Hi,
I am trying to connect to a clients Cisco VPN from my Ubuntu 16.04 PC
without any luck. The error message I get is:
vpnc: xauth SET message rejected: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)
What is the meaning of the message? How can I debug?
Credentials are valid, I can succesfully connect from Android.
Here's my configuration:
===================
IPSec gateway xxx.xxx.xxx.xxx
IPSec ID <IPSec ID here>
IPSec secret <PSK here>
IKE Authmode psk
Xauth username <username here>
Xauth password <plaintext pass here>
===================
This is the debug output:
===================
vpnc version 0.5.3r550-2build1
S1 init_sockaddr
[2017-08-30 15:52:53]
S2 make_socket
[2017-08-30 15:52:53]
S3 setup_tunnel
[2017-08-30 15:52:53]
using interface tun0
S4 do_phase1_am
[2017-08-30 15:52:53]
S4.1 create_nonce
[2017-08-30 15:52:53]
S4.2 dh setup
[2017-08-30 15:52:53]
S4.3 AM packet_1
[2017-08-30 15:52:53]
S4.4 AM_packet2
[2017-08-30 15:52:54]
(DPD)
(Nat-T 02N)
(Xauth)
got ike lifetime attributes: 2147483 seconds
IKE SA selected psk+xauth-aes256-sha1
peer is DPD capable (RFC3706)
peer is NAT-T capable (draft-02)\n
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery
payloads
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery
payloads
peer is XAUTH capable (draft-ietf-ipsec-isakmp-xauth-06)
NAT status: this end behind NAT? YES -- remote end behind NAT? no
S4.5 AM_packet3
[2017-08-30 15:52:54]
NAT-T mode, adding non-esp marker
S4.6 cleanup
[2017-08-30 15:52:54]
S5 do_phase2_xauth
[2017-08-30 15:52:54]
S5.1 xauth_request
[2017-08-30 15:52:54]
S5.2 notice_check
[2017-08-30 15:52:54]
S5.3 type-is-xauth check
[2017-08-30 15:52:54]
S5.4 xauth type check
[2017-08-30 15:52:54]
Please Enter Your User Name and Password :
S5.5 do xauth reply
[2017-08-30 15:52:54]
NAT-T mode, adding non-esp marker
S5.2 notice_check
[2017-08-30 15:52:54]
S5.3 type-is-xauth check
[2017-08-30 15:52:54]
S5.6 process xauth set
[2017-08-30 15:52:54]
---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
NAT-T mode, adding non-esp marker
S7.11 send isakmp termination message
[2017-08-30 15:52:54]
NAT-T mode, adding non-esp marker
vpnc: xauth SET message rejected: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)
===================
Some version information:
===================
$ vpnc --version
vpnc version 0.5.3r550-2build1
Copyright (C) 2002-2006 Geoffrey Keating, Maurice Massar, others
vpnc comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of vpnc under the terms of the GNU General
Public License. For more information about these matters, see the files
named COPYING.
Built with certificate support.
Supported DH-Groups: nopfs dh1 dh2 dh5
Supported Hash-Methods: md5 sha1
Supported Encryptions: null des 3des aes128 aes192 aes256
Supported Auth-Methods: psk psk+xauth hybrid(rsa)
===================
I would appreciate any help!
Thanks,
Kevin
I am trying to connect to a clients Cisco VPN from my Ubuntu 16.04 PC
without any luck. The error message I get is:
vpnc: xauth SET message rejected: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)
What is the meaning of the message? How can I debug?
Credentials are valid, I can succesfully connect from Android.
Here's my configuration:
===================
IPSec gateway xxx.xxx.xxx.xxx
IPSec ID <IPSec ID here>
IPSec secret <PSK here>
IKE Authmode psk
Xauth username <username here>
Xauth password <plaintext pass here>
===================
This is the debug output:
===================
vpnc version 0.5.3r550-2build1
S1 init_sockaddr
[2017-08-30 15:52:53]
S2 make_socket
[2017-08-30 15:52:53]
S3 setup_tunnel
[2017-08-30 15:52:53]
using interface tun0
S4 do_phase1_am
[2017-08-30 15:52:53]
S4.1 create_nonce
[2017-08-30 15:52:53]
S4.2 dh setup
[2017-08-30 15:52:53]
S4.3 AM packet_1
[2017-08-30 15:52:53]
S4.4 AM_packet2
[2017-08-30 15:52:54]
(DPD)
(Nat-T 02N)
(Xauth)
got ike lifetime attributes: 2147483 seconds
IKE SA selected psk+xauth-aes256-sha1
peer is DPD capable (RFC3706)
peer is NAT-T capable (draft-02)\n
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery
payloads
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery
payloads
peer is XAUTH capable (draft-ietf-ipsec-isakmp-xauth-06)
NAT status: this end behind NAT? YES -- remote end behind NAT? no
S4.5 AM_packet3
[2017-08-30 15:52:54]
NAT-T mode, adding non-esp marker
S4.6 cleanup
[2017-08-30 15:52:54]
S5 do_phase2_xauth
[2017-08-30 15:52:54]
S5.1 xauth_request
[2017-08-30 15:52:54]
S5.2 notice_check
[2017-08-30 15:52:54]
S5.3 type-is-xauth check
[2017-08-30 15:52:54]
S5.4 xauth type check
[2017-08-30 15:52:54]
Please Enter Your User Name and Password :
S5.5 do xauth reply
[2017-08-30 15:52:54]
NAT-T mode, adding non-esp marker
S5.2 notice_check
[2017-08-30 15:52:54]
S5.3 type-is-xauth check
[2017-08-30 15:52:54]
S5.6 process xauth set
[2017-08-30 15:52:54]
---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
NAT-T mode, adding non-esp marker
S7.11 send isakmp termination message
[2017-08-30 15:52:54]
NAT-T mode, adding non-esp marker
vpnc: xauth SET message rejected: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)
===================
Some version information:
===================
$ vpnc --version
vpnc version 0.5.3r550-2build1
Copyright (C) 2002-2006 Geoffrey Keating, Maurice Massar, others
vpnc comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of vpnc under the terms of the GNU General
Public License. For more information about these matters, see the files
named COPYING.
Built with certificate support.
Supported DH-Groups: nopfs dh1 dh2 dh5
Supported Hash-Methods: md5 sha1
Supported Encryptions: null des 3des aes128 aes192 aes256
Supported Auth-Methods: psk psk+xauth hybrid(rsa)
===================
I would appreciate any help!
Thanks,
Kevin
Attached Files:
-
signature.asc (0.80 KB)