Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cleaning up a few errors and warning

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • a-a-ronA
      a-a-ron
      last edited by

      I have my IPsec VPN working. I can connect from both my iPhone and my laptop. So as far as working, it seems to be ok. I just want to "fix" a few errors I'm seeing in the logs. I'm not sure that anything is wrong, but I just personally don't like seeing them. There are a ton of references to these errors via Google, but I have yet to find a solution.

      ERROR: notification INITIAL-CONTACT received in aggressive exchange.
      WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY
      WARNING: Ignored attribute 28683

      w.w.w.w = wan
      l.l.l.l = lan
      v.v.v.v = vpn

      # This file is automatically generated. Do not edit
      path pre_shared_key "/var/etc/psk.txt";
      
      path certificate  "/var/etc";
      
      listen
      {
      	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
      	isakmp W.W.W.W [500];
      	isakmp_natt W.W.W.W [4500];
      }
      
      mode_cfg
      {
      	auth_source system;
      	group_source system;
      	pool_size 61;
      	network4 V.V.V.V;
      	netmask4 255.255.255.192;
      	split_network include L.L.L.L/26;
      	dns4 L.L.L.L;
      	dns4 L.L.L.L;
      	wins4 L.L.L.L;
      	default_domain "DOMAIN";
      	split_dns "DOMAIN";
      	pfs_group 2;
      	banner "/var/etc/racoon.motd";
      	save_passwd on;
      }
      
      remote anonymous
      {
      	ph1id 1;
      	exchange_mode aggressive;
      	my_identifier address W.W.W.W;
      	peers_identifier fqdn "DOMAIN";
      	ike_frag on;
      	generate_policy = unique;
      	initial_contact = off;
      	nat_traversal = force;
      
      	dpd_delay = 10;
      	dpd_maxfail = 5;
      	support_proxy on;
      	proposal_check strict;
      	passive on;
      
      	proposal
      	{
      		authentication_method xauth_psk_server;
      		encryption_algorithm aes 256;
      		hash_algorithm sha1;
      		dh_group 2;
      		lifetime time 3600 secs;
      	}
      }
      
      sainfo   anonymous
      {
      	remoteid 1;
      	encryption_algorithm aes 256, 3des;
      	authentication_algorithm hmac_sha1,hmac_md5;
      	pfs_group 2;
      	lifetime time 3600 secs;
      	compression_algorithm deflate;
      }
      
      1 Reply Last reply Reply Quote 0
      • M
        moh10ly
        last edited by

        I am having the same issue as well, is there anyway to find out why are these errors are showing up ? I have some difficulty connecting my phone to a SIP registrar server over VPN . sometimes it registers and others it says request time out !

        Power is Knowledge.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.