[Vpn-help] 2.1.0 alpha failed to connect to the server
Matthew Grooms
mgrooms at shrew.net
Wed Dec 5 01:08:47 CST 2007
Tai-hwa Liang wrote:
> Hi,
>
> It turns out that after upgraing my VPN client from 2.0.2 to 2.1.0, I can
> no longer connect to the VPN server(ipsec-tools-0.7):
>
The initial tests I did were to mimic your setup ( 2.1.0 & ipsec-tools
0.7 ). Unfortunately I botched one of the configuration parameters which
led me to believe this was an RSA authentication problem. I did find one
bug that was causing a problem with IKE fragmentation but don't think
its related to your issue. After patching the bug and correcting my rsa
authentication parameter ( wrong cert ), everything tested fine for both
aggressive and main mode.
> --- cut ---
> -> : send IKE packet 192.168.1.153:500 -> aa.bb.cc.dd:500 ( 890 bytes )
> ii : adapter ROOT\VNET\0000 already disabled
> DB : removing all tunnel refrences
> DB : phase1 resend event canceled ( ref count = 1 )
> DB : phase1 deleted before expire time ( phase1 count = 0 )
> DB : tunnel deleted ( tunnel count = 0 )
> DB : peer deleted ( peer count = 0 )
> ii : admin process thread exit ...
>
Your iked log output suggests that the ipsec tools gateway does not like
something included in the initiators fist aggressive mode packet. I say
this because your output shows no response from the gateway. If you have
access to the ipsec tools host, can you please check the log output for
error messages when using the 2.1.0 client? Using -d on the racoon
commend line to obtain more verbose output is best but should not be
sent to the list :)
Thanks again,
-Matthew
More information about the vpn-help
mailing list