[Vpn-help] 2.1.0 alpha failed to connect to the server

Matthew Grooms mgrooms at shrew.net
Thu Dec 6 17:52:03 CST 2007


Tai-hwa Liang wrote:
> On Wed, 5 Dec 2007, Matthew Grooms wrote:
>> Tai-hwa Liang wrote:
> [...]
>>> -> : send IKE packet 192.168.1.153:500 -> aa.bb.cc.dd:500 ( 890 bytes )
>>> ii : adapter ROOT\VNET\0000 already disabled
>>> DB : removing all tunnel refrences
>>> DB : phase1 resend event canceled ( ref count = 1 )
>>> DB : phase1 deleted before expire time ( phase1 count = 0 )
>>> DB : tunnel deleted ( tunnel count = 0 )
>>> DB : peer deleted ( peer count = 0 )
>>> ii : admin process thread exit ...
>>>
>> Your iked log output suggests that the ipsec tools gateway does not 
>> like something included in the initiators fist aggressive mode packet. 
>> I say this because your output shows no response from the gateway. If 
>> you have access to the ipsec tools host, can you please check the log 
>> output for error messages when using the 2.1.0 client? Using -d on the 
>> racoon commend line to obtain more verbose output is best but should 
>> not be sent to the list :)
> 
>   There's no log on ipsec-tools host.  In fact, doing a tcpdump on VPN
> gateway didn't see any incoming packet on port 500.  In addition to that,
>  'bringing up tunnel..." and 'network unavailable' message appeared 
> immediately after I clicked on the connect/ok button.
> 

Tai-hwa,

While performing a battery of tests to verify some driver changes, I 
discovered a problem related to the new packet validation procedure. It 
caused iked to malfunction after the first connection attempt. This may 
be related to the issue you are seeing with 2.1.0 alpha 1 build. I just 
released an alpha 2 build which has a bug fix for this problem. If you 
have time, could you give it a try and let me know if it resolves your 
issue?

Thanks,

-Matthew



More information about the vpn-help mailing list