[Vpn-help] 2.1.0 alpha failed to connect to the server
Matthew Grooms
mgrooms at shrew.net
Thu Dec 6 17:52:03 CST 2007
Tai-hwa Liang wrote:
> On Wed, 5 Dec 2007, Matthew Grooms wrote:
>> Tai-hwa Liang wrote:
> [...]
>>> -> : send IKE packet 192.168.1.153:500 -> aa.bb.cc.dd:500 ( 890 bytes )
>>> ii : adapter ROOT\VNET\0000 already disabled
>>> DB : removing all tunnel refrences
>>> DB : phase1 resend event canceled ( ref count = 1 )
>>> DB : phase1 deleted before expire time ( phase1 count = 0 )
>>> DB : tunnel deleted ( tunnel count = 0 )
>>> DB : peer deleted ( peer count = 0 )
>>> ii : admin process thread exit ...
>>>
>> Your iked log output suggests that the ipsec tools gateway does not
>> like something included in the initiators fist aggressive mode packet.
>> I say this because your output shows no response from the gateway. If
>> you have access to the ipsec tools host, can you please check the log
>> output for error messages when using the 2.1.0 client? Using -d on the
>> racoon commend line to obtain more verbose output is best but should
>> not be sent to the list :)
>
> There's no log on ipsec-tools host. In fact, doing a tcpdump on VPN
> gateway didn't see any incoming packet on port 500. In addition to that,
> 'bringing up tunnel..." and 'network unavailable' message appeared
> immediately after I clicked on the connect/ok button.
>
Tai-hwa,
While performing a battery of tests to verify some driver changes, I
discovered a problem related to the new packet validation procedure. It
caused iked to malfunction after the first connection attempt. This may
be related to the issue you are seeing with 2.1.0 alpha 1 build. I just
released an alpha 2 build which has a bug fix for this problem. If you
have time, could you give it a try and let me know if it resolves your
issue?
Thanks,
-Matthew
More information about the vpn-help
mailing list