Hi,
I've just try your suggestion and IPhone could connect but Windows
gives new errors in log:
Oct 5 09:05:44 gw isakmpd[19354]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_1024, expected MODP_2048
Oct 5 09:05:46 gw npppd[10826]: l2tpd ctrl=6 logtype=Started RecvSCCRQ
from=37.73.214.69:57298/udp tunnel_id=6/17 protocol=1.0 winsize=4
hostname=imuca vendor=(no vendorname) firm=0000
Oct 5 09:05:46 gw npppd[10826]: l2tpd ctrl=6 call=12298 logtype=PPPBind
ppp=5
Oct 5 09:05:49 gw npppd[10826]: ppp id=5 layer=base logtype=TUNNELSTART
user="xxx" duration=3sec layer2=L2TP layer2from=37.73.214.69:57298
auth=MS-CHAP-V2 ip=192.168.222.101 iface=tun0
Oct 5 09:05:49 gw /bsd: pipex: ppp=5 iface=tun0 protocol=L2TP id=12298
PIPEX is ready.
Oct 5 09:05:49 gw npppd[10826]: ppp id=5 layer=base Using pipex=yes
Oct 5 09:06:59 gw npppd[10826]: l2tpd ctrl=6 call=12298 logtype=PPPUnbind
Oct 5 09:06:59 gw npppd[10826]: ppp id=5 layer=base logtype=TUNNELUSAGE
user="ppo" duration=72sec layer2=L2TP layer2from=37.73.214.69:57298
auth=MS-CHAP-V2 data_in=167613bytes,1911packets
data_out=2819616bytes,2540packets error_in=1 error_out=0 mppe=no iface=tun0
Oct 5 09:06:59 gw npppd[10826]: l2tpd ctrl=6 logtype=Finished
##here is Windows attempt
Oct 5 09:08:16 gw isakmpd[19354]: message_parse_payloads: invalid next
payload type <Unknown 59> in payload of type 5
Oct 5 09:08:16 gw isakmpd[19354]: dropped message from 37.73.208.173
port 2715 due to notification type INVALID_PAYLOAD_TYPE
After I removed first ike config line with modp2048
then log returned to this:
Oct 5 09:16:08 gw isakmpd[12442]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_2048, expected MODP_1024
Oct 5 09:16:08 gw isakmpd[12442]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC
Oct 5 09:16:08 gw isakmpd[12442]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC
Oct 5 09:16:08 gw isakmpd[12442]: message_negotiate_sa: no compatible
proposal found
Oct 5 09:16:08 gw isakmpd[12442]: dropped message from 37.73.208.173
port 10552 due to notification type NO_PROPOSAL_CHOSEN
On 04/10/17 20:54, Vijay Sankar wrote:
Unfortunately I am not sure if what I am saying is correct or valid
because maybe this stuff works for me only because I am using older
versions of Android etc., plus I am using a slightly modified OpenBSD
5.5 kernel. But you may want to try the following.
The order is important -- doesn't seem to work if modp2048 is listed
after modp1024. If I do something like
ike passive esp transport proto udp from $local_ip to any port 1701 \
main auth "hmac-sha1" enc "aes" group modp2048 \
quick auth "hmac-sha1" enc "aes" \
psk "mypsk"
ike passive esp transport proto udp from $local_ip to any port 1701 \
main auth "hmac-sha1" enc "aes" group modp1024 \
quick auth "hmac-sha1" enc "aes" \
psk "mypsk"
in the order listed, it works, and it has been working for at least a
few years. To make sure I am not posting wrong information, I have
double-checked using Lenovo YogaPad (Android 4.4.2), Windows 7,
Windows 8, Windows 10, iOS 10.3.3, and MacOS 10.13.
I will try the same thing with -current and report back to the list if
it is useful.
Hope this helps.
Vijay
