Discussion:
How to configure OpenBSD L2TP/IPSEC VPN to work with Windows 10?
(too old to reply)
Sebastian Wain
2016-08-04 16:15:41 UTC
Permalink
I can't figure out how to make an OpenBSD VPN work. I followed the guide at
[1] to set up
a VPN, modified the network interface there to tun0 instead of pppoe0, and
didn't
configure the pf.conf. When I tried to connect from Win10 using the
"L2TP/IPsec with pre-shared key" VPN type I see the issues below in phase 2:

Thanks
Sebastian

[1] http://blog.fuckingwith.it/2015/08/openbsd-l2tpipsec-vpn-works-with.html

Aug 3 responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs:
initiator id 192.168.0.129, responder id 192.168.0.253
Aug 3 11:17:13 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:14 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:14 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:15 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:15 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:18 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:18 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:25 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:25 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:40 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:40 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:55 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:55 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:18:38 fw isakmpd[7947]: transport_send_messages: giving up on
exchange peer-default, no response from peer 192.168.0.129:500
R0me0 ***
2016-08-04 16:57:05 UTC
Permalink
ike passive esp transport proto udp from egress to 0.0.0.0/0 port 1701 \
main auth hmac-sha1 enc 3des group modp2048 \
quick auth hmac-sha1 enc 3des psk "YOURSECRET"


You are welcome
Post by Sebastian Wain
I can't figure out how to make an OpenBSD VPN work. I followed the guide at
[1] to set up
a VPN, modified the network interface there to tun0 instead of pppoe0, and
didn't
configure the pf.conf. When I tried to connect from Win10 using the
"L2TP/IPsec with pre-shared key" VPN type I see the issues below in phase
Thanks
Sebastian
[1] http://blog.fuckingwith.it/2015/08/openbsd-l2tpipsec-vpn-
works-with.html
initiator id 192.168.0.129, responder id 192.168.0.253
Aug 3 11:17:13 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:14 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:14 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:15 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:15 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:18 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:18 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:25 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:25 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:40 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:40 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:17:55 fw isakmpd[7947]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 192.168.0.129, responder id
192.168.0.253
Aug 3 11:17:55 fw isakmpd[7947]: dropped message from 192.168.0.129
port 500 due to notification type INVALID_ID_INFORMATION
Aug 3 11:18:38 fw isakmpd[7947]: transport_send_messages: giving up on
exchange peer-default, no response from peer 192.168.0.129:500
Loading...