[vpn-devel] Can't ping/ssh over vpn [Shrew Soft ver 2.1.5 on Ubuntu 10.04]

Gaurav gaurav.knangla at gmail.com
Thu Apr 29 03:44:25 CDT 2010


Hi All,

I've raised this issue earlier. I couldn't resolve it, so I'd like to raise
it once again with all the debugging info in one place.

Hope it helps; I so don't want to want run a Windows VM just for VPN access.

*Original post:*
*
*
I've been using the Shrew Soft client for years on Windows without any
problems.

I switched to Ubuntu 10.04 once and for all recently; but ran into issues
with a .pcf imported that worked flawlessly on Windows 7 recently.

Imported the sane .pcf into the Shrew Soft ver 2.1.5 on Ubuntu 10.04,
managed to connect as well but just couldn't ping/ssh my remote machines
over vpn.

I've tried possible workarounds/tweaks/fixes, the little that I could dig up
around this but things didn't workout.

Any suggestions?

Prints/logs follow.

*Connection prints:*
config loaded for site 'xxxxxxxxxx.pcf'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
user authentication error
tunnel disabled
detached from key daemon ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
user authentication error
tunnel disabled
detached from key daemon ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled

*Logs:*
desktop:~$ cat /var/log/iked.log
10/04/28 00:36:01 ## : IKE Daemon, ver 2.1.5
10/04/28 00:36:01 ## : Copyright 2009 Shrew Soft Inc.
10/04/28 00:36:01 ## : This product linked OpenSSL 0.9.8k 25 Mar 2009
10/04/28 00:36:01 K! : recv X_SPDDUMP message failure ( errno = 2 )
10/04/28 00:41:19 !! : invalid private netmask, defaulting to class c
10/04/28 00:41:19 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:41:26 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:42:18 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:46:48 !! : invalid private netmask, defaulting to class c
10/04/28 00:46:48 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:46:57 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:51:32 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:53:19 !! : invalid private netmask, defaulting to class c
10/04/28 00:53:19 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:53:19 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:53:26 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:54:31 !! : invalid private netmask, defaulting to class c
10/04/28 00:54:37 !! : invalid private netmask, defaulting to class c
10/04/28 00:55:01 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:55:07 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:55:07 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:55:22 !! : invalid private netmask, defaulting to class c
10/04/28 00:55:22 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:55:22 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:55:28 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:56:42 !! : invalid private netmask, defaulting to class c
10/04/28 00:56:52 !! : invalid private netmask, defaulting to class c
10/04/28 00:57:12 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:57:22 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:58:12 !! : invalid private netmask, defaulting to class c
10/04/28 00:58:12 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:58:12 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:00:33 !! : invalid private netmask, defaulting to class c
10/04/28 01:00:33 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:00:34 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:00:38 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:02:46 !! : invalid private netmask, defaulting to class c
10/04/28 01:02:46 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:02:46 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:02:56 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:05:04 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 01:05:04 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 01:05:16 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:05:17 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:05:43 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:05:48 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:17:59 !! : invalid private netmask, defaulting to class c
10/04/28 01:17:59 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:18:11 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:22:33 !! : invalid private netmask, defaulting to class c
10/04/28 01:22:33 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:22:46 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:22:52 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )

*/sbin/ifconfig output:*
desktop:~$ /sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1f:d0:d2:d2:a4
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::21f:d0ff:fed2:d2a4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7026 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6401 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6469445 (6.4 MB)  TX bytes:1176183 (1.1 MB)
          Interrupt:27

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1100 (1.1 KB)  TX bytes:1100 (1.1 KB)

tap0      Link encap:Ethernet  HWaddr f2:47:0e:c8:b6:99
          inet addr:192.168.20.141  Bcast:192.168.20.255  Mask:255.255.255.0
          inet6 addr: fe80::f047:eff:fec8:b699/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1380  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vmnet1    Link encap:Ethernet  HWaddr 00:50:56:c0:00:01
          inet addr:192.168.184.1  Bcast:192.168.184.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vmnet8    Link encap:Ethernet  HWaddr 00:50:56:c0:00:08
          inet addr:192.168.111.1  Bcast:192.168.111.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

*/sbin/route output:*
desktop:~$ /sbin/route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
172.17.48.31    192.168.20.141  255.255.255.255 UGH   0      0        0 tap0
10.8.50.232     192.168.20.141  255.255.255.255 UGH   0      0        0 tap0
172.17.48.3     192.168.20.141  255.255.255.255 UGH   0      0        0 tap0
172.17.48.32    192.168.20.141  255.255.255.255 UGH   0      0        0 tap0
172.17.48.22    192.168.20.141  255.255.255.255 UGH   0      0        0 tap0
10.10.7.0       192.168.20.141  255.255.255.0   UG    0      0        0 tap0
10.10.20.0      192.168.20.141  255.255.255.0   UG    0      0        0 tap0
192.168.20.0    *               255.255.255.0   U     0      0        0 tap0
10.10.2.0       192.168.20.141  255.255.255.0   UG    0      0        0 tap0
10.10.19.0      192.168.20.141  255.255.255.0   UG    0      0        0 tap0
192.168.1.0     *               255.255.255.0   U     1      0        0 eth0
10.155.114.0    192.168.20.141  255.255.255.0   UG    0      0        0 tap0
172.17.20.0     192.168.20.141  255.255.255.0   UG    0      0        0 tap0
10.10.12.0      192.168.20.141  255.255.255.0   UG    0      0        0 tap0
192.168.184.0   *               255.255.255.0   U     0      0        0
vmnet1
192.168.111.0   *               255.255.255.0   U     0      0        0
vmnet8
10.10.10.0      192.168.20.141  255.255.255.0   UG    0      0        0 tap0
10.10.9.0       192.168.20.141  255.255.255.0   UG    0      0        0 tap0
10.10.75.0      192.168.20.141  255.255.255.0   UG    0      0        0 tap0
10.10.96.0      192.168.20.141  255.255.252.0   UG    0      0        0 tap0
172.17.144.0    192.168.20.141  255.255.240.0   UG    0      0        0 tap0
172.17.128.0    192.168.20.141  255.255.240.0   UG    0      0        0 tap0
172.17.0.0      192.168.20.141  255.255.240.0   UG    0      0        0 tap0
172.17.32.0     192.168.20.141  255.255.240.0   UG    0      0        0 tap0
172.25.0.0      192.168.20.141  255.255.0.0     UG    0      0        0 tap0
172.31.0.0      192.168.20.141  255.255.0.0     UG    0      0        0 tap0
172.18.0.0      192.168.20.141  255.255.0.0     UG    0      0        0 tap0
172.16.0.0      192.168.20.141  255.255.0.0     UG    0      0        0 tap0
link-local      *               255.255.0.0     U     1000   0        0 eth0
192.168.0.0     192.168.20.141  255.255.0.0     UG    0      0        0 tap0
10.201.0.0      192.168.20.141  255.255.0.0     UG    0      0        0 tap0
10.202.0.0      192.168.20.141  255.255.0.0     UG    0      0        0 tap0
10.203.0.0      192.168.20.141  255.255.0.0     UG    0      0        0 tap0
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

*client configuration file :*
desktop:~$ cat file.pcf
[main]
Description=
Host=xxx-xxxxxxx.xxxxxxxxxx.com
AuthType=1
GroupName=xxxxx-xxxxxxx
GroupPwd=
enc_GroupPwd=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
EnableISPConnect=0
ISPConnectType=0
ISPConnect=test
ISPPhonebook=C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Connections\Pbk\rasphone.pbk
ISPCommand=
Username=xxxxxx.xxxxxx
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
PeerTimeout=90
EnableLocalLAN=0


Gaurav
pgp.mit.edu - PubkeyID:0x1bf31eef13ee431e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-devel/attachments/20100429/221a8b2f/attachment-0002.html>


More information about the vpn-devel mailing list