VPN IPSEC PSK NO_PROPOSAL_CHOSEN
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
In Ubuntu 18.10, I'm trying to set-up a L2TP VPN connection with a WatchGuard server using PSK with SHA1-AES 256bit DH group 2 for Phase 1 and ESP-AES-SHA1 group 1 for Phase 2.
I tried with both Strongswan and Libreswan but always get a NO_PROPOSAL_CHOSEN error, no matter which algorithms I choose in ipsec.conf or in GNOME network manager. Relevant files are shown below. What do you suggest?
ipsec.conf
conn vpn
authby=secret
left=%defaultroute
leftxauthclient=yes
leftmodecfgclient=yes
leftxauthusername=[MY USERNAME]
modecfgpull=yes
right=[SERVER IP]
rightxauthserver=yes
rightmodecfgserver=yes
rekey=no
auto=add
ike_frag=no
ike=aes256-sha-modp2048
esp=aes-sha1-modp1024
ipsec.secrets
[MY SERVER IP] %any : PSK "[MY PSK]"
@[MY USERNAME] : XAUTH "[MY PASSWORD]"
edit new ipsec.conf:
conn myvpn
ikelifetime=8h
keylife=20m
rekeymargin=3m
keyingtries=3
keyexchange=ikev1
authby=psk
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=[SERVER_IP]
dpdtimeout=120
dpdaction=clear
rekey=yes
ike=aes256-sha1-modp1024!
esp=aes256-sha1-modp768!
launching ipsec -up myvpn
gives:
initiating Main Mode IKE_SA myvpn[1] to [SERVER_IP]
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (180 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received draft-ietf-ipsec-nat-t-ike-02n vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (244 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (220 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (108 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvpn[1] established between 192.168.1.6[192.168.1.6]...[SERVER_IP][SERVER_IP]
scheduling reauthentication in 28591s
maximum IKE_SA lifetime 28771s
generating QUICK_MODE request 3496213378 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (300 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed INFORMATIONAL_V1 request 2157690019 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'myvpn' failed
edit
xl2tpd.conf
[lac myvpn]
lns = [SERVER_IP]
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name [MY USERNAME]
password [MY PASSWORD]
Trying with network manager returns:
nm-l2tp-service[17266]: xl2tpd started with pid 17340
NetworkManager[1137]: xl2tpd[17340]: Not looking for kernel SAref support.
NetworkManager[1137]: xl2tpd[17340]: Using l2tp kernel support.
NetworkManager[1137]: xl2tpd[17340]: xl2tpd version xl2tpd-1.3.12 started on Ing PID:17340
NetworkManager[1137]: xl2tpd[17340]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
NetworkManager[1137]: xl2tpd[17340]: Forked by Scott Balmos and David Stipp, (C) 2001
NetworkManager[1137]: xl2tpd[17340]: Inherited by Jeff McAdams, (C) 2002
NetworkManager[1137]: xl2tpd[17340]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
NetworkManager[1137]: xl2tpd[17340]: Listening on IP address 0.0.0.0, port 1701
NetworkManager[1137]: xl2tpd[17340]: Connecting to host [SERVER_IP], port 1701
NetworkManager[1137]: <info> [1541422442.3462] vpn-connection[0x55a9be8bc370,c657e7cd-7120-40b6-936c-969ca917c53c,"VPN 1",0]: VPN plugin: state changed: starting (3)
NetworkManager[1137]: xl2tpd[17340]: Connection established to [SERVER_IP], 1701. Local: 62148, Remote: 1 (ref=0/0).
NetworkManager[1137]: xl2tpd[17340]: Calling on tunnel 62148
NetworkManager[1137]: xl2tpd[17340]: Call established with [SERVER_IP], Local: 47419, Remote: 1, Serial: 1 (ref=0/0)
NetworkManager[1137]: xl2tpd[17340]: start_pppd: I'm running:
NetworkManager[1137]: xl2tpd[17340]: "/usr/sbin/pppd"
NetworkManager[1137]: xl2tpd[17340]: "plugin"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp.so"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp"
NetworkManager[1137]: xl2tpd[17340]: "7"
NetworkManager[1137]: xl2tpd[17340]: "passive"
NetworkManager[1137]: xl2tpd[17340]: "nodetach"
NetworkManager[1137]: xl2tpd[17340]: ":"
NetworkManager[1137]: xl2tpd[17340]: "file"
NetworkManager[1137]: xl2tpd[17340]: "/run/nm-l2tp-ppp-options-c657e7cd-7120-40b6-936c-969ca917c53c"
pppd[17341]: Plugin pppol2tp.so loaded.
pppd[17341]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
pppd[17341]: pppd 2.4.7 started by root, uid 0
pppd[17341]: Using interface ppp0
pppd[17341]: Connect: ppp0 <-->
pppd[17341]: Overriding mtu 1500 to 1400
pppd[17341]: Overriding mru 1500 to mtu value 1400
NetworkManager[1137]: <info> [1541422442.4026] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/19)
systemd-udevd[17344]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
NetworkManager[1137]: <info> [1541422442.4117] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
NetworkManager[1137]: <info> [1541422442.4117] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
NetworkManager[1137]: xl2tpd[17340]: check_control: Received out of order control packet on tunnel 1 (got 1, expected 2)
NetworkManager[1137]: xl2tpd[17340]: handle_packet: bad control packet!
networking network-manager vpn 18.10
add a comment |
In Ubuntu 18.10, I'm trying to set-up a L2TP VPN connection with a WatchGuard server using PSK with SHA1-AES 256bit DH group 2 for Phase 1 and ESP-AES-SHA1 group 1 for Phase 2.
I tried with both Strongswan and Libreswan but always get a NO_PROPOSAL_CHOSEN error, no matter which algorithms I choose in ipsec.conf or in GNOME network manager. Relevant files are shown below. What do you suggest?
ipsec.conf
conn vpn
authby=secret
left=%defaultroute
leftxauthclient=yes
leftmodecfgclient=yes
leftxauthusername=[MY USERNAME]
modecfgpull=yes
right=[SERVER IP]
rightxauthserver=yes
rightmodecfgserver=yes
rekey=no
auto=add
ike_frag=no
ike=aes256-sha-modp2048
esp=aes-sha1-modp1024
ipsec.secrets
[MY SERVER IP] %any : PSK "[MY PSK]"
@[MY USERNAME] : XAUTH "[MY PASSWORD]"
edit new ipsec.conf:
conn myvpn
ikelifetime=8h
keylife=20m
rekeymargin=3m
keyingtries=3
keyexchange=ikev1
authby=psk
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=[SERVER_IP]
dpdtimeout=120
dpdaction=clear
rekey=yes
ike=aes256-sha1-modp1024!
esp=aes256-sha1-modp768!
launching ipsec -up myvpn
gives:
initiating Main Mode IKE_SA myvpn[1] to [SERVER_IP]
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (180 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received draft-ietf-ipsec-nat-t-ike-02n vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (244 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (220 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (108 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvpn[1] established between 192.168.1.6[192.168.1.6]...[SERVER_IP][SERVER_IP]
scheduling reauthentication in 28591s
maximum IKE_SA lifetime 28771s
generating QUICK_MODE request 3496213378 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (300 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed INFORMATIONAL_V1 request 2157690019 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'myvpn' failed
edit
xl2tpd.conf
[lac myvpn]
lns = [SERVER_IP]
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name [MY USERNAME]
password [MY PASSWORD]
Trying with network manager returns:
nm-l2tp-service[17266]: xl2tpd started with pid 17340
NetworkManager[1137]: xl2tpd[17340]: Not looking for kernel SAref support.
NetworkManager[1137]: xl2tpd[17340]: Using l2tp kernel support.
NetworkManager[1137]: xl2tpd[17340]: xl2tpd version xl2tpd-1.3.12 started on Ing PID:17340
NetworkManager[1137]: xl2tpd[17340]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
NetworkManager[1137]: xl2tpd[17340]: Forked by Scott Balmos and David Stipp, (C) 2001
NetworkManager[1137]: xl2tpd[17340]: Inherited by Jeff McAdams, (C) 2002
NetworkManager[1137]: xl2tpd[17340]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
NetworkManager[1137]: xl2tpd[17340]: Listening on IP address 0.0.0.0, port 1701
NetworkManager[1137]: xl2tpd[17340]: Connecting to host [SERVER_IP], port 1701
NetworkManager[1137]: <info> [1541422442.3462] vpn-connection[0x55a9be8bc370,c657e7cd-7120-40b6-936c-969ca917c53c,"VPN 1",0]: VPN plugin: state changed: starting (3)
NetworkManager[1137]: xl2tpd[17340]: Connection established to [SERVER_IP], 1701. Local: 62148, Remote: 1 (ref=0/0).
NetworkManager[1137]: xl2tpd[17340]: Calling on tunnel 62148
NetworkManager[1137]: xl2tpd[17340]: Call established with [SERVER_IP], Local: 47419, Remote: 1, Serial: 1 (ref=0/0)
NetworkManager[1137]: xl2tpd[17340]: start_pppd: I'm running:
NetworkManager[1137]: xl2tpd[17340]: "/usr/sbin/pppd"
NetworkManager[1137]: xl2tpd[17340]: "plugin"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp.so"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp"
NetworkManager[1137]: xl2tpd[17340]: "7"
NetworkManager[1137]: xl2tpd[17340]: "passive"
NetworkManager[1137]: xl2tpd[17340]: "nodetach"
NetworkManager[1137]: xl2tpd[17340]: ":"
NetworkManager[1137]: xl2tpd[17340]: "file"
NetworkManager[1137]: xl2tpd[17340]: "/run/nm-l2tp-ppp-options-c657e7cd-7120-40b6-936c-969ca917c53c"
pppd[17341]: Plugin pppol2tp.so loaded.
pppd[17341]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
pppd[17341]: pppd 2.4.7 started by root, uid 0
pppd[17341]: Using interface ppp0
pppd[17341]: Connect: ppp0 <-->
pppd[17341]: Overriding mtu 1500 to 1400
pppd[17341]: Overriding mru 1500 to mtu value 1400
NetworkManager[1137]: <info> [1541422442.4026] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/19)
systemd-udevd[17344]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
NetworkManager[1137]: <info> [1541422442.4117] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
NetworkManager[1137]: <info> [1541422442.4117] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
NetworkManager[1137]: xl2tpd[17340]: check_control: Received out of order control packet on tunnel 1 (got 1, expected 2)
NetworkManager[1137]: xl2tpd[17340]: handle_packet: bad control packet!
networking network-manager vpn 18.10
add a comment |
In Ubuntu 18.10, I'm trying to set-up a L2TP VPN connection with a WatchGuard server using PSK with SHA1-AES 256bit DH group 2 for Phase 1 and ESP-AES-SHA1 group 1 for Phase 2.
I tried with both Strongswan and Libreswan but always get a NO_PROPOSAL_CHOSEN error, no matter which algorithms I choose in ipsec.conf or in GNOME network manager. Relevant files are shown below. What do you suggest?
ipsec.conf
conn vpn
authby=secret
left=%defaultroute
leftxauthclient=yes
leftmodecfgclient=yes
leftxauthusername=[MY USERNAME]
modecfgpull=yes
right=[SERVER IP]
rightxauthserver=yes
rightmodecfgserver=yes
rekey=no
auto=add
ike_frag=no
ike=aes256-sha-modp2048
esp=aes-sha1-modp1024
ipsec.secrets
[MY SERVER IP] %any : PSK "[MY PSK]"
@[MY USERNAME] : XAUTH "[MY PASSWORD]"
edit new ipsec.conf:
conn myvpn
ikelifetime=8h
keylife=20m
rekeymargin=3m
keyingtries=3
keyexchange=ikev1
authby=psk
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=[SERVER_IP]
dpdtimeout=120
dpdaction=clear
rekey=yes
ike=aes256-sha1-modp1024!
esp=aes256-sha1-modp768!
launching ipsec -up myvpn
gives:
initiating Main Mode IKE_SA myvpn[1] to [SERVER_IP]
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (180 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received draft-ietf-ipsec-nat-t-ike-02n vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (244 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (220 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (108 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvpn[1] established between 192.168.1.6[192.168.1.6]...[SERVER_IP][SERVER_IP]
scheduling reauthentication in 28591s
maximum IKE_SA lifetime 28771s
generating QUICK_MODE request 3496213378 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (300 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed INFORMATIONAL_V1 request 2157690019 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'myvpn' failed
edit
xl2tpd.conf
[lac myvpn]
lns = [SERVER_IP]
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name [MY USERNAME]
password [MY PASSWORD]
Trying with network manager returns:
nm-l2tp-service[17266]: xl2tpd started with pid 17340
NetworkManager[1137]: xl2tpd[17340]: Not looking for kernel SAref support.
NetworkManager[1137]: xl2tpd[17340]: Using l2tp kernel support.
NetworkManager[1137]: xl2tpd[17340]: xl2tpd version xl2tpd-1.3.12 started on Ing PID:17340
NetworkManager[1137]: xl2tpd[17340]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
NetworkManager[1137]: xl2tpd[17340]: Forked by Scott Balmos and David Stipp, (C) 2001
NetworkManager[1137]: xl2tpd[17340]: Inherited by Jeff McAdams, (C) 2002
NetworkManager[1137]: xl2tpd[17340]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
NetworkManager[1137]: xl2tpd[17340]: Listening on IP address 0.0.0.0, port 1701
NetworkManager[1137]: xl2tpd[17340]: Connecting to host [SERVER_IP], port 1701
NetworkManager[1137]: <info> [1541422442.3462] vpn-connection[0x55a9be8bc370,c657e7cd-7120-40b6-936c-969ca917c53c,"VPN 1",0]: VPN plugin: state changed: starting (3)
NetworkManager[1137]: xl2tpd[17340]: Connection established to [SERVER_IP], 1701. Local: 62148, Remote: 1 (ref=0/0).
NetworkManager[1137]: xl2tpd[17340]: Calling on tunnel 62148
NetworkManager[1137]: xl2tpd[17340]: Call established with [SERVER_IP], Local: 47419, Remote: 1, Serial: 1 (ref=0/0)
NetworkManager[1137]: xl2tpd[17340]: start_pppd: I'm running:
NetworkManager[1137]: xl2tpd[17340]: "/usr/sbin/pppd"
NetworkManager[1137]: xl2tpd[17340]: "plugin"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp.so"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp"
NetworkManager[1137]: xl2tpd[17340]: "7"
NetworkManager[1137]: xl2tpd[17340]: "passive"
NetworkManager[1137]: xl2tpd[17340]: "nodetach"
NetworkManager[1137]: xl2tpd[17340]: ":"
NetworkManager[1137]: xl2tpd[17340]: "file"
NetworkManager[1137]: xl2tpd[17340]: "/run/nm-l2tp-ppp-options-c657e7cd-7120-40b6-936c-969ca917c53c"
pppd[17341]: Plugin pppol2tp.so loaded.
pppd[17341]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
pppd[17341]: pppd 2.4.7 started by root, uid 0
pppd[17341]: Using interface ppp0
pppd[17341]: Connect: ppp0 <-->
pppd[17341]: Overriding mtu 1500 to 1400
pppd[17341]: Overriding mru 1500 to mtu value 1400
NetworkManager[1137]: <info> [1541422442.4026] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/19)
systemd-udevd[17344]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
NetworkManager[1137]: <info> [1541422442.4117] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
NetworkManager[1137]: <info> [1541422442.4117] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
NetworkManager[1137]: xl2tpd[17340]: check_control: Received out of order control packet on tunnel 1 (got 1, expected 2)
NetworkManager[1137]: xl2tpd[17340]: handle_packet: bad control packet!
networking network-manager vpn 18.10
In Ubuntu 18.10, I'm trying to set-up a L2TP VPN connection with a WatchGuard server using PSK with SHA1-AES 256bit DH group 2 for Phase 1 and ESP-AES-SHA1 group 1 for Phase 2.
I tried with both Strongswan and Libreswan but always get a NO_PROPOSAL_CHOSEN error, no matter which algorithms I choose in ipsec.conf or in GNOME network manager. Relevant files are shown below. What do you suggest?
ipsec.conf
conn vpn
authby=secret
left=%defaultroute
leftxauthclient=yes
leftmodecfgclient=yes
leftxauthusername=[MY USERNAME]
modecfgpull=yes
right=[SERVER IP]
rightxauthserver=yes
rightmodecfgserver=yes
rekey=no
auto=add
ike_frag=no
ike=aes256-sha-modp2048
esp=aes-sha1-modp1024
ipsec.secrets
[MY SERVER IP] %any : PSK "[MY PSK]"
@[MY USERNAME] : XAUTH "[MY PASSWORD]"
edit new ipsec.conf:
conn myvpn
ikelifetime=8h
keylife=20m
rekeymargin=3m
keyingtries=3
keyexchange=ikev1
authby=psk
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=[SERVER_IP]
dpdtimeout=120
dpdaction=clear
rekey=yes
ike=aes256-sha1-modp1024!
esp=aes256-sha1-modp768!
launching ipsec -up myvpn
gives:
initiating Main Mode IKE_SA myvpn[1] to [SERVER_IP]
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (180 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received draft-ietf-ipsec-nat-t-ike-02n vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (244 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (220 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (108 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvpn[1] established between 192.168.1.6[192.168.1.6]...[SERVER_IP][SERVER_IP]
scheduling reauthentication in 28591s
maximum IKE_SA lifetime 28771s
generating QUICK_MODE request 3496213378 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (300 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed INFORMATIONAL_V1 request 2157690019 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'myvpn' failed
edit
xl2tpd.conf
[lac myvpn]
lns = [SERVER_IP]
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name [MY USERNAME]
password [MY PASSWORD]
Trying with network manager returns:
nm-l2tp-service[17266]: xl2tpd started with pid 17340
NetworkManager[1137]: xl2tpd[17340]: Not looking for kernel SAref support.
NetworkManager[1137]: xl2tpd[17340]: Using l2tp kernel support.
NetworkManager[1137]: xl2tpd[17340]: xl2tpd version xl2tpd-1.3.12 started on Ing PID:17340
NetworkManager[1137]: xl2tpd[17340]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
NetworkManager[1137]: xl2tpd[17340]: Forked by Scott Balmos and David Stipp, (C) 2001
NetworkManager[1137]: xl2tpd[17340]: Inherited by Jeff McAdams, (C) 2002
NetworkManager[1137]: xl2tpd[17340]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
NetworkManager[1137]: xl2tpd[17340]: Listening on IP address 0.0.0.0, port 1701
NetworkManager[1137]: xl2tpd[17340]: Connecting to host [SERVER_IP], port 1701
NetworkManager[1137]: <info> [1541422442.3462] vpn-connection[0x55a9be8bc370,c657e7cd-7120-40b6-936c-969ca917c53c,"VPN 1",0]: VPN plugin: state changed: starting (3)
NetworkManager[1137]: xl2tpd[17340]: Connection established to [SERVER_IP], 1701. Local: 62148, Remote: 1 (ref=0/0).
NetworkManager[1137]: xl2tpd[17340]: Calling on tunnel 62148
NetworkManager[1137]: xl2tpd[17340]: Call established with [SERVER_IP], Local: 47419, Remote: 1, Serial: 1 (ref=0/0)
NetworkManager[1137]: xl2tpd[17340]: start_pppd: I'm running:
NetworkManager[1137]: xl2tpd[17340]: "/usr/sbin/pppd"
NetworkManager[1137]: xl2tpd[17340]: "plugin"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp.so"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp"
NetworkManager[1137]: xl2tpd[17340]: "7"
NetworkManager[1137]: xl2tpd[17340]: "passive"
NetworkManager[1137]: xl2tpd[17340]: "nodetach"
NetworkManager[1137]: xl2tpd[17340]: ":"
NetworkManager[1137]: xl2tpd[17340]: "file"
NetworkManager[1137]: xl2tpd[17340]: "/run/nm-l2tp-ppp-options-c657e7cd-7120-40b6-936c-969ca917c53c"
pppd[17341]: Plugin pppol2tp.so loaded.
pppd[17341]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
pppd[17341]: pppd 2.4.7 started by root, uid 0
pppd[17341]: Using interface ppp0
pppd[17341]: Connect: ppp0 <-->
pppd[17341]: Overriding mtu 1500 to 1400
pppd[17341]: Overriding mru 1500 to mtu value 1400
NetworkManager[1137]: <info> [1541422442.4026] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/19)
systemd-udevd[17344]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
NetworkManager[1137]: <info> [1541422442.4117] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
NetworkManager[1137]: <info> [1541422442.4117] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
NetworkManager[1137]: xl2tpd[17340]: check_control: Received out of order control packet on tunnel 1 (got 1, expected 2)
NetworkManager[1137]: xl2tpd[17340]: handle_packet: bad control packet!
networking network-manager vpn 18.10
networking network-manager vpn 18.10
edited Nov 5 '18 at 13:02
Adriano Di Cara
asked Nov 1 '18 at 12:44
Adriano Di CaraAdriano Di Cara
34
34
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?
If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :
- ike=aes256-sha1-modp2048!
- esp=aes-sha1!
aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
– Douglas Kosovic
Nov 3 '18 at 7:37
I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?
– Adriano Di Cara
Nov 4 '18 at 11:52
L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!
– Douglas Kosovic
Nov 5 '18 at 6:22
Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launchingecho "c myvpn" > /var/run/xl2tpd/l2tp-control
doesn't make available the ppp0 device I expect.
– Adriano Di Cara
Nov 5 '18 at 9:40
Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2
– Douglas Kosovic
Nov 5 '18 at 12:45
|
show 3 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1089199%2fvpn-ipsec-psk-no-proposal-chosen%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?
If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :
- ike=aes256-sha1-modp2048!
- esp=aes-sha1!
aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
– Douglas Kosovic
Nov 3 '18 at 7:37
I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?
– Adriano Di Cara
Nov 4 '18 at 11:52
L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!
– Douglas Kosovic
Nov 5 '18 at 6:22
Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launchingecho "c myvpn" > /var/run/xl2tpd/l2tp-control
doesn't make available the ppp0 device I expect.
– Adriano Di Cara
Nov 5 '18 at 9:40
Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2
– Douglas Kosovic
Nov 5 '18 at 12:45
|
show 3 more comments
Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?
If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :
- ike=aes256-sha1-modp2048!
- esp=aes-sha1!
aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
– Douglas Kosovic
Nov 3 '18 at 7:37
I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?
– Adriano Di Cara
Nov 4 '18 at 11:52
L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!
– Douglas Kosovic
Nov 5 '18 at 6:22
Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launchingecho "c myvpn" > /var/run/xl2tpd/l2tp-control
doesn't make available the ppp0 device I expect.
– Adriano Di Cara
Nov 5 '18 at 9:40
Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2
– Douglas Kosovic
Nov 5 '18 at 12:45
|
show 3 more comments
Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?
If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :
- ike=aes256-sha1-modp2048!
- esp=aes-sha1!
Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?
If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :
- ike=aes256-sha1-modp2048!
- esp=aes-sha1!
answered Nov 3 '18 at 7:29
Douglas KosovicDouglas Kosovic
36114
36114
aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
– Douglas Kosovic
Nov 3 '18 at 7:37
I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?
– Adriano Di Cara
Nov 4 '18 at 11:52
L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!
– Douglas Kosovic
Nov 5 '18 at 6:22
Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launchingecho "c myvpn" > /var/run/xl2tpd/l2tp-control
doesn't make available the ppp0 device I expect.
– Adriano Di Cara
Nov 5 '18 at 9:40
Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2
– Douglas Kosovic
Nov 5 '18 at 12:45
|
show 3 more comments
aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
– Douglas Kosovic
Nov 3 '18 at 7:37
I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?
– Adriano Di Cara
Nov 4 '18 at 11:52
L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!
– Douglas Kosovic
Nov 5 '18 at 6:22
Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launchingecho "c myvpn" > /var/run/xl2tpd/l2tp-control
doesn't make available the ppp0 device I expect.
– Adriano Di Cara
Nov 5 '18 at 9:40
Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2
– Douglas Kosovic
Nov 5 '18 at 12:45
aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
– Douglas Kosovic
Nov 3 '18 at 7:37
aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
– Douglas Kosovic
Nov 3 '18 at 7:37
I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?
– Adriano Di Cara
Nov 4 '18 at 11:52
I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?
– Adriano Di Cara
Nov 4 '18 at 11:52
L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!
– Douglas Kosovic
Nov 5 '18 at 6:22
L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!
– Douglas Kosovic
Nov 5 '18 at 6:22
Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launching
echo "c myvpn" > /var/run/xl2tpd/l2tp-control
doesn't make available the ppp0 device I expect.– Adriano Di Cara
Nov 5 '18 at 9:40
Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launching
echo "c myvpn" > /var/run/xl2tpd/l2tp-control
doesn't make available the ppp0 device I expect.– Adriano Di Cara
Nov 5 '18 at 9:40
Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2
– Douglas Kosovic
Nov 5 '18 at 12:45
Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2
– Douglas Kosovic
Nov 5 '18 at 12:45
|
show 3 more comments
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1089199%2fvpn-ipsec-psk-no-proposal-chosen%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown