IPSEC VPN Failing with invalid ID_V1
-
Playing around with a pair of ng1100s trying to get an IPSEC VPN going between two physical locations. Running into an issue though where the connection fails in phase 1 with a "invalid ID_V1 payload length" error.
Normally this issue is a shared key mismatch but I've verified both keys are the same (have even downgraded to a very basic key for testing purposes to avoid potential confusion).
If I try to initiate from the remote side I get a "could not write to socket - permission denied" error which I'm not sure if that's just due to that side being set to receive only or something else. There is absolutely no blocked traffic from either side's IP in either side's firewall logs (nor any blocked traffic on the IKE ports either). Both gateways are on 22.50 and I've also completely removed/recreated both connections from scratch.
I'm about stumped so hopefully the community here might have an idea on what my issue is. Appreciate any suggestions or insight. I'll post logs from both local and remote side shortly.
-
Here's the log files (IPs sanitized, local is 1.1.1.1 and remote is 2.2.2.2):
-
UPDATE:
Possibly one more clue to the puzzle. Looking at the status page of the local side when trying to connect, this is what I end up seeing:
There ends up being 2(!) connections which show up. The only difference appears to be the "NAT-T" behind the host on the generated connection. I'm guessing that's because it's detecting a NAT at the remote end? Possibly the ISP using NAT and screwing up the communication between both points (thus causing decryption to fail)?