[Vpn-help] Shrew v. 2.1.4 Openswan 2.4.6.1

Stefan Bauer stefan.bauer at plzk.de
Thu Nov 20 05:54:40 CST 2008


Hi,

i step in a problem during setup of a roadwarrior vpn gateway with
shrew 2.1.4 client on winxp.

RW 192.168.0.111
-NAT-BOX-192.168.0.23 / external-NAT-BOX ip
|
|
|
Internet
|
|
|
-NAT-BOX- 10.8.0.254 / external-natbox-ip
|
IPSEC-GW with 10.8.0.1 / 10.10.0.1 (ipsec0 is bind to 10.10.0.1)
|
Roadwarrior-Pool 192.168.100.0/24

Please see the shrew log's attached:
thanks in advance!

Stefan

----------%>----------------------------------------------------

08/11/20 12:32:51 ## : IKE Daemon, ver 2.1.4
08/11/20 12:32:51 ## : Copyright 2008 Shrew Soft Inc.
08/11/20 12:32:51 ## : This product linked OpenSSL 0.9.8h 28 May 2008
08/11/20 12:32:51 ii : opened 'C:\Programme\ShrewSoft\VPN
Client\debug\iked.log'
08/11/20 12:32:51 ii : rebuilding vnet device list ...
08/11/20 12:32:52 ii : device ROOT\VNET\0000 disabled
08/11/20 12:32:52 ii : network process thread begin ...
08/11/20 12:32:52 ii : pfkey process thread begin ...
08/11/20 12:32:52 ii : ipc server process thread begin ...
08/11/20 12:32:57 ii : ipc client process thread begin ...
08/11/20 12:32:57 <A : peer config add message
08/11/20 12:32:57 DB : peer added ( obj count = 1 )
08/11/20 12:32:57 ii : local address 192.168.0.111:500 selected for peer
08/11/20 12:32:58 DB : tunnel added ( obj count = 1 )
08/11/20 12:32:58 <A : proposal config message
08/11/20 12:32:58 <A : proposal config message
08/11/20 12:32:58 <A : client config message
08/11/20 12:32:58 <A : remote cert 'C:\Dokumente und
Einstellungen\Administrator\Desktop\CRT_rw_Kaminski.p12' message
08/11/20 12:32:58 !! : 'C:\Dokumente und
Einstellungen\Administrator\Desktop\CRT_rw_Kaminski.p12' load failed,
requesting password
08/11/20 12:33:08 <A : file password
08/11/20 12:33:08 <A : remote cert 'C:\Dokumente und
Einstellungen\Administrator\Desktop\CRT_rw_Kaminski.p12' message
08/11/20 12:33:08 ii : 'C:\Dokumente und
Einstellungen\Administrator\Desktop\CRT_rw_Kaminski.p12' loaded
08/11/20 12:33:08 <A : local cert 'C:\Dokumente und
Einstellungen\Administrator\Desktop\CRT_rw_Kaminski.p12' message
08/11/20 12:33:08 ii : 'C:\Dokumente und
Einstellungen\Administrator\Desktop\CRT_rw_Kaminski.p12' loaded
08/11/20 12:33:08 <A : local key 'C:\Dokumente und
Einstellungen\Administrator\Desktop\CRT_rw_Kaminski.p12' message
08/11/20 12:33:08 ii : 'C:\Dokumente und
Einstellungen\Administrator\Desktop\CRT_rw_Kaminski.p12' loaded
08/11/20 12:33:08 <A : remote resource message
08/11/20 12:33:08 <A : peer tunnel enable message
08/11/20 12:33:08 ii : obtained x509 cert subject ( 55 bytes )
08/11/20 12:33:08 DB : new phase1 ( ISAKMP initiator )
08/11/20 12:33:08 DB : exchange type is identity protect
08/11/20 12:33:08 DB : 192.168.0.111:500 <-> 91.8.45.163:500
08/11/20 12:33:08 DB : 80f125fcb8a977d7:0000000000000000
08/11/20 12:33:08 DB : phase1 added ( obj count = 1 )
08/11/20 12:33:08 >> : security association payload
08/11/20 12:33:08 >> : - proposal #1 payload
08/11/20 12:33:08 >> : -- transform #1 payload
08/11/20 12:33:08 >> : -- transform #2 payload
08/11/20 12:33:08 >> : -- transform #3 payload
08/11/20 12:33:08 >> : -- transform #4 payload
08/11/20 12:33:08 >> : -- transform #5 payload
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local supports nat-t ( draft v00 )
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local supports nat-t ( draft v01 )
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local supports nat-t ( draft v02 )
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local supports nat-t ( draft v03 )
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local supports nat-t ( rfc )
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local supports FRAGMENTATION
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local supports DPDv1
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local is SHREW SOFT compatible
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local is NETSCREEN compatible
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local is SIDEWINDER compatible
08/11/20 12:33:08 >> : vendor id payload
08/11/20 12:33:08 ii : local is CISCO UNITY compatible
08/11/20 12:33:08 >= : cookies 80f125fcb8a977d7:0000000000000000
08/11/20 12:33:08 >= : message 00000000
08/11/20 12:33:08 -> : send IKE packet 192.168.0.111:500 ->
91.8.45.163:500 ( 484 bytes )
08/11/20 12:33:08 DB : phase1 resend event scheduled ( ref count = 2 )
08/11/20 12:33:09 <- : recv IKE packet 91.8.45.163:500 ->
192.168.0.111:500 ( 140 bytes )
08/11/20 12:33:09 DB : phase1 found
08/11/20 12:33:09 ii : processing phase1 packet ( 140 bytes )
08/11/20 12:33:09 =< : cookies 80f125fcb8a977d7:b0fec90cbc5f28b2
08/11/20 12:33:09 =< : message 00000000
08/11/20 12:33:09 << : security association payload
08/11/20 12:33:09 << : - propsal #1 payload
08/11/20 12:33:09 << : -- transform #1 payload
08/11/20 12:33:09 ii : matched isakmp proposal #1 transform #1
08/11/20 12:33:09 ii : - transform    = ike
08/11/20 12:33:09 ii : - cipher type  = 3des
08/11/20 12:33:09 ii : - key length   = default
08/11/20 12:33:09 ii : - hash type    = sha1
08/11/20 12:33:09 ii : - dh group     = modp-3072
08/11/20 12:33:09 ii : - auth type    = sig-rsa
08/11/20 12:33:09 ii : - life seconds = 86400
08/11/20 12:33:09 ii : - life kbytes  = 0
08/11/20 12:33:11 << : vendor id payload
08/11/20 12:33:11 ii : unknown vendor id ( 12 bytes )
08/11/20 12:33:11 0x : 4f454e7c 454d716b 5f4d6c67
08/11/20 12:33:11 << : vendor id payload
08/11/20 12:33:11 ii : peer supports DPDv1
08/11/20 12:33:11 << : vendor id payload
08/11/20 12:33:11 ii : peer supports nat-t ( rfc )
08/11/20 12:33:11 >> : key exchange payload
08/11/20 12:33:11 >> : nonce payload
08/11/20 12:33:11 >> : cert request payload
08/11/20 12:33:11 >> : nat discovery payload
08/11/20 12:33:11 >> : nat discovery payload
08/11/20 12:33:11 >= : cookies 80f125fcb8a977d7:b0fec90cbc5f28b2
08/11/20 12:33:11 >= : message 00000000
08/11/20 12:33:11 DB : phase1 resend event canceled ( ref count = 1 )
08/11/20 12:33:11 -> : send IKE packet 192.168.0.111:500 ->
91.8.45.163:500 ( 521 bytes )
08/11/20 12:33:11 DB : phase1 resend event scheduled ( ref count = 2 )
08/11/20 12:33:14 <- : recv IKE packet 91.8.45.163:500 ->
192.168.0.111:500 ( 484 bytes )
08/11/20 12:33:14 DB : phase1 found
08/11/20 12:33:14 ii : processing phase1 packet ( 484 bytes )
08/11/20 12:33:14 =< : cookies 80f125fcb8a977d7:b0fec90cbc5f28b2
08/11/20 12:33:14 =< : message 00000000
08/11/20 12:33:14 << : key exchange payload
08/11/20 12:33:14 << : nonce payload
08/11/20 12:33:14 << : nat discovery payload
08/11/20 12:33:14 << : nat discovery payload
08/11/20 12:33:14 ii : nat discovery - local address is translated
08/11/20 12:33:14 ii : nat discovery - remote address is translated
08/11/20 12:33:14 ii : switching to nat-t udp port 4500
08/11/20 12:33:15 == : DH shared secret ( 384 bytes )
08/11/20 12:33:15 == : SETKEYID ( 20 bytes )
08/11/20 12:33:15 == : SETKEYID_d ( 20 bytes )
08/11/20 12:33:15 == : SETKEYID_a ( 20 bytes )
08/11/20 12:33:15 == : SETKEYID_e ( 20 bytes )
08/11/20 12:33:15 == : cipher key ( 40 bytes )
08/11/20 12:33:15 == : cipher iv ( 8 bytes )
08/11/20 12:33:15 >> : identification payload
08/11/20 12:33:15 >> : certificate payload
08/11/20 12:33:15 == : phase1 hash_i ( computed ) ( 20 bytes )
08/11/20 12:33:16 >> : signature payload
08/11/20 12:33:16 >= : cookies 80f125fcb8a977d7:b0fec90cbc5f28b2
08/11/20 12:33:16 >= : message 00000000
08/11/20 12:33:16 >= : encrypt iv ( 8 bytes )
08/11/20 12:33:16 == : encrypt packet ( 1636 bytes )
08/11/20 12:33:16 == : stored iv ( 8 bytes )
08/11/20 12:33:16 DB : phase1 resend event canceled ( ref count = 1 )
08/11/20 12:33:16 -> : send NAT-T:IKE packet 192.168.0.111:4500 ->
91.8.45.163:4500 ( 1668 bytes )
08/11/20 12:33:16 ii : fragmented packet to 1514 bytes ( MTU 1500 bytes )
08/11/20 12:33:16 ii : fragmented packet to 202 bytes ( MTU 1500 bytes )
08/11/20 12:33:20 <- : recv IKE packet 91.8.45.163:500 ->
192.168.0.111:500 ( 68 bytes )
08/11/20 12:33:20 DB : phase1 found
08/11/20 12:33:20 ww : initiator port values should only float once
per session
08/11/20 12:33:20 ii : processing informational packet ( 68 bytes )
08/11/20 12:33:20 == : new informational iv ( 8 bytes )
08/11/20 12:33:20 =< : cookies 80f125fcb8a977d7:b0fec90cbc5f28b2
08/11/20 12:33:20 =< : message faa76d62
08/11/20 12:33:20 =< : decrypt iv ( 8 bytes )
08/11/20 12:33:20 == : decrypt packet ( 68 bytes )
08/11/20 12:33:20 !! : validate packet failed ( reserved value is
non-null )
08/11/20 12:33:20 !! : informational packet ignored ( packet
decryption error )
08/11/20 12:33:24 <- : recv IKE packet 91.8.45.163:500 ->
192.168.0.111:500 ( 484 bytes )
08/11/20 12:33:24 DB : phase1 found
08/11/20 12:33:24 ww : initiator port values should only float once
per session
08/11/20 12:33:24 ii : processing phase1 packet ( 484 bytes )
08/11/20 12:33:24 =< : cookies 80f125fcb8a977d7:b0fec90cbc5f28b2
08/11/20 12:33:24 =< : message 00000000
08/11/20 12:33:24 << : ignoring duplicate key excahnge payload
08/11/20 12:33:24 !! : unprocessed payload data
08/11/20 12:33:24 << : ignoring duplicate nonce payload
08/11/20 12:33:24 !! : unprocessed payload data
08/11/20 12:33:24 !! : unhandled phase1 payload 'unknown' ( 126 )
08/11/20 12:33:24 !! : unprocessed payload data
08/11/20 12:33:24 ii : sending peer DELETE message
08/11/20 12:33:24 ii : - 192.168.0.111:4500 -> 91.8.45.163:4500
08/11/20 12:33:24 ii : - isakmp spi = 80f125fcb8a977d7:b0fec90cbc5f28b2
08/11/20 12:33:24 ii : - data size 0
08/11/20 12:33:24 >> : hash payload
08/11/20 12:33:24 >> : delete payload
08/11/20 12:33:24 == : new informational hash ( 20 bytes )
08/11/20 12:33:24 == : new informational iv ( 8 bytes )
08/11/20 12:33:24 >= : cookies 80f125fcb8a977d7:b0fec90cbc5f28b2
08/11/20 12:33:24 >= : message de17e0e5
08/11/20 12:33:24 >= : encrypt iv ( 8 bytes )
08/11/20 12:33:24 == : encrypt packet ( 80 bytes )
08/11/20 12:33:24 == : stored iv ( 8 bytes )
08/11/20 12:33:24 -> : send NAT-T:IKE packet 192.168.0.111:4500 ->
91.8.45.163:4500 ( 116 bytes )
08/11/20 12:33:24 ii : phase1 removal before expire time
08/11/20 12:33:24 DB : phase1 deleted ( obj count = 0 )
08/11/20 12:33:24 DB : policy not found
08/11/20 12:33:24 DB : policy not found
08/11/20 12:33:24 DB : tunnel stats event canceled ( ref count = 1 )
08/11/20 12:33:24 DB : removing tunnel config references
08/11/20 12:33:24 DB : removing tunnel phase2 references
08/11/20 12:33:24 DB : removing tunnel phase1 references
08/11/20 12:33:24 DB : tunnel deleted ( obj count = 0 )
08/11/20 12:33:24 DB : removing all peer tunnel refrences
08/11/20 12:33:24 DB : peer deleted ( obj count = 0 )
08/11/20 12:33:24 ii : ipc client process thread exit ...


-- 
stefan



More information about the vpn-help mailing list