[vpn-devel] Can't ping/ssh over vpn [Shrew Soft ver 2.1.5 on Ubuntu 10.04]
Zephaniah E. Loss-Cutler-Hull
zhull at jetpay.com
Thu Apr 29 11:13:30 CDT 2010
Hi,
The first thing I would suggest would be setting up a new profile by
hand, instead of trying to import the .pcf.
Also, what are you trying to connect to on the remote end?
Zephaniah E. Loss-Cutler-Hull.
JetPay, LLC.
On 04/29/2010 03:44 AM, Gaurav wrote:
> Hi All,
>
> I've raised this issue earlier. I couldn't resolve it, so I'd like to
> raise it once again with all the debugging info in one place.
>
> Hope it helps; I so don't want to want run a Windows VM just for VPN access.
>
> *_Original post:_*
> *_
> _*
> I've been using the Shrew Soft client for years on Windows without any
> problems.
>
> I switched to Ubuntu 10.04 once and for all recently; but ran into
> issues with a .pcf imported that worked flawlessly on Windows 7 recently.
>
> Imported the sane .pcf into the Shrew Soft ver 2.1.5 on Ubuntu 10.04,
> managed to connect as well but just couldn't ping/ssh my remote machines
> over vpn.
>
> I've tried possible workarounds/tweaks/fixes, the little that I could
> dig up around this but things didn't workout.
>
> Any suggestions?
>
> Prints/logs follow.
>
> *_Connection prints:_*
> config loaded for site 'xxxxxxxxxx.pcf'
> attached to key daemon ...
> peer configured
> iskamp proposal configured
> esp proposal configured
> client configured
> local id configured
> remote id configured
> pre-shared key configured
> bringing up tunnel ...
> user authentication error
> tunnel disabled
> detached from key daemon ...
> attached to key daemon ...
> peer configured
> iskamp proposal configured
> esp proposal configured
> client configured
> local id configured
> remote id configured
> pre-shared key configured
> bringing up tunnel ...
> user authentication error
> tunnel disabled
> detached from key daemon ...
> attached to key daemon ...
> peer configured
> iskamp proposal configured
> esp proposal configured
> client configured
> local id configured
> remote id configured
> pre-shared key configured
> bringing up tunnel ...
> network device configured
> tunnel enabled
>
> *_Logs:_*
> desktop:~$ cat /var/log/iked.log
> 10/04/28 00:36:01 ## : IKE Daemon, ver 2.1.5
> 10/04/28 00:36:01 ## : Copyright 2009 Shrew Soft Inc.
> 10/04/28 00:36:01 ## : This product linked OpenSSL 0.9.8k 25 Mar 2009
> 10/04/28 00:36:01 K! : recv X_SPDDUMP message failure ( errno = 2 )
> 10/04/28 00:41:19 !! : invalid private netmask, defaulting to class c
> 10/04/28 00:41:19 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:41:26 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:42:18 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:46:48 !! : invalid private netmask, defaulting to class c
> 10/04/28 00:46:48 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:46:57 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:51:32 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:53:19 !! : invalid private netmask, defaulting to class c
> 10/04/28 00:53:19 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:53:19 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:53:26 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:54:31 !! : invalid private netmask, defaulting to class c
> 10/04/28 00:54:37 !! : invalid private netmask, defaulting to class c
> 10/04/28 00:55:01 K! : unhandled pfkey message type EXPIRE ( 8 )
> 10/04/28 00:55:07 K! : unhandled pfkey message type EXPIRE ( 8 )
> 10/04/28 00:55:07 K! : unhandled pfkey message type EXPIRE ( 8 )
> 10/04/28 00:55:22 !! : invalid private netmask, defaulting to class c
> 10/04/28 00:55:22 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:55:22 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:55:28 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:56:42 !! : invalid private netmask, defaulting to class c
> 10/04/28 00:56:52 !! : invalid private netmask, defaulting to class c
> 10/04/28 00:57:12 K! : unhandled pfkey message type EXPIRE ( 8 )
> 10/04/28 00:57:22 K! : unhandled pfkey message type EXPIRE ( 8 )
> 10/04/28 00:58:12 !! : invalid private netmask, defaulting to class c
> 10/04/28 00:58:12 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 00:58:12 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:00:33 !! : invalid private netmask, defaulting to class c
> 10/04/28 01:00:33 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:00:34 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:00:38 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:02:46 !! : invalid private netmask, defaulting to class c
> 10/04/28 01:02:46 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:02:46 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:02:56 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:05:04 K! : unhandled pfkey message type EXPIRE ( 8 )
> 10/04/28 01:05:04 K! : unhandled pfkey message type EXPIRE ( 8 )
> 10/04/28 01:05:16 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:05:17 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:05:43 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:05:48 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:17:59 !! : invalid private netmask, defaulting to class c
> 10/04/28 01:17:59 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:18:11 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:22:33 !! : invalid private netmask, defaulting to class c
> 10/04/28 01:22:33 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:22:46 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
> 10/04/28 01:22:52 !! : peer violates RFC, transform number mismatch ( 1
> != 17 )
>
> *_/sbin/ifconfig output:_*
> desktop:~$ /sbin/ifconfig
> eth0 Link encap:Ethernet HWaddr 00:1f:d0:d2:d2:a4
> inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
> inet6 addr: fe80::21f:d0ff:fed2:d2a4/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:7026 errors:0 dropped:0 overruns:0 frame:0
> TX packets:6401 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:6469445 (6.4 MB) TX bytes:1176183 (1.1 MB)
> Interrupt:27
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:18 errors:0 dropped:0 overruns:0 frame:0
> TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:1100 (1.1 KB) TX bytes:1100 (1.1 KB)
>
> tap0 Link encap:Ethernet HWaddr f2:47:0e:c8:b6:99
> inet addr:192.168.20.141 Bcast:192.168.20.255 Mask:255.255.255.0
> inet6 addr: fe80::f047:eff:fec8:b699/64 Scope:Link
> UP BROADCAST RUNNING MTU:1380 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:500
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>
> vmnet1 Link encap:Ethernet HWaddr 00:50:56:c0:00:01
> inet addr:192.168.184.1 Bcast:192.168.184.255 Mask:255.255.255.0
> inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>
> vmnet8 Link encap:Ethernet HWaddr 00:50:56:c0:00:08
> inet addr:192.168.111.1 Bcast:192.168.111.255 Mask:255.255.255.0
> inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>
> *_/sbin/route output:_*
> desktop:~$ /sbin/route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 172.17.48.31 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
> 10.8.50.232 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
> 172.17.48.3 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
> 172.17.48.32 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
> 172.17.48.22 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
> 10.10.7.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 10.10.20.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 192.168.20.0 * 255.255.255.0 U 0 0 0 tap0
> 10.10.2.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 10.10.19.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 192.168.1.0 * 255.255.255.0 U 1 0 0 eth0
> 10.155.114.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 172.17.20.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 10.10.12.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 192.168.184.0 * 255.255.255.0 U 0 0 0
> vmnet1
> 192.168.111.0 * 255.255.255.0 U 0 0 0
> vmnet8
> 10.10.10.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 10.10.9.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 10.10.75.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
> 10.10.96.0 192.168.20.141 255.255.252.0 UG 0 0 0 tap0
> 172.17.144.0 192.168.20.141 255.255.240.0 UG 0 0 0 tap0
> 172.17.128.0 192.168.20.141 255.255.240.0 UG 0 0 0 tap0
> 172.17.0.0 192.168.20.141 255.255.240.0 UG 0 0 0 tap0
> 172.17.32.0 192.168.20.141 255.255.240.0 UG 0 0 0 tap0
> 172.25.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
> 172.31.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
> 172.18.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
> 172.16.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
> link-local * 255.255.0.0 U 1000 0 0 eth0
> 192.168.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
> 10.201.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
> 10.202.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
> 10.203.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
> default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
>
> *_client configuration file :_*
> desktop:~$ cat file.pcf
> [main]
> Description=
> Host=xxx-xxxxxxx.xxxxxxxxxx.com <http://xxx-xxxxxxx.xxxxxxxxxx.com>
> AuthType=1
> GroupName=xxxxx-xxxxxxx
> GroupPwd=
> enc_GroupPwd=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> EnableISPConnect=0
> ISPConnectType=0
> ISPConnect=test
> ISPPhonebook=C:\Documents and Settings\All Users\Application
> Data\Microsoft\Network\Connections\Pbk\rasphone.pbk
> ISPCommand=
> Username=xxxxxx.xxxxxx
> SaveUserPassword=0
> UserPassword=
> enc_UserPassword=
> NTDomain=
> EnableBackup=0
> BackupServer=
> EnableMSLogon=1
> MSLogonType=0
> EnableNat=1
> TunnelingMode=0
> TcpTunnelingPort=10000
> CertStore=0
> CertName=
> CertPath=
> CertSubjectName=
> CertSerialHash=00000000000000000000000000000000
> SendCertChain=0
> PeerTimeout=90
> EnableLocalLAN=0
>
>
> Gaurav
> pgp.mit.edu <http://pgp.mit.edu> - PubkeyID:0x1bf31eef13ee431e
>
>
>
> _______________________________________________
> vpn-devel mailing list
> vpn-devel at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.shrew.net/pipermail/vpn-devel/attachments/20100429/d37e4464/attachment-0003.bin>
More information about the vpn-devel
mailing list