I've created a VPN adapter on my Windows machine, not using SoftEther's client.
I specified the correct PKS in an L2TP/IPSec connection. This is my vpnserver setting:
    declare IPsec
    {
        bool EtherIP_IPsec true
        string IPsec_Secret <some secret>
        string L2TP_DefaultHub DEFAULT
        bool L2TP_IPsec true
        bool L2TP_Raw true
        declare EtherIP_IDSettingsList
        {
        }
    }
Entered the correct username and password.
This is the log on the server side:
<date and time> IPsec Client 35 (xxx.xxx.xxx.xxx:500 -> yyy.yyy.yyy.yyy:500): A new IPsec client is created.
<date and time> IPsec Client 35 (xxx.xxx.xxx.xxx:500 -> yyy.yyy.yyy.yyy:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
Capturing the conversation I see that on each of my Windows encryption proposal offers the server responds with "no proposal chosen".
Where do I configure the types of encryption the server can support? It seems that my server is not configured to support the types that the default Windows offers.
This is what is offered by the client:
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
    Source Port: 500
    Destination Port: 500
    Length: 392
    Checksum: 0xd38d [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [Stream index: 10]
Internet Security Association and Key Management Protocol
    Initiator SPI: 54984f09dcf0371f
    Responder SPI: 0000000000000000
    Next payload: Security Association (1)
    Version: 1.0
        0001 .... = MjVer: 0x01
        .... 0000 = MnVer: 0x00
    Exchange type: Identity Protection (Main Mode) (2)
    Flags: 0x00
        .... ...0 = Encryption: Not encrypted
        .... ..0. = Commit: No commit
        .... .0.. = Authentication: No authentication
    Message ID: 0x00000000
    Length: 384
    Type Payload: Security Association (1)
        Next payload: Vendor ID (13)
        Payload length: 212
        Domain of interpretation: IPSEC (1)
        Situation: 00000001
            .... .... .... .... .... .... .... ...1 = Identity Only: True
            .... .... .... .... .... .... .... ..0. = Secrecy: False
            .... .... .... .... .... .... .... .0.. = Integrity: False
        Type Payload: Proposal (2) # 1
            Next payload: NONE / No Next Payload  (0)
            Payload length: 200
            Proposal number: 1
            Protocol ID: ISAKMP (1)
            SPI Size: 0
            Proposal transforms: 5
            Type Payload: Transform (3) # 1
                Next payload: Transform (3)
                Payload length: 40
                Transform number: 1
                Transform ID: KEY_IKE (1)
                Transform IKE Attribute Type (t=1,l=2) Encryption-Algorithm : AES-CBC
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Encryption-Algorithm (1)
                    Value: 0007
                    Encryption Algorithm: AES-CBC (7)
                Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Key-Length (14)
                    Value: 0100
                    Key Length: 256
                Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Hash-Algorithm (2)
                    Value: 0002
                    HASH Algorithm: SHA (2)
                Transform IKE Attribute Type (t=4,l=2) Group-Description : 384-bit random ECP group
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Group-Description (4)
                    Value: 0014
                    Group Description: 384-bit random ECP group (20)
                Transform IKE Attribute Type (t=3,l=2) Authentication-Method : RSA-SIG
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Authentication-Method (3)
                    Value: 0003
                    Authentication Method: RSA-SIG (3)
                Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Life-Type (11)
                    Value: 0001
                    Life Type: Seconds (1)
                Transform IKE Attribute Type (t=12,l=4) Life-Duration : 28800
                    0... .... .... .... = Transform IKE Format: Type/Length/Value (TLV)
                    Transform IKE Attribute Type: Life-Duration (12)
                    Length: 4
                    Value: 00007080
                    Life Duration: 28800
            Type Payload: Transform (3) # 2
                Next payload: Transform (3)
                Payload length: 40
                Transform number: 2
                Transform ID: KEY_IKE (1)
                Transform IKE Attribute Type (t=1,l=2) Encryption-Algorithm : AES-CBC
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Encryption-Algorithm (1)
                    Value: 0007
                    Encryption Algorithm: AES-CBC (7)
                Transform IKE Attribute Type (t=14,l=2) Key-Length : 128
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Key-Length (14)
                    Value: 0080
                    Key Length: 128
                Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Hash-Algorithm (2)
                    Value: 0002
                    HASH Algorithm: SHA (2)
                Transform IKE Attribute Type (t=4,l=2) Group-Description : 256-bit random ECP group
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Group-Description (4)
                    Value: 0013
                    Group Description: 256-bit random ECP group (19)
                Transform IKE Attribute Type (t=3,l=2) Authentication-Method : RSA-SIG
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Authentication-Method (3)
                    Value: 0003
                    Authentication Method: RSA-SIG (3)
                Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Life-Type (11)
                    Value: 0001
                    Life Type: Seconds (1)
                Transform IKE Attribute Type (t=12,l=4) Life-Duration : 28800
                    0... .... .... .... = Transform IKE Format: Type/Length/Value (TLV)
                    Transform IKE Attribute Type: Life-Duration (12)
                    Length: 4
                    Value: 00007080
                    Life Duration: 28800
            Type Payload: Transform (3) # 3
                Next payload: Transform (3)
                Payload length: 40
                Transform number: 3
                Transform ID: KEY_IKE (1)
                Transform IKE Attribute Type (t=1,l=2) Encryption-Algorithm : AES-CBC
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Encryption-Algorithm (1)
                    Value: 0007
                    Encryption Algorithm: AES-CBC (7)
                Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Key-Length (14)
                    Value: 0100
                    Key Length: 256
                Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Hash-Algorithm (2)
                    Value: 0002
                    HASH Algorithm: SHA (2)
                Transform IKE Attribute Type (t=4,l=2) Group-Description : 2048 bit MODP group
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Group-Description (4)
                    Value: 000e
                    Group Description: 2048 bit MODP group (14)
                Transform IKE Attribute Type (t=3,l=2) Authentication-Method : RSA-SIG
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Authentication-Method (3)
                    Value: 0003
                    Authentication Method: RSA-SIG (3)
                Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Life-Type (11)
                    Value: 0001
                    Life Type: Seconds (1)
                Transform IKE Attribute Type (t=12,l=4) Life-Duration : 28800
                    0... .... .... .... = Transform IKE Format: Type/Length/Value (TLV)
                    Transform IKE Attribute Type: Life-Duration (12)
                    Length: 4
                    Value: 00007080
                    Life Duration: 28800
            Type Payload: Transform (3) # 4
                Next payload: Transform (3)
                Payload length: 36
                Transform number: 4
                Transform ID: KEY_IKE (1)
                Transform IKE Attribute Type (t=1,l=2) Encryption-Algorithm : 3DES-CBC
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Encryption-Algorithm (1)
                    Value: 0005
                    Encryption Algorithm: 3DES-CBC (5)
                Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Hash-Algorithm (2)
                    Value: 0002
                    HASH Algorithm: SHA (2)
                Transform IKE Attribute Type (t=4,l=2) Group-Description : 2048 bit MODP group
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Group-Description (4)
                    Value: 000e
                    Group Description: 2048 bit MODP group (14)
                Transform IKE Attribute Type (t=3,l=2) Authentication-Method : RSA-SIG
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Authentication-Method (3)
                    Value: 0003
                    Authentication Method: RSA-SIG (3)
                Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Life-Type (11)
                    Value: 0001
                    Life Type: Seconds (1)
                Transform IKE Attribute Type (t=12,l=4) Life-Duration : 28800
                    0... .... .... .... = Transform IKE Format: Type/Length/Value (TLV)
                    Transform IKE Attribute Type: Life-Duration (12)
                    Length: 4
                    Value: 00007080
                    Life Duration: 28800
            Type Payload: Transform (3) # 5
                Next payload: NONE / No Next Payload  (0)
                Payload length: 36
                Transform number: 5
                Transform ID: KEY_IKE (1)
                Transform IKE Attribute Type (t=1,l=2) Encryption-Algorithm : 3DES-CBC
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Encryption-Algorithm (1)
                    Value: 0005
                    Encryption Algorithm: 3DES-CBC (5)
                Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Hash-Algorithm (2)
                    Value: 0002
                    HASH Algorithm: SHA (2)
                Transform IKE Attribute Type (t=4,l=2) Group-Description : Alternate 1024-bit MODP group
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Group-Description (4)
                    Value: 0002
                    Group Description: Alternate 1024-bit MODP group (2)
                Transform IKE Attribute Type (t=3,l=2) Authentication-Method : RSA-SIG
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Authentication-Method (3)
                    Value: 0003
                    Authentication Method: RSA-SIG (3)
                Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
                    1... .... .... .... = Transform IKE Format: Type/Value (TV)
                    Transform IKE Attribute Type: Life-Type (11)
                    Value: 0001
                    Life Type: Seconds (1)
                Transform IKE Attribute Type (t=12,l=4) Life-Duration : 28800
                    0... .... .... .... = Transform IKE Format: Type/Length/Value (TLV)
                    Transform IKE Attribute Type: Life-Duration (12)
                    Length: 4
                    Value: 00007080
                    Life Duration: 28800
    Type Payload: Vendor ID (13) : MS NT5 ISAKMPOAKLEY
        Next payload: Vendor ID (13)
        Payload length: 24
        Vendor ID: 1e2b516905991c7d7c96fcbfb587e46100000008
        Vendor ID: MS NT5 ISAKMPOAKLEY
        MS NT5 ISAKMPOAKLEY: Unknown (8)
    Type Payload: Vendor ID (13) : RFC 3947 Negotiation of NAT-Traversal in the IKE
        Next payload: Vendor ID (13)
        Payload length: 20
        Vendor ID: 4a131c81070358455c5728f20e95452f
        Vendor ID: RFC 3947 Negotiation of NAT-Traversal in the IKE
    Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02\n
        Next payload: Vendor ID (13)
        Payload length: 20
        Vendor ID: 90cb80913ebb696e086381b5ec427b1f
        Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n
    Type Payload: Vendor ID (13) : Cisco Fragmentation
        Next payload: Vendor ID (13)
        Payload length: 20
        Vendor ID: 4048b7d56ebce88525e7de7f00d6c2d3
        Vendor ID: Cisco Fragmentation
    Type Payload: Vendor ID (13) : MS-Negotiation Discovery Capable
        Next payload: Vendor ID (13)
        Payload length: 20
        Vendor ID: fb1de3cdf341b7ea16b7e5be0855f120
        Vendor ID: MS-Negotiation Discovery Capable
    Type Payload: Vendor ID (13) : Microsoft Vid-Initial-Contact
        Next payload: Vendor ID (13)
        Payload length: 20
        Vendor ID: 26244d38eddb61b3172a36e3d0cfb819
        Vendor ID: Microsoft Vid-Initial-Contact
    Type Payload: Vendor ID (13) : IKE CGA Version 1
        Next payload: NONE / No Next Payload  (0)
        Payload length: 20
        Vendor ID: e3a5966a76379fe707228231e5ce8652
        Vendor ID: IKE CGA Version 1
And this is the response:
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
    Source Port: 500
    Destination Port: 500
    Length: 64
    Checksum: 0x8fe4 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [Stream index: 10]
Internet Security Association and Key Management Protocol
    Initiator SPI: bd1c59a97c9797fa
    Responder SPI: 0000000000000000
    Next payload: Notification (11)
    Version: 1.0
        0001 .... = MjVer: 0x01
        .... 0000 = MnVer: 0x00
    Exchange type: Informational (5)
    Flags: 0x00
        .... ...0 = Encryption: Not encrypted
        .... ..0. = Commit: No commit
        .... .0.. = Authentication: No authentication
    Message ID: 0x27c13c77
    Length: 56
    Type Payload: Notification (11)
        Next payload: NONE / No Next Payload  (0)
        Payload length: 28
        Domain of interpretation: ISAKMP (0)
        Protocol ID: ISAKMP (1)
        SPI Size: 16
        Notify Message Type: NO-PROPOSAL-CHOSEN (14)
        SPI: 54984f09dcf0371f0000000000000000
        Notification DATA: <MISSING>
Thank you for your assistance.
			
									
									
						Encryption
- 
				howlingcat
- Posts: 10
- Joined: Thu Oct 20, 2016 9:17 pm
Re: Encryption
Never mind. Somehow I missed entering the PSK. Sorry for the trouble.
			
									
									
						