Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Peplink pfsense ipsec vpn

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 13.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      opti2k4
      last edited by

      Hi,

      i am unable to configure Peplink Balance 380 with Pfsense for site-to-site IPsec VPN. The configuration is pretty straight forward but it simply won't finish phase 1 :(

      It is always this:

      ERROR: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.

      Since it is a multi wan router i did bind IPsec to a single WAN interface with fixed IP so i don't think problem is there.

      
Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: ===

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 120 bytes message received from 2.2.2.2[500] to 1.1.1.1[500]

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 39660a4d 1857c5b1 00000000 00000000 01100200 00000000 00000078 0d000038 00000001 00000001 0000002c 00010001 00000024 00010000 800b0001 800c0e10 80010007 80020002 80030001 80040005 800e0100 0d000010 4f456e54 4e77494c 76567e5c 00000014 afcad713 68a1f1c9 6b8696fc 77570100

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: ===

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: INFO: respond new phase 1 negotiation: 1.1.1.1[500]<=>2.2.2.2[500]

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: INFO: begin Identity Protection mode.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: begin.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: seen nptype=1(sa)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: seen nptype=13(vid)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: seen nptype=13(vid)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: succeed.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: received unknown Vendor ID

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 4f456e54 4e77494c 76567e5c

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: INFO: received Vendor ID: DPD

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: remote supports DPD

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: total SA len=52

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 00000001 00000001 0000002c 00010001 00000024 00010000 800b0001 800c0e10 80010007 80020002 80030001 80040005 800e0100

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: begin.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: seen nptype=2(prop)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: succeed.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: proposal #0 len=44

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: begin.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: seen nptype=3(trns)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: succeed.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: transform #0 len=36

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Life Type, flag=0x8000, lorv=seconds

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Life Duration, flag=0x8000, lorv=3600

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: encryption(aes)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: hash(sha1)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Group Description, flag=0x8000, lorv=1536-bit MODP group

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: hmac(modp1536)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Key Length, flag=0x8000, lorv=256

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: pair 0:

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 0x8016346c0: next=0x0 tnext=0x0

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: proposal #0: 1 transform

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Life Type, flag=0x8000, lorv=seconds

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Life Duration, flag=0x8000, lorv=3600

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Group Description, flag=0x8000, lorv=1536-bit MODP group

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: type=Key Length, flag=0x8000, lorv=256

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: prop#=0, prot-id=ISAKMP, spi-size=0, #trns=1

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: trns#=0, trns-id=IKE

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: lifetime = 3600

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: lifebyte = 0

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: enctype = AES-CBC

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: encklen = 256

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: hashtype = SHA

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: authmethod = pre-shared key

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: dh_group = 1536-bit MODP group

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: an acceptable proposal found.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: hmac(modp1536)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: agreed on pre-shared key auth.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: ===

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: new cookie: 70a28dc260ce8d23

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: add payload of len 52, next type 13

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: add payload of len 16, next type 0

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 104 bytes from 1.1.1.1[500] to 2.2.2.2[500]

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: sockname 1.1.1.1[500]

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: send packet from 1.1.1.1[500]

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: send packet to 2.2.2.2[500]

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 1 times of 104 bytes message will be sent to 2.2.2.2[500]

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 39660a4d 1857c5b1 70a28dc2 60ce8d23 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 00010001 00000024 00010000 800b0001 800c0e10 80010007 80020002 80030001 80040005 800e0100 00000014 afcad713 68a1f1c9 6b8696fc 77570100

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: resend phase1 packet 39660a4d1857c5b1:70a28dc260ce8d23

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: ===

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 40 bytes message received from 2.2.2.2[500] to 1.1.1.1[500]

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: 39660a4d 1857c5b1 00000000 00000000 0b100500 00000000 00000028 0000000c 00000001 0100000e

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: receive Information.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: begin.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: seen nptype=11(notify)

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: DEBUG: succeed.

Apr 26 16:34:50racoon: 2012-04-26 16:34:50: [2.2.2.2] ERROR: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: 104 bytes from 1.1.1.1[500] to 2.2.2.2[500]

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: sockname 1.1.1.1[500]

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: send packet from 1.1.1.1[500]

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: send packet to 2.2.2.2[500]

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: 1 times of 104 bytes message will be sent to 2.2.2.2[500]

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: 39660a4d 1857c5b1 70a28dc2 60ce8d23 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 00010001 00000024 00010000 800b0001 800c0e10 80010007 80020002 80030001 80040005 800e0100 00000014 afcad713 68a1f1c9 6b8696fc 77570100

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: resend phase1 packet 39660a4d1857c5b1:70a28dc260ce8d23

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: ===

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: 40 bytes message received from 2.2.2.2[500] to 1.1.1.1[500]

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: 39660a4d 1857c5b1 00000000 00000000 0b100500 00000000 00000028 0000000c 00000001 0100000e

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: receive Information.

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: begin.

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: seen nptype=11(notify)

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: DEBUG: succeed.

Apr 26 16:35:00racoon: 2012-04-26 16:35:00: [2.2.2.2] ERROR: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: 104 bytes from 1.1.1.1[500] to 2.2.2.2[500]

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: sockname 1.1.1.1[500]

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: send packet from 1.1.1.1[500]

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: send packet to 2.2.2.2[500]

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: 1 times of 104 bytes message will be sent to 2.2.2.2[500]

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: 39660a4d 1857c5b1 70a28dc2 60ce8d23 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 00010001 00000024 00010000 800b0001 800c0e10 80010007 80020002 80030001 80040005 800e0100 00000014 afcad713 68a1f1c9 6b8696fc 77570100

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: resend phase1 packet 39660a4d1857c5b1:70a28dc260ce8d23

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: ===

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: 40 bytes message received from 2.2.2.2[500] to 1.1.1.1[500]

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: 39660a4d 1857c5b1 00000000 00000000 0b100500 00000000 00000028 0000000c 00000001 0100000e

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: receive Information.

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: begin.

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: seen nptype=11(notify)

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: DEBUG: succeed.

Apr 26 16:35:10racoon: 2012-04-26 16:35:10: [2.2.2.2] ERROR: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: 104 bytes from 1.1.1.1[500] to 2.2.2.2[500]

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: sockname 1.1.1.1[500]

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: send packet from 1.1.1.1[500]

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: send packet to 2.2.2.2[500]

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: 1 times of 104 bytes message will be sent to 2.2.2.2[500]

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: 39660a4d 1857c5b1 70a28dc2 60ce8d23 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 00010001 00000024 00010000 800b0001 800c0e10 80010007 80020002 80030001 80040005 800e0100 00000014 afcad713 68a1f1c9 6b8696fc 77570100

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: resend phase1 packet 39660a4d1857c5b1:70a28dc260ce8d23

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: ===

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: 40 bytes message received from 2.2.2.2[500] to 1.1.1.1[500]

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: 39660a4d 1857c5b1 00000000 00000000 0b100500 00000000 00000028 0000000c 00000001 0100000e

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: receive Information.

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: begin.

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: seen nptype=11(notify)

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: DEBUG: succeed.

Apr 26 16:35:20racoon: 2012-04-26 16:35:20: [2.2.2.2] ERROR: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: 104 bytes from 1.1.1.1[500] to 2.2.2.2[500]

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: sockname 1.1.1.1[500]

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: send packet from 1.1.1.1[500]

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: send packet to 2.2.2.2[500]

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: 1 times of 104 bytes message will be sent to 2.2.2.2[500]

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: 39660a4d 1857c5b1 70a28dc2 60ce8d23 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 00010001 00000024 00010000 800b0001 800c0e10 80010007 80020002 80030001 80040005 800e0100 00000014 afcad713 68a1f1c9 6b8696fc 77570100

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: resend phase1 packet 39660a4d1857c5b1:70a28dc260ce8d23

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: ===

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: 40 bytes message received from 2.2.2.2[500] to 1.1.1.1[500]

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: 39660a4d 1857c5b1 00000000 00000000 0b100500 00000000 00000028 0000000c 00000001 0100000e

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: receive Information.

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: begin.

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: seen nptype=11(notify)

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: DEBUG: succeed.

Apr 26 16:35:30racoon: 2012-04-26 16:35:30: [2.2.2.2] ERROR: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.

Apr 26 16:35:40racoon: 2012-04-26 16:35:40: ERROR: phase1 negotiation failed due to time up. 39660a4d1857c5b1:70a28dc260ce8d23

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        your local and remote ID on the peplink are blank, that's probably why it's replying with no proposal chosen. Fill those in with the IPs.

        1 Reply Last reply Reply Quote 0
        • O
          opti2k4
          last edited by

          @cmb:

          your local and remote ID on the peplink are blank, that's probably why it's replying with no proposal chosen. Fill those in with the IPs.

          I have already,i was trying without that when i Run out of options. I was trying whole day to connect without success.

          Also what is strange is that both sides found acceptable proposal, they agreed on pre-shared key and later i get ERROR: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange. Does this make sense?

          1 Reply Last reply Reply Quote 0
          • O
            opti2k4
            last edited by

            In case someone gets into trouble like me…

            problematic was secret  that contained speical characters !"

            :( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:(

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @opti2k4:

              In case someone gets into trouble like me…

              problematic was secret  that contained speical characters !"

              :( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:(

              Ah not the first time we've heard that with other products. That's a bug in Peplink, not on our side, we support every character, symbol, etc. in shared keys. One of my production VPNs runs with every letter, number and symbol in the key just to prove that always works, as people tend to not believe the problem is actually in the commercial box they paid big bucks for and not on our side.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.