NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
VPN logon fails
I have setup a VPN connection to be used from iOS devices (iOS Version 10), but I always receive a "login failed" error on my mobile device, even if user and password are correct (for sure). Connection Tested also from Android device, same issue This are the settings (Internal LAN IP is 172.31.1.0 / 24): Firewall side: Mode Config: Record Name: modeConfigIOS First Pool: Start IP: 192.168.224.1 End IP: 192.168.224.100 Second & Thirs pools: blank WINS Server: Primary: 172.31.1.1 <My Internal LAN Wind Server IP> Secondary: blank DNS Server: Primary: 172.31.1.1 <My Internal LAN DNS Server IP> Secondary: blank PFS Key Group:<Checked> DH Group 2 (1024 bit) SA Lifetime: 300 Seconds Encryption Algorithm: AES-128 Integrity Algorithm: SHA-1 Local IP Address: 172.31.1.0 Local Subnet Mask: 255.255.255.0 IKE Policy: Do you want to use Mode Config Record? YES Select Mode Config Record: modeConfigIOS Policy Name: for_iOS Type: Responder Exchange Mode: Main Local Select Local Gateway: WAN1 Indetifier Type: FQDN Identifier: fvs1_local.com Remote Identifier Type: FQDN Identifier: 0.0.0.0 Encryption Algorithm: AES-128 Authentication Algorithm: SHA-1 Authentication Method: pre-shared key pre-shared key: 12345678 <Tested with different one> Diffie-Hellman (DH) Group: Group 2 (1024 bit) SA-Lifetime (sec): 300 Enable Dead Peer Detection: no XAUTH Configuration: Edge Device Authentication Type: User Database User Settings: Name: <TheUSername> User Type: IPSEC VPN User On iOS Device: Type: IPSec Description: <VPN Name> Server: My Public IP Account: <TheUsername> Password: <Blank, I enter it at every connection> Use Certificate: OFF Group Name: blank Secret: 12345678 proxy: No When i try to connect, the mobile device ask for user and password and then shows a User Authentication Error. On VPN LOG I have these entries (for security reason, my public IP has been removed): Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] ERROR: Received mode config from 31.159.216.207[500], but we do not have ISAKMP-SA. Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'ph1_main'. Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] ERROR: Failed to find proper address pool with id -1 Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO: Sending Informational Exchange: delete payload[] Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO: Login failed for user "supportios" Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO: 0.0.0.0 IP address has been released by remote peer. Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received attribute type "ISAKMP_CFG_REPLY" from 31.159.216.207[500] Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: ISAKMP-SA established for <MyPublicIP>[500]-31.159.216.207[500] with spi:bff7714a21b1656e:099b3f12ea7eb137 Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Sending Xauth request to 31.159.216.207[500] Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] WARNING: Ignore INITIAL-CONTACT notification from 31.159.216.207[500] because it is only accepted after phase1. Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: NAT not detected Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: NAT-D payload matches for 31.159.216.207[500] Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: NAT-D payload matches for <MyPublicIP>[500] Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: For 31.159.216.207[500], Selected NAT-T version: RFC 3947 Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received Vendor ID: DPD Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received unknown Vendor ID Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received unknown Vendor ID Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received unknown Vendor ID Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received unknown Vendor ID Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received unknown Vendor ID Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received unknown Vendor ID Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received unknown Vendor ID Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received unknown Vendor ID Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received unknown Vendor ID Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received Vendor ID: RFC 3947 Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Beginning Identity Protection mode. Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Received request for new phase 1 negotiation: <MyPublicIP>[500]<=>31.159.216.207[500] Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO: Anonymous configuration selected for 31.159.216.207[500].