VPN: CentOS client connection refused

steelangel · Post by **steelangel** » 2018/11/14 21:03:02

I am completely confused as to what is going on with this setup.

I have a Cisco EasyVPN set up on an RV325 router. It accepts connections from both Windows 7 (and 10) and OSX without complaint. It does not accept connections from my CentOS 7 box---the whole reason that I set it up in the first place.

Knowing that this is a Cisco system, I used vpnc. On the client:

Code: Select all

client$ sudo vpnc
Enter IPSec gateway address: xx.xx.xx.xx
Enter IPSec ID for xx.xx.xx.xx: thisisatunnelname
Enter IPSec secret for thisisatunnelname@xx.xx.xx.xx: 
Enter uservane for xx.xx.xx.xx: username
Enter password for username@xx.xx.xx.xx
vpnc: response was invalid [1]: (ISKMP_N_INVALID_EXCHANGE_TYPE)(7)

On the router, I get the following in the log:

Code: Select all

[Tunnel Authorize Fail] 3DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
[Tunnel Authorize Fail] 3DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
[Tunnel Authorize Fail] DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
[Tunnel Authorize Fail] DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
[Tunnel Authorize Fail] 0?? is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
[Tunnel Authorize Fail] 0?? is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
[Tunnel Authorize Fail] no acceptable Oakley Transform
[Tunnel Disconnected] grpips0 instance with peer yy.yy.yy.yy {isakmp=#0/ipsec=#0}

When a client (in this case OSX) successfully connects, I see the following:

Code: Select all

[Tunnel Authorize Fail] RC5_R16_B64_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM
[Tunnel Authorize Fail] MODP_2048 is not enabled for this connection. Attribute OAKLEY_GROUP_DESCRIPTION
[Tunnel Authorize Fail] DES_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM
[Tunnel Authorize Fail] CAST_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM
[Tunnel Authorize Fail] no acceptable Oakley Transform
[Tunnel Disconnected] grpips0 instance with peer yy.yy.yy.yy {isakmp=#0/ipsec=#0}
[Tunnel Authorize Fail] received Hash Payload does not match computed value
[Tunnel Established] ISAKMP SA established
[Tunnel Established] received XAUTH ack, established
[Tunnel Established] sent ModeCfg reply, established

The best I can figure is that vpnc isn't using the correct algorithms, but even the successful connection log are an enigma to me. This should 'just work' by all of the tutorials I have found; what am I doing wrong?