SSH Sentinel and LinkSys RV042 VPN Router

Archived from groups: comp.dcom.vpn (More info?)

Hi all,

I'm new to this VPN setup stuff and I'm trying to learn all I can as
Iset this up for a non-profit I'm working with.

I've been beating my head all day on this and I still can't seem to get
the SSH VN client to connect to the VPN router. I went through the
setup tutorial at http://www.homenethelp.com/vpn/router-client-v13.asp
several times and still no joy.

The client is configured as described in the tutorial and the router as
well. Both have the correct configuration re: the lan at the router
end (local group on router = 192.168.2.0 subnet 255.255.255.0) and on
the client end (remote network = 192.168.2.0 subnet 255.255.255.0)

The SSH IKE Log shows the following:
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Start isakmp sa negotiation
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Version = 1.0, Input packet
fields = 0000
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Encode packet, version =
1.0, flags = 0x00000000
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 5
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 4
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 3
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 2
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
retries = 1
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Removing negotiation
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Connection timed out or
error, calling callback
Phase-1 [initiator] between ipv4(udp:500,[0..3]=192.168.3.54) and
ipv4(udp:500,[0..3]=xxx.xxx.xxx.xxx) failed; Timeout.
0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
00000000 00000000 [-1] / 0x00000000 } Aggr; Deleting negotiation


And the system log at the router end shows the following:
May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
[SSH Communications Security IPSEC Express version 4.1.0]
May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
[draft-stenberg-ipsec-nat-traversal-01]
May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
[draft-stenberg-ipsec-nat-traversal-02]
May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
[draft-ietf-ipsec-nat-t-ike-00]
May 23 09:41:20 2005 VPN Log [Tunnel Negotiation Info] <<<
Responder Received Aggressive Mode 1st packet
May 23 09:41:20 2005 VPN Log Initial Aggressive Mode message
from 67.70.131.192 but no (wildcard) connection has been configured

I can't fgure out what's causing the error shown in the VPN router
system log (last line). Any ideas?

Thanks

Joel
1 answer Last reply
More about sentinel linksys rv042 router
  1. Archived from groups: comp.dcom.vpn (More info?)

    j_racicot@hotmail.com wrote:
    > Hi all,
    >
    > I'm new to this VPN setup stuff and I'm trying to learn all I can as
    > Iset this up for a non-profit I'm working with.
    >
    > I've been beating my head all day on this and I still can't seem to get
    > the SSH VN client to connect to the VPN router. I went through the
    > setup tutorial at http://www.homenethelp.com/vpn/router-client-v13.asp
    > several times and still no joy.
    >
    > The client is configured as described in the tutorial and the router as
    > well. Both have the correct configuration re: the lan at the router
    > end (local group on router = 192.168.2.0 subnet 255.255.255.0) and on
    > the client end (remote network = 192.168.2.0 subnet 255.255.255.0)
    >
    > The SSH IKE Log shows the following:
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Start isakmp sa negotiation
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Version = 1.0, Input packet
    > fields = 0000
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Encode packet, version =
    > 1.0, flags = 0x00000000
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
    > retries = 5
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
    > retries = 4
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
    > retries = 3
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
    > retries = 2
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Retransmitting packet,
    > retries = 1
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Removing negotiation
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Connection timed out or
    > error, calling callback
    > Phase-1 [initiator] between ipv4(udp:500,[0..3]=192.168.3.54) and
    > ipv4(udp:500,[0..3]=xxx.xxx.xxx.xxx) failed; Timeout.
    > 0.0.0.0:500 (Initiator) <-> xxx.xxx.xxx.xxx:500 { ec9b231c a3000001 -
    > 00000000 00000000 [-1] / 0x00000000 } Aggr; Deleting negotiation
    >
    >
    > And the system log at the router end shows the following:
    > May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
    > [SSH Communications Security IPSEC Express version 4.1.0]
    > May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
    > [draft-stenberg-ipsec-nat-traversal-01]
    > May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
    > [draft-stenberg-ipsec-nat-traversal-02]
    > May 23 09:41:20 2005 VPN Log Ignoring Vendor ID payload Type =
    > [draft-ietf-ipsec-nat-t-ike-00]
    > May 23 09:41:20 2005 VPN Log [Tunnel Negotiation Info] <<<
    > Responder Received Aggressive Mode 1st packet
    > May 23 09:41:20 2005 VPN Log Initial Aggressive Mode message
    > from 67.70.131.192 but no (wildcard) connection has been configured
    >
    > I can't fgure out what's causing the error shown in the VPN router
    > system log (last line). Any ideas?
    >
    > Thanks
    >
    > Joel
    >

    I'm not sure, but since no "expert" responded to your post, I'll suggest
    this ---

    Change one of the LAN's so that they don't have the same net number.
    While testing VPN client software, that was the (apparent) fix for us.

    Ed
Ask a new question

Read More

vpn Routers SSH Networking