[Vpn-help] Linksys BEFVP41

Matthew Grooms mgrooms at shrew.net
Wed Sep 19 10:16:22 CDT 2007


Arnim Sommer wrote:
> Matthew Grooms schrieb:
>> What I make of it is that you have a perfectly healthy Phase1
>> negotiation completing. After which, the client is sending a modecfg
>> request which causes the Linksys router to respond with
>> "INVALID-EXCHANGE-TYPE".
>>
> I switched
> General:
> Configuration Method: push
> and the Linksys stopped the INVALID-EXCHANGE-TYPE.
> 

If you have to select the push configuration method instead of pull to 
stop the INVALID-EXCHANGE-TYPE, then the Client still expects to do a 
configuration mode exchange. The reason why you don't have the error 
message with push mode is that the client will wait for the config to be 
offered instead of requesting it.

> Now I get on the Client in the IKE Daemon log
> [...]
> DB: config added
> ii: xauth is not required
> CB: phase2 not found
> 
> It is the vpn-client-2[1].0.0-release. Should I try a beta release?
> 

Release 2.0.1 rc1 is the best to use. Please try the following ...

1) Change your log output level to debug
2) Restart the ike daemon
3) Change your config mode back to pull
4) Attempt to connect again
5) Look at the log output

After phase1 is established, the client will perform an evaluation to 
see if a config mode exchange is required. You can see this process and 
exactly which options the client is requesting in the log output ...

ii : building config attribute list
ii : - IP4 Address
ii : - IP4 Netamask
ii : - IP4 Split Network Include
ii : - IP4 Split Network Exclude
ii : - Login Banner
ii : sending config pull request

If no options are requested, the client will say so as well. Next, you 
just need to remove any site configuration options that are causing the 
config mode exchange to occur. If you aren't sure, just post the output 
to the list and I will be glad to help you out.

Its completing phase1 negotiations. My guess is that you are really 
close to getting things working.

Hope this helps,

-Matthew



More information about the vpn-help mailing list