Try to configure a NRHP


#1

I am trying to configure NRHP/dmVPN connection between two VyOS virtuale machines.
All i get in the log on the hub is:
Jul 10 19:25:42 nhrp-server pluto[2297]: packet from 193.200.225.69:2202: received Vendor ID payload [strongSwan]
Jul 10 19:25:42 nhrp-server pluto[2297]: packet from 193.200.225.69:2202: ignoring Vendor ID payload [Cisco-Unity]
Jul 10 19:25:42 nhrp-server pluto[2297]: packet from 193.200.225.69:2202: received Vendor ID payload [XAUTH]
Jul 10 19:25:42 nhrp-server pluto[2297]: packet from 193.200.225.69:2202: received Vendor ID payload [Dead Peer Detection]
Jul 10 19:25:42 nhrp-server pluto[2297]: packet from 193.200.225.69:2202: initial Main Mode message received on 178.209.169.12:500 but no connection has been authorized with policy=PSK

Can anyone see why?
My client’s is behind a nat router, that i don’t have access to.

Hub configuration:
interfaces {
ethernet eth0 {
address 178.209.169.12/29
duplex auto
hw-id 00:15:5d:fb:7e:c2
smp_affinity auto
speed auto
}
loopback lo {
}
tunnel tun0 {
address 10.0.0.1/24
encapsulation gre
local-ip 178.209.169.12
multicast enable
parameters {
ip {
key ****************
}
}
}
}
protocols {
nhrp {
tunnel tun0 {
cisco-authentication SECRET
holding-time 300
multicast dynamic
redirect
}
}
static {
route 0.0.0.0/0 {
next-hop 178.209.169.9 {
distance 20
}
}
}
}
service {
ssh {
listen-address 178.209.169.12
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name nhrp-server
login {
user XXXXXX {
authentication {
encrypted-password ****************
plaintext-password ****************

        }
        level admin
    }
}
name-server 178.209.170.3
name-server 178.209.172.3
ntp {
    server 0.pool.ntp.org {
    }
    server 1.pool.ntp.org {
    }
    server 2.pool.ntp.org {
    }
}
package {
    auto-sync 1
    repository community {
        components main
        distribution helium
        password ****************
        url http://packages.vyos.net/vyos
        username ""
    }
}
syslog {
    global {
        facility all {
            level debug
        }
        facility protocols {
            level debug
        }
    }
}
time-zone UTC

}
vpn {
ipsec {
esp-group ESP-HUB1 {
compression disable
lifetime 1800
mode tunnel
pfs dh-group2
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption 3des
hash md5
}
}
ike-group IKE-HUB1 {
ikev2-reauth no
key-exchange ikev1
lifetime 3600
proposal 1 {
encryption aes256
hash sha1
}

        proposal 2 {
            encryption aes128
            hash sha1
        }
    }
    ipsec-interfaces {
        interface eth0
    }
    profile NHRPVPN {
        authentication {
            mode pre-shared-secret
            pre-shared-secret ****************
        }
        bind {
            tunnel tun0
        }
        esp-group ESP-HUB1
        ike-group IKE-HUB1
    }
}

}

Client:
interfaces {
ethernet eth0 {
address 172.16.1.1/29
duplex auto
hw-id 00:0c:29:5b:19:24
smp_affinity auto
speed auto
}
ethernet eth1 {
duplex auto
hw-id 00:0c:29:5b:19:2e
smp_affinity auto
speed auto
}
loopback lo {
}
tunnel tun0 {
address 10.0.0.2/24
encapsulation gre
local-ip 0.0.0.0
multicast enable
parameters {
ip {
key ****************
}
}
}
}
protocols {
nhrp {
tunnel tun0 {
cisco-authentication Lim87Hus!
map 10.0.0.1/24 {
nbma-address 178.209.169.12
register
}
multicast nhs
redirect
shortcut
}
}
static {
route 0.0.0.0/0 {
next-hop 172.16.1.6 {
distance 20
}
}
}
}
service {
ssh {
listen-address 172.16.1.1
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {

    device ttyS0 {
        speed 9600
    }
}
host-name nhrp-silk-rtr01
login {
    user XXXXXX{
        authentication {
            encrypted-password ****************
            plaintext-password ****************
        }
        level admin
    }
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
    server 0.pool.ntp.org {
    }
    server 1.pool.ntp.org {
    }
    server 2.pool.ntp.org {
    }
}
package {
    auto-sync 1
    repository community {
        components main
        distribution helium
        password ****************
        url http://packages.vyos.net/vyos
        username ""
    }
}
syslog {
    global {
        facility all {
            level notice
        }
        facility protocols {
            level debug
        }
    }
}
time-zone UTC

}
vpn {
ipsec {
auto-update 30
esp-group ESP-SPOKE1 {
compression disable
lifetime 1800
mode tunnel
pfs dh-group2
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption 3des

            hash md5
        }
    }
    ike-group IKE-SPOKE1 {
        ikev2-reauth no
        key-exchange ikev1
        lifetime 3600
        proposal 1 {
            encryption aes256
            hash sha1
        }
        proposal 2 {
            encryption aes128
            hash sha1
        }
    }
    ipsec-interfaces {
        interface eth0
    }
    profile NHRPVPN {
        authentication {
            mode pre-shared-secret
            pre-shared-secret ****************
        }
        bind {
            tunnel tun0
        }
        esp-group ESP-SPOKE1
        ike-group IKE-SPOKE1
    }
}

}