Community discussions

MikroTik App
 
digit
just joined
Topic Author
Posts: 22
Joined: Thu Apr 01, 2010 7:07 pm

IPSec error payload missing: ID_R

Wed Mar 21, 2018 2:34 am

Mikrotik to SonicWall IPSEC

Mikrotik error "Payload missing: ID_R" need help !!!


SonicWall
General
######
Site to Site
IKE using Preshared Secret
Shared Secret: 123test
Local IKE ID: Firewall Identifier: 123test
Peer IKE ID: Firewall Identifier: 123test

Proposal
#######
IKE (Phase 1) Proposal

Exchange: IKEv2 Mode
DH Group: Group 2
Encryption: 3DES
Authentication: SHA1

PFS unchecked

Lifetime: 28800

Mikrotik config (only phase 1 for now)
# mar/21/2018 17:47:17 by RouterOS 6.41.3
# software id = 8EQD-U7QY
#
# model = RouterBOARD 750G r3
# serial number = xxxxxxxxxxxxxxxxxxx
/ip ipsec peer
add address=[peer public ip]/32 dh-group=modp1024 enc-algorithm=3des exchange-mode=ike2 lifetime=8h my-id=key-id:123test secret=123test

log obfuscated
LOCAL PUBLIC IP: 1.1.1.1
REMOTE PUBLIC IP: 2.2.2.2

17:34:22 ipsec,debug ===== sending 292 bytes from 1.1.1.1[4500] to 2.2.2.2[4500]
17:34:22 ipsec,debug 1 times of 296 bytes message will be sent to 2.2.2.2[4500]
17:34:22 ipsec,debug ===== received 317 bytes from 2.2.2.2[4500] to 1.1.1.1[4500]
17:34:22 ipsec,debug 2a6775d0ad2aa7887c33fe1d68baf308966f0001
17:34:22 ipsec,debug => shared secret (size 0x80)
17:34:22 ipsec,debug xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
17:34:22 ipsec,debug xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
17:34:22 ipsec,debug xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
17:34:22 ipsec,debug xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
17:34:22 ipsec,debug => skeyseed (size 0x14)
17:34:22 ipsec,debug 2577407e b774290d 3e39eb4b 707c20d6 230ef24d
17:34:22 ipsec,debug => keymat (size 0x14)
17:34:22 ipsec,debug 624ce5f0 08623e82 87b28d17 27113d02 06b0c7b1
17:34:22 ipsec,debug => SK_ai (size 0x14)
17:34:22 ipsec,debug d2fcfce0 d2cd6146 1abd8150 8d890031 f3bac165
17:34:22 ipsec,debug => SK_ar (size 0x14)
17:34:22 ipsec,debug 5c0762a7 873595aa 5f7da9f2 2ba02666 ad1b4b4a
17:34:22 ipsec,debug => SK_ei (size 0x18)
17:34:22 ipsec,debug 75d1a8e3 954ad272 8c776663 aafd9d01 ecd0f694 b62b2a35
17:34:22 ipsec,debug => SK_er (size 0x18)
17:34:22 ipsec,debug 84fcc538 976c2fdf f442018e 72136907 b0f501d4 54f71a51
17:34:22 ipsec,debug => SK_pi (size 0x14)
17:34:22 ipsec,debug 5fc31380 08e5989e 23d7a820 1c11dca1 0d328d03
17:34:22 ipsec,debug => SK_pr (size 0x14)
17:34:22 ipsec,debug 46348d04 fa37f11a 0f1c2387 1db3ccf2 abb4002a
17:34:22 ipsec,info new ike2 SA (I): 1.1.1.1[4500]-2.2.2.2[4500] spi:5cf4c94886a6b4d4:0a004c31a26458fb
17:34:22 ipsec,debug c7fc48aefca0df916f8f74eb65c5e0d524f6d98e
17:34:22 ipsec,debug 7976fefe3e79c301fed37cd30b39aee781d297a8
17:34:22 ipsec,debug => auth nonce (size 0x14)
17:34:22 ipsec,debug 9697d571 77b90034 fca051b4 5732754f 68c93263
17:34:22 ipsec,debug => SK_p (size 0x14)
17:34:22 ipsec,debug 5fc31380 08e5989e 23d7a820 1c11dca1 0d328d03
17:34:22 ipsec,debug => idhash (size 0x14)
17:34:22 ipsec,debug bb65a017 adb8e84b c9c15df7 9afca8fa f4d67361
17:34:22 ipsec,debug => my auth (size 0x14)
17:34:22 ipsec,debug xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
17:34:22 ipsec,debug => (size 0x11)
17:34:22 ipsec,debug 00000011 0b000000 43686162 6f743831 38
17:34:22 ipsec,debug => (size 0x1c)
17:34:22 ipsec,debug 0000001c 02000000 f43d1401 d278b36f 2e186170 7f4cd9be 1c770aef
17:34:22 ipsec,debug => (size 0x44)
17:34:22 ipsec,debug 00000044 00000040 01030405 067d0e4e 0300000c 0100000c 800e0100 0300000c
17:34:22 ipsec,debug 0100000c 800e00c0 0300000c 0100000c 800e0080 03000008 03000002 00000008
17:34:22 ipsec,debug 05000000
17:34:22 ipsec,debug => (size 0x18)
17:34:22 ipsec,debug 00000018 01000000 07000010 0000ffff 2d4919b2 2d4919b2
17:34:22 ipsec,debug => (size 0x18)
17:34:22 ipsec,debug 00000018 01000000 07000010 0000ffff 42aba3c2 42aba3c2
17:34:22 ipsec,debug ===== sending 356 bytes from 1.1.1.1[4500] to 2.2.2.2[4500]
17:34:22 ipsec,debug 1 times of 360 bytes message will be sent to 2.2.2.2[4500]
17:34:22 ipsec,debug ===== received 68 bytes from 2.2.2.2[4500] to 1.1.1.1[4500]
17:34:22 ipsec,debug => iv (size 0x8)
17:34:22 ipsec,debug 4559965b 17b5afb3
17:34:22 ipsec,debug => plain payload (trimmed) (size 0x8)
17:34:22 ipsec,debug 00000008 00000026
17:34:22 ipsec,debug decrypted
17:34:22 ipsec,error payload missing: ID_R
17:34:22 ipsec,debug ===== sending 68 bytes from 1.1.1.1[4500] to 2.2.2.2[4500]
17:34:22 ipsec,debug 1 times of 72 bytes message will be sent to 2.2.2.2[4500]
17:34:22 ipsec,info killing ike2 SA: 1.1.1.1[4500]-REMOREIP[4500] spi:5cf4c94886a6b4d4:0a004c31a26458fb
Last edited by digit on Wed Mar 21, 2018 11:48 pm, edited 2 times in total.
 
User avatar
emils
Forum Veteran
Forum Veteran
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: IPSec error payload missing: ID_R

Wed Mar 21, 2018 9:21 am

Please make sure you are running the latest current version of RouterOS. If so, enable IPsec debug logs (/system logging add topics=ipsec,!packet) and post them. Also include full IPsec configuration using /ip ipsec export.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IPSec error payload missing: ID_R

Wed Mar 21, 2018 10:09 am

Not familiar with SonicWall, but if a device calls it "IKE" it suggests it is IKEv1 - which is logical as before IKEv2 has been introduced, there was no reason to use the "v1".

For similar reason (before IKEv2), and simplifying a bit, Mikrotik calls IKEv1 "main".

So change the mode at Mikrotik from "IKEv2" to "main" and try again.
 
digit
just joined
Topic Author
Posts: 22
Joined: Thu Apr 01, 2010 7:07 pm

Re: IPSec error payload missing: ID_R

Wed Mar 21, 2018 11:45 pm

Admin, I have edited my post with log output and config

Sindy see "proposal detail" for IKEv2 config
 
User avatar
emils
Forum Veteran
Forum Veteran
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: IPSec error payload missing: ID_R

Fri Mar 23, 2018 11:05 am

Please send supout.rif file with full debug logs enabled (/system logging add topics=ipsec) to support@mikrotik.com
 
petern
newbie
Posts: 26
Joined: Wed Dec 13, 2017 5:58 pm

Re: IPSec error payload missing: ID_R

Tue Jun 26, 2018 3:44 pm

I'm getting the same error message connecting to a Checkpoint VPN. Did you find a resolution, digit?
 
polakillo
just joined
Posts: 1
Joined: Tue May 29, 2007 2:35 pm

Re: IPSec error payload missing: ID_R

Sat Sep 29, 2018 11:09 am

Hi digit,
I had the same error.
Cheking the Passive option on the General tab of Peer windows the connection works perfectly.
 
afuchs
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Wed Jul 03, 2019 11:10 am

Re: IPSec error payload missing: ID_R

Tue Oct 19, 2021 4:04 pm

Hello, had someone found a solution for this problem?

I have to setup a VPN to Microsoft azure and followed this instructions https://chadschultz.azurewebsites.net/2 ... iguration/.
Unfortunately, I get the same error message and the instructions below did not help either.
https://stackoverflow.com/questions/557 ... ssing-id-r
Image
You do not have the required permissions to view the files attached to this post.
 
slvnet
newbie
Posts: 28
Joined: Wed Feb 12, 2014 4:23 pm

Re: IPSec error payload missing: ID_R

Thu Oct 27, 2022 2:49 am

Hello, had someone found a solution for this problem?

On ERX EOS works this solution
viewtopic.php?t=132204#p649399
Changing peer exchange mode to 'main' from IKE2

Who is online

Users browsing this forum: Bing [Bot], maciejl, zendra and 76 guests