Community discussions

MikroTik App
 
mmee
just joined
Topic Author
Posts: 8
Joined: Sat Aug 28, 2021 8:30 am
Location: Estonia

L2TP/IPSec VPN - <random ip> failed to get valid proposal.

Tue Jan 11, 2022 10:39 am

Hi,

I have a working L2TP with IPSec configuration on my RB4011, but the following error messages appears few times per day from some random IP addresses. Are they just harmless port scanning or show some security hole? Password and preshared key are complex enough. I'm using the built-in <sn>.sn.mynetname.net domain name to reach VPN service from outside. (RouterOS: 6.48.6)

10:00:03 ipsec,info respond new phase 1 (Identity Protection): ${MY_IP}[500]<=>64.62.197.34[16124]
10:00:03 ipsec SPI size isn't zero, but IKE proposal.
10:00:03 ipsec invalid encryption algorithm=6.
10:00:03 ipsec no Proposal found.
10:00:03 ipsec,error 64.62.197.34 failed to get valid proposal.
10:00:03 ipsec,error 64.62.197.34 failed to pre-process ph1 packet (side: 1, status 1).
10:00:03 ipsec,error 64.62.197.34 phase1 negotiation failed.
Thanks for any reply!
 
User avatar
drasir
just joined
Posts: 24
Joined: Sat Sep 11, 2021 4:48 pm

Re: L2TP/IPSec VPN - <random ip> failed to get valid proposal.  [SOLVED]

Tue Jan 11, 2022 9:02 pm

There are some "organisations" that do attempt ipsec connections.. Netscout, Shadow Server etc. Your IP tried testing my router as well, i just add all connection attempts to a firewall drop rule via an address-list..

Those are mine so far:

216.218.0.0/16
46.88.240.0/24
74.82.47.0/24
65.49.20.0/24
184.105.0.0/16
64.62.197.0/24
27.115.124.0/24
47.242.35.0/24
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: L2TP/IPSec VPN - <random ip> failed to get valid proposal.

Tue Jan 11, 2022 10:32 pm

is it necessary? What I'm after is, I wanna know CPU-wise is worth it to add a list and drop rule? Let them try :d
 
mmee
just joined
Topic Author
Posts: 8
Joined: Sat Aug 28, 2021 8:30 am
Location: Estonia

Re: L2TP/IPSec VPN - <random ip> failed to get valid proposal.

Wed Jan 12, 2022 11:24 am

Thanks drasir for the list! I had started to collect them at the beginning, but after 3 or 4 addresses, I thought it's endless.

I made the following changes, might be it will be useful for others too. "log" part can be removed from the filter if you are not interested how it is working.
/ip firewall address-list
add address=216.218.0.0/16 list=vpn_block
add address=46.88.240.0/24 list=vpn_block
add address=74.82.47.0/24 list=vpn_block
add address=65.49.20.0/24 list=vpn_block
add address=184.105.0.0/16 list=vpn_block
add address=64.62.197.0/24 list=vpn_block
add address=27.115.124.0/24 list=vpn_block
add address=47.242.35.0/24 list=vpn_block
/ip firewall filter
add action=drop chain=input log=yes log-prefix=vpn_drop_from_list src-address-list=vpn_block
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: L2TP/IPSec VPN - <random ip> failed to get valid proposal.

Wed Jan 12, 2022 11:37 am

...
If you are after the best practice for this. there are scripts in the forum that can read log entries and add the src address to your black list.
 
User avatar
inteq
Member
Member
Posts: 406
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: L2TP/IPSec VPN - <random ip> failed to get valid proposal.

Wed Jan 12, 2022 3:16 pm

...
If you are after the best practice for this. there are scripts in the forum that can read log entries and add the src address to your black list.
Can you point us to one of those?
I looked and came up empty.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: L2TP/IPSec VPN - <random ip> failed to get valid proposal.

Wed Jan 12, 2022 3:38 pm

 
User avatar
drasir
just joined
Posts: 24
Joined: Sat Sep 11, 2021 4:48 pm

Re: L2TP/IPSec VPN - <random ip> failed to get valid proposal.

Wed Jan 12, 2022 11:40 pm

Is it necessary? I guess not.

Do i get instant satisfaction in knowing that my router does not appear in their lists: Yes! :-)
 
User avatar
inteq
Member
Member
Posts: 406
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: L2TP/IPSec VPN - <random ip> failed to get valid proposal.

Thu Jan 13, 2022 3:15 am

Thank you
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: L2TP/IPSec VPN - <random ip> failed to get valid proposal.

Thu Jan 13, 2022 10:02 am

YVW.

Who is online

Users browsing this forum: lktompkins and 75 guests