Announcement

Collapse
No announcement yet.

cannot connect after 16.6.1

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    cannot connect after 16.6.1

    Hi, there

    I have 2 identiclal untangle boxes site A and site B

    Site A on 16.6.1
    Site B on 16.5.2

    ipsec stoped working on site A after upgradtin to 16.6.1

    Can someone shed some light as per why I cannot connect any more?

    Many thanks

    Alex

    Here is the Log from A - that fails to connect

    Mar 6 13:41:07 artiplanto-server-A charon: 08[IKE] destroying IKE_SA after failed XAuth authentication
    Mar 6 13:41:07 artiplanto-server-A charon: 08[ENC] parsed TRANSACTION response 2408213423 [ HASH CPA(X_STATUS) ]
    Mar 6 13:41:07 artiplanto-server-A charon: 08[NET] received packet: from 67.69.76.190[4501] to 174.89.225.43[4500] (68 bytes)
    Mar 6 13:41:07 artiplanto-server-A charon: 15[NET] sending packet: from 174.89.225.43[4500] to 67.69.76.190[4501] (68 bytes)
    Mar 6 13:41:07 artiplanto-server-A charon: 15[ENC] generating TRANSACTION request 2408213423 [ HASH CPS(X_STATUS) ]
    Mar 6 13:41:07 artiplanto-server-A charon: 15[IKE] XAuth authentication of 'pingu.iphone' failed
    Mar 6 13:41:07 artiplanto-server-A charon: 15[CFG] XAuth-EAP method backend not supported: radius
    Mar 6 13:41:07 artiplanto-server-A charon: 15[ENC] parsed TRANSACTION response 523042316 [ HASH CPRP(X_USER X_PWD) ]
    Mar 6 13:41:07 artiplanto-server-A charon: 15[NET] received packet: from 67.69.76.190[4501] to 174.89.225.43[4500] (92 bytes)
    Mar 6 13:41:07 artiplanto-server-A charon: 06[NET] sending packet: from 174.89.225.43[4500] to 67.69.76.190[4501] (68 bytes)
    Mar 6 13:41:07 artiplanto-server-A charon: 06[ENC] generating TRANSACTION request 523042316 [ HASH CPRQ(X_USER X_PWD) ]
    Mar 6 13:41:07 artiplanto-server-A charon: 06[NET] sending packet: from 174.89.225.43[4500] to 67.69.76.190[4501] (68 bytes)
    Mar 6 13:41:07 artiplanto-server-A charon: 06[ENC] generating ID_PROT response 0 [ ID HASH ]
    Mar 6 13:41:07 artiplanto-server-A charon: 06[CFG] selected peer config "VPN-XAUTH-0"
    Mar 6 13:41:07 artiplanto-server-A charon: 06[CFG] looking for XAuthInitPSK peer configs matching 174.89.225.43...67.69.76.190[10.43.137.64]
    Mar 6 13:41:07 artiplanto-server-A charon: 06[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    Mar 6 13:41:07 artiplanto-server-A charon: 06[NET] received packet: from 67.69.76.190[4501] to 174.89.225.43[4500] (92 bytes)
    Mar 6 13:41:07 artiplanto-server-A charon: 05[NET] sending packet: from 174.89.225.43[500] to 67.69.76.190[1526] (236 bytes)
    Mar 6 13:41:07 artiplanto-server-A charon: 05[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Mar 6 13:41:07 artiplanto-server-A charon: 05[IKE] remote host is behind NAT
    Mar 6 13:41:07 artiplanto-server-A charon: 05[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Mar 6 13:41:07 artiplanto-server-A charon: 05[NET] received packet: from 67.69.76.190[1526] to 174.89.225.43[500] (220 bytes)
    Mar 6 13:41:06 artiplanto-server-A charon: 14[NET] sending packet: from 174.89.225.43[500] to 67.69.76.190[1526] (156 bytes)
    Mar 6 13:41:06 artiplanto-server-A charon: 14[ENC] generating ID_PROT response 0 [ SA V V V V ]
    Mar 6 13:41:06 artiplanto-server-A charon: 14[CFG] selected proposal: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] 67.69.76.190 is initiating a Main Mode IKE_SA
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] 67.69.76.190 is initiating a Main Mode IKE_SA
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received DPD vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received FRAGMENTATION vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received Cisco Unity vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received XAuth vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
    Mar 6 13:41:06 artiplanto-server-A charon: 14[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
    Mar 6 13:41:06 artiplanto-server-A charon: 14[NET] received packet: from 67.69.76.190[1526] to 174.89.225.43[500] (848 bytes)​
    Tags: None
  • #2
    And here is the log from B - that connects just fine

    Mar 6 12:42:16 artiplanto-server-B charon: 14[IKE] CHILD_SA VPN-XAUTH-0{251} established with SPIs c5bd2e51_i 0336f444_o and TS 0.0.0.0/0 === 172.16.6.1/32
    Mar 6 12:42:16 artiplanto-server-B charon: 14[IKE] CHILD_SA VPN-XAUTH-0{251} established with SPIs c5bd2e51_i 0336f444_o and TS 0.0.0.0/0 === 172.16.6.1/32
    Mar 6 12:42:16 artiplanto-server-B charon: 14[ENC] parsed QUICK_MODE request 1921386700 [ HASH ]
    Mar 6 12:42:16 artiplanto-server-B charon: 14[NET] received packet: from 67.69.76.190[4501] to 184.144.247.19[4500] (52 bytes)
    Mar 6 12:42:16 artiplanto-server-B charon: 16[NET] sending packet: from 184.144.247.19[4500] to 67.69.76.190[4501] (172 bytes)
    Mar 6 12:42:16 artiplanto-server-B charon: 16[ENC] generating QUICK_MODE response 1921386700 [ HASH SA No ID ID ]
    Mar 6 12:42:16 artiplanto-server-B charon: 16[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
    Mar 6 12:42:16 artiplanto-server-B charon: 16[IKE] expected IPComp proposal but peer did not send one, IPComp disabled
    Mar 6 12:42:16 artiplanto-server-B charon: 16[ENC] parsed QUICK_MODE request 1921386700 [ HASH SA No ID ID ]
    Mar 6 12:42:16 artiplanto-server-B charon: 16[NET] received packet: from 67.69.76.190[4501] to 184.144.247.19[4500] (364 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 08[NET] sending packet: from 184.144.247.19[4500] to 67.69.76.190[4501] (76 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 08[ENC] generating TRANSACTION response 3043392955 [ HASH CPRP(ADDR DNS) ]
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] assigning virtual IP 172.16.6.1 to peer 'pingu.iphone'
    Mar 6 12:42:15 artiplanto-server-B charon: 08[CFG] reassigning offline lease to 'pingu.iphone'
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] peer requested virtual IP %any
    Mar 6 12:42:15 artiplanto-server-B charon: 08[ENC] parsed TRANSACTION request 3043392955 [ HASH CPRQ(ADDR MASK DNS NBNS EXP VER U_BANNER U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN U_PFS U_SAVEPWD U_FWTYPE U_BKPSRV (28683)) ]
    Mar 6 12:42:15 artiplanto-server-B charon: 08[ENC] unknown attribute type (28683)
    Mar 6 12:42:15 artiplanto-server-B charon: 08[NET] received packet: from 67.69.76.190[4501] to 184.144.247.19[4500] (164 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 07[IKE] maximum IKE_SA lifetime 28717s
    Mar 6 12:42:15 artiplanto-server-B charon: 07[IKE] scheduling reauthentication in 28177s
    Mar 6 12:42:15 artiplanto-server-B charon: 07[IKE] IKE_SA VPN-XAUTH-0[562] established between 184.144.247.19[184.144.244.149]...67.69.76.190[10.43.137.64]
    Mar 6 12:42:15 artiplanto-server-B charon: 07[IKE] IKE_SA VPN-XAUTH-0[562] established between 184.144.247.19[184.144.244.149]...67.69.76.190[10.43.137.64]
    Mar 6 12:42:15 artiplanto-server-B charon: 07[ENC] parsed TRANSACTION response 2841049563 [ HASH CPA(X_STATUS) ]
    Mar 6 12:42:15 artiplanto-server-B charon: 07[NET] received packet: from 67.69.76.190[4501] to 184.144.247.19[4500] (68 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 11[NET] sending packet: from 184.144.247.19[4500] to 67.69.76.190[4501] (68 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 11[ENC] generating TRANSACTION request 2841049563 [ HASH CPS(X_STATUS) ]
    Mar 6 12:42:15 artiplanto-server-B charon: 11[IKE] XAuth authentication of 'pingu.iphone' successful
    Mar 6 12:42:15 artiplanto-server-B charon: 11[ENC] parsed TRANSACTION response 266639267 [ HASH CPRP(X_USER X_PWD) ]
    Mar 6 12:42:15 artiplanto-server-B charon: 11[NET] received packet: from 67.69.76.190[4501] to 184.144.247.19[4500] (92 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 14[NET] sending packet: from 184.144.247.19[4500] to 67.69.76.190[4501] (68 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 14[ENC] generating TRANSACTION request 266639267 [ HASH CPRQ(X_USER X_PWD) ]
    Mar 6 12:42:15 artiplanto-server-B charon: 14[NET] sending packet: from 184.144.247.19[4500] to 67.69.76.190[4501] (68 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 14[ENC] generating ID_PROT response 0 [ ID HASH ]
    Mar 6 12:42:15 artiplanto-server-B charon: 14[CFG] selected peer config "VPN-XAUTH-0"
    Mar 6 12:42:15 artiplanto-server-B charon: 14[CFG] looking for XAuthInitPSK peer configs matching 184.144.247.19...67.69.76.190[10.43.137.64]
    Mar 6 12:42:15 artiplanto-server-B charon: 14[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    Mar 6 12:42:15 artiplanto-server-B charon: 14[NET] received packet: from 67.69.76.190[4501] to 184.144.247.19[4500] (92 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 16[NET] sending packet: from 184.144.247.19[500] to 67.69.76.190[1526] (236 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 16[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Mar 6 12:42:15 artiplanto-server-B charon: 16[IKE] remote host is behind NAT
    Mar 6 12:42:15 artiplanto-server-B charon: 16[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Mar 6 12:42:15 artiplanto-server-B charon: 16[NET] received packet: from 67.69.76.190[1526] to 184.144.247.19[500] (220 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 08[NET] sending packet: from 184.144.247.19[500] to 67.69.76.190[1526] (156 bytes)
    Mar 6 12:42:15 artiplanto-server-B charon: 08[ENC] generating ID_PROT response 0 [ SA V V V V ]
    Mar 6 12:42:15 artiplanto-server-B charon: 08[CFG] selected proposal: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] 67.69.76.190 is initiating a Main Mode IKE_SA
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] 67.69.76.190 is initiating a Main Mode IKE_SA
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received DPD vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received FRAGMENTATION vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received Cisco Unity vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received XAuth vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[IKE] received NAT-T (RFC 3947) vendor ID
    Mar 6 12:42:15 artiplanto-server-B charon: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
    Mar 6 12:42:15 artiplanto-server-B charon: 08[NET] received packet: from 67.69.76.190[1526] to 184.144.247.19[500] (848 bytes)​

    Comment

    • #3
      Please upgrade to 16.6.2.
      Attention: Support and help on the Untangle Forums is provided by
      volunteers and community members like yourself.
      If you need Untangle support please call or email [email protected]

      Comment

      • #4
        I am not getting any pending updates...could i share with you via pm the UID so you can push the 16.6.2

        Comment

        • #5
          it turns out I was 16.6.2 and I still have the same issue, anyone has any ideea?

          Comment

          Previous template Next
          Working...
          X