Issue with connecting to IPSec VPN



  • This issue started when I enabled UPNP. It looks like the client on one of the computers causes it to hang. Before connecting with my computer I was able to connect using my iPhone. What is strange is that if I disable then re-enable upnp it works again.

    Mar 18 20:46:09 racoon: [Self]: INFO: respond new phase 1 negotiation: 80.24.56.224[500]<=>62.57.64.130[500]
    Mar 18 20:46:09 racoon: INFO: begin Aggressive mode.
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: RFC 3947
    Mar 18 20:46:09 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: DPD
    Mar 18 20:46:09 racoon: INFO: received Vendor ID: CISCO-UNITY
    Mar 18 20:46:09 racoon: [62.57.64.130] INFO: Selected NAT-T version: RFC 3947
    Mar 18 20:46:09 racoon: INFO: Adding remote and local NAT-D payloads.
    Mar 18 20:46:09 racoon: [62.57.64.130] INFO: Hashing 62.57.64.130[500] with algo #2 (NAT-T forced)
    Mar 18 20:46:09 racoon: [Self]: [80.24.56.224] INFO: Hashing 80.24.56.224[500] with algo #2 (NAT-T forced)
    Mar 18 20:46:09 racoon: INFO: Adding xauth VID payload.
    Mar 18 20:46:11 racoon: ERROR: phase1 negotiation failed due to time up. 0d1e74fd294a0b82:d4b2b7a7aec2c0c2
    Mar 18 20:46:59 racoon: ERROR: phase1 negotiation failed due to time up. c35935420ae1ef3a:ffcc401ffadbb2f1


  • Rebel Alliance Developer Netgate

    If you look in Status > UPnP when it's enabled, has something setup a forward for UDP/500, UDP/4500, or ESP?



  • Oddly enough I had this exact error and happen to have UPnP enabled. Though my work around was to change "My Identifier" to Dynamic DNS instead of My IP address.


Locked