Hi all,
I'm trying to get a VPN connection going with "Static IPsec VPN for Business" between a Draytek router and a COS box.
In the recent log entries it gives en error in the Recent Log Entries:
packet from "Draytek IP:500: initial Main Mode message received on "Our IP":500 but no connection has been authorized with policy PSK+IKEV1_ALLOW
I've tried all "sane" settings relating the encryption, but no change.
I've changed the key lifetime and the PFS to conform with the draytek settings. To no avail
I've switched the IKE 1 and 2 settings (the draytek doesn't say wich of the two is being used).
Google helped me find a hand full of similar problems, some with solutions (like setting the wrong wan IP or wrong DH/PFS Group wich I checked) but none helped our case.
I don't even understand the error (it doesn't change when I set it fixed to IKEV2 for instance).
conn "Connectionname"
type=tunnel
authby=secret
auto=add
left="our IP"
leftnexthop=0
leftsubnet=192.168.8.0/24
right="Their IP"
rightsubnet=192.168.2.0/24
salifetime=1h
ikelifetime=8h
dpdaction=hold
dpdtimeout=120
dpddelay=30
compress=no
pfs=no
rekey=yes
aggrmode=no
ike=aes256-sha1;modp2048
leftsourceip=192.168.8.1
phase2alg=aes256-sha1;modp2048
ikev2=propose
Any hints or solutions are appreciated.
I'm trying to get a VPN connection going with "Static IPsec VPN for Business" between a Draytek router and a COS box.
In the recent log entries it gives en error in the Recent Log Entries:
packet from "Draytek IP:500: initial Main Mode message received on "Our IP":500 but no connection has been authorized with policy PSK+IKEV1_ALLOW
I've tried all "sane" settings relating the encryption, but no change.
I've changed the key lifetime and the PFS to conform with the draytek settings. To no avail
I've switched the IKE 1 and 2 settings (the draytek doesn't say wich of the two is being used).
Google helped me find a hand full of similar problems, some with solutions (like setting the wrong wan IP or wrong DH/PFS Group wich I checked) but none helped our case.
I don't even understand the error (it doesn't change when I set it fixed to IKEV2 for instance).
conn "Connectionname"
type=tunnel
authby=secret
auto=add
left="our IP"
leftnexthop=0
leftsubnet=192.168.8.0/24
right="Their IP"
rightsubnet=192.168.2.0/24
salifetime=1h
ikelifetime=8h
dpdaction=hold
dpdtimeout=120
dpddelay=30
compress=no
pfs=no
rekey=yes
aggrmode=no
ike=aes256-sha1;modp2048
leftsourceip=192.168.8.1
phase2alg=aes256-sha1;modp2048
ikev2=propose
Any hints or solutions are appreciated.
Share this post:
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »