[vpn-help] Win7 x64 negotiation timeout - no packets sent

Terry Chambers terry at onixnet.com
Fri Sep 28 12:25:12 CDT 2012 

I ran the Trace Utility as recommended in an earlier thread:

12/09/28 13:19:45 ## : IKE Daemon, ver 2.1.7
12/09/28 13:19:45 ## : Copyright 2010 Shrew Soft Inc.
12/09/28 13:19:45 ## : This product linked OpenSSL 0.9.8h 28 May 2008
12/09/28 13:19:45 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
12/09/28 13:19:45 ii : rebuilding vnet device list ...
12/09/28 13:19:45 ii : device ROOT\VNET\0000 disabled
12/09/28 13:19:45 ii : device ROOT\VNET\0001 disabled
12/09/28 13:19:45 ii : network process thread begin ...
12/09/28 13:19:45 ii : pfkey process thread begin ...
12/09/28 13:19:45 ii : ipc server process thread begin ...
12/09/28 13:20:03 ii : ipc client process thread begin ...
12/09/28 13:20:03 <A : peer config add message
12/09/28 13:20:03 <A : proposal config message
12/09/28 13:20:03 <A : proposal config message
12/09/28 13:20:03 <A : client config message
12/09/28 13:20:03 <A : xauth username message
12/09/28 13:20:03 <A : xauth password message
12/09/28 13:20:03 <A : local id 'vpn_client at onixnet.com' message
12/09/28 13:20:03 <A : remote id 'vpngw at onixnet.com' message
12/09/28 13:20:03 <A : preshared key message
12/09/28 13:20:03 <A : remote resource message
12/09/28 13:20:03 <A : peer tunnel enable message
12/09/28 13:20:03 ii : local supports XAUTH
12/09/28 13:20:03 ii : local supports nat-t ( draft v00 )
12/09/28 13:20:03 ii : local supports nat-t ( draft v01 )
12/09/28 13:20:03 ii : local supports nat-t ( draft v02 )
12/09/28 13:20:03 ii : local supports nat-t ( draft v03 )
12/09/28 13:20:03 ii : local supports nat-t ( rfc )
12/09/28 13:20:03 ii : local supports FRAGMENTATION
12/09/28 13:20:03 ii : local supports DPDv1
12/09/28 13:20:03 ii : local is SHREW SOFT compatible
12/09/28 13:20:03 ii : local is NETSCREEN compatible
12/09/28 13:20:03 ii : local is SIDEWINDER compatible
12/09/28 13:20:03 ii : local is CISCO UNITY compatible
12/09/28 13:20:03 >= : cookies 7897ffb99c264abe:0000000000000000
12/09/28 13:20:03 >= : message 00000000
12/09/28 13:20:08 -> : resend 1 phase1 packet(s) 10.0.1.32:500 ->
68.109.xxx.xx:500
12/09/28 13:20:13 -> : resend 1 phase1 packet(s) 10.0.1.32:500 ->
68.109.xxx.xx:500
12/09/28 13:20:18 -> : resend 1 phase1 packet(s) 10.0.1.32:500 ->
68.109.xxx.xx:500
12/09/28 13:20:23 ii : resend limit exceeded for phase1 exchange
12/09/28 13:20:23 ii : phase1 removal before expire time
12/09/28 13:20:23 DB : removing tunnel config references
12/09/28 13:20:23 DB : removing tunnel phase2 references
12/09/28 13:20:23 DB : removing tunnel phase1 references
12/09/28 13:20:23 DB : removing all peer tunnel refrences
12/09/28 13:20:23 ii : ipc client process thread exit ...
12/09/28 13:20:27 ii : halt signal received, shutting down
12/09/28 13:20:27 ii : ipc server process thread exit ...
12/09/28 13:20:27 ii : pfkey process thread exit ...

Any thoughts?
Terry



On Fri, Sep 28, 2012 at 1:11 PM, Terry Chambers <terry at onixnet.com> wrote:

> I have the exact same situation with the negotiation timeout.  Just
> started in the last week or so.
>
>
>
>>
>> Message: 1
>> Date: Fri, 28 Sep 2012 16:06:21 +0000
>> From: Greg King <taintedmarmot at hotmail.com>
>> Subject: [vpn-help] Win7 x64 negotiation timeout - no packets sent
>> To: <vpn-help at lists.shrew.net>
>> Message-ID: <BAY146-W49A7E7E6F8BD2698EB1DECA0820 at phx.gbl>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>>
>> Hi,
>> I'm using Shrew 2.2 beta2 to connect from Win7 x64 to a Netgear FVS318v3,
>> but I'm getting a negotiation timeout.
>> The same machine (dual boot) under Ubuntu 12.04 connects fine with
>> 2.2beta2 client.
>> What I've tried:I exported shrew configuration from working Ubuntu client
>> and imported it into Win7 client, so shouldn't be any problem there.I've
>> switched off both ZoneAlarm and Windows Firewall.  No joy.I've tried
>> running VPN Access Manager as Administrator.  No joy.In case it's relevant:
>> previously had openVPN and VirtualBox installed.  I uninstalled them,
>> rebooted Windows, uninstalled Shrew, rebooted Windows, reinstalled Shrew,
>> rebooted Windows.  Still no joy.Other information:Local Area Connection
>> Properties dialog does have a 'Shrew Soft Lightweight Filter' in the
>> Properties dialog, and the checkbox next to it is ticked.Task Manager lists
>> the following related processes as running: ipseca.exe, ipsecc.exe,
>> ipsect.exeWhen trying to connect, Wireshark (running on the same Win7 box)
>> doesn't detect any UDP/TCP packets on port 500, nor any packets on isakmp
>> filter (but does detect other packets e.g. web browsing).I do see isakmp
>> packets on Ubuntu Wireshark when connecting fr!
>>  om Ubuntu shrew client.The FVS318 and Win7 box are on different subnets,
>> but the connection works under Ubuntu from same machine, so I doubt the
>> router is the problem.
>> So it seems something under Win7 x64 is stopping the packets getting out
>> onto the network, but I'm at a loss to explain it.
>> I've been Googling for hours, but can't find a solution.  Any help anyone
>> could give would be gratefully received.
>> Greg
>> VPN Connect log:attached to key daemon ...peer configurediskamp proposal
>> configuredesp proposal configuredclient configuredlocal id configuredremote
>> id configuredpre-shared key configuredbringing up tunnel ...negotiation
>> timout occurredtunnel disableddetached from key daemon
>> VPN Trace IKE Service log:12/09/16 20:09:09 ii : ipc client process
>> thread begin ...12/09/16 20:09:09 <A : peer config add message12/09/16
>> 20:09:09 <A : proposal config message12/09/16 20:09:09 <A : proposal config
>> message12/09/16 20:09:09 <A : client config message12/09/16 20:09:09 <A :
>> local id 'fvs_local_grg' message12/09/16 20:09:09 <A : preshared key
>> message12/09/16 20:09:09 <A : remote resource message12/09/16 20:09:09 <A :
>> remote resource message12/09/16 20:09:09 <A : remote resource
>> message12/09/16 20:09:09 <A : peer tunnel enable message12/09/16 20:09:09
>> ii : local is SHREW SOFT compatible12/09/16 20:09:09 ii : local is
>> NETSCREEN compatible12/09/16 20:09:09 ii : local is SIDEWINDER
>> compatible12/09/16 20:09:09 ii : local is CISCO UNITY compatible12/09/16
>> 20:09:09 >= : cookies 8219a4a29c1c6360:000000000000000012/09/16 20:09:09 >=
>> : message 0000000012/09/16 20:09:14 -> : resend 1 phase1 packet(s) [0/2]
>> 10.0.0.10:500 -> 192.168.0.100:50012/09/16 20:09:19 -> : resend 1 p!
>>  hase1 packet(s) [1/2] 10.0.0.10:500 -> 192.168.0.100:50012/09/1620:09:24 -> : resend 1 phase1 packet(s) [2/2]
>> 10.0.0.10:500 -> 192.168.0.100:50012/09/16 20:09:29 ii : resend limit
>> exceeded for phase1 exchange12/09/16 20:09:29 ii : phase1 removal before
>> expire time12/09/16 20:09:29 DB : removing tunnel config references12/09/16
>> 20:09:29 DB : removing tunnel phase2 references12/09/16 20:09:29 DB :
>> removing tunnel phase1 references12/09/16 20:09:29 DB : removing all peer
>> tunnel refrences12/09/16 20:09:29 ii : ipc client process thread exit ...
>>
>>
>>
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://lists.shrew.net/pipermail/vpn-help/attachments/20120928/a6abf84a/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> _______________________________________________
>> vpn-help mailing list
>> vpn-help at lists.shrew.net
>> http://lists.shrew.net/mailman/listinfo/vpn-help
>>
>>
>> End of vpn-help Digest, Vol 72, Issue 6
>> ***************************************
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20120928/c59d9e5a/attachment-0002.html>

More information about the vpn-help mailing list