[Vpn-help] 2.1.0 alpha failed to connect to the server
Tai-hwa Liang
avatar at mmlab.cse.yzu.edu.tw
Fri Dec 7 01:20:12 CST 2007
On Thu, 6 Dec 2007, Matthew Grooms wrote:
> Tai-hwa Liang wrote:
>> On Wed, 5 Dec 2007, Matthew Grooms wrote:
>>> Tai-hwa Liang wrote:
>> [...]
>>>> -> : send IKE packet 192.168.1.153:500 -> aa.bb.cc.dd:500 ( 890 bytes )
>>>> ii : adapter ROOT\VNET\0000 already disabled
>>>> DB : removing all tunnel refrences
>>>> DB : phase1 resend event canceled ( ref count = 1 )
>>>> DB : phase1 deleted before expire time ( phase1 count = 0 )
>>>> DB : tunnel deleted ( tunnel count = 0 )
>>>> DB : peer deleted ( peer count = 0 )
>>>> ii : admin process thread exit ...
>>>>
>>> Your iked log output suggests that the ipsec tools gateway does not like
>>> something included in the initiators fist aggressive mode packet. I say
>>> this because your output shows no response from the gateway. If you have
>>> access to the ipsec tools host, can you please check the log output for
>>> error messages when using the 2.1.0 client? Using -d on the racoon commend
>>> line to obtain more verbose output is best but should not be sent to the
>>> list :)
>>
>> There's no log on ipsec-tools host. In fact, doing a tcpdump on VPN
>> gateway didn't see any incoming packet on port 500. In addition to that,
>> 'bringing up tunnel..." and 'network unavailable' message appeared
>> immediately after I clicked on the connect/ok button.
>>
>
> Tai-hwa,
>
> While performing a battery of tests to verify some driver changes, I
> discovered a problem related to the new packet validation procedure. It
> caused iked to malfunction after the first connection attempt. This may be
> related to the issue you are seeing with 2.1.0 alpha 1 build. I just released
> an alpha 2 build which has a bug fix for this problem. If you have time,
> could you give it a try and let me know if it resolves your issue?
The alpha 2 build still behaved like alpha 1 -- no connection to VPN GW.
I tried to use ethereal to pick up any outgoing packet on this alpha 2
box; however, there appears to be none from client -> VPN GW.
More information about the vpn-help
mailing list