Help needed setting up LAN to LAN VPN

Post Reply
redwood
Posts: 2
Joined: Sat Mar 23, 2013 5:33 pm

Help needed setting up LAN to LAN VPN

Post by redwood »

Hi Folks, I'm new to Billion products so please bear with me if the answers are obvious

The following relates to a 7800VDOX with 2.24b software.

I've previously had LAN to LAN working using a Netgear DG843G router but that has had to be retired due to me switching from ADSL to FTTC

I've copied the settings from the Netgear to the Billion router but there are a couple of areas where the setting do not seem to correspond:
  • The Netgear has a setting for IKE direction, either 'Initiator and Responder' or 'Responder Only'. I was using 'Initiator and Responder', I can't find any such setting on the Billion.

    The Billion has sections for Phase 1 and Phase 2, the Netgear has no concept of phases, setting that are available seem to relate closely to Billion Phase 1
Communication between the two LANs does start, but fails during the authentication stage (as far as I can see). The following are logs for both ends of the link (I've hidden part of the WAN side IP address).

Log from Billion 7800VDOX:

Mar 23 17:10:08 authpriv warn pluto[1422]: added connection description "RemoteSite"
Mar 23 17:10:08 daemon err ipsec__plutorun: 002 added connection description "RemoteSite"
Mar 23 17:10:08 authpriv warn pluto[1422]: listening for IKE messages
Mar 23 17:10:08 authpriv warn pluto[1422]: adding interface ppp1.1/ppp1.1 xxx.xxx.240.215:500
Mar 23 17:10:08 authpriv warn pluto[1422]: adding interface br0/br0 192.168.0.1:500
Mar 23 17:10:08 authpriv warn pluto[1422]: adding interface lo/lo 127.0.0.1:500
Mar 23 17:10:08 authpriv warn pluto[1422]: adding interface lo/lo ::1:500
Mar 23 17:10:08 authpriv warn pluto[1422]: loading secrets from "/var/ipsec.secrets"
Mar 23 17:10:10 authpriv warn pluto[1422]: "RemoteSite": deleting connection
Mar 23 17:10:10 authpriv warn pluto[1422]: added connection description "RemoteSite"
Mar 23 17:10:10 authpriv warn pluto[1422]: "RemoteSite" #1: initiating Main Mode
Mar 23 17:10:11 authpriv warn pluto[1422]: "RemoteSite" #1: ignoring Vendor ID payload [KAME/racoon]
Mar 23 17:10:11 authpriv warn pluto[1422]: "RemoteSite" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 23 17:10:11 authpriv warn pluto[1422]: "RemoteSite" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Mar 23 17:10:12 authpriv warn pluto[1422]: "RemoteSite" #1: ignoring Vendor ID payload [KAME/racoon]
Mar 23 17:10:12 authpriv warn pluto[1422]: "RemoteSite" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 23 17:10:12 authpriv warn pluto[1422]: "RemoteSite" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Mar 23 17:10:16 authpriv warn pluto[1422]: packet from xxx.xxx.207.188:500: phase 1 message is part of an unknown exchange
Mar 23 17:10:22 authpriv warn pluto[1422]: "RemoteSite" #1: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:10:26 authpriv warn pluto[1422]: packet from xxx.xxx.207.188:500: phase 1 message is part of an unknown exchange
Mar 23 17:10:32 authpriv warn pluto[1422]: "RemoteSite" #1: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:10:36 authpriv warn pluto[1422]: packet from xxx.xxx.207.188:500: phase 1 message is part of an unknown exchange
Mar 23 17:10:42 authpriv warn pluto[1422]: "RemoteSite" #1: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:10:52 authpriv warn pluto[1422]: "RemoteSite" #1: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:11:02 authpriv warn pluto[1422]: "RemoteSite" #1: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:11:22 authpriv warn pluto[1422]: "RemoteSite" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Mar 23 17:11:22 authpriv warn pluto[1422]: "RemoteSite" #2: initiating Main Mode to replace #1
Mar 23 17:11:22 authpriv warn pluto[1422]: "RemoteSite" #2: ignoring Vendor ID payload [KAME/racoon]
Mar 23 17:11:22 authpriv warn pluto[1422]: "RemoteSite" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 23 17:11:22 authpriv warn pluto[1422]: "RemoteSite" #2: STATE_MAIN_I2: sent MI2, expecting MR2
Mar 23 17:11:23 authpriv warn pluto[1422]: "RemoteSite" #2: ignoring Vendor ID payload [KAME/racoon]
Mar 23 17:11:23 authpriv warn pluto[1422]: "RemoteSite" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 23 17:11:23 authpriv warn pluto[1422]: "RemoteSite" #2: STATE_MAIN_I3: sent MI3, expecting MR3
Mar 23 17:11:33 authpriv warn pluto[1422]: "RemoteSite" #2: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:11:43 authpriv warn pluto[1422]: "RemoteSite" #2: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:11:53 authpriv warn pluto[1422]: "RemoteSite" #2: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:12:03 authpriv warn pluto[1422]: "RemoteSite" #2: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:12:13 authpriv warn pluto[1422]: "RemoteSite" #2: discarding duplicate packet; already STATE_MAIN_I3
Mar 23 17:12:33 authpriv warn pluto[1422]: "RemoteSite" #2: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message


Log from Remote (Netgear FVG318):

2013-03-23 : INFO: Configuration found for xxx.xxx.240.215[500].
2013-03-23 : INFO: Received request for new phase 1 negotiation: xxx.xxx.207.188[500]<=>xxx.xxx.240.215[500]
2013-03-23 : INFO: Beginning Identity Protection mode.
2013-03-23 : INFO: Received unknown Vendor ID
2013-03-23 : INFO: Received unknown Vendor ID
2013-03-23 : INFO: Received Malformed packet of payload length 50593 and total length 40.
2013-03-23 : INFO: Received Malformed packet of payload length 50722 and total length 40.
2013-03-23 : INFO: Received Malformed packet of payload length 50722 and total length 40.
2013-03-23 : ERROR: Phase 1 negotiation failed due to time up for xxx.xxx.240.215[500]. 8129b4f1ed81bded:3aa2f38e7bb7d0eb
2013-03-23 : INFO: Configuration found for xxx.xxx.240.215[500].
2013-03-23 : INFO: Received request for new phase 1 negotiation: xxx.xxx.207.188[500]<=>xxx.xxx.240.215[500]
2013-03-23 : INFO: Beginning Identity Protection mode.
2013-03-23 : INFO: Received unknown Vendor ID
2013-03-23 : INFO: Received unknown Vendor ID
2013-03-23 : INFO: Received Malformed packet of payload length 60752 and total length 40.
2013-03-23 : INFO: Received Malformed packet of payload length 57276 and total length 40.
2013-03-23 : INFO: Received Malformed packet of payload length 57276 and total length 40.
2013-03-23 : ERROR: Phase 1 negotiation failed due to time up for xxx.xxx.240.215[500]. f6d2b9b65546dc90:90ddf7ddebd1a9a8
2013-03-23 : INFO: Configuration found for xxx.xxx.240.215[500].
2013-03-23 : INFO: Received request for new phase 1 negotiation: xxx.xxx.207.188[500]<=>xxx.xxx.240.215[500]
2013-03-23 : INFO: Beginning Identity Protection mode.
2013-03-23 : INFO: Received unknown Vendor ID
2013-03-23 : INFO: Received unknown Vendor ID
2013-03-23 : INFO: Received Malformed packet of payload length 6191 and total length 40.
2013-03-23 : INFO: Received Malformed packet of payload length 35823 and total length 40.
2013-03-23 : INFO: Received Malformed packet of payload length 35823 and total length 40.

Any suggestions gratefully received...
Top
redwood
Posts: 2
Joined: Sat Mar 23, 2013 5:33 pm

Re: Help needed setting up LAN to LAN VPN

Post by redwood »

Due to the lack of replies here, I raised a support ticket. The support I've received was excellent and has enabled me to set up the VPN correctly. A big thank you to the support team
Top
Post Reply

Return to “7800NXL/ DXL /DX / VDOX”