Hi, everybody.
I’m new to VyOS and to the forum.
I have na IPsec VPN stablished between my host and a costumer, they are both behind a firewall.
The VPN works ok, but I keep receiving the menssages below every 20 seconds.
Jun 19 16:21:37 vyatta pluto[5871]: packet from a.a.a.a:500: ignoring Vendor ID payload [4f4576795c6b677a57715c73]
Jun 19 16:21:37 vyatta pluto[5871]: packet from a.a.a.a:500: received Vendor ID payload [Dead Peer Detection]
Jun 19 16:21:37 vyatta pluto[5871]: packet from a.a.a.a:500: received Vendor ID payload [RFC 3947]
Jun 19 16:21:37 vyatta pluto[5871]: packet from a.a.a.a:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jun 19 16:21:37 vyatta pluto[5871]: packet from a.a.a.a:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jun 19 16:21:37 vyatta pluto[5871]: packet from a.a.a.a:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Jun 19 16:21:37 vyatta pluto[5871]: packet from a.a.a.a:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jun 19 16:21:37 vyatta pluto[5871]: packet from a.a.a.a:500: initial Main Mode message received on 172.17.105.3:500 but no connection has been authorized with policy=PSK
I think that I’m missing something very basic here.
Another important point is that if the remote side restarts the VPN, I must restart my side as well. I have DPD configured, but think that the above impacts the correct dropout detection.
[EDIT] - 2016-06-22
My configuration:
authentication {
id [my external IP]
mode pre-shared-secret
pre-shared-secret [my PSK]
}
connection-type initiate
default-esp-group ESP1_PARTNER1
description PROD_PARTNER1
ike-group IKE1_PARTNER1
local-address 172.17.105.3
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group ESP1_PARTNER1
local {
prefix 172.17.105.3/32
}
remote {
prefix 10.1.1.0/24
}
}
vyatta@PARTNER1-VPN01# sh vpn ipsec ike-group IKE1_PARTNER1
dead-peer-detection {
action restart
}
lifetime 28800
proposal 1 {
dh-group 2
encryption aes256
hash sha1
}
vyatta@PARTNER1-VPN01# sh vpn ipsec esp-group ESP1_PARTNER1
compression disable
lifetime 86400
mode tunnel
pfs disable
proposal 1 {
encryption aes256
hash sha1
}
Can anyone point me a direction?
Thanks in advance and apologize for the bad english.