VPN IPSEC IKEv2 on er605 v2
VPN IPSEC IKEv2 on er605 v2
I'm trying to configure an ipsec ikev2 VPN on my er605, but I'm having great difficulties in configuring it
I state that the pptp and openvpn configurations work correctly
but I need additional ipsec/ikev2 access
I followed the guide described here https://www.tp-link.com/it/support/faq/3447/
but the connection negotiation doesn't even start, I would like to understand where I'm going wrong
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @PKD1
Thanks for posting in our business forum.
PKD1 wrote
@Clive_A the result is the same, nothing changes
OK. Just got a confirmation that the Local ID type cannot be matched due to Android does not support the Remote ID type. When you put the ER605 behind the NAT, the Local ID type would be the IP address and this cannot be modified. This will make the authentication fail.
iOS supports changing Remote ID type and it does not happen to Apple products.
Temporary fix now: change it to bridge mode on your modem router. Don't DMZ or put the ER605 behind the NAT.
- Copy Link
- Report Inappropriate Content
Hi @PKD1
Thanks for posting in our business forum.
Please share your screenshots step-by-step. Mosaic partial public IP addresses. I need to make sure you have configured it correctly or not.
- Copy Link
- Report Inappropriate Content
these are my screenshots
192.168.2.1 is the ISP router set in DMZ towards ER-605
if I use the following settings and try to use ipsec-IKEv2 it still doesn't work
- Copy Link
- Report Inappropriate Content
Hi @PKD1
Thanks for posting in our business forum.
PKD1 wrote
these are my screenshots
192.168.2.1 is the ISP router set in DMZ towards ER-605
if I use the following settings and try to use ipsec-IKEv2 it still doesn't work.
You should port forward before making a VPN connection.
IPsec uses UDP 500 and 4500. You should make sure you have DMZ correctly. If you want, show me the pic of the DMZ on your ISP router.
Does your ISP router get a public IP? Like I said earlier, screenshot with mosaic. I need to see your IP on the WAN status on your ISP router.
(Also, I need both sides' IPsec config. Only reading one site does not rule out the possibility of your misconfig. Or take the responsibility yourself and do the check. I'll finish my part solely.)
If this is not resolved, I need you to Wireshark so to find which phase fails to build up a tunnel.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @PKD1
Thanks for posting in our business forum.
PKD1 wrote
It seems to be a problem with the Android. At least in my test environment, I did this before. Nothing wrong with it.
You can try to set up an OVPN and try with a computer or other devices to verify if the double-NAT issue is resolved or not by DMZ. If any other types don't work, it seems to be a problem with the NAT.
But if it works, it means NAT is not the case. I need you to Wireshark and work with me to find out which phase fails. This Wireshark should be done on the WAN to capture any incoming ISAKMP. See if the negotiation of phases 1 and 2 can succeed.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Clive_A these are wireshark logs, I don't understand why port traffic 500 steps to port 40754,
however it does not pass the key exchange
request source:smartphone destination:192.168.2.2
Frame 1066: 1114 bytes on wire (8912 bits), 1114 bytes captured (8912 bits) on interface \Device\NPF_{C47995F6-6075-4113-971B-5B8F509747BF}, id 0
Section number: 1
Interface id: 0 (\Device\NPF_{C47995F6-6075-4113-971B-5B8F509747BF})
Interface name: \Device\NPF_{C47995F6-6075-4113-971B-5B8F509747BF}
Interface description: Ethernet
Encapsulation type: Ethernet (1)
Arrival Time: Nov 29, 2023 17:17:51.272525000 ora solare Europa occidentale
UTC Arrival Time: Nov 29, 2023 16:17:51.272525000 UTC
Epoch Arrival Time: 1701274671.272525000
[Time shift for this packet: 0.000000000 seconds]
[Time delta from previous captured frame: 0.437719000 seconds]
[Time delta from previous displayed frame: 23.797508000 seconds]
[Time since reference or first frame: 145.928895000 seconds]
Frame Number: 1066
Frame Length: 1114 bytes (8912 bits)
Capture Length: 1114 bytes (8912 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:isakmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: zte_76:1d:04 (c0:94:ad:76:1d:04), Dst: TPLink_97:6d:44 (54:af:97:97:6d:44)
Destination: TPLink_97:6d:44 (54:af:97:97:6d:44)
Address: TPLink_97:6d:44 (54:af:97:97:6d:44)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: zte_76:1d:04 (c0:94:ad:76:1d:04)
Address: zte_76:1d:04 (c0:94:ad:76:1d:04)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: smartphone, Dst: 192.168.2.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 1100
Identification: 0x079e (1950)
010. .... = Flags: 0x2, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 63
Protocol: UDP (17)
Header Checksum: 0x905a [validation disabled]
[Header checksum status: Unverified]
Source Address: smartphone
Destination Address: 192.168.2.2
User Datagram Protocol, Src Port: 40754, Dst Port: 500
Source Port: 40754
Destination Port: 500
Length: 1080
Checksum: 0x7a5e [unverified]
[Checksum Status: Unverified]
[Stream index: 41]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (1072 bytes)
Internet Security Association and Key Management Protocol
Initiator SPI: bce6a6db70f21c60
Responder SPI: 0000000000000000
Next payload: Security Association (33)
Version: 2.0
0010 .... = MjVer: 0x2
.... 0000 = MnVer: 0x0
Exchange type: IKE_SA_INIT (34)
Flags: 0x08 (Initiator, No higher version, Request)
.... 1... = Initiator: Initiator
...0 .... = Version: No higher version
..0. .... = Response: Request
Message ID: 0x00000000
Length: 1072
Payload: Security Association (33)
Next payload: Key Exchange (34)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 408
Payload: Proposal (2) # 1
Next payload: Proposal (2)
Reserved: 00
Payload length: 200
Proposal number: 1
Protocol ID: IKE (1)
SPI Size: 0
Proposal transforms: 21
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): ENCR_AES_CTR (13)
Transform Attribute (t=14,l=2): Key Length: 256
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): ENCR_AES_CBC (12)
Transform Attribute (t=14,l=2): Key Length: 256
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): ENCR_AES_CTR (13)
Transform Attribute (t=14,l=2): Key Length: 192
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): ENCR_AES_CBC (12)
Transform Attribute (t=14,l=2): Key Length: 192
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): ENCR_AES_CTR (13)
Transform Attribute (t=14,l=2): Key Length: 128
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): ENCR_AES_CBC (12)
Transform Attribute (t=14,l=2): Key Length: 128
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Integrity Algorithm (INTEG) (3)
Reserved: 00
Transform ID (INTEG): AUTH_HMAC_SHA2_512_256 (14)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Integrity Algorithm (INTEG) (3)
Reserved: 00
Transform ID (INTEG): AUTH_HMAC_SHA2_384_192 (13)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Integrity Algorithm (INTEG) (3)
Reserved: 00
Transform ID (INTEG): AUTH_HMAC_SHA2_256_128 (12)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Integrity Algorithm (INTEG) (3)
Reserved: 00
Transform ID (INTEG): AUTH_AES_XCBC_96 (5)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Integrity Algorithm (INTEG) (3)
Reserved: 00
Transform ID (INTEG): AUTH_AES_CMAC_96 (8)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Diffie-Hellman Group (D-H) (4)
Reserved: 00
Transform ID (D-H): 4096 bit MODP group (16)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Diffie-Hellman Group (D-H) (4)
Reserved: 00
Transform ID (D-H): Unknown (31)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Diffie-Hellman Group (D-H) (4)
Reserved: 00
Transform ID (D-H): 3072 bit MODP group (15)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Diffie-Hellman Group (D-H) (4)
Reserved: 00
Transform ID (D-H): 2048 bit MODP group (14)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_HMAC_SHA1 (2)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_AES128_CBC (4)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_HMAC_SHA2_256 (5)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_HMAC_SHA2_384 (6)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_HMAC_SHA2_512 (7)
Payload: Transform (3)
Next payload: NONE / No Next Payload (0)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_AES128_CMAC6 (8)
Payload: Proposal (2) # 2
Next payload: NONE / No Next Payload (0)
Reserved: 00
Payload length: 204
Proposal number: 2
Protocol ID: IKE (1)
SPI Size: 0
Proposal transforms: 20
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): ENCR_CHACHA20_POLY1305 (28)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): AES-GCM with a 16 octet ICV (20)
Transform Attribute (t=14,l=2): Key Length: 256
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): AES-GCM with a 12 octet ICV (19)
Transform Attribute (t=14,l=2): Key Length: 256
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): AES-GCM with a 8 octet ICV (18)
Transform Attribute (t=14,l=2): Key Length: 256
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): AES-GCM with a 16 octet ICV (20)
Transform Attribute (t=14,l=2): Key Length: 192
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): AES-GCM with a 12 octet ICV (19)
Transform Attribute (t=14,l=2): Key Length: 192
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): AES-GCM with a 8 octet ICV (18)
Transform Attribute (t=14,l=2): Key Length: 192
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): AES-GCM with a 16 octet ICV (20)
Transform Attribute (t=14,l=2): Key Length: 128
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): AES-GCM with a 12 octet ICV (19)
Transform Attribute (t=14,l=2): Key Length: 128
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 12
Transform Type: Encryption Algorithm (ENCR) (1)
Reserved: 00
Transform ID (ENCR): AES-GCM with a 8 octet ICV (18)
Transform Attribute (t=14,l=2): Key Length: 128
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Diffie-Hellman Group (D-H) (4)
Reserved: 00
Transform ID (D-H): 4096 bit MODP group (16)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Diffie-Hellman Group (D-H) (4)
Reserved: 00
Transform ID (D-H): Unknown (31)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Diffie-Hellman Group (D-H) (4)
Reserved: 00
Transform ID (D-H): 3072 bit MODP group (15)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Diffie-Hellman Group (D-H) (4)
Reserved: 00
Transform ID (D-H): 2048 bit MODP group (14)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_HMAC_SHA1 (2)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_AES128_CBC (4)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_HMAC_SHA2_256 (5)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_HMAC_SHA2_384 (6)
Payload: Transform (3)
Next payload: Transform (3)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_HMAC_SHA2_512 (7)
Payload: Transform (3)
Next payload: NONE / No Next Payload (0)
Reserved: 00
Payload length: 8
Transform Type: Pseudo-random Function (PRF) (2)
Reserved: 00
Transform ID (PRF): PRF_AES128_CMAC6 (8)
Payload: Key Exchange (34)
Next payload: Nonce (40)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 520
DH Group #: 4096 bit MODP group (16)
Reserved: 0000
Key Exchange Data [truncated]: f6b955432c9058c34d9c4859ae8ae4f37bf130c1b66025c5529ca0a55eea809561bf759557e572ff94e79d74da4a465fa28683150902cd357c31589cf12b44dd324ad59ee467453af1494e9d483cabcdfdd0573d1c2aa6734dddfbee812c7f6cb805d84f6ca3290b
Payload: Nonce (40)
Next payload: Notify (41)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 36
Nonce DATA: b655a32438ea804b775102ee3d31b5b2f7b8cac4318c8b4ea8e9c551804b5228
Payload: Notify (41) - NAT_DETECTION_SOURCE_IP
Next payload: Notify (41)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 28
Protocol ID: RESERVED (0)
SPI Size: 0
Notify Message Type: NAT_DETECTION_SOURCE_IP (16388)
Notification DATA: 7f9eeceed3ea23b31f8a79204f38fdbe4238c9b9
Payload: Notify (41) - NAT_DETECTION_DESTINATION_IP
Next payload: Notify (41)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 28
Protocol ID: RESERVED (0)
SPI Size: 0
Notify Message Type: NAT_DETECTION_DESTINATION_IP (16389)
Notification DATA: 93bdbd432cff408a6586e35a7d12937ae10f99bf
Payload: Notify (41) - IKEV2_FRAGMENTATION_SUPPORTED
Next payload: Notify (41)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 8
Protocol ID: RESERVED (0)
SPI Size: 0
Notify Message Type: IKEV2_FRAGMENTATION_SUPPORTED (16430)
Notification DATA: <MISSING>
Payload: Notify (41) - SIGNATURE_HASH_ALGORITHMS
Next payload: NONE / No Next Payload (0)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 16
Protocol ID: RESERVED (0)
SPI Size: 0
Notify Message Type: SIGNATURE_HASH_ALGORITHMS (16431)
Notification DATA: 0001000200030004
Supported Signature Hash Algorithm: SHA1 (1)
Supported Signature Hash Algorithm: SHA2-256 (2)
Supported Signature Hash Algorithm: SHA2-384 (3)
Supported Signature Hash Algorithm: SHA2-512 (4)
response source:192.168.2.2 destination:smartphone
Frame 1067: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface \Device\NPF_{C47995F6-6075-4113-971B-5B8F509747BF}, id 0
Section number: 1
Interface id: 0 (\Device\NPF_{C47995F6-6075-4113-971B-5B8F509747BF})
Interface name: \Device\NPF_{C47995F6-6075-4113-971B-5B8F509747BF}
Interface description: Ethernet
Encapsulation type: Ethernet (1)
Arrival Time: Nov 29, 2023 17:17:51.276427000 ora solare Europa occidentale
UTC Arrival Time: Nov 29, 2023 16:17:51.276427000 UTC
Epoch Arrival Time: 1701274671.276427000
[Time shift for this packet: 0.000000000 seconds]
[Time delta from previous captured frame: 0.003902000 seconds]
[Time delta from previous displayed frame: 0.003902000 seconds]
[Time since reference or first frame: 145.932797000 seconds]
Frame Number: 1067
Frame Length: 78 bytes (624 bits)
Capture Length: 78 bytes (624 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:isakmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: TPLink_97:6d:44 (54:af:97:97:6d:44), Dst: zte_76:1d:04 (c0:94:ad:76:1d:04)
Destination: zte_76:1d:04 (c0:94:ad:76:1d:04)
Address: zte_76:1d:04 (c0:94:ad:76:1d:04)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: TPLink_97:6d:44 (54:af:97:97:6d:44)
Address: TPLink_97:6d:44 (54:af:97:97:6d:44)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.2.2, Dst: smartphone
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 64
Identification: 0xd772 (55154)
010. .... = Flags: 0x2, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 62
Protocol: UDP (17)
Header Checksum: 0xc591 [validation disabled]
[Header checksum status: Unverified]
Source Address: 192.168.2.2
Destination Address: smartphone
User Datagram Protocol, Src Port: 500, Dst Port: 40754
Source Port: 500
Destination Port: 40754
Length: 44
Checksum: 0xe6cd [unverified]
[Checksum Status: Unverified]
[Stream index: 41]
[Timestamps]
[Time since first frame: 0.003902000 seconds]
[Time since previous frame: 0.003902000 seconds]
UDP payload (36 bytes)
Internet Security Association and Key Management Protocol
Initiator SPI: bce6a6db70f21c60
Responder SPI: e2812c028aea01fb
Next payload: Notify (41)
Version: 2.0
0010 .... = MjVer: 0x2
.... 0000 = MnVer: 0x0
Exchange type: IKE_SA_INIT (34)
Flags: 0x20 (Responder, No higher version, Response)
.... 0... = Initiator: Responder
...0 .... = Version: No higher version
..1. .... = Response: Response
Message ID: 0x00000000
Length: 36
Payload: Notify (41) - NO_PROPOSAL_CHOSEN
Next payload: NONE / No Next Payload (0)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 8
Protocol ID: RESERVED (0)
SPI Size: 0
Notify Message Type: NO_PROPOSAL_CHOSEN (14)
Notification DATA: <MISSING>
- Copy Link
- Report Inappropriate Content
Hi @PKD1
Thanks for posting in our business forum.
You only posted two capture results?
So it shows this connection, for phase 1 using UDP 500.
This is correct. Nothing wrong with it.
The source from the cellphone is a random port. Connecting to the server UDP500.
Later it will change:
This is the full interaction capture:
- Copy Link
- Report Inappropriate Content
@Clive_A I'll post the screenshots of wireshark, it crashes on the key exchange
- Copy Link
- Report Inappropriate Content
Hi @PKD1
Thanks for posting in our business forum.
Are you trying this out in the LAN?
Can you use the cellular and get a public IP on your cellphone and try to connect to the 188.x.y.z IPsec server?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2375
Replies: 20
Voters 0
No one has voted for it yet.