Codingitup
asked on
Setup FVS336G L2tp IPSEC VPN. Authentication failed when connecting.
Hi All,
I’m trying to get a Client to Gateway VPN working with L2tp and IPSEC. I’m using a Netgear FVS336Gv2 which is connected to a fibre modem. The WAN light is green and I am able to surf the internet with a pc wired directly to the router. I’m sorry but this is new ground for me and would appreciate your help on this. I’ve set the iPad with a L2tp connection VPN but everytime I click connect I get the following log on the router and the iPad doesn’t authenticate correctly. What am I doing wrong please?
Error Log:
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR: Failed to get matching proposal for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR: No suitable proposal found for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: For 85.XXX.XXX.XXX[24639], Selected NAT-T version: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received Vendor ID: DPD
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike -02
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received Vendor ID: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Beginning Identity Protection mode.
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received request for new phase 1 negotiation: 109.XXX.XXX.XXX[500]<=>85. XXX.XXX.XX X[24639]
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Configuration found for 85.XXX.XXX.XXX[24639].
L2tp Setup:
IKE Policy Setup:
VPN Policy:
Many Thanks Lee
I’m trying to get a Client to Gateway VPN working with L2tp and IPSEC. I’m using a Netgear FVS336Gv2 which is connected to a fibre modem. The WAN light is green and I am able to surf the internet with a pc wired directly to the router. I’m sorry but this is new ground for me and would appreciate your help on this. I’ve set the iPad with a L2tp connection VPN but everytime I click connect I get the following log on the router and the iPad doesn’t authenticate correctly. What am I doing wrong please?
Error Log:
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR: Failed to get matching proposal for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR: No suitable proposal found for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: For 85.XXX.XXX.XXX[24639], Selected NAT-T version: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received Vendor ID: DPD
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received Vendor ID: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Beginning Identity Protection mode.
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Received request for new phase 1 negotiation: 109.XXX.XXX.XXX[500]<=>85.
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO: Configuration found for 85.XXX.XXX.XXX[24639].
L2tp Setup:
IKE Policy Setup:
VPN Policy:
Many Thanks Lee
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
IKE policy needs to match on both ends.