[Vpn-help] Problem in configuring in ubuntu 8.04
P.M.S.Prakash
prakashpms at gmail.com
Thu Aug 21 14:00:03 CDT 2008
Hi Matthew,
With you changes, I am able to create a new connection by specifying FQDN in
authentication, group1 and group2 configuration etc and save the
configuration. If I want to edit the saved configuration to change from FQDN
to User FQDN, these options are not available in the Authentication tab. It
is only available when I add a new connection, not available during edit.
> It looks like phase1 is completing but phase2 is not being attempted. Your
> router log showed that it received a delete message from the client in its
> log output. Does that happen when you click dis-connect or does the client
> eventually show an error message?
>
> It looks like we need to figure out why the client is not attempting to
> initiate a phase2 exchange. What does your site configuration show in the
> policy tab?
In the policy tab, Obtain Topology automatically or Tunnel... is
selected.
>
>
> It would also be helpful to review the debug level output from the ike
> daemon. Here is some documentation on how to bump up the log level for
> submitting a bug report ...
>
> http://www.shrew.net/support/wiki/BugReportVpnUnix
I have enabled debug level. The following are the observation under
different scenarios in ubuntu 8.04.
Case 1:
New connection creating with your changes. The following is what logged on
the vpn router. I have attached iked-case1.log which contains debug
messages. The delete was done manually using disconnect.
Time
Event-Type
Message
Aug 21 23:36:44 2008
VPN Log
Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-00]
Aug 21 23:36:44 2008
VPN Log
Ignoring Vendor ID payload [16f6ca16e4a4066d...]
Aug 21 23:36:44 2008
VPN Log
Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02_n]
Aug 21 23:36:44 2008
VPN Log
Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]
Aug 21 23:36:44 2008
VPN Log
Ignoring Vendor ID payload [4a131c8107035845...]
Aug 21 23:36:44 2008
VPN Log
Ignoring Vendor ID payload [4048b7d56ebce885...]
Aug 21 23:36:44 2008
VPN Log
Received Vendor ID payload Type = [Dead Peer Detection]
Aug 21 23:36:44 2008
VPN Log
Ignoring Vendor ID payload [f14b94b7bff1fef0...]
Aug 21 23:36:44 2008
VPN Log
Ignoring Vendor ID payload Type = [Cisco-Unity]
Aug 21 23:36:44 2008
VPN Log
Ignoring Vendor ID payload [166f932d55eb64d8...]
Aug 21 23:36:44 2008
VPN Log
Ignoring Vendor ID payload [8404adf9cda05760...]
Aug 21 23:36:44 2008
VPN Log
Ignoring Vendor ID payload [f4ed19e0c114eb51...]
Aug 21 23:36:44 2008
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st
packet
Aug 21 23:36:44 2008
VPN Log
Aggressive mode peer ID is ID_USER_FQDN: 'xx at xx.xxx'
Aug 21 23:36:44 2008
VPN Log
Responding to Aggressive Mode from xx.xx.xx.xxx
Aug 21 23:36:44 2008
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Aggressive Mode 2nd packet
Aug 21 23:36:44 2008
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 3rd
packet
Aug 21 23:36:44 2008
VPN Log
Aggressive mode peer ID is ID_USER_FQDN: 'xx at xx.xx'
Aug 21 23:36:44 2008
VPN Log
[Tunnel Negotiation Info] Aggressive Mode Phase 1 SA Established
Aug 21 23:36:44 2008
VPN Log
[Tunnel Negotiation Info] Initiator Cookies = 67c8 76e5 4b10 e8f1
Aug 21 23:36:44 2008
VPN Log
[Tunnel Negotiation Info] Responder Cookies = a88f de12 1dd7 841a
Aug 21 23:36:44 2008
VPN Log
Received informational payload, type IPSEC_INITIAL_CONTACT
Aug 21 23:36:56 2008
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Aug 21 23:36:56 2008
VPN Log
we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION
Aug 21 23:37:06 2008
VPN Log
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x141e7660 (perhaps this is a duplicated packet)
Best Regards
Prakash
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20080822/60b27db7/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iked-case1.log
Type: application/octet-stream
Size: 18653 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20080822/60b27db7/attachment-0002.obj>
More information about the vpn-help
mailing list