Vendor ID: MS NT5 ISAKMPOAKLEY]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received Vendor ID: RFC 3947]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [For 166.177.59.96[56287], Selected NAT-T version: RFC 3947]
VPN Error [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [invalid DH group 20.]
VPN Error [Fri Jul 14 03:29:07 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [invalid DH group 19.]
VPN Information [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [NAT-D payload matches for 69.253.78.23[500]]
VPN Information [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [NAT-D payload does not match for 166.177.59.96[56287]]
VPN Information [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [NAT detected: PEER]
VPN Information [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Floating ports for NAT-T with peer 166.177.59.96[22323]]
VPN Information [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [KA list add: 69.253.78.23[4500]->166.177.59.96[22323]]
VPN Information [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [ISAKMP-SA established for 69.253.78.23[4500]-166.177.59.96[22323] with spi:4285e26594dd5819:d99a16461024d8fe]
VPN Information [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Sending Informational Exchange: notify payload[608]]
VPN Information [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Responding to new phase 2 negotiation: 69.253.78.23[0]<=>166.177.59.96[0]]
VPN Information [Fri Jul 14 03:29:08 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Using IPsec SA configuration: anonymous]
VPN Information [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [No policy found, generating the policy : 192.168.43.235/32[1701] 69.253.78.23/32[1701] proto=udp dir=in]
VPN Information [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [No policy found, adjusting source address for generating the policy incase of NAT-T in Transport Mode: 166.177.59.96/32[1701] 69.253.78.23/32[1701] proto=udp dir=in]
VPN Information [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Adjusting peer's encmode 4(4)->Transport(2)]
VPN Warning [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [less key length proposed, mine:128 peer:256. Use initiaotr's one.]
VPN Information [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IPsec-SA established[UDP encap 22323->4500]: ESP/Transport 166.177.59.96->69.253.78.23 with spi=14681761(0xe006a1)]
VPN Information [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send SMS]
VPN Information [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send Trap]
VPN Error [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [No policy found: id:24.]
VPN Information [Fri Jul 14 03:29:09 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IPsec-SA established[UDP encap 4500->22323]: ESP/Transport 69.253.78.23->166.177.59.96 with spi=2677474934(0x9f970676)]
VPN Information [Fri Jul 14 03:29:10 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send SMS]
VPN Information [Fri Jul 14 03:29:10 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send Trap]
VPN Error [Fri Jul 14 03:29:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Error] [L2TP_CLIENT] [Exec failed : iptables -D FORWARD -d 0.0.0.0/0 ! -o ppp88 -j DROP]
VPN Information [Fri Jul 14 03:28:41 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Loaded VPN Configuration]
VPN Information [Fri Jul 14 03:28:42 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [VPN Policy:VPNPolicyName(Client) nodeId(3) status(Enabled) ikePolicyName(Client)]
VPN Information [Fri Jul 14 03:28:42 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [policyType(Auto) clientPolicy(Yes) KA(Disabled)]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Phase 1 negotiation failed due to time up for 166.177.59.96[56287]. 717afb0fb19478a2:b9e4efb75bd6e4be]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Anonymous configuration selected for 166.177.59.96[56287].]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received request for new phase 1 negotiation: 69.253.78.23[500]<=>166.177.59.96[56287]]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Beginning Identity Protection mode.]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received Vendor ID: MS NT5 ISAKMPOAKLEY]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received Vendor ID: RFC 3947]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Received unknown Vendor ID]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: For 166.177.59.96[56287], Selected NAT-T version: RFC 3947]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: invalid DH group 20.]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: invalid DH group 19.]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: NAT-D payload matches for 69.253.78.23[500]]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: NAT-D payload does not match for 166.177.59.96[56287]]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: NAT detected: PEER]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Floating ports for NAT-T with peer 166.177.59.96[22323]]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: KA list add: 69.253.78.23[4500]->166.177.59.96[22323]]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: ISAKMP-SA established for 69.253.78.23[4500]-166.177.59.96[22323] with spi:4285e26594dd5819:d99a16461024d8fe]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Sending Informational Exchange: notify payload[608]]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Responding to new phase 2 negotiation: 69.253.78.23[0]<=>166.177.59.96[0]]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Using IPsec SA configuration: anonymous]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: No policy found, generating the policy : 192.168.43.235/32[1701] 69.253.78.23/32[1701] proto=udp dir=in]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: No policy found, adjusting source address for generating the policy incase of NAT-T in Transport Mode: 166.177.59.96/32[1701] 69.253.78.23/32[1701] proto=udp dir=in]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Adjusting peer's encmode 4(4)->Transport(2)]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: less key length proposed, mine:128 peer:256. Use initiaotr's one.]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: IPsec-SA established[UDP encap 22323->4500]: ESP/Transport 166.177.59.96->69.253.78.23 with spi=14681761(0xe006a1)]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send SMS]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send Trap]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: No policy found: id:24.]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: IPsec-SA established[UDP encap 4500->22323]: ESP/Transport 69.253.78.23->166.177.59.96 with spi=2677474934(0x9f970676)]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send SM]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [IKE: Unable to send Tra]
VPN Information [Fri Jul 14 03:30:21 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Deleting generated policy for 166.177.59.96[0]]
VPN Information [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [an undead schedule has been deleted: 'pk_recvupdate'.]
VPN Information [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [[IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=2677474934(0x9f970676).]
VPN Information [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send SMS]
VPN Information [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send Trap]
VPN Information [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Purged ISAKMP-SA with proto_id=ISAKMP and spi=4285e26594dd5819:d99a16461024d8fe.]
VPN Information [Fri Jul 14 03:30:23 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [ISAKMP-SA deleted for 69.253.78.23[4500]-166.177.59.96[22323] with spi:4285e26594dd5819:d99a16461024d8fe]
VPN Information [Fri Jul 14 03:30:24 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send SMS]
VPN Information [Fri Jul 14 03:30:24 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [Unable to send Trap]
VPN Information [Fri Jul 14 03:30:24 2017(GMT-0500)] [DSR-250] [2.11] [VPN] [Information] [IPSEC] [KA remove: 69.253.78.23[4500]->166.177.59.96[22323]]
-
Welcome!
What region are you located?
I recommend phone contacting your regional D-Link support office and get more help and information on this.
FYI:
http://forums.dlink.com/index.php?topic=66975.msg283472#msg283472 (http://forums.dlink.com/index.php?topic=66975.msg283472#msg283472)
-
I'm in the US. I will try giving them a call. Thanks!
-
Let us know how it goes. ;)
-
I'm in the US. I will try giving them a call. Thanks!
Did you ever get this to work? Totally missed this post when I posted a similar issue last night on this forum.
I called support and after an hour they thought my unit was damaged. Don't want to go through the hassle of returning... would rather fix. Thanks!
-
Just to close the loop... the issue ended up being on the 'remote' site. I blew away all the settings there and recreated and it is working now.
-
Glad you got if figured out. Thanks for posting.
Enjoy. ;)