[Vpn-help] [SOLVED] 2.1.0 alpha failed to connect to the server

Tai-hwa Liang avatar at mmlab.cse.yzu.edu.tw
Sun Dec 9 23:42:52 CST 2007


On Fri, 7 Dec 2007, Tai-hwa Liang wrote:
> On Thu, 6 Dec 2007, Matthew Grooms wrote:
>> Tai-hwa Liang wrote:
>>> On Wed, 5 Dec 2007, Matthew Grooms wrote:
>>>> Tai-hwa Liang wrote:
>>> [...]
>>>>> -> : send IKE packet 192.168.1.153:500 -> aa.bb.cc.dd:500 ( 890 bytes )
>>>>> ii : adapter ROOT\VNET\0000 already disabled
>>>>> DB : removing all tunnel refrences
>>>>> DB : phase1 resend event canceled ( ref count = 1 )
>>>>> DB : phase1 deleted before expire time ( phase1 count = 0 )
>>>>> DB : tunnel deleted ( tunnel count = 0 )
>>>>> DB : peer deleted ( peer count = 0 )
>>>>> ii : admin process thread exit ...
>>>>> 
>>>> Your iked log output suggests that the ipsec tools gateway does not like 
>>>> something included in the initiators fist aggressive mode packet. I say 
>>>> this because your output shows no response from the gateway. If you have 
>>>> access to the ipsec tools host, can you please check the log output for 
>>>> error messages when using the 2.1.0 client? Using -d on the racoon 
>>>> commend line to obtain more verbose output is best but should not be sent 
>>>> to the list :)
>>>
>>>   There's no log on ipsec-tools host.  In fact, doing a tcpdump on VPN
>>> gateway didn't see any incoming packet on port 500.  In addition to that,
>>>  'bringing up tunnel..." and 'network unavailable' message appeared 
>>> immediately after I clicked on the connect/ok button.
>>> 
>> Tai-hwa,
>> 
>> While performing a battery of tests to verify some driver changes, I 
>> discovered a problem related to the new packet validation procedure. It 
>> caused iked to malfunction after the first connection attempt. This may be 
>> related to the issue you are seeing with 2.1.0 alpha 1 build. I just 
>> released an alpha 2 build which has a bug fix for this problem. If you have 
>> time, could you give it a try and let me know if it resolves your issue?
>
>  The alpha 2 build still behaved like alpha 1 -- no connection to VPN GW.
>
>  I tried to use ethereal to pick up any outgoing packet on this alpha 2
> box; however, there appears to be none from client -> VPN GW.

   More digging showed that my ancient installation of VPN client
(back to the time amd64/x86 were not separated builds) left amd64 and
x86 directory, which consists of old vfilter.sys.  A quick file search
gave me following directories where vfilter.sys resided on:

C:\WINDOWS\system32\drivers				36 KB
C:\Program Files\ShrewSoft\VPN Client\drivers		40 KB
C:\WINDOWS\LastGood\system32\DRIVERS			36 KB
C:\Program Files\ShrewSoft\VPN Client\drivers\amd64	45 KB
C:\Program Files\ShrewSoft\VPN Client\drivers\x86	36 KB

    After uninstalling alpha2 and manually removing the 'VPN Client'
directory, the reinstallation of alpha2 now gives me a 40 KB vfilter.sys
and a working VPN client!

    Thank you very much for the hint.

-- 
Cheers,

Tai-hwa Liang



More information about the vpn-help mailing list