Forums

ZonderMet
ZonderMet
Offline
Resolved
0 votes
Hi all,
I'm trying to get a VPN connection going with "Static IPsec VPN for Business" between a Draytek router and a COS box.
In the recent log entries it gives en error in the Recent Log Entries:
packet from "Draytek IP:500: initial Main Mode message received on "Our IP":500 but no connection has been authorized with policy PSK+IKEV1_ALLOW
I've tried all "sane" settings relating the encryption, but no change.
I've changed the key lifetime and the PFS to conform with the draytek settings. To no avail
I've switched the IKE 1 and 2 settings (the draytek doesn't say wich of the two is being used).
Google helped me find a hand full of similar problems, some with solutions (like setting the wrong wan IP or wrong DH/PFS Group wich I checked) but none helped our case.
I don't even understand the error (it doesn't change when I set it fixed to IKEV2 for instance).

conn "Connectionname"
type=tunnel
authby=secret
auto=add
left="our IP"
leftnexthop=0
leftsubnet=192.168.8.0/24
right="Their IP"
rightsubnet=192.168.2.0/24
salifetime=1h
ikelifetime=8h
dpdaction=hold
dpdtimeout=120
dpddelay=30
compress=no
pfs=no
rekey=yes
aggrmode=no
ike=aes256-sha1;modp2048
leftsourceip=192.168.8.1
phase2alg=aes256-sha1;modp2048
ikev2=propose


Any hints or solutions are appreciated.
Wednesday, February 02 2022, 08:30 AM
Share this post:
Responses (1)
  • Accepted Answer

    Thursday, March 17 2022, 11:46 AM - #Permalink
    Resolved
    0 votes
    Do you still need help with this?

    For a start remove all cipher, hash and DH Group settings which will allow Libreswan to use a broad secure set and give you more chance of matching with the other end.
    The reply is currently minimized Show
Your Reply