I am also stuck on INVALID_ID_INFORMATION
. any hints are appreciated.
.
when i turn up i see INVALID_ID_INFORMATION
but when i run a statusall i see ESTABLISHED
so idk what to think anymore
There is two phases in this protocol…
@jkr said:
There is two phases in this protocol…
Yes. I’m sure that we have to deal correctly with subnets on phase-2. I’m afraid if it require more specific variables.
@jkr - my error suggests my interesting traffic doesnt match. any tips on finding the right info for this?
@jkr said:
NO-PROPOSAL-CHOSEN you can just use a scanner for the protocol you need.
but the information from the scanner didn’t seem to work, or maybe there’s a syntax issue with constructing the proposal. I can’t seem to find documentation that helps for my particular client.
Edit: using the wrong client, or using it with an incomplete package.
If it is a matter of subnet maybe the scan also could lead to phase2, not sure how honestly ._.
@Warlord711 said:
What client do you guys use to connect ? I tried vpnc but seems not to connect at all
Edited: strongswan
@LegendarySpork said:
@chppppp so that should get me past the proposal? I think that’s phase 1.
yes!
Just to confirm:
yes, you can connect directly from your kali box! :lol:
@0xEA31 said:
Just to confirm:yes, you can connect directly from your kali box! :lol:
yeah! it works!!
a little suggestion : try to filter the traffic you are interested in…
Here’s the ONLY reference with a sample I have found: https://help.datica.com/hc/en-us/articles/115005906626--Legacy-VPN-Client-Setup (scroll down to the Ubuntu section where it gives an example of charon-cmd syntax)
I still haven’t successfully gotten past the phase1 proposal even using the syntax noted there with the crypto parameters I got from ike-scan.
Edit: apparently charon-cmd (CLI tool associated with, but not identical to, the mighty waterfowl) is not sufficient. It supports m*** m*** so it gets slightly further than vpnc, but doesn’t support the right profiles.
@CiccioPas said:
a little suggestion : try to filter the traffic you are interested in…
I have experimented with left/rights****t a million diff ways but it never completes phase 2. What am I missing here?
@0xEA31, do we need to brute force to get the right configs? I mean specifically the s****t, in order to get the params the server is expecting. I ask because I tried all the obvious ones and I keep getting the same response.
Can someone PM with final selector required changes. This one killing me from long.
Edit: Got the tunnel up. Now working on next step
Edit: After getting ports feeling like lol. amazing box
Edit: rooted
Learning IP***, the hard way…