[Vpn-help] No trace of activity at connection startup
Matthew Grooms
mgrooms at shrew.net
Wed Oct 10 20:07:14 CDT 2007
David Santinoli wrote:
> Hallo,
> first, many thanks for the Windows client. I just discovered it today
> and started experimenting with my StrongS/WAN gateway.
>
Thank you for the bug report! Please send me the information I ask for
at the end of this email. With your help, I am confident we can have
this issue corrected very quickly :)
> However, I stumbled upon a weird problem. After configuring my
> connection, I double-clicked on its icon and the log window appeared.
> Then I clicked "connect" at its bottom, and the following messages
> appeared:
>
> config loaded for site 's1.tieffesistemi.com'
> configuring client settings ...
> attached to key daemon ...
> peer configured
> iskamp proposal configured
> esp proposal configured
> client configured
> server cert configured
> client cert configured
> client key configured
> detached from key daemon ...
>
> Note that "client key configured" was only displayed after a
> considerable delay (around 15 seconds).
>
> In the trace window, this was logged:
>
> ## : IKE Daemon, ver 2.0.1
> ## : Copyright 2007 Shrew Soft Inc.
> ## : This product linked OpenSSL 0.9.8e 23 Feb 2007
> ii : opened C:\Programmi\ShrewSoft\VPN Client\debug\iked.log'
> ii : opened C:\Programmi\ShrewSoft\VPN Client/debug/dump-pub.cap'
> ii : rebuilding vnet device list ...
> ii : device ROOT\VNET\0000 disabled
> ii : network process thread begin ...
> ii : pfkey process thread begin ...
>
> However, I could see no signs of a connection being attempted, with no
> network traffic originating from the Windows host either.
>
The daemon appears to be rejecting the key file you have selected for
the site configuration. The only idea that comes to mind is that the
format can not be read or the key size if being rejected due to its size.
Can you please tell what format and file size your key file is?
> Relaunching the connection after closing the log window resulted in a
> "client key config failed" error.
>
If the client gets to the point where a key configuration message is
sent, you should at least see the following output in the IKE service
log leading up to an error message of some sort ...
ii : admin process thread begin ...
<A : peer config add message
DB : peer added
DB : tunnel added
<A : proposal config message
<A : proposal config message
<A : client config message
What log output level do you have selected? The debug level is generally
a good setting to use when attempting to track down problems.
> I have run the 2.0.1 client on Windows 2000 and Windows XP, both running
> under VMWare. Could this be the culprit?
>
Shouldn't be. I do regular testing using VMWare.
The easiest way for me to trouble shoot this issue would be for you to
send me the key file. If this key pair is being used in production, you
can create me a dummy key pair that uses exactly the same parameters as
your production key pair. It doesn't have to work since the daemon is
just having problems loading it :) The other bit of information I need
would be an exported copy of your site configuration. Please obscure
your gateway IP address before export to protect your privacy.
Thanks,
-Matthew
More information about the vpn-help
mailing list