Conceal

I am also stuck on INVALID_ID_INFORMATION. any hints are appreciated.

.

when i turn up i see INVALID_ID_INFORMATION but when i run a statusall i see ESTABLISHED so idk what to think anymore :stuck_out_tongue:

There is two phases in this protocol…

@jkr said:
There is two phases in this protocol…

Yes. I’m sure that we have to deal correctly with subnets on phase-2. I’m afraid if it require more specific variables.

@jkr - my error suggests my interesting traffic doesnt match. any tips on finding the right info for this?

@jkr said:
NO-PROPOSAL-CHOSEN you can just use a scanner for the protocol you need.

but the information from the scanner didn’t seem to work, or maybe there’s a syntax issue with constructing the proposal. I can’t seem to find documentation that helps for my particular client.

Edit: using the wrong client, or using it with an incomplete package.

@LegendarySpork the info from the scanner will get you phase 1. I still cant get phase 2 going.

If it is a matter of subnet maybe the scan also could lead to phase2, not sure how honestly ._.

@chppppp so that should get me past the proposal? I think that’s phase 1.

@Warlord711 said:
What client do you guys use to connect ? I tried vpnc but seems not to connect at all

Edited: strongswan

@LegendarySpork said:
@chppppp so that should get me past the proposal? I think that’s phase 1.

yes!

Just to confirm:

yes, you can connect directly from your kali box! :lol:

@0xEA31 said:
Just to confirm:

yes, you can connect directly from your kali box! :lol:

yeah! it works!!

a little suggestion : try to filter the traffic you are interested in…

Here’s the ONLY reference with a sample I have found: https://help.datica.com/hc/en-us/articles/115005906626--Legacy-VPN-Client-Setup (scroll down to the Ubuntu section where it gives an example of charon-cmd syntax)

I still haven’t successfully gotten past the phase1 proposal even using the syntax noted there with the crypto parameters I got from ike-scan.

Edit: apparently charon-cmd (CLI tool associated with, but not identical to, the mighty waterfowl) is not sufficient. It supports m*** m*** so it gets slightly further than vpnc, but doesn’t support the right profiles.

@CiccioPas said:
a little suggestion : try to filter the traffic you are interested in…

I have experimented with left/rights****t a million diff ways but it never completes phase 2. What am I missing here?

@0xEA31, do we need to brute force to get the right configs? I mean specifically the s****t, in order to get the params the server is expecting. I ask because I tried all the obvious ones and I keep getting the same response.

Can someone PM with final selector required changes. This one killing me from long.

Edit: Got the tunnel up. Now working on next step
Edit: After getting ports feeling like lol. amazing box

Edit: rooted :slight_smile:

Learning IP***, the hard way… :smiley: