Unable to create IPSEC VPN



  • When I check the box to enable IPSEC VPN and click save I get the following error:

    Fatal error: Cannot break/continue 1 level in /etc/inc/vpn.inc on line 1489

    Then GUI locks up.  After a couple of minutes I log back in.  The enable check box is checked and I am able to setup VPN tunnel

    My issue now is how to properly setup a tunnel between a 2.0 and 1.2.1.  Not really any tutorials yet and I setup the tunnel as best as I could with the same info from the previous tunnel from 1.2.1 to 1.2.1.  I used the tutorial on the wiki for the tunnel so I am using the exact setup with.

    Static IP's on each end and My identifier is:  My Ip Address [blank] on both ends.

    Last 2 sets of octets have been changed as to not to display real IP.

    Data from 2.0

    Feb 2 06:40:43 racoon: [To Remote]: INFO: respond new phase 1 negotiation: 69.12.222.222[500]<=>12.238.111.111[500]
    Feb 2 06:40:43 racoon: INFO: begin Identity Protection mode.
    Feb 2 06:40:43 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Feb 2 06:40:43 racoon: INFO: received Vendor ID: DPD
    Feb 2 06:40:43 racoon: ERROR: no suitable proposal found.
    Feb 2 06:40:43 racoon: ERROR: failed to get valid proposal.
    Feb 2 06:40:53 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Feb 2 06:40:53 racoon: INFO: received Vendor ID: DPD
    Feb 2 06:40:53 racoon: ERROR: no suitable proposal found.
    Feb 2 06:40:53 racoon: ERROR: failed to get valid proposal.
    Feb 2 06:41:03 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Feb 2 06:41:03 racoon: INFO: received Vendor ID: DPD
    Feb 2 06:41:03 racoon: ERROR: no suitable proposal found.
    Feb 2 06:41:03 racoon: ERROR: failed to get valid proposal.
    Feb 2 06:41:05 racoon: [To Remote]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 12.238.111.111[500]->69.12.222.222[500]
    Feb 2 06:41:05 racoon: INFO: delete phase 2 handler.
    Feb 2 06:41:05 racoon: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
    Feb 2 06:41:13 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Feb 2 06:41:13 racoon: INFO: received Vendor ID: DPD
    Feb 2 06:41:13 racoon: ERROR: no suitable proposal found.
    Feb 2 06:41:13 racoon: ERROR: failed to get valid proposal.
    Feb 2 06:41:23 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Feb 2 06:41:23 racoon: INFO: received Vendor ID: DPD
    Feb 2 06:41:23 racoon: ERROR: no suitable proposal found.
    Feb 2 06:41:23 racoon: ERROR: failed to get valid proposal.

    Data from 1.2.1

    Feb 1 22:35:06 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]
    Feb 1 22:35:05 racoon: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
    Feb 1 22:35:05 racoon: [To My VPN]: INFO: phase2 sa expired 12.238.111.111-69.12.222.222
    Feb 1 22:34:35 racoon: INFO: begin Identity Protection mode.
    Feb 1 22:34:35 racoon: [To My VPN]: INFO: initiate new phase 1 negotiation: 12.238.111.111[500]<=>69.12.222.222[500]
    Feb 1 22:34:35 racoon: [To My VPN]: INFO: IPsec-SA request for 69.12.222.222 queued due to no phase1 found.
    Feb 1 22:34:00 racoon: ERROR: phase1 negotiation failed due to time up. 3749d633c6e66a1f:0000000000000000
    Feb 1 22:33:41 racoon: INFO: delete phase 2 handler.
    Feb 1 22:33:41 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]
    Feb 1 22:33:10 racoon: INFO: begin Identity Protection mode.
    Feb 1 22:33:10 racoon: [To My VPN]: INFO: initiate new phase 1 negotiation: 12.238.111.111[500]<=>69.12.222.222[500]
    Feb 1 22:33:10 racoon: [To My VPN]: INFO: IPsec-SA request for 69.12.222.222 queued due to no phase1 found.
    Feb 1 22:32:32 racoon: ERROR: phase1 negotiation failed due to time up. 5c8b0540288e0d90:0000000000000000
    Feb 1 22:32:13 racoon: INFO: delete phase 2 handler.
    Feb 1 22:32:13 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]
    Feb 1 22:31:42 racoon: INFO: begin Identity Protection mode.
    Feb 1 22:31:42 racoon: [To My VPN]: INFO: initiate new phase 1 negotiation: 12.238.111.111[500]<=>69.12.222.222[500]
    Feb 1 22:31:42 racoon: [To My VPN]: INFO: IPsec-SA request for 69.12.222.222 queued due to no phase1 found.
    Feb 1 22:31:17 racoon: INFO: delete phase 2 handler.
    Feb 1 22:31:17 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]
    Feb 1 22:30:54 racoon: ERROR: phase1 negotiation failed due to time up. 0172ba54197ecfab:0000000000000000
    Feb 1 22:30:46 racoon: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
    Feb 1 22:30:35 racoon: INFO: delete phase 2 handler.
    Feb 1 22:30:35 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]




  • SPD

    172.20.0.0/16 10.20.30.0/24  ESP 12.238.240.194 -> 69.12.xxx.xxx 
    10.20.30.0/24 172.20.0.0/16  ESP 69.12.246.209 -> 12.238.xxx.xxx

    Overview

    69.12.xxx.xxx  12.238.xxx.xxx  LAN  172.20.0.0/16  Phase 2



  • @kapara:

    When I check the box to enable IPSEC VPN and click save I get the following error:

    Fatal error: Cannot break/continue 1 level in /etc/inc/vpn.inc on line 1489

    Then GUI locks up.  After a couple of minutes I log back in.  The enable check box is checked and I am able to setup VPN tunnel

    This should be fixed now.  Thanks

    –Bill


Locked