Sorry, I didn't see this earlier.. My script would not apply to Cisco IPSec, as it doesn't use the same proprietary connection as the Linksys.

As you mention, Cisco has a Mac VPN client. That's probably the best supported option. Other than that, the Mac OS VPN client might work, depending on how the cisco is set up. Some great VPN client GUIs to try are IPSecuritas and VPN Tracker. IPSecuritas is free and works with many VPNs, VPN Tracker works with even more, but costs money.

BTW, in my wrvinit.sh file I have these as my settings...

UserID=******
Passwd=******
VPNGW=66.15.XXX.XXX
PNET=192.168.0.0/24

The PNET is the one that concerns me.

Does the Linksys show that the client is connected in its VPN client status view?
Are you sure the router you're connecting through allows IPSec to pass? I have ran into several that filter out IPSec.


I put up a www page with the script, and a bit more information here:

http://ignasiak.googlepages.com/macosxipsectowrv54g

That is a reasonable setting.. The first admin page on your router shows the correct settings as "Local IP Address" and "Subnet Mask". On that same page, at the top in the "Internet Connection Type" area it should show the external IP address of your router, which should match the VPNGW setting.

Your settings would be 192.168.0.{something} and 255.255.255.0
and, all the systems on your LAN would have addresses like 192.168.0.*

No, it shows me disconnected.


I am currently testing this while I am behind a WRV54G at home, trying to connect to the WRV54G at the office. I don't necessarily want to set up a network to network VPN because I want to set up my laptop to access the office from wherever I am.


Maybe the problem is in the Phase 2 setting that won't stay at MD5? I was going to upgrade the firmware on the router, but I'm remote from the office today trying to get this working.

I think this means that the initial SSL session for user authentication failed. Make sure the username/password are correct on your work router that you're connecting to (re-enter them to make sure).

If possible, try connecting from a Windows machine with Linksys QuickVPN, as a sanity check.

I've double-checked. Attached to this post is a text file showing my last attempt to connect. I ran the script, then I tried to connect to a server behind the VPN.


I thought of that yesterday, unfortunately I lost the CDs that came with the routers and I couldn't find the software on Linksys' web site.

Thank you, btw, for taking the time to help me.

The connection log shows phase 2 was cancelled because of phase 1 timeout (i.e. no response to phase 1). This could be because of improper credentials or because of the connection being filtered. I use tcpdump to see if there are any response packets from the VPN gateway.

A google search turned up this link for QuickVPN: ftp://ftp.linksys.com/pub/network/Li...ckVPN_1028.exe

Thank you!

Sure enough even the QuickVPN fails. I've verified the username and password, though, and the server address is certainly correct, I also turned off the Windows firewall. Tomorrow I'll try this out not from home to see if my home WRV54G router is causing the problem.

Maybe I need to contact Linksys too.

I just wanted to update this thread that I cannot get QuickVPN to connect to my router. I've turned on syslog and I don't get anything appearing there when I try to log in but QuickVPN reports that the "remote gateway is not responding".

I'm going to contact Linksys support and see if they can help me.

Has anyone tried the script or other software to connect to the new Linksys WRVS4400N?

tji or others, have you any good links or book recommendations for reading about IPSec?
Thx,

Can not get script to run.
 

Well i was very happy to have found that I was the only one not able to connect to the Linksys VPN. I downloaded your latest file and tried to run it. But not luck. If I run it without sude I get "Permisions Denied" which i expect. When i run it with Sudo I get "Command not found." Any ideas? Maybe I am running sudo wrong. I have tried many ways and none seem to work.

It's hard to say what's wrong without more debugging information.


All that should be required is:

- Customize the file with your settings

- run it with the command "sudo ./wrvinit.sh"

good luck.

I am trying right now with no luck. Kudos to the original autor of the script for the work and putting up the nice web link with more details.

I'm trying to get a MacBook Pro to VPN into a Linksys WRVS4400N. I've got an added complication in that I am trying to get in via a cell phone connection, so the script appears to run into trouble right at the beginning when it tries to determine the local ip address to use.

For testing purposes I edited the script to force the ip address on _en1 with what Network Utility reports.

That gets me past the no ipaddress to feed into the variable further down the script, but then I get:

line 3: syntax error at [.255.255.0].

I managed to get past that by changing the PNET to 192.168.0.1/24.

Next issue, which I think is the deal killer here is that it appears Linksys may have changed the format for the connection url or something along those lines. I had to turn off the -q in the wget command to open the connection. The resulting output ends in: "Unsupported scheme."

I'm a real novice at this, so really just shooting in the dark. Manually putting in my local ip on the cellular modem connection isn't a big deal, but I'm not even sure I'm going down the right path with that problem. The unsupported scheme can probably be figured out, but how do you go find the format QuickVPN is using with the new 4400N device

Here's the output I am getting out of the script after my modifications...below that I'll post the output before I modified anything other than the required personal values:

sudo ./wrvinit.sh
Password:
Using the wireless ethernet, en1. Local Address: XX.XXX.XXX.XXX
https://MYNAME:MYPASSWORD@XX.XX.XX.X...X?USER=MYNAME: Unsupported scheme.
Foreground mode.
2007-03-24 17:09:11: INFO: main.c:176:main(): @(#)racoon 20001216 20001216 sakane@kame.net
2007-03-24 17:09:11: INFO: main.c:177:main(): @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)
2007-03-24 17:09:11: DEBUG: pfkey.c:371:pfkey_init(): call pfkey_send_register for AH
2007-03-24 17:09:11: DEBUG: pfkey.c:371:pfkey_init(): call pfkey_send_register for ESP
2007-03-24 17:09:11: DEBUG: pfkey.c:371:pfkey_init(): call pfkey_send_register for IPCOMP
2007-03-24 17:09:11: DEBUG: cftoken.l:567:yycf_set_buffer(): reading config file /etc/racoon/wrv_racoon.conf
2007-03-24 17:09:11: DEBUG: pfkey.c:2292:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't support it.
2007-03-24 17:09:11: ERROR: isakmp.c:1559:isakmp_setup_socket(): failed to bind (Can't assign requested address).
2007-03-24 17:09:11: ERROR: isakmp.c:1646:isakmp_open(): no address could be bound.

Here's the ouput showing no ip address obtained on e1 or e0 automatically:

sudo ./wrvinit2.sh
Password:
Using the wired ethernet port, en0. Local Address:
Using the wireless ethernet, en1. Local Address:
line 3: syntax error at [32]
parse failed, line 3.
Foreground mode.
2007-03-24 17:26:42: INFO: main.c:176:main(): @(#)racoon 20001216
20001216 sakane@kame.net
2007-03-24 17:26:42: INFO: main.c:177:main(): @(#)This product linked
OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)
2007-03-24 17:26:42: DEBUG: pfkey.c:371:pfkey_init(): call
pfkey_send_register for AH
2007-03-24 17:26:42: DEBUG: pfkey.c:371:pfkey_init(): call
pfkey_send_register for ESP
2007-03-24 17:26:42: DEBUG: pfkey.c:371:pfkey_init(): call
pfkey_send_register for IPCOMP
2007-03-24 17:26:42: DEBUG: cftoken.l:567:yycf_set_buffer(): reading
config file /etc/racoon/wrv_racoon.conf
2007-03-24 17:26:42: ERROR: cftoken.l:484:yyerror():
/etc/racoon/wrv_racoon.conf:42: "32" syntax error
2007-03-24 17:26:42: ERROR: cfparse.y:1394:cfparse(): fatal parse
failure (1 errors)
racoon: failed to parse configuration file.

Sound like you don't have wget program installed...?

After giving this more thought, I think I'm down the wrong path with that. Does anyone know the adapter name of a modem connection? Scrolling through my Network Utility I don't see any that give the proper ip_address for my mobile cell connection.

I've tried getting ipconfig getifaddr on all the en and ppp adapters listed in Netstat routing tables.

"ifconfig" will show a listing of all your interface names and addresses.

You might be better off trying to simplify the testing first. Such as, trying the VPN connection through a WiFi connection first, then trying the cellular modem once you confirm the basics are working.

Thanks for the response. I actually tried to find an open wifi other than my own network to test it just that way, but no luck in my neighborhood, and hadn't had a chance to work on this more this week.

i did just try ifconfig (thanks for that tip) and I think it confirmed what I suspected (ppp0) is what I want to bind to, but modifying the script to look at ppp0 instead of en0 produces a syntax error and parse failed error in line 3.

Here's the output from ifconfig for the only adapter that doesn't list as closed or inactive:

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 75.xxx.xxx.20 --> 66.xx.xx.69 netmask 0xff000000

I'll keep looking for another network to get in on and make sure everything else is copacetic, but I'm in trouble if I can't get past this inability to log in via cellular. May have to get a new VPN router. Darn hard finding anything that works nicely with a MAC that isn't just passthrough or pptp.


EDIT: I tried the script as is (with just my personal information edited into it) from behind work's router - I can't connect, but that surely is a firewall issue. As far as the script running and binding to the adapter properly, all goes well, no error messages, no parse failure messages. Seems for sure trying to bind to the ppp0 is the problem.

I'll still look for an open wifi (wardriving anyone?) just to test my router setup works.

I was finally able to do this, and not working. That was frustrating. The Linksys site implies that QuickVPN is the same for all its routers that support it, so I fully expected no problems. QuickVPN client from a Virtual Machine (Parallels) does connect successfully, even over cellular modem. If you have any ideas, I'd really appreciate it.

The script appears to run flawlessly using Wifi, attaching to en1 and sending off information to the router, but then eventually times out with no phase 1 response from the router. The router even logs some activity on the VPN, but never responds to negotiation.

Are the ports here accurate (ie, 500? I thought QuickVPN did something on 443.) Also, totally unrelated to the script, but reading the QuickVPN FAQ on Linksys, it claims that QuickVPN changes the internal lan ip addresses to 10.x.x.x, which will mess up internal devices on the lan with fixed ips. Is that your experience?

Here's the router log sample (ip addresses changed to protect the innocent):

Apr 2 14:35:51 - [VPN Log]: packet from 17.255.240.94:4865: received Vendor ID payload [RFC 3947] method set to=109
Apr 2 14:35:51 - [VPN Log]: packet from 17.255.240.94:4865: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Apr 2 14:35:51 - [VPN Log]: packet from 17.255.240.94:4865: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Apr 2 14:35:51 - [VPN Log]: packet from 17.255.240.94:4865: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Apr 2 14:35:51 - [VPN Log]: packet from 17.255.240.94:4865: initial Main Mode message received on 92.124.23.44:500 but no connection has been authorized

Here's the output from wrvinit (note, the times are off by an hour, but it's the same session - looks the router has not adjusted for time change):

sudo ./wrvinit2.sh
Password:
Using the wireless ethernet, en1. Local Address: 10.232.23.83
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:02:30 --:--:-- 0
curl: (52) Empty reply from server
Foreground mode.
2007-04-02 15:31:21: INFO: main.c:176:main(): @(#)racoon 20001216 20001216 sakane@kame.net
2007-04-02 15:31:21: INFO: main.c:177:main(): @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)
2007-04-02 15:31:21: DEBUG: pfkey.c:371:pfkey_init(): call pfkey_send_register for AH
2007-04-02 15:31:21: DEBUG: pfkey.c:371:pfkey_init(): call pfkey_send_register for ESP
2007-04-02 15:31:21: DEBUG: pfkey.c:371:pfkey_init(): call pfkey_send_register for IPCOMP
2007-04-02 15:31:21: DEBUG: cftoken.l:567:yycf_set_buffer(): reading config file /etc/racoon/wrv_racoon.conf
2007-04-02 15:31:21: DEBUG: pfkey.c:2292:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't support it.
2007-04-02 15:31:21: DEBUG: isakmp.c:1611:isakmp_open(): 10.232.23.83[500] used as isakmp port (fd=7)
2007-04-02 15:31:21: DEBUG: isakmp.c:1629:isakmp_open(): 10.232.23.83[4500] used as nat-t isakmp port (fd=8)
2007-04-02 15:31:21: DEBUG: pfkey.c:195:pfkey_handler(): get pfkey X_SPDDUMP message
2007-04-02 15:31:21: DEBUG: pfkey.c:195:pfkey_handler(): get pfkey X_SPDDUMP message
2007-04-02 15:31:21: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbffff8c8: 10.232.23.83/32[0] 192.168.1.0/24[0] proto=any dir=out
2007-04-02 15:31:21: DEBUG: policy.c:185:cmpspidxstrict(): db :0x306db8: 192.168.1.0/24[0] 10.232.23.83/32[0] proto=any dir=in
2007-04-02 15:33:42: DEBUG: pfkey.c:195:pfkey_handler(): get pfkey ACQUIRE message
2007-04-02 15:33:42: DEBUG: pfkey.c:1567:pk_recvacquire(): suitable outbound SP found: 10.232.23.83/32[0] 192.168.1.0/24[0] proto=any dir=out.
2007-04-02 15:33:42: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbffff8b4: 192.168.1.0/24[0] 10.232.23.83/32[0] proto=any dir=in
2007-04-02 15:33:42: DEBUG: policy.c:185:cmpspidxstrict(): db :0x306db8: 192.168.1.0/24[0] 10.232.23.83/32[0] proto=any dir=in
2007-04-02 15:33:42: DEBUG: pfkey.c:1583:pk_recvacquire(): suitable inbound SP found: 192.168.1.0/24[0] 10.232.23.83/32[0] proto=any dir=in.
2007-04-02 15:33:42: DEBUG: pfkey.c:1622:pk_recvacquire(): new acquire 10.232.23.83/32[0] 192.168.1.0/24[0] proto=any dir=out
2007-04-02 15:33:42: DEBUG: proposal.c:826:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-04-02 15:33:42: DEBUG: proposal.c:860:printsatrns(): (trns_id=3DES encklen=0 authtype=1)
2007-04-02 15:33:42: DEBUG: remoteconf.c:118:getrmconf(): configuration found for 92.124.23.44.
2007-04-02 15:33:42: INFO: isakmp.c:2047:isakmp_post_acquire(): IPsec-SA request for 92.124.23.44 queued due to no phase1 found.
2007-04-02 15:33:42: DEBUG: isakmp.c:1028:isakmp_ph1begin_i(): ===
2007-04-02 15:33:42: INFO: isakmp.c:1033:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 10.232.23.83[500]<=>92.124.23.44[500]
2007-04-02 15:33:42: INFO: isakmp.c:1038:isakmp_ph1begin_i(): begin Identity Protection mode.
2007-04-02 15:33:42: DEBUG: isakmp.c:2359:isakmp_newcookie(): new cookie:
d7977a86364fa7c0
2007-04-02 15:33:42: DEBUG: isakmp.c:2476:set_isakmp_payload(): add payload of len 48, next type 13
2007-04-02 15:33:42: DEBUG: isakmp.c:2476:set_isakmp_payload(): add payload of len 16, next type 13
2007-04-02 15:33:42: DEBUG: isakmp.c:2476:set_isakmp_payload(): add payload of len 16, next type 13
2007-04-02 15:33:42: DEBUG: isakmp.c:2476:set_isakmp_payload(): add payload of len 16, next type 13
2007-04-02 15:33:42: DEBUG: isakmp.c:2476:set_isakmp_payload(): add payload of len 16, next type 0
2007-04-02 15:33:42: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.232.23.83[500]
2007-04-02 15:33:42: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.232.23.83[500]
2007-04-02 15:33:42: DEBUG: sockmisc.c:425:sendfromto(): send packet to 92.124.23.44[500]
2007-04-02 15:33:42: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 160 bytes message will be sent to 10.232.23.83[500]
2007-04-02 15:33:42: DEBUG: plog.c:199:plogdump():
d7977a86 364fa7c0 00000000 00000000 01100200 00000000 000000a0 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080
80010005 80030001 80020001 80040002 0d000014 4a131c81 07035845 5c5728f2
0e95452f 0d000014 4df37928 e9fc4fd1 b3262170 d515c662 0d000014 cd604643
35df21f8 7cfdb2fc 68b6a448 00000014 90cb8091 3ebb696e 086381b5 ec427b1f
2007-04-02 15:33:42: DEBUG: isakmp.c:1803:isakmp_ph1resend(): resend phase1 packet d7977a86364fa7c0:0000000000000000
2007-04-02 15:33:53: DEBUG: grabmyaddr.c:340:update_myaddrs(): msg 5 not interesting
2007-04-02 15:33:56: DEBUG: grabmyaddr.c:340:update_myaddrs(): msg 5 not interesting
2007-04-02 15:34:02: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.232.23.83[500]
2007-04-02 15:34:02: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.232.23.83[500]
2007-04-02 15:34:02: DEBUG: sockmisc.c:425:sendfromto(): send packet to 92.124.23.44[500]
2007-04-02 15:34:02: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 160 bytes message will be sent to 10.232.23.83[500]
2007-04-02 15:34:02: DEBUG: plog.c:199:plogdump():
d7977a86 364fa7c0 00000000 00000000 01100200 00000000 000000a0 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080
80010005 80030001 80020001 80040002 0d000014 4a131c81 07035845 5c5728f2
0e95452f 0d000014 4df37928 e9fc4fd1 b3262170 d515c662 0d000014 cd604643
35df21f8 7cfdb2fc 68b6a448 00000014 90cb8091 3ebb696e 086381b5 ec427b1f
2007-04-02 15:34:02: DEBUG: isakmp.c:1803:isakmp_ph1resend(): resend phase1 packet d7977a86364fa7c0:0000000000000000
2007-04-02 15:34:02: DEBUG: grabmyaddr.c:340:update_myaddrs(): msg 5 not interesting
2007-04-02 15:34:13: ERROR: isakmp.c:2139:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP 92.124.23.44->10.232.23.83
2007-04-02 15:34:13: INFO: isakmp.c:2144:isakmp_chkph1there(): delete phase 2 handler.
2007-04-02 15:34:14: DEBUG: grabmyaddr.c:340:update_myaddrs(): msg 5 not interesting
2007-04-02 15:34:14: DEBUG: pfkey.c:195:pfkey_handler(): get pfkey ACQUIRE message
2007-04-02 15:34:14: DEBUG: pfkey.c:1567:pk_recvacquire(): suitable outbound SP found: 10.232.23.83/32[0] 192.168.1.0/24[0] proto=any dir=out.
2007-04-02 15:34:14: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbffff8b4: 192.168.1.0/24[0] 10.232.23.83/32[0] proto=any dir=in
2007-04-02 15:34:14: DEBUG: policy.c:185:cmpspidxstrict(): db :0x306db8: 192.168.1.0/24[0] 10.232.23.83/32[0] proto=any dir=in
2007-04-02 15:34:14: DEBUG: pfkey.c:1583:pk_recvacquire(): suitable inbound SP found: 192.168.1.0/24[0] 10.232.23.83/32[0] proto=any dir=in.
2007-04-02 15:34:14: DEBUG: pfkey.c:1622:pk_recvacquire(): new acquire 10.232.23.83/32[0] 192.168.1.0/24[0] proto=any dir=out
2007-04-02 15:34:14: DEBUG: proposal.c:826:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-04-02 15:34:14: DEBUG: proposal.c:860:printsatrns(): (trns_id=3DES encklen=0 authtype=1)
2007-04-02 15:34:14: DEBUG: remoteconf.c:118:getrmconf(): configuration found for 92.124.23.44.
2007-04-02 15:34:14: INFO: isakmp.c:2066:isakmp_post_acquire(): request for establishing IPsec-SA was queued due to no phase1 found.
2007-04-02 15:34:22: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.232.23.83[500]
2007-04-02 15:34:22: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.232.23.83[500]
2007-04-02 15:34:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to 92.124.23.44[500]
2007-04-02 15:34:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 160 bytes message will be sent to 10.232.23.83[500]
2007-04-02 15:34:22: DEBUG: plog.c:199:plogdump():
d7977a86 364fa7c0 00000000 00000000 01100200 00000000 000000a0 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080
80010005 80030001 80020001 80040002 0d000014 4a131c81 07035845 5c5728f2
0e95452f 0d000014 4df37928 e9fc4fd1 b3262170 d515c662 0d000014 cd604643
35df21f8 7cfdb2fc 68b6a448 00000014 90cb8091 3ebb696e 086381b5 ec427b1f
2007-04-02 15:34:22: DEBUG: isakmp.c:1803:isakmp_ph1resend(): resend phase1 packet d7977a86364fa7c0:0000000000000000
2007-04-02 15:34:38: DEBUG: grabmyaddr.c:340:update_myaddrs(): msg 5 not interesting
2007-04-02 15:34:38: DEBUG: pfkey.c:195:pfkey_handler(): get pfkey ACQUIRE message
2007-04-02 15:34:38: DEBUG: pfkey.c:1551:pk_recvacquire(): ignore the acquire because ph2 found
2007-04-02 15:34:42: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.232.23.83[500]
2007-04-02 15:34:42: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.232.23.83[500]
2007-04-02 15:34:42: DEBUG: sockmisc.c:425:sendfromto(): send packet to 92.124.23.44[500]
2007-04-02 15:34:42: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 160 bytes message will be sent to 10.232.23.83[500]
2007-04-02 15:34:42: DEBUG: plog.c:199:plogdump():
d7977a86 364fa7c0 00000000 00000000 01100200 00000000 000000a0 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080
80010005 80030001 80020001 80040002 0d000014 4a131c81 07035845 5c5728f2
0e95452f 0d000014 4df37928 e9fc4fd1 b3262170 d515c662 0d000014 cd604643
35df21f8 7cfdb2fc 68b6a448 00000014 90cb8091 3ebb696e 086381b5 ec427b1f
2007-04-02 15:34:42: DEBUG: isakmp.c:1803:isakmp_ph1resend(): resend phase1 packet d7977a86364fa7c0:0000000000000000
2007-04-02 15:34:45: ERROR: isakmp.c:2139:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP 92.124.23.44->10.232.23.83
2007-04-02 15:34:45: INFO: isakmp.c:2144:isakmp_chkph1there(): delete phase 2 handler.
2007-04-02 15:35:02: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.232.23.83[500]
2007-04-02 15:35:02: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.232.23.83[500]
2007-04-02 15:35:02: DEBUG: sockmisc.c:425:sendfromto(): send packet to 92.124.23.44[500]
2007-04-02 15:35:02: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 160 bytes message will be sent to 10.232.23.83[500]
2007-04-02 15:35:02: DEBUG: plog.c:199:plogdump():
d7977a86 364fa7c0 00000000 00000000 01100200 00000000 000000a0 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080
80010005 80030001 80020001 80040002 0d000014 4a131c81 07035845 5c5728f2
0e95452f 0d000014 4df37928 e9fc4fd1 b3262170 d515c662 0d000014 cd604643
35df21f8 7cfdb2fc 68b6a448 00000014 90cb8091 3ebb696e 086381b5 ec427b1f
2007-04-02 15:35:02: DEBUG: isakmp.c:1803:isakmp_ph1resend(): resend phase1 packet d7977a86364fa7c0:0000000000000000
2007-04-02 15:35:22: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.232.23.83[500]
2007-04-02 15:35:22: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.232.23.83[500]
2007-04-02 15:35:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to 92.124.23.44[500]
2007-04-02 15:35:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 160 bytes message will be sent to 10.232.23.83[500]
2007-04-02 15:35:22: DEBUG: plog.c:199:plogdump():
d7977a86 364fa7c0 00000000 00000000 01100200 00000000 000000a0 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080
80010005 80030001 80020001 80040002 0d000014 4a131c81 07035845 5c5728f2
0e95452f 0d000014 4df37928 e9fc4fd1 b3262170 d515c662 0d000014 cd604643
35df21f8 7cfdb2fc 68b6a448 00000014 90cb8091 3ebb696e 086381b5 ec427b1f
2007-04-02 15:35:22: DEBUG: isakmp.c:1803:isakmp_ph1resend(): resend phase1 packet d7977a86364fa7c0:0000000000000000
2007-04-02 15:35:42: ERROR: isakmp.c:1791:isakmp_ph1resend(): phase1 negotiation failed due to time up. d7977a86364fa7c0:0000000000000000
^C2007-04-02 15:40:31: INFO: session.c:331:check_sigreq(): caught signal 2
2007-04-02 15:40:31: DEBUG: pfkey.c:195:pfkey_handler(): get pfkey FLUSH message
2007-04-02 15:40:32: DEBUG: pfkey.c:271:pfkey_dump_sadb(): call pfkey_send_dump
2007-04-02 15:40:32: INFO: session.c:199:close_session(): racoon shutdown

Well, I'm not quite ready to give up on this script, since it seems like it should work, and it bugs me when things that should work don't.

BUT, for those looking to get their Macs connected to the WRVS4400N, good news. Despite past failures with both IPSecuritas IPSecuritas and VPNTracker, I've managed to get them working now. It must have been user error on my first attempts.

To get either working, forget about the QuickVPN tab in your Router completely. You must set up full IPSec tunnel. In VPNTracker, you need to create a new device under the Other tab, you can't use the LinkSys tab, none of the devices there will work. Once you've created the new device, then just set up each part of the connection tab to match all the settings on the basic IPSec Tunnel page, AND the ADVANCED button for Phase1 and Phase2 negotiations. Works perfectly. Same basic setup in IPSecuritas (which I recommend, because it's Free/Donationware). I also like that IPSecuritas has a widget and menu bar icon for quick connections.

Back to this script we've been posting about, I'm able to setup IPSec VPN over my cellphone modem with both the above programs; so there still seems to be a major roadblock with this script's handling of binding to the proper ipaddress which is ppp(0), but which is also reflected in Network Utilitiy as rolling into both en(1) and en(2).