SSH Sentinel and LinkSys RV042 VPN Router

Archived from groups: comp.dcom.vpn (More info?)

j_racicot@hotmail.com wrote:
> Hi all,
>
> I'm new to this VPN setup stuff and I'm trying to learn all I can as
> Iset this up for a non-profit I'm working with.
>
> I've been beating my head all day on this and I still can't seem to get
> the SSH VN client to connect to the VPN router. I went through the
> setup tutorial at http://www.homenethelp.com/vpn/router-client-v13.asp
> several times and still no joy.
>
> The client is configured as described in the tutorial and the router as
> well. Both have the correct configuration re: the lan at the router
> end (local group on router = 192.168.2.0 subnet 255.255.255.0) and on
> the client end (remote network = 192.168.2.0 subnet 255.255.255.0)
>
> The SSH IKE Log shows the following:
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Start isakmp sa negotiation
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Version = 1.0, Input packet
> fields = 0000
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Encode packet, version =
> 1.0, flags = 0x00000000
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 5
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 4
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 3
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 2
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
> retries = 1
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Removing negotiation
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Connection timed out or
> error, calling callback
> Phase-1 [initiator] between ipv4(udp:500,[0..3]=192.168.3.54) and
> ipv4(udp:500,[0..3]=xxx.xxx.xxx.xxx) failed; Timeout.
> 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
> 00000000 00000000 [-1] / 0x00000000 } Aggr; Deleting negotiation
>
>
> And the system log at the router end shows the following:
> May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
> [SSH Communications Security IPSEC Express version 4.1.0]
> May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
> [draft-stenberg-ipsec-nat-traversal-01]
> May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
> [draft-stenberg-ipsec-nat-traversal-02]
> May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
> [draft-ietf-ipsec-nat-t-ike-00]
> May 23 09:41:20 2005 VPN Log [Tunnel Negotiation Info] <<<
> Responder Received Aggressive Mode 1st packet
> May 23 09:41:20 2005 VPN Log Initial Aggressive Mode message
> from 67.70.131.192 but no (wildcard) connection has been configured
>
> I can't fgure out what's causing the error shown in the VPN router
> system log (last line). Any ideas?
>
> Thanks
>
> Joel
>

I'm not sure, but since no "expert" responded to your post, I'll suggest
this ---

Change one of the LAN's so that they don't have the same net number.
While testing VPN client software, that was the (apparent) fix for us.

Ed