fortigate 111c to ubuntu vpn
Toshi Esumi
ubuntu at toshiesumi.com
Wed Apr 9 04:28:26 UTC 2014
On 04/08/2014 01:29 AM, blamares023452 wrote:
> I get this while connecting:
> [CODE]
> root at pc:~# ipsec auto --add Work
> root at pc:~# ipsec auto --up Work
> 104 "Work" #4: STATE_MAIN_I1: initiate
> 003 "Work" #4: received Vendor ID payload [RFC 3947] method set to=109
> 003 "Work" #4: received Vendor ID payload [Dead Peer Detection]
> 003 "Work" #4: ignoring unknown Vendor ID payload
> [8299031757a36082c6a621de000500b3]
> 106 "Work" #4: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "Work" #4: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
> both are NATed
> 108 "Work" #4: STATE_MAIN_I3: sent MI3, expecting MR3
> 010 "Work" #4: STATE_MAIN_I3: retransmission; will wait 20s for response
> 010 "Work" #4: STATE_MAIN_I3: retransmission; will wait 40s for response
> 031 "Work" #4: max number of retransmissions (2) reached
> STATE_MAIN_I3. Possible authentication failure: no acceptable
> response to our first encrypted message
> 000 "Work" #4: starting keying attempt 2 of at most 3, but releasing whack
>
> [/CODE]
>
> And these are the settings in the fortigate 111c web-UI as seen from
> the people who set up the tunnel.
>
> at this URL:
> http://i.imgur.com/BKSyvRg.jpg
>
Although I don't have experiences on Ubuntu side, looks like it doesn't
like or understand the response from FG111C.
I would suggest you try application debugging on FG111C through CLI. It
would show you what the FG is responding with. The command lines are:
diag debug reset
diag vpn ike log-filter src-addr4 <PUBLIC-IP-ON-UBUNTU-END>
diag debug app ike -1
diag debug ena
By the way, if multiple "Dialup" phase1s are configured on the FG, you
have to specify "peer ID" to accept with this particular phase1.
Otherwise, FG doesn't know which phase1 to be bound. Also, you should
show Phase2 configuration screen as well, At this moment it seems to be
failing at IKE phase1 handshake though.
Toshi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20140408/e25f9b45/attachment.html>
More information about the ubuntu-users
mailing list