IPSec tunnel gets established but then drops after 15 seconds
-
I'm pulling out what little hair I have left, and I just cannot find a reason for some IPSec tunnels to my mobile clients (specifically iPhones) cannot remain established. I have a windows 7 client that can connect and pass traffic just fine, but the iPhones drop for some reason without any errors in the log.
I am aware that the log below says "No proposals found" but that's a strange one since earlier it WAS using that exact same proposal. This all started when I was changing the login banner on the VPN and when I clicked "Save" all the iPhones dropped their connections and since then not a one can connect. Thoughts? Did changing my banner do something REALLY strange to my config?
Mar 16 11:32:30 charon 10[CFG] <con1|2>lease 192.168.71.1 by 'XakEp' went offline Mar 16 11:32:30 charon 10[IKE] <con1|2>deleting IKE_SA con1[2] between 209.248.106.168[209.248.106.168]...192.168.1.108[xxxx] Mar 16 11:32:30 charon 10[IKE] <con1|2>received DELETE for IKE_SA con1[2] Mar 16 11:32:30 charon 10[ENC] <con1|2>parsed INFORMATIONAL_V1 request 2702839268 [ HASH D ] Mar 16 11:32:30 charon 10[NET] <con1|2>received packet: from 192.168.1.108[500] to 209.248.106.168[500] (84 bytes) Mar 16 11:32:24 charon 10[ENC] <con1|2>parsed INFORMATIONAL_V1 request 1195058960 [ HASH N(DPD_ACK) ] Mar 16 11:32:24 charon 10[NET] <con1|2>received packet: from 192.168.1.108[500] to 209.248.106.168[500] (92 bytes) Mar 16 11:32:24 charon 07[NET] <con1|2>sending packet: from 209.248.106.168[500] to 192.168.1.108[500] (92 bytes) Mar 16 11:32:24 charon 07[ENC] <con1|2>generating INFORMATIONAL_V1 request 697883926 [ HASH N(DPD) ] Mar 16 11:32:24 charon 07[IKE] <con1|2>sending DPD request Mar 16 11:32:14 charon 07[NET] <con1|2>sending packet: from 209.248.106.168[500] to 192.168.1.108[500] (268 bytes) Mar 16 11:32:14 charon 07[ENC] <con1|2>generating TRANSACTION response 2642107229 [ HASH CPRP(ADDR DNS SUBNET U_SPLITINC U_DEFDOM U_SPLITDNS U_BANNER U_BANNER U_SAVEPWD) ] Mar 16 11:32:14 charon 07[IKE] <con1|2>assigning virtual IP 192.168.71.1 to peer 'xxxxxxx' Mar 16 11:32:14 charon 07[CFG] <con1|2>assigning new lease to 'xxxxxxx' Mar 16 11:32:14 charon 07[IKE] <con1|2>peer requested virtual IP %any Mar 16 11:32:14 charon 07[ENC] <con1|2>parsed TRANSACTION request 2642107229 [ HASH CPRQ(ADDR MASK DNS NBNS EXP VER U_BANNER U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN U_PFS U_SAVEPWD U_FWTYPE U_BKPSRV (28683)) ] Mar 16 11:32:14 charon 07[ENC] <con1|2>unknown attribute type (28683) Mar 16 11:32:14 charon 07[NET] <con1|2>received packet: from 192.168.1.108[500] to 209.248.106.168[500] (172 bytes) Mar 16 11:32:14 charon 15[IKE] <con1|2>maximum IKE_SA lifetime 85954s Mar 16 11:32:14 charon 15[IKE] <con1|2>scheduling rekeying in 85414s Mar 16 11:32:14 charon 15[IKE] <con1|2>IKE_SA con1[2] established between 209.248.106.168[209.248.106.168]...192.168.1.108[xxxxxxx ] Mar 16 11:32:14 charon 15[ENC] <con1|2>parsed TRANSACTION response 2387291869 [ HASH CPA(X_STATUS) ] Mar 16 11:32:14 charon 15[NET] <con1|2>received packet: from 192.168.1.108[500] to 209.248.106.168[500] (68 bytes) Mar 16 11:32:14 charon 15[NET] <con1|2>sending packet: from 209.248.106.168[500] to 192.168.1.108[500] (68 bytes) Mar 16 11:32:14 charon 15[ENC] <con1|2>generating TRANSACTION request 2387291869 [ HASH CPS(X_STATUS) ] Mar 16 11:32:14 charon 15[IKE] <con1|2>XAuth authentication of 'xxxxxxx' successful Mar 16 11:32:14 charon 15[IKE] <con1|2>XAuth-SCRIPT succeeded for user 'xxxxxxx'. Mar 16 11:32:14 charon user 'XakEp' authenticated Mar 16 11:32:13 charon 15[ENC] <con1|2>parsed TRANSACTION response 2049647219 [ HASH CPRP(X_USER X_PWD) ] Mar 16 11:32:13 charon 15[NET] <con1|2>received packet: from 192.168.1.108[500] to 209.248.106.168[500] (84 bytes) Mar 16 11:32:13 charon 15[ENC] <con1|2>parsed INFORMATIONAL_V1 request 2481838577 [ HASH N(INITIAL_CONTACT) ] Mar 16 11:32:13 charon 15[NET] <con1|2>received packet: from 192.168.1.108[500] to 209.248.106.168[500] (84 bytes) Mar 16 11:32:13 charon 15[NET] <con1|2>sending packet: from 209.248.106.168[500] to 192.168.1.108[500] (76 bytes) Mar 16 11:32:13 charon 15[ENC] <con1|2>generating TRANSACTION request 2049647219 [ HASH CPRQ(X_USER X_PWD) ] Mar 16 11:32:13 charon 15[ENC] <con1|2>parsed AGGRESSIVE request 0 [ HASH NAT-D NAT-D ] Mar 16 11:32:13 charon 15[NET] <con1|2>received packet: from 192.168.1.108[500] to 209.248.106.168[500] (100 bytes) Mar 16 11:32:13 charon 15[NET] <con1|2>sending packet: from 209.248.106.168[500] to 192.168.1.108[500] (408 bytes) Mar 16 11:32:13 charon 15[ENC] <con1|2>generating AGGRESSIVE response 0 [ SA KE No ID V V V V NAT-D NAT-D HASH ] Mar 16 11:32:13 charon 15[CFG] <2> selected peer config "con1" Mar 16 11:32:13 charon 15[CFG] <2> looking for XAuthInitPSK peer configs matching 209.248.106.168...192.168.1.108[xxxxxxx ] Mar 16 11:32:13 charon 15[IKE] <2> 192.168.1.108 is initiating a Aggressive Mode IKE_SA Mar 16 11:32:13 charon 15[IKE] <2> received DPD vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received Cisco Unity vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received XAuth vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received draft-ietf-ipsec-nat-t-ike-04 vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received draft-ietf-ipsec-nat-t-ike-05 vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received draft-ietf-ipsec-nat-t-ike-06 vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received draft-ietf-ipsec-nat-t-ike-07 vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received draft-ietf-ipsec-nat-t-ike-08 vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received draft-ietf-ipsec-nat-t-ike vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received NAT-T (RFC 3947) vendor ID Mar 16 11:32:13 charon 15[IKE] <2> received FRAGMENTATION vendor ID Mar 16 11:32:13 charon 15[ENC] <2> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ] Mar 16 11:32:13 charon 15[NET] <2> received packet: from 192.168.1.108[500] to 209.248.106.168[500] (779 bytes) Mar 16 11:32:13 charon 15[NET] <1> sending packet: from 209.248.106.168[500] to 192.168.1.108[500] (56 bytes) Mar 16 11:32:13 charon 15[ENC] <1> generating INFORMATIONAL_V1 request 1979175892 [ N(NO_PROP) ] Mar 16 11:32:13 charon 15[IKE] <1> no proposal found Mar 16 11:32:13 charon 15[CFG] <1> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Mar 16 11:32:13 charon 15[CFG] <1> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048 Mar 16 11:32:13 charon 15[IKE] <1> 192.168.1.108 is initiating a Aggressive Mode IKE_SA Mar 16 11:32:13 charon 15[IKE] <1> received DPD vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received Cisco Unity vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received XAuth vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received draft-ietf-ipsec-nat-t-ike-03 vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received draft-ietf-ipsec-nat-t-ike-04 vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received draft-ietf-ipsec-nat-t-ike-05 vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received draft-ietf-ipsec-nat-t-ike-06 vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received draft-ietf-ipsec-nat-t-ike-07 vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received draft-ietf-ipsec-nat-t-ike-08 vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received draft-ietf-ipsec-nat-t-ike vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received NAT-T (RFC 3947) vendor ID Mar 16 11:32:13 charon 15[IKE] <1> received FRAGMENTATION vendor ID Mar 16 11:32:13 charon 15[ENC] <1> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ] Mar 16 11:32:13 charon 15[NET] <1> received packet: from 192.168.1.108[500] to 209.248.106.168[500] (779 bytes)</con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2></con1|2>