Hello forum friends.
I’ve been working on setting up a VyOS site-to-site VPN tunnel to my Azure resource cloud.
- VyOS running on Hyper-V (has full connectivity to the internet (can ping 22.214.171.124 etc)
- Residential Gateway has ports 500 and 4500 forwarded
- put VyOS ip address onto DMZ through Residential Gateway settings
- show vpn ipsec/ike sa both show that the tunnel is up and I see a continuous stream of keep-alive packets being sent to the Azure VPN gateway.
- There is no transfer of data though. I can’t actually ping any Azure resources.
show log vpn all has A LOT of information but I think only one line really matters. It’s right before the the keep-alive packets.
- vyos charon: 09[ENC] parsed INFORMATIONAL_V1 request 1409572031 [ HASH N(INVAL_ID) ]
- vyos charon: 09[IKE] received INVALID_ID_INFORMATION error notify
below is few more lines right before showing that the tunnel is established:
IKE_SA peer-PUBLICIP-tunnel-1 established between 192.168.1.30[192.168.1.30]…PUBLICIP[PUBLICIP]
-vyos charon: 11[IKE] scheduling reauthentication in 27730s
-vyos charon: 11[IKE] maximum IKE_SA lifetime 28270s
-vyos charon: 11[ENC] generating QUICK_MODE request 4257237740 [ HASH SA No KE ID ID ]
-vyos charon: 11[NET] sending packet: from 192.168.1.30 to PUBLICIP (316 bytes)
-vyos charon: 12[NET] received packet: from PUBLICIP to 192.168.1.30 (76 bytes)
-vyos charon: 12[ENC] parsed INFORMATIONAL_V1 request 3203890434 [ HASH N(INVAL_ID) ]
-vyos charon: 12[IKE] received INVALID_ID_INFORMATION error notify
after this last line I’ll just get a large # of keep-alive packets.
Does anyone have information on this error? I’ve browsed through many many pages of google trying to figure this out and I think I’m going crazy. I see that there is communication between my azure gateway and my VyOS VPN.
vyos@vyos:~$ show vpn debug peer PUBLICIP
peer-PUBLICIPtunnel-1: 192.168.1.30…PUBLICIP IKEv1
peer-PUBLICIP-tunnel-1: local: [192.168.1.30] uses pre-shared key authentication
peer-PUBLICIP-tunnel-1: remote: [PUBLICIP] uses pre-shared key authentication
peer-PUBLICIP-tunnel-1: child: dynamic === dynamic TUNNEL
peer-PUBLICIP-tunnel-1: ESTABLISHED 4 minutes ago, 192.168.1.30[192.168.1.30]…PUBLICIP[PUBLICIP]
peer-PUBLICIP-tunnel-1: IKEv1 SPIs: 56657e4e1c67f1a5_i* 5544b08c9eb81dee_r, pre-shared key reauthentication in 7 hours
peer-PUBLICIP-tunnel-1: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
I’m not necessarily looking for an answer (if there is one that would be great). Mainly just some tips on what I should be looking for specifically or additional commands for debugging more information.