Quoting lilit-aibolit <lilit-aibo...@mail.ru>:
On 05/10/17 09:17, lilit-aibolit wrote:
Hi,
I've just try your suggestion and IPhone could connect but Windows
gives new errors in log:
##here is Windows attempt
Oct 5 09:08:16 gw isakmpd[19354]: message_parse_payloads: invalid
next payload type <Unknown 59> in payload of type 5
Oct 5 09:08:16 gw isakmpd[19354]: dropped message from
37.73.208.173 port 2715 due to notification type INVALID_PAYLOAD_TYPE
I've testes one more time and it seems that
INVALID_PAYLOAD_TYPE means wrong PSK in windows vpn client.
So after correction I was able to establish vpn
both from IPhone, Android and from Windows (at least version 7)
with this ipsec.conf:
ike passive esp transport \
proto udp from a.b.s.d to any port 1701 \
main auth hmac-sha1 enc aes group modp2048 \
quick auth hmac-sha1 enc aes \
psk "psk"
ike passive esp transport \
proto udp from a.b.s.d to any port 1701 \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes \
psk "psk"
Glad that changing the order is working for you.
Yes, for whatever reason, I found IPSec/L2TP works when ike with
modp2048 is listed first and then modp1024. I read Stuart Henderson's
email carefully again and think that my suggestion re. the order of
IKE statements may be wrong. Probably the only reason this works for
me is because I am not simultaneously trying to connect with both
Windows and Android clients. Will try to test that this weekend but
please read his reply in this thread.
--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
vsan...@foretell.ca
