Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Somebody hacking my IPsec VPN?

    IPsec
    2
    2
    10.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sofakng
      last edited by

      I'm new to VPNs and IPsec (which is dangerous) but this is only for my small home network so I'm not trying to protect a corporate network, however I'm seeing these messages in my log:

      
Jul 8 14:02:22 	racoon: [14.99.207.196] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 8 14:02:25 	racoon: [14.99.207.196] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 8 14:02:25 	racoon: [Unknown Gateway/Dynamic]: ERROR: Invalid exchange type 243 from 14.99.207.196[500].
Jul 8 14:02:29 	racoon: [14.99.207.196] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 8 14:02:29 	racoon: [Unknown Gateway/Dynamic]: ERROR: Invalid exchange type 243 from 14.99.207.196[500].
Jul 10 07:06:18 	racoon: [Unknown Gateway/Dynamic]: ERROR: Invalid exchange type 243 from 122.167.214.38[500].
Jul 11 21:03:18 	racoon: [189.231.225.24] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 11 21:03:19 	racoon: [189.231.225.24] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 11 21:03:21 	racoon: [189.231.225.24] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 11 21:03:25 	racoon: [189.231.225.24] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 11 21:03:33 	racoon: [189.231.225.24] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 11 21:03:49 	racoon: [189.231.225.24] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 11 21:04:21 	racoon: [189.231.225.24] ERROR: unknown Informational exchange received.
Jul 15 10:39:40 	racoon: [Unknown Gateway/Dynamic]: ERROR: Invalid exchange type 243 from 78.63.42.152[500].
Jul 15 10:39:42 	racoon: [Unknown Gateway/Dynamic]: ERROR: Invalid exchange type 243 from 78.63.42.152[500].
Jul 15 10:39:45 	racoon: [Unknown Gateway/Dynamic]: ERROR: Invalid exchange type 243 from 78.63.42.152[500].
Jul 15 10:39:50 	racoon: [Unknown Gateway/Dynamic]: ERROR: Invalid exchange type 243 from 78.63.42.152[500].

      Most of those IP addresses are from foreign countries so I'm fairly certain they are trying to get access to the system (probably just sniffing out random open networks) but what does they errors mean?  How do I know the router is properly blocking access?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by 

        Jul 8 14:02:22 	racoon: [14.99.207.196] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
Jul 8 14:02:25 	racoon: [Unknown Gateway/Dynamic]: ERROR: Invalid exchange type 243 from 14.99.207.196[500].
Jul 11 21:04:21 	racoon: [189.231.225.24] ERROR: unknown Informational exchange received.

        Those kinds of errors are generally indicative of a mismatch in phase 1 settings, especially Main Mode/Aggressive Mode.

        It could be someone probing for any IPsec systems out there, or just port scanning, or who knows. As long as you have lengthy PSKs (or certificates) and other such protections on IPsec, you should be fine.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.