Fl0 Geschrieben 20. Februar 2014 Geschrieben 20. Februar 2014 Hi, P1: peer 3 (...) sa 10 ®: failed ip x.x.x.x <- ip y.y.y.y (No proposal chosen) The Phase 1 Negotation fails. As I can see you use the ID type "IP". You should use the ID type "ASN.1-DN (Distinguished Name)" if you use certificates. Try to set the identical ID type on both sides (bintec & client) and check again. Otherwise take a look at the following FAQ from bintec: IPSec phase 1 authentication details " The authentication of IPSec peers will fail when different proposals (AES, 3DES, Blowfish,...) and/or different modes (id-protect, aggressive) are used. The example below shows the error message of a failed IPSec connection: 11:32:45 INFO/IPSEC: P1: peer 1 (PSKs) sa 5306 (I): failed id der_asn1_dn(any:0,[0..99]=C=de, ST=Bavaria, L=Nuremberg, O=Support, CN=R1200) -> ip 111.222.111.222 (No proposal chosen) In case of different modes (id-protect, aggressive) the solution is to choose an "id-protect" profile for "IKE (Phase 1) Defaults". " If it's not working, you should post a longer debug. Zitieren
Jfbintec Geschrieben 21. Februar 2014 Autor Geschrieben 21. Februar 2014 Hi, Badly, it didn't work. I paste you my log of my shrew soft client on pastebin for more simplicity: [Logtalk] Log Bintec R230a VPN Certificate - Pastebin.com My log bintec speak about vendor id and no proposal chosen, no more... Zitieren
ardcore Geschrieben 28. Februar 2014 Geschrieben 28. Februar 2014 Get rid of the certificate and try to use a PSK instead. Your log clearly states multiple problems like: 14/02/21 09:11:09 !! : failed to generate local asn1-dn id from 'vpncert' Try to get a working phase1 with PSKs, fix the problems and after that if you really need to use certificates convert back to them. Zitieren
Empfohlene Beiträge
Dein Kommentar
Du kannst jetzt schreiben und Dich später registrieren. Wenn Du ein Konto hast, melde Dich jetzt an, um unter Deinem Benutzernamen zu schreiben.