Issue with connecting to IPSec VPN



  • This issue started when I enabled UPNP. It looks like the client on one of the computers causes it to hang. Before connecting with my computer I was able to connect using my iPhone. What is strange is that if I disable then re-enable upnp it works again.

    Mar 18 20:46:09 racoon: [Self]: INFO: respond new phase 1 negotiation: 80.24.56.224[500]<=>62.57.64.130[500]
    Mar 18 20:46:09 racoon: INFO: begin Aggressive mode.
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: RFC 3947
    Mar 18 20:46:09 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: DPD
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: CISCO-UNITY
    Mar 18 20:46:09 racoon: [62.57.64.130] INFO: Selected NAT-T version: RFC 3947
    Mar 18 20:46:09 racoon: INFO: Adding remote and local NAT-D payloads.
    Mar 18 20:46:09 racoon: [62.57.64.130] INFO: Hashing 62.57.64.130[500] with algo #2 (NAT-T forced)
    Mar 18 20:46:09 racoon: [Self]: [80.24.56.224] INFO: Hashing 80.24.56.224[500] with algo #2 (NAT-T forced)
    Mar 18 20:46:09 racoon: INFO: Adding xauth VID payload.
    Mar 18 20:46:11 racoon: ERROR: phase1 negotiation failed due to time up. 0d1e74fd294a0b82:d4b2b7a7aec2c0c2
    Mar 18 20:46:59 racoon: ERROR: phase1 negotiation failed due to time up. c35935420ae1ef3a:ffcc401ffadbb2f1


  • Rebel Alliance Developer Netgate

    If you look in Status > UPnP when it's enabled, has something setup a forward for UDP/500, UDP/4500, or ESP?



  • Oddly enough I had this exact error and happen to have UPnP enabled. Though my work around was to change "My Identifier" to Dynamic DNS instead of My IP address.


Log in to reply