[Vpn-help] Linksys BEFVP41

John Brown johnbrown at pentum.com
Sun Jan 6 13:14:48 CST 2008 

I am trying to do a client into my linksys router so that I can access a
linux box as a Windows file share via Samba. I have had this work
successfully with Green Bow clients.

Here is a debug log generated ala the thread on BEFVP41 in the help archives
somewhat redacted. It also looks like Phase 1 is successfully negotiated but
Phase 2 is unsuccessful. Any ideas on how to fix this problem would be
appreciated.

## : IKE Daemon, ver 2.0.3
## : Copyright 2007 Shrew Soft Inc.
## : This product linked OpenSSL 0.9.8e 23 Feb 2007
ii : opened C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'
ii : rebuilding vnet device list ...
ii : device ROOT\VNET\0000 disabled
ii : network process thread begin ...
ii : pfkey process thread begin ...
ii : admin process thread begin ...
<A : peer config add message
DB : peer added
ii : local address 192.168.1.108:500 selected for peer
DB : tunnel added
<A : proposal config message
<A : proposal config message
<A : client config message
<A : preshared key message
<A : peer tunnel enable message
DB : new phase1 ( ISAKMP initiator )
DB : exchange type is identity protect
DB : 192.168.1.108:500 <-> 70.176.132.235:500
DB : b0415b4f2d0bf224:0000000000000000
DB : phase1 added
>> : security association payload
>> : - proposal #1 payload 
>> : -- transform #1 payload 
>> : vendor id payload
>> : vendor id payload
>> : vendor id payload
>> : vendor id payload
-> : send IKE packet 192.168.1.108:500 -> 70.176.132.235:500 ( 192 bytes )
<- : recv IKE packet 70.176.132.235:500 -> 192.168.1.108:500 ( 84 bytes )
DB : phase1 found
<< : security association payload
<< : - propsal #1 payload 
<< : -- transform #1 payload 
ii : matched isakmp proposal #1 transform #1
ii : - transform    = ike
ii : - cipher type  = des
ii : - key length   = default
ii : - hash type    = sha1
ii : - dh group     = modp-1024
ii : - auth type    = psk
ii : - life seconds = 28800
ii : - life kbytes  = 0
>> : key exchange payload
>> : nonce payload
-> : send IKE packet 192.168.1.108:500 -> 70.176.132.235:500 ( 212 bytes )
<- : recv IKE packet 70.176.132.235:500 -> 192.168.1.108:500 ( 184 bytes )
DB : phase1 found
<< : key exchange payload
<< : nonce payload
== : DH shared secret ( 128 bytes )
== : SETKEYID ( 20 bytes )
== : SETKEYID_d ( 20 bytes )
== : SETKEYID_a ( 20 bytes )
== : SETKEYID_e ( 20 bytes )
== : cipher key ( 8 bytes )
== : cipher iv ( 8 bytes )
>> : identification payload
== : phase1 hash_i ( computed ) ( 20 bytes )
>> : hash payload
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 64 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet 192.168.1.108:500 -> 70.176.132.235:500 ( 96 bytes )
<- : recv IKE packet 70.176.132.235:500 -> 192.168.1.108:500 ( 68 bytes )
DB : phase1 found
=< : decrypt iv ( 8 bytes )
<= : decrypt packet ( 68 bytes )
== : stored iv ( 8 bytes )
<< : identification payload
ii : phase1 id match ( natt prevents ip match )
ii : phase1 id match ( ipv4-host 70.176.132.235 )
<< : hash payload
== : phase1 hash_r ( computed ) ( 20 bytes )
== : phase1 hash_r ( received ) ( 20 bytes )
ii : phase1 sa established
ii : 70.176.132.235:500 <-> 192.168.1.108:500
ii : b0415b4f2d0bf224:e99a229a916dd322
ii : sending peer INITIAL-CONTACT notification
ii : - 192.168.1.108:500 -> 70.176.132.235:500
ii : - isakmp spi = xxxxxxxxxxxxxxxxxxxxxxxxxxx
ii : - data size 0
>> : hash payload
>> : notification payload
== : new informational hash ( 20 bytes )
== : new phase2 iv ( 8 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 80 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet 192.168.1.108:500 -> 70.176.132.235:500 ( 112 bytes )
DB : config added
ii : xauth is not required
ii : building config attribute list
ii : excluding unity attribute set
ii : - IP4 DNS Server
ii : sending config pull request
== : new phase2 iv ( 8 bytes )
>> : hash payload
>> : attribute payload
== : new configure hash ( 20 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 64 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet 192.168.1.108:500 -> 70.176.132.235:500 ( 96 bytes )
DB : phase2 not found
<- : recv IKE packet 70.176.132.235:500 -> 192.168.1.108:500 ( 57 bytes )
DB : phase1 found
== : new phase2 iv ( 8 bytes )
<< : notification payload
ii : received peer INVALID-EXCHANGE-TYPE notification
ii : - 70.176.132.235:500 -> 192.168.1.108:500
ii : - isakmp spi = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ii : - data size 1
ii : resending 1 exchange packet(s)
<- : recv IKE packet 70.176.132.235:500 -> 192.168.1.108:500 ( 57 bytes )
DB : phase1 found
== : new phase2 iv ( 8 bytes )
<< : notification payload
ii : received peer INVALID-EXCHANGE-TYPE notification
ii : - 70.176.132.235:500 -> 192.168.1.108:500
ii : - isakmp spi = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ii : - data size 1
ii : resending 1 exchange packet(s)
<- : recv IKE packet 70.176.132.235:500 -> 192.168.1.108:500 ( 57 bytes )
DB : phase1 found
== : new phase2 iv ( 8 bytes )
<< : notification payload
ii : received peer INVALID-EXCHANGE-TYPE notification
ii : - 70.176.132.235:500 -> 192.168.1.108:500
ii : - isakmp spi = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ii : - data size 1
ii : exchange packet resend limit exceeded
DB : config deleted ( config count 0 )
ii : halt signal received, shutting down
DB : removing all peer refrences
DB : removing all tunnel refrences
DB : phase1 hard event canceled ( ref count = 1 )
ii : sending peer DELETE message
ii : - 192.168.1.108:500 -> 70.176.132.235:500
ii : - isakmp spi = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ii : - data size 0
>> : hash payload
>> : delete payload
== : new informational hash ( 20 bytes )
== : new phase2 iv ( 8 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 80 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet 192.168.1.108:500 -> 70.176.132.235:500 ( 112 bytes )
DB : phase1 deleted before expire time ( phase1 count = 0 )
DB : removing all tunnel refrences
DB : tunnel deleted ( tunnel count = 0 )
DB : peer deleted ( peer count = 0 )
ii : admin process thread exit ...
ii : pfkey process thread exit ...
ii : network process thread exit ...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: John Brown.vcf
Type: text/x-vcard
Size: 424 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20080106/3e9e6380/attachment-0001.vcf>

More information about the vpn-help mailing list