Re: DOI erros

golfbird · ‎2015-08-08

Starting off by excusing my ignorance of this process

I have a FVS318v3 router at my office and have been using a prosafe client software from my home

for several years on a windows xp

Now I am trying to change to windows 10 and to include other users to be able to access my office computers.

I have downloaded trial version of vpng05l software but can not establish a connection.

I have copied existing parameter from the xp software but must be missing something

Tried to contact support but I guess I must be annoying them by asking questions I suppose they expect

to already know the answers too.

I am getting an error message "exchange_validate failed, DOI error" .

I get it.. something is not the same on the exchange, but I can not find any reference on Google or any other source

as to what a DOI error is and therefore have no idea how to correct it.

20150808 11:13:21:623 Default (SA Ikev1Gateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150808 11:13:24:680 Default (SA Ikev1Gateway-P1) RECV phase 1 Aggressive Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [NAT_D] [NAT_D] [NAT_D] [VID]
20150808 11:13:24:696 Default (SA Ikev1Gateway-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20150808 11:13:24:696 Default phase 1 done: initiator id fvs_remote_Peter, responder id 65.41.59.155
20150808 11:13:24:727 Default (SA Ikev1Gateway-Ikev1Tunnel-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
20150808 11:13:29:688 Default (SA Ikev1Gateway-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20150808 11:13:29:688 Default (SA Ikev1Gateway-Ikev1Tunnel-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
20150808 11:13:34:696 Default (SA Ikev1Gateway-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20150808 11:13:34:696 Default (SA Ikev1Gateway-Ikev1Tunnel-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
20150808 11:13:39:703 Default (SA Ikev1Gateway-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20150808 11:13:39:703 Default (SA Ikev1Gateway-Ikev1Tunnel-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
20150808 11:13:44:726 Default (SA Ikev1Gateway-P1) RECV Informational [DELETE]
20150808 11:13:44:726 Default exchange_run: exchange_validate failed, DOI error
20150808 11:13:44:742 Default (SA Ikev1Gateway-Ikev1Tunnel-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
20150808 11:14:40:731 Default (SA Ikev1Gateway-Ikev1Tunnel-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
20150808 11:14:40:731 Default transport_send_messages: giving up on message 0116E520

Sure would appreciate knowing what the problem means, how to address it so I can buy a license. Thank You

JohnRo · ‎2015-08-14

Hi golfbird,

I am glad that it worked! We'll be reporting the latest version of the firmware and do more tests on win7 and win10.

Thank you for your contribution.

Regards,

View solution in original post

BrianL2 · ‎2015-08-09

Hi golfbird,

I have sent you a pm to ask for more info and to speed up the resolution. You may also want to check the articles below for more information.

http://kb.netgear.com/app/answers/detail/a_id/24245/~/client-to-box-vpn

http://kb.netgear.com/app/answers/detail/a_id/20/~/how-to-configure-a-vpn-connection-between-prosafe...

Kind regards,

BrianL
NETGEAR Community

golfbird · ‎2015-08-09

Thank You

I have read those before, and unfortunately I dont understand all I read

I also have replied to your offer to help, but do not see how I can attach images

so if you would provide me with your email, I can get those screen shots to you.

Just knowing you making an attempt to help this old man out, has made my day.

Sophostry · ‎2015-08-10

There are some differences between the old FVS318v3 and the newer client.

I would use the wizard on the client after using it on the device. The number values would need to be changed. Looking at both articles and comparing them to your device and client on the PC, should get the correct ones in place, though your exchanging them, and so it will be a little odd.

golfbird · ‎2015-08-10

I’m lost.

I have no idea what you mean.

Sounds great, but it’s a foreign language I don’t understand

That must translate to that there is no hope for me.

Thanks.

JohnRo · ‎2015-08-10

Hello golfbird,

I understand that is a bit confusing when using an older router with a new client. First, we have to take note of the public IP of your router, second the LAN network range (ex. 192.168.1.0) and passphrase. Also, we need to take note of the local and remote identifier, see image below:

fig1.

Once you have all the information that we need, we'll go to configuring the client software.

We'll be using the wizard for this one:

fig.2

Enter the necessary information neede (Public IP/WAN IP, passprhase and LAN IP range), click next.

fig.3

Once you have this window, review your settings and click on finish.

fig4

After clicking finish, we should be able to see the main window:

fig.5

Let us click on Ikev1 Gateway>Advanced:

fig.6

Remember we took note of out Local and Remote identifier (see fig.1).

We will enter those information here.

fig.7

Note that they are reversed. Once done, try opening the tunnel.

fig.8

If everything is successful, you should see a "Tunnel open" message on the bottom right hand side of your screen.

I hope this one helps, if you have more questions please feel free to ask.

Thanks,

golfbird · ‎2015-08-11

http://sharesend.com/qwqmuox6

I have taken screen shots of the windows in the router

but still having same problems

link above, a pdf file, as I dont know how to show the images like you did

golfbird · ‎2015-08-11

http://sharesend.com/k41a8ls1

i have attached a pdf of screen shots on the router

and screen shots of the vpn software

still cannot connect

f

JohnRo · ‎2015-08-11

Hello golfbird

I have noticed that you are using 200.200.200.0 as your LAN IP as declared on the VPN auto policy (please take note that this should be you local IP which your devices are using).

However, the one you have declared on the client software is 192.168.1.0. The local IP on the VPN policy and the client software should match.

Check the correct LAN IP by going to Network Configuration>LAN Settings>LAN Setup. You should see something like this (see image below), and that is the network IP range that you have to declare on both VPN Policy and Client Software.

I'll look forward to your response.

Thanks,

golfbird · ‎2015-08-11

I changed to 192.168.1.0 on the router

And 192.168.1.0 client ipsec page

Subnet on both is 255.255.255.0

That did not connect

I then changed both to 200 200 200 0

And that also did not connect

Log message

Exchange_validate failed: DOI error

I have noticed that you are using 200.200.200.0 as your LAN IP as declared on the VPN auto policy (please take note that this should be you local IP which your devices are using).

However, the one you have declared on the client software is 192.168.1.0. The local IP on the VPN policy and the client software should match.

JohnRo · ‎2015-08-11

Hello golfbird,

I have sent additional questions via PM. Also, if you could provide us your firmware version that would help a lot.

I'll look forward to your response.

Thanks,

golfbird · ‎2015-08-12

http://sharesend.com/vo1y4khv

a pdf file with screen shots, hope these are pages,

all from the router

318v4 firmware .028

golfbird · ‎2015-08-12

318v3 not 4

my fingers slipped

JohnRo · ‎2015-08-12

Hi golfbird,

I'll try to connect to your tunnel on a windows 7 PC, I'll see if other version of the software works.

I'll get back to you.

Thanks,

JohnRo · ‎2015-08-14

Hi golfbird,

Tested connection to your tunnel using VPN software version 5.14.003 on a windows 7 PC. Tunnel shows open and connected, ping tests also indicates that the connection is active.

Please install VPN client version 5.14.003 and try to connect to the tunnel. For the meantime, please disable firewalls on the PC when trying to connect.

I hope this one will work on your PC, I'll look forward to your update.

Thanks,

golfbird · ‎2015-08-14

The version you are asking for me to install

Is the version that I did install last week and am trying to connect with

But good to hear that the router side is ok

golfbird · ‎2015-08-14

I appreciate all the work that went in to helping me.

Thank You

JohnRo · ‎2015-08-14

Hi golfbird,

I am glad that it worked! We'll be reporting the latest version of the firmware and do more tests on win7 and win10.

Thank you for your contribution.

Regards,

golfbird · ‎2015-08-16

Got issue resolved

Rennee discovered that using the most recent vpn client software would not open a tunnel to fvs318v3 but previous version would. Testing proved it over and over. As as result I have purchaced new router fvs318G and will be buying the

newest vpng05l. Apprecaite all the effort.