IPSec VPN Server

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.


Very Senior Member
Trying IPsec VPN Server On an RT-AX88U A3 for 3 days now and it seems attracting some visitors at least once a day from the same IP block. Is this a normal probe that eventually they'll figure it out? It's very simple to setup and the iOS phones has native clients built-in but eventually OPenVPN is where I'll settle which I think is safer as RMerlin constantly updates it. What do you think of the log?
Nov 26 19:27:07 08[NET] received packet: from[42261] to 100.xx.xx.xxx[500] (64 bytes)
Nov 26 19:27:07 08[ENC] parsed ID_PROT request 0 [ SA ]
Nov 26 19:27:07 08[IKE] is initiating a Main Mode IKE_SA
Nov 26 19:27:07 08[CFG] received proposals: IKE:CAST_CBC
Nov 26 19:27:07 08[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Nov 26 19:27:07 08[IKE] no proposal found
Nov 26 19:27:07 08[ENC] generating INFORMATIONAL_V1 request 3362235645 [ N(NO_PROP) ]
Nov 26 19:27:07 08[NET] sending packet: from 100.xx.xx.xxx[500] to[42261] (56 bytes)


Part of the Furniture
That explains then at least a scanner with good purposes hopefully.:cool: I'm curious why the server is offering information to the scanner if that's what the last line is doing?
It's just responding to the client's query. Obviously the client is doing more that just probing to see if the port is open, it's also trying to identify which
ciphers are supported by your server (as any client would).


Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!