[Vpn-help] 2.1.0 alpha failed to connect to the server

Tai-hwa Liang avatar at mmlab.cse.yzu.edu.tw
Sun Dec 2 20:23:15 CST 2007 

Hi,

   It turns out that after upgraing my VPN client from 2.0.2 to 2.1.0, I can
no longer connect to the VPN server(ipsec-tools-0.7):

 	.
 	.
 	.
 	client key configured
 	bringing up tunnel ...
 	network unavailable
 	tunnel disabled
 	detached from key daemon ...

   Following are the related logging information.

# ipconfig /all
Windows IP Configuration

         Host Name . . . . . . . . . . . . : Mufasa
         Primary Dns Suffix  . . . . . . . : example.com
         Node Type . . . . . . . . . . . . : Peer-Peer
         IP Routing Enabled. . . . . . . . : No
         WINS Proxy Enabled. . . . . . . . : No
         DNS Suffix Search List. . . . . . : example.com

Ethernet adapter VMware Network Adapter VMnet8:

         Connection-specific DNS Suffix  . :
         Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet8
         Physical Address. . . . . . . . . : 00-50-56-C0-00-08
         Dhcp Enabled. . . . . . . . . . . : No
         IP Address. . . . . . . . . . . . : 192.168.154.1
         Subnet Mask . . . . . . . . . . . : 255.255.255.0
         Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet1:

         Connection-specific DNS Suffix  . :
         Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet1
         Physical Address. . . . . . . . . : 00-50-56-C0-00-01
         Dhcp Enabled. . . . . . . . . . . : No
         IP Address. . . . . . . . . . . . : 192.168.47.1
         Subnet Mask . . . . . . . . . . . : 255.255.255.0
         Default Gateway . . . . . . . . . :

Ethernet adapter :

         Connection-specific DNS Suffix  . :
         Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
         Physical Address. . . . . . . . . : 00-15-F3-43-A8-51
         Dhcp Enabled. . . . . . . . . . . : No
         IP Address. . . . . . . . . . . . : 192.168.1.153
         Subnet Mask . . . . . . . . . . . : 255.255.255.0
         Default Gateway . . . . . . . . . : 192.168.1.1
         DNS Servers . . . . . . . . . . . : 192.168.1.1

# debug log
## : IKE Daemon, ver 2.1.0
## : Copyright 2007 Shrew Soft Inc.
## : This product linked OpenSSL 0.9.8e 23 Feb 2007
ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'
ii : rebuilding vnet device list ...
ii : device ROOT\VNET\0000 disabled
ii : network process thread begin ...
ii : pfkey process thread begin ...
ii : admin process thread begin ...
<A : peer config add message
DB : peer added
ii : local address 192.168.1.153:500 selected for peer
DB : tunnel added
<A : proposal config message
<A : proposal config message
<A : proposal config message
<A : client config message
<A : local id '' message
<A : remote id '' message
<A : remote cert 'root-tree.pem' message
ii : 'root-tree.pem' loaded
<A : local cert 'user1 at .p12' message
!! : 'user1 at .p12' load failed, requesting password
<A : file password
<A : local cert 'user1 at .p12' message
ii : 'user1 at .p12' loaded
<A : local key 'user1 at .p12' message
ii : 'user1 at .p12' loaded
<A : peer tunnel enable message
ii : obtained x509 cert subject ( 150 bytes )
DB : new phase1 ( ISAKMP initiator )
DB : exchange type is aggressive
DB : 192.168.1.153:500 <-> aa.bb.cc.dd:500
DB : 92d198f5be4bb07d:0000000000000000
DB : phase1 added
>> : security association payload
>> : - proposal #1 payload 
>> : -- transform #1 payload 
>> : -- transform #2 payload 
>> : -- transform #3 payload 
>> : -- transform #4 payload 
>> : -- transform #5 payload 
>> : -- transform #6 payload 
>> : -- transform #7 payload 
>> : -- transform #8 payload 
>> : -- transform #9 payload 
>> : key exchange payload
>> : nonce payload
>> : identification payload
>> : vendor id payload
ii : local supports FRAGMENTATION
>> : vendor id payload
ii : local supports DPDv1
>> : vendor id payload
ii : local is SHREW SOFT compatible
>> : vendor id payload
ii : local is CISCO UNITY compatible
>> : vendor id payload
ii : local is NETSCREEN compatible
>> : vendor id payload
ii : local is CHECKPOINT compatible
-> : send IKE packet 192.168.1.153:500 -> aa.bb.cc.dd:500 ( 890 bytes )
ii : adapter ROOT\VNET\0000 already disabled
DB : removing all tunnel refrences
DB : phase1 resend event canceled ( ref count = 1 )
DB : phase1 deleted before expire time ( phase1 count = 0 )
DB : tunnel deleted ( tunnel count = 0 )
DB : peer deleted ( peer count = 0 )
ii : admin process thread exit ...

More information about the vpn-help mailing list