- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
FVS318N RSA Signature Cannot connect to VPN
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FVS318N RSA Signature Cannot connect to VPN
I am at a bit of a loss here... and Netgear's support is rather unhelpful which is strange because usually they nail down a solution real quick. I have an FVS318N that I can connect to VPN (client to box) using the Netgear VPN ProSafe software if I use a preshared key.
Now, I would like to use certificates, so I generated a CA on my laptop, signed it, then created a certificate on my laptop and signed it with the CA. It's subject line is:c=us,l=montana,o=myvpn, ou=vpn,cn=client1
I then uploaded the CA to my router, generated a CSR, then signed it on my laptop with my CA and then uploaded it to the router.
On my IKE policy page, I changed the preshared key to rsa signature.
For local id (asn.1 der): c=us,l=montana,o=myvpn, ou=vpn,cn=router
For remote id (asn.1 der): c=us,l=montana,o=myvpn, ou=vpn,cn=client1
On the vpn clinet software, the local id defaults to get from x509 certificate and uses:
c=us,l=montana,o=myvpn, ou=vpn,cn=client1
the remote id, I set to asn1der and set it to: c=us,l=montana,o=myvpn, ou=vpn,cn=router
Then I try to connect:
20150731 02:11:32:420 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150731 02:11:32:932 Default (SA CertGateway-P1) RECV phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [CERT] [CERT_REQ] [SIG] [NAT_D] [NAT_D] [VID] [VID] [VID]
20150731 02:11:32:958 Default exchange_add_certs: could not obtain cert for a type 4 cert request
20150731 02:11:32:958 Default exchange_run: doi->initiator (01C0FE08) failed
[VPNCONF] TGBIKE_STARTED received
20150731 02:11:10:194 Default IKE daemon is removing SAs...
20150731 02:11:10:194 Default Reinitializing IKE daemon
20150731 02:11:10:220 Default IKE daemon reinitialized
20150731 02:11:19:382 Default IKE daemon is removing SAs...
20150731 02:11:19:382 Default Reinitializing IKE daemon
20150731 02:11:19:419 Default IKE daemon reinitialized
20150731 02:11:27:712 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150731 02:11:32:420 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150731 02:11:32:932 Default (SA CertGateway-P1) RECV phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [CERT] [CERT_REQ] [SIG] [NAT_D] [NAT_D] [VID] [VID] [VID]
20150731 02:11:32:958 Default exchange_add_certs: could not obtain cert for a type 4 cert request
20150731 02:11:32:958 Default exchange_run: doi->initiator (01C0FE08) failed
20150731 02:11:58:154 Default (SA Gateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:11:59:855 Default (SA Gateway-P1) RECV phase 1 Aggressive Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [NAT_D] [NAT_D] [VID] [VID] [VID] [VID]
20150731 02:11:59:862 Default (SA Gateway-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20150731 02:11:59:863 Default phase 1 done: initiator id client.domain.com, responder id xx.xx.xx.xx
20150731 02:11:59:892 Default (SA Gateway-P1) RECV Transaction Mode [HASH] [ATTRIBUTE]
20150731 02:12:03:565 Default XAUTH user action failed
20150731 02:12:03:565 Default exchange_run: doi->responder (01B6CCB0) failed
20150731 02:12:05:566 Default <Gateway-P1> deleted
20150731 02:12:05:566 Default XAUTH authentication failed or timed out for <Gateway-Tunnel-P2>
20150731 02:12:22:935 Default (SA <unknown>) SEND Informational [HASH] [NOTIFY] type DPD_R_U_THERE
20150731 02:12:22:935 Default ipsec_get_keystate: no keystate in ISAKMP SA 01B2E148
20150731 02:12:45:157 Default IKE daemon is removing SAs...
20150731 02:12:45:157 Default Reinitializing IKE daemon
20150731 02:12:45:188 Default IKE daemon reinitialized
20150731 02:12:52:509 Default IKE daemon is removing SAs...
20150731 02:12:52:509 Default Reinitializing IKE daemon
20150731 02:12:52:539 Default IKE daemon reinitialized
20150731 02:12:53:031 Default message_recv: invalid cookie(s) 9494670d1c8ecb7c beb9b5908e5f9c29
20150731 02:12:53:031 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:12:53:031 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:12:55:443 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150731 02:12:57:696 Default (SA CertGateway-P1) RECV phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [CERT] [CERT_REQ] [SIG] [NAT_D] [NAT_D] [VID] [VID] [VID]
20150731 02:12:57:726 Default exchange_add_certs: could not obtain cert for a type 4 cert request
20150731 02:12:57:726 Default exchange_run: doi->initiator (01B40400) failed
20150731 02:13:03:715 Default message_recv: invalid cookie(s) 9494670d1c8ecb7c beb9b5908e5f9c29
20150731 02:13:03:715 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:13:03:715 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:13:13:745 Default message_recv: invalid cookie(s) 9494670d1c8ecb7c beb9b5908e5f9c29
20150731 02:13:13:745 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:13:13:745 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:13:27:105 Default (SA <unknown>) SEND Informational [HASH] [NOTIFY] type DPD_R_U_THERE
20150731 02:13:27:105 Default ipsec_get_keystate: no keystate in ISAKMP SA 01B6CBE8
[VPNCONF] TGBIKE_STOPPED received
[VPNCONF] TGBIKE_STARTED received
20150731 02:14:27:227 Default message_recv: invalid cookie(s) e642ef6c111244a3 e355817dc23d7e08
20150731 02:14:27:229 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:14:27:229 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:14:37:264 Default message_recv: invalid cookie(s) e642ef6c111244a3 e355817dc23d7e08
20150731 02:14:37:264 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:14:37:272 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:17:10:697 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150731 02:17:12:988 Default (SA CertGateway-P1) RECV phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [CERT] [CERT_REQ] [SIG] [NAT_D] [NAT_D] [VID] [VID] [VID]
20150731 02:17:13:046 Default exchange_add_certs: could not obtain cert for a type 4 cert request
20150731 02:17:13:047 Default exchange_run: doi->initiator (01C1FEE8) failed
20150731 02:17:37:165 Default IKE daemon is removing SAs...
20150731 02:17:37:165 Default Reinitializing IKE daemon
20150731 02:17:37:261 Default IKE daemon reinitialized
20150731 02:17:43:047 Default message_recv: invalid cookie(s) bf476e5f48dd2d63 ecead03b3206d503
20150731 02:17:43:047 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:17:43:049 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:17:44:881 Default IKE daemon is removing SAs...
20150731 02:17:44:881 Default Reinitializing IKE daemon
20150731 02:17:44:927 Default IKE daemon reinitialized
20150731 02:17:50:197 Default IKE daemon is removing SAs...
20150731 02:17:50:199 Default Reinitializing IKE daemon
20150731 02:17:50:248 Default IKE daemon reinitialized
20150731 02:17:52:785 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:17:53:107 Default message_recv: invalid cookie(s) bf476e5f48dd2d63 ecead03b3206d503
20150731 02:17:53:107 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:17:53:107 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:17:57:112 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:18:02:113 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:18:03:368 Default message_recv: invalid cookie(s) bf476e5f48dd2d63 ecead03b3206d503
20150731 02:18:03:368 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:18:03:368 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:18:07:368 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:18:12:368 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:18:13:597 Default message_recv: invalid cookie(s) bf476e5f48dd2d63 ecead03b3206d503
20150731 02:18:13:597 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:18:13:597 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:18:17:600 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:18:17:601 Default transport_send_messages: giving up on message 01817F08
20150731 02:18:23:848 Default message_recv: invalid cookie(s) bf476e5f48dd2d63 ecead03b3206d503
20150731 02:18:23:849 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:18:23:851 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:18:33:877 Default message_recv: invalid cookie(s) bf476e5f48dd2d63 ecead03b3206d503
20150731 02:18:33:878 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:18:33:878 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:18:43:897 Default message_recv: invalid cookie(s) bf476e5f48dd2d63 ecead03b3206d503
20150731 02:18:43:897 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:18:43:902 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:18:53:937 Default message_recv: invalid cookie(s) bf476e5f48dd2d63 ecead03b3206d503
20150731 02:18:53:938 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:18:53:938 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:20:50:790 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:20:55:970 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:21:00:970 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:21:05:970 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:21:10:999 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:21:16:003 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] [VID]
20150731 02:21:16:003 Default transport_send_messages: giving up on message 01817F08
20150731 02:21:24:018 Default IKE daemon is removing SAs...
20150731 02:21:24:021 Default Reinitializing IKE daemon
20150731 02:21:24:102 Default IKE daemon reinitialized
20150731 02:21:32:615 Default IKE daemon is removing SAs...
20150731 02:21:32:615 Default Reinitializing IKE daemon
20150731 02:21:32:661 Default IKE daemon reinitialized
20150731 02:21:46:613 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150731 02:21:48:894 Default (SA CertGateway-P1) RECV phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [CERT] [CERT_REQ] [SIG] [NAT_D] [NAT_D] [VID] [VID] [VID]
20150731 02:21:48:937 Default exchange_add_certs: could not obtain cert for a type 4 cert request
20150731 02:21:48:938 Default exchange_run: doi->initiator (01B7AE80) failed
20150731 02:22:18:941 Default (SA <unknown>) SEND Informational [HASH] [NOTIFY] type DPD_R_U_THERE
20150731 02:22:18:941 Default ipsec_get_keystate: no keystate in ISAKMP SA 01B3EDB8
20150731 02:23:09:059 Default message_recv: invalid cookie(s) b098def3aadd8a99 79ac3f8c5bebbe70
20150731 02:23:09:060 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:23:09:060 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:23:19:091 Default message_recv: invalid cookie(s) b098def3aadd8a99 79ac3f8c5bebbe70
20150731 02:23:19:091 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:23:19:091 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:23:29:120 Default message_recv: invalid cookie(s) b098def3aadd8a99 79ac3f8c5bebbe70
20150731 02:23:29:120 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:23:29:123 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
[VPNCONF] TGBIKE_STOPPED received
[VPNCONF] TGBIKE_STARTED received
20150731 02:27:04:078 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150731 02:27:09:400 Default (SA CertGateway-P1) RECV phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [CERT] [CERT_REQ] [SIG] [NAT_D] [NAT_D] [VID] [VID] [VID]
20150731 02:27:09:443 Default exchange_add_certs: could not obtain cert for a type 4 cert request
20150731 02:27:09:443 Default exchange_run: doi->initiator (01C65DD0) failed
20150731 02:27:39:442 Default (SA <unknown>) SEND Informational [HASH] [NOTIFY] type DPD_R_U_THERE
20150731 02:27:39:442 Default ipsec_get_keystate: no keystate in ISAKMP SA 01C54118
20150731 02:28:29:572 Default message_recv: invalid cookie(s) 6c27f2efba9655bb 784e8d6cbce522dd
20150731 02:28:29:572 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:28:29:572 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:28:39:591 Default message_recv: invalid cookie(s) 6c27f2efba9655bb 784e8d6cbce522dd
20150731 02:28:39:591 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:28:39:592 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:28:49:612 Default message_recv: invalid cookie(s) 6c27f2efba9655bb 784e8d6cbce522dd
20150731 02:28:49:612 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:28:49:612 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:31:07:502 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150731 02:31:09:797 Default (SA CertGateway-P1) RECV phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [CERT] [CERT_REQ] [SIG] [NAT_D] [NAT_D] [VID] [VID] [VID]
20150731 02:31:09:832 Default exchange_add_certs: could not obtain cert for a type 4 cert request
20150731 02:31:09:832 Default exchange_run: doi->initiator (01C1FE88) failed
20150731 02:31:39:844 Default (SA <unknown>) SEND Informational [HASH] [NOTIFY] type DPD_R_U_THERE
20150731 02:31:39:844 Default ipsec_get_keystate: no keystate in ISAKMP SA 01B3EDF8
20150731 02:32:29:974 Default message_recv: invalid cookie(s) 59cdbaa9143d586e 2cd54590d6d73af7
20150731 02:32:29:974 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:32:29:974 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:32:40:004 Default message_recv: invalid cookie(s) 59cdbaa9143d586e 2cd54590d6d73af7
20150731 02:32:40:004 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:32:40:004 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 02:32:50:025 Default message_recv: invalid cookie(s) 59cdbaa9143d586e 2cd54590d6d73af7
20150731 02:32:50:025 Default dropped message from xx.xx.xx.xx due to notification type INVALID_COOKIE
20150731 02:32:50:025 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150731 08:13:01:334 Default (SA CertGateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150731 08:13:03:612 Default (SA CertGateway-P1) RECV phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [CERT] [CERT_REQ] [SIG] [NAT_D] [NAT_D] [VID] [VID] [VID]
20150731 08:13:03:648 Default exchange_add_certs: could not obtain cert for a type 4 cert request
20150731 08:13:03:648 Default exchange_run: doi->initiator (01B627F0) failed
20150731 08:13:33:662 Default (SA <unknown>) SEND Informational [HASH] [NOTIFY] type DPD_R_U_THERE
20150731 08:13:33:662 Default ipsec_get_keystate: no keystate in ISAKMP SA 01C65CC8
20150731 08:14:23:782 Default message_recv: invalid cookie(s) 8211839091c57705 6b9272c7beffa0eb
[VPNCONF] IP address change
20150731 09:11:21:309 Default IKE daemon is removing SAs...
20150731 09:11:21:310 Default Reinitializing IKE daemon
20150731 09:11:21:357 Default IKE daemon reinitialized
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS318N RSA Signature Cannot connect to VPN
Hello joe_schmo,
I believe this documentation can help you achieve Client-to-box connection with using certificate as the authentication methond.
Please click on this link to get to the guide.
Hope that helps! I'll look forward to your response.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS318N RSA Signature Cannot connect to VPN
That documented is awfully outdated. There's no way to generate certifictes from the VPN Client software anymore. Is there a new document?