Having No Joy connecting Windows7 (or Android 2.3.6 or 3.1.?) VPN clients to DGND3700 VPN server.
Typical DGND3700 log from Win7 connection attempt (the Android logs also get to INVALID_ID_INFORMATION):
Sun, 2012-04-29 14:27:44 - [myvpn] responding to Main Mode from unknown peer 192.168.1.34
Sun, 2012-04-29 14:27:44 - [myvpn] sent MR3, ISAKMP SA established
Sun, 2012-04-29 14:27:44 - [myvpn] Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Sun, 2012-04-29 14:27:45 - [myvpn] sending encrypted notification INVALID_ID_INFORMATION to 192.168.1.34:500
Sun, 2012-04-29 14:27:46 - [myvpn] sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.34:500
Sun, 2012-04-29 14:27:49 - [myvpn] sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.34:500
Sun, 2012-04-29 14:27:54 - [myvpn] sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.34:500
Sun, 2012-04-29 14:28:02 - [myvpn] sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.34:500
Sun, 2012-04-29 14:28:18 - [myvpn] sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.34:500
Sun, 2012-04-29 14:28:34 - [myvpn] sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.34:500
Sun, 2012-04-29 14:28:49 - [myvpn] received Delete SA payload: deleting ISAKMP State #26
|
The VPN policies for this connection, from /etc/ipsec.conf, with WAN IP obscured:
conn myvpn
rekeymargin=0
rekeyfuzz=100%
esp=3des
authby=secret
left=xx.xxx.xxx.xxx
leftid=xx.xxx.xxx.xxx
leftsubnet=192.168.1.0/24
right=%any
ikelifetime=28800s
keylife=3600s
ike=3des
pfs=no
dpddelay=10
dpdtimeout=10
dpdaction=restart
leftsourceip=192.168.1.254
auto=add |
I'm guessing, from some other spelunking, that right=%any means that any remote ID should be accepted. I've tried this with every combination of Authentication methods Win7 offers (PAP, CHAP, MS-CHAPv2, EAP...) and with garbage, a valid ID on the far net, and the DGND3700 admin/password. Still No Joy.
Any insights/thoughts appreciated.
