Unable to create IPSEC VPN

kapara

When I check the box to enable IPSEC VPN and click save I get the following error:

Fatal error: Cannot break/continue 1 level in /etc/inc/vpn.inc on line 1489

Then GUI locks up. After a couple of minutes I log back in. The enable check box is checked and I am able to setup VPN tunnel

My issue now is how to properly setup a tunnel between a 2.0 and 1.2.1. Not really any tutorials yet and I setup the tunnel as best as I could with the same info from the previous tunnel from 1.2.1 to 1.2.1. I used the tutorial on the wiki for the tunnel so I am using the exact setup with.

Static IP's on each end and My identifier is: My Ip Address [blank] on both ends.

Last 2 sets of octets have been changed as to not to display real IP.

Data from 2.0

Feb 2 06:40:43 racoon: [To Remote]: INFO: respond new phase 1 negotiation: 69.12.222.222[500]<=>12.238.111.111[500]
Feb 2 06:40:43 racoon: INFO: begin Identity Protection mode.
Feb 2 06:40:43 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Feb 2 06:40:43 racoon: INFO: received Vendor ID: DPD
Feb 2 06:40:43 racoon: ERROR: no suitable proposal found.
Feb 2 06:40:43 racoon: ERROR: failed to get valid proposal.
Feb 2 06:40:53 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Feb 2 06:40:53 racoon: INFO: received Vendor ID: DPD
Feb 2 06:40:53 racoon: ERROR: no suitable proposal found.
Feb 2 06:40:53 racoon: ERROR: failed to get valid proposal.
Feb 2 06:41:03 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Feb 2 06:41:03 racoon: INFO: received Vendor ID: DPD
Feb 2 06:41:03 racoon: ERROR: no suitable proposal found.
Feb 2 06:41:03 racoon: ERROR: failed to get valid proposal.
Feb 2 06:41:05 racoon: [To Remote]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 12.238.111.111[500]->69.12.222.222[500]
Feb 2 06:41:05 racoon: INFO: delete phase 2 handler.
Feb 2 06:41:05 racoon: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Feb 2 06:41:13 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Feb 2 06:41:13 racoon: INFO: received Vendor ID: DPD
Feb 2 06:41:13 racoon: ERROR: no suitable proposal found.
Feb 2 06:41:13 racoon: ERROR: failed to get valid proposal.
Feb 2 06:41:23 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Feb 2 06:41:23 racoon: INFO: received Vendor ID: DPD
Feb 2 06:41:23 racoon: ERROR: no suitable proposal found.
Feb 2 06:41:23 racoon: ERROR: failed to get valid proposal.

Data from 1.2.1

Feb 1 22:35:06 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]
Feb 1 22:35:05 racoon: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Feb 1 22:35:05 racoon: [To My VPN]: INFO: phase2 sa expired 12.238.111.111-69.12.222.222
Feb 1 22:34:35 racoon: INFO: begin Identity Protection mode.
Feb 1 22:34:35 racoon: [To My VPN]: INFO: initiate new phase 1 negotiation: 12.238.111.111[500]<=>69.12.222.222[500]
Feb 1 22:34:35 racoon: [To My VPN]: INFO: IPsec-SA request for 69.12.222.222 queued due to no phase1 found.
Feb 1 22:34:00 racoon: ERROR: phase1 negotiation failed due to time up. 3749d633c6e66a1f:0000000000000000
Feb 1 22:33:41 racoon: INFO: delete phase 2 handler.
Feb 1 22:33:41 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]
Feb 1 22:33:10 racoon: INFO: begin Identity Protection mode.
Feb 1 22:33:10 racoon: [To My VPN]: INFO: initiate new phase 1 negotiation: 12.238.111.111[500]<=>69.12.222.222[500]
Feb 1 22:33:10 racoon: [To My VPN]: INFO: IPsec-SA request for 69.12.222.222 queued due to no phase1 found.
Feb 1 22:32:32 racoon: ERROR: phase1 negotiation failed due to time up. 5c8b0540288e0d90:0000000000000000
Feb 1 22:32:13 racoon: INFO: delete phase 2 handler.
Feb 1 22:32:13 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]
Feb 1 22:31:42 racoon: INFO: begin Identity Protection mode.
Feb 1 22:31:42 racoon: [To My VPN]: INFO: initiate new phase 1 negotiation: 12.238.111.111[500]<=>69.12.222.222[500]
Feb 1 22:31:42 racoon: [To My VPN]: INFO: IPsec-SA request for 69.12.222.222 queued due to no phase1 found.
Feb 1 22:31:17 racoon: INFO: delete phase 2 handler.
Feb 1 22:31:17 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]
Feb 1 22:30:54 racoon: ERROR: phase1 negotiation failed due to time up. 0172ba54197ecfab:0000000000000000
Feb 1 22:30:46 racoon: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
Feb 1 22:30:35 racoon: INFO: delete phase 2 handler.
Feb 1 22:30:35 racoon: [To My VPN]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 69.12.222.222[0]->12.238.111.111[0]

vpn2.0.PNG
vpn2.0.PNG_thumb

kapara

SPD

172.20.0.0/16 10.20.30.0/24 ESP 12.238.240.194 -> 69.12.xxx.xxx
10.20.30.0/24 172.20.0.0/16 ESP 69.12.246.209 -> 12.238.xxx.xxx

Overview

69.12.xxx.xxx 12.238.xxx.xxx LAN 172.20.0.0/16 Phase 2

billm

@kapara:

When I check the box to enable IPSEC VPN and click save I get the following error:

Fatal error: Cannot break/continue 1 level in /etc/inc/vpn.inc on line 1489

Then GUI locks up. After a couple of minutes I log back in. The enable check box is checked and I am able to setup VPN tunnel

This should be fixed now. Thanks

–Bill