What's new

IPSec VPN Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


Very Senior Member
Trying IPsec VPN Server On an RT-AX88U A3 for 3 days now and it seems attracting some visitors at least once a day from the same IP block. Is this a normal probe that eventually they'll figure it out? It's very simple to setup and the iOS phones has native clients built-in but eventually OPenVPN is where I'll settle which I think is safer as RMerlin constantly updates it. What do you think of the log?
Nov 26 19:27:07 08[NET] received packet: from[42261] to 100.xx.xx.xxx[500] (64 bytes)
Nov 26 19:27:07 08[ENC] parsed ID_PROT request 0 [ SA ]
Nov 26 19:27:07 08[IKE] is initiating a Main Mode IKE_SA
Nov 26 19:27:07 08[CFG] received proposals: IKE:CAST_CBC
Nov 26 19:27:07 08[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Nov 26 19:27:07 08[IKE] no proposal found
Nov 26 19:27:07 08[ENC] generating INFORMATIONAL_V1 request 3362235645 [ N(NO_PROP) ]
Nov 26 19:27:07 08[NET] sending packet: from 100.xx.xx.xxx[500] to[42261] (56 bytes)
That explains then at least a scanner with good purposes hopefully.:cool: I'm curious why the server is offering information to the scanner if that's what the last line is doing?
It's just responding to the client's query. Obviously the client is doing more that just probing to see if the port is open, it's also trying to identify which
ciphers are supported by your server (as any client would).


Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online