[Vpn-help] [SOLVED] 2.1.0 alpha failed to connect to the server
Tai-hwa Liang
avatar at mmlab.cse.yzu.edu.tw
Sun Dec 9 23:42:52 CST 2007
On Fri, 7 Dec 2007, Tai-hwa Liang wrote:
> On Thu, 6 Dec 2007, Matthew Grooms wrote:
>> Tai-hwa Liang wrote:
>>> On Wed, 5 Dec 2007, Matthew Grooms wrote:
>>>> Tai-hwa Liang wrote:
>>> [...]
>>>>> -> : send IKE packet 192.168.1.153:500 -> aa.bb.cc.dd:500 ( 890 bytes )
>>>>> ii : adapter ROOT\VNET\0000 already disabled
>>>>> DB : removing all tunnel refrences
>>>>> DB : phase1 resend event canceled ( ref count = 1 )
>>>>> DB : phase1 deleted before expire time ( phase1 count = 0 )
>>>>> DB : tunnel deleted ( tunnel count = 0 )
>>>>> DB : peer deleted ( peer count = 0 )
>>>>> ii : admin process thread exit ...
>>>>>
>>>> Your iked log output suggests that the ipsec tools gateway does not like
>>>> something included in the initiators fist aggressive mode packet. I say
>>>> this because your output shows no response from the gateway. If you have
>>>> access to the ipsec tools host, can you please check the log output for
>>>> error messages when using the 2.1.0 client? Using -d on the racoon
>>>> commend line to obtain more verbose output is best but should not be sent
>>>> to the list :)
>>>
>>> There's no log on ipsec-tools host. In fact, doing a tcpdump on VPN
>>> gateway didn't see any incoming packet on port 500. In addition to that,
>>> 'bringing up tunnel..." and 'network unavailable' message appeared
>>> immediately after I clicked on the connect/ok button.
>>>
>> Tai-hwa,
>>
>> While performing a battery of tests to verify some driver changes, I
>> discovered a problem related to the new packet validation procedure. It
>> caused iked to malfunction after the first connection attempt. This may be
>> related to the issue you are seeing with 2.1.0 alpha 1 build. I just
>> released an alpha 2 build which has a bug fix for this problem. If you have
>> time, could you give it a try and let me know if it resolves your issue?
>
> The alpha 2 build still behaved like alpha 1 -- no connection to VPN GW.
>
> I tried to use ethereal to pick up any outgoing packet on this alpha 2
> box; however, there appears to be none from client -> VPN GW.
More digging showed that my ancient installation of VPN client
(back to the time amd64/x86 were not separated builds) left amd64 and
x86 directory, which consists of old vfilter.sys. A quick file search
gave me following directories where vfilter.sys resided on:
C:\WINDOWS\system32\drivers 36 KB
C:\Program Files\ShrewSoft\VPN Client\drivers 40 KB
C:\WINDOWS\LastGood\system32\DRIVERS 36 KB
C:\Program Files\ShrewSoft\VPN Client\drivers\amd64 45 KB
C:\Program Files\ShrewSoft\VPN Client\drivers\x86 36 KB
After uninstalling alpha2 and manually removing the 'VPN Client'
directory, the reinstallation of alpha2 now gives me a 40 KB vfilter.sys
and a working VPN client!
Thank you very much for the hint.
--
Cheers,
Tai-hwa Liang
More information about the vpn-help
mailing list