[Vpn-help] Problem in configuring in ubuntu 8.04

P.M.S.Prakash prakashpms at gmail.com
Thu Aug 21 14:00:03 CDT 2008 

Hi Matthew,


With you changes, I am able to create a new connection by specifying FQDN in
authentication, group1 and group2 configuration etc and save the
configuration. If I want to edit the saved configuration to change from FQDN
to User FQDN, these options are not available in the Authentication tab. It
is only available when I add a new connection, not available during edit.

> It looks like phase1 is completing but phase2 is not being attempted. Your
> router log showed that it received a delete message from the client in its
> log output. Does that happen when you click dis-connect or does the client
> eventually show an error message?
>
> It looks like we need to figure out why the client is not attempting to
> initiate a phase2 exchange. What does your site configuration show in the
> policy tab?


   In the policy tab, Obtain Topology automatically or Tunnel... is
selected.

>
>
> It would also be helpful to review the debug level output from the ike
> daemon. Here is some documentation on how to bump up the log level for
> submitting a bug report ...
>
> http://www.shrew.net/support/wiki/BugReportVpnUnix




I have enabled debug level. The following are the observation under
different scenarios in ubuntu 8.04.

Case 1:

New connection creating with your changes. The following is what logged on
the vpn router. I have attached iked-case1.log  which contains debug
messages. The delete was done manually using disconnect.



  Time


  Event-Type

Message

Aug 21 23:36:44 2008

    VPN Log

   Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-00]

Aug 21 23:36:44 2008

    VPN Log

   Ignoring Vendor ID payload [16f6ca16e4a4066d...]

Aug 21 23:36:44 2008

    VPN Log

   Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02_n]

Aug 21 23:36:44 2008

    VPN Log

   Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]

Aug 21 23:36:44 2008

    VPN Log

   Ignoring Vendor ID payload [4a131c8107035845...]

Aug 21 23:36:44 2008

    VPN Log

   Ignoring Vendor ID payload [4048b7d56ebce885...]

Aug 21 23:36:44 2008

    VPN Log

   Received Vendor ID payload Type = [Dead Peer Detection]

Aug 21 23:36:44 2008

    VPN Log

   Ignoring Vendor ID payload [f14b94b7bff1fef0...]

Aug 21 23:36:44 2008

    VPN Log

   Ignoring Vendor ID payload Type = [Cisco-Unity]

Aug 21 23:36:44 2008

    VPN Log

   Ignoring Vendor ID payload [166f932d55eb64d8...]

Aug 21 23:36:44 2008

    VPN Log

   Ignoring Vendor ID payload [8404adf9cda05760...]

Aug 21 23:36:44 2008

    VPN Log

   Ignoring Vendor ID payload [f4ed19e0c114eb51...]

Aug 21 23:36:44 2008

    VPN Log

   [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st
packet

Aug 21 23:36:44 2008

    VPN Log

   Aggressive mode peer ID is ID_USER_FQDN: 'xx at xx.xxx'

Aug 21 23:36:44 2008

    VPN Log

   Responding to Aggressive Mode from xx.xx.xx.xxx

Aug 21 23:36:44 2008

    VPN Log

   [Tunnel Negotiation Info] >>> Responder Send Aggressive Mode 2nd packet

Aug 21 23:36:44 2008

    VPN Log

   [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 3rd
packet

Aug 21 23:36:44 2008

    VPN Log

   Aggressive mode peer ID is ID_USER_FQDN: 'xx at xx.xx'

Aug 21 23:36:44 2008

    VPN Log

   [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA Established

Aug 21 23:36:44 2008

    VPN Log

   [Tunnel Negotiation Info] Initiator Cookies = 67c8 76e5 4b10 e8f1

Aug 21 23:36:44 2008

    VPN Log

   [Tunnel Negotiation Info] Responder Cookies = a88f de12 1dd7 841a

Aug 21 23:36:44 2008

    VPN Log

   Received informational payload, type IPSEC_INITIAL_CONTACT

Aug 21 23:36:56 2008

    VPN Log

   [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet

Aug 21 23:36:56 2008

    VPN Log

   we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION

Aug 21 23:37:06 2008

    VPN Log

   Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x141e7660 (perhaps this is a duplicated packet)


Best Regards
Prakash
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20080822/60b27db7/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iked-case1.log
Type: application/octet-stream
Size: 18653 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20080822/60b27db7/attachment-0002.obj>

More information about the vpn-help mailing list