[Vpn-help] Strange routing problem

Klaus Strebel klaus.strebel at gmx.net
Wed Apr 8 02:08:39 CDT 2009 

Matthew Grooms schrieb:
> Klaus Strebel wrote:
>> Hi all,
>>
>> i got a weird problem with a new box connecting to our PIX-VPN. The
>> config used works great for several other boxes ( all Dell-Laptops )
>> with XP 64 and Vista 64, but on this box its just establishing the SA,
>> the tunnel is comming up, but the routes through it are not set. In the
>> iked.log i found ( only one ?!? ) '!! : failed to create IPSEC policy
>> route for 172.26.1.0/24', there should also be get one created for
>> 172.25.0.0/16 ... is that tried at all if the first failed ???
>>
> 
> Hi Klaus,
> 
> Thanks for the bug report. I'm not sure why a route would be created for
> one network but not the other. Did you have a look at the route table
> before and after the connection was established? Feel free to forward me
> this information in a private email if you like.

Hi Matthew,

i poked a bit more in the vpn-help-archives and found reports about
problems with multiple addresses on the virtual-interface ( that i had
not on the boxes that work, but found on the box that doesn't ) and one
user who reported that he had to remove all remainders of an old install
and reboot ( reboot, reboot  ;-) ) and finally got an 2.2.0-alpha to work.
So i downloaded the latest 2.1.5-alpha and uninstalled ( hey forgot to
mention: had the 2.1.3-stable installed ) the old version, installed the
2.1.5-beta4 and ... no change. Then in uninstalled, rebooted, cleaned
the registry ( well, just delete all HKEY_xxx->Software->ShrewSoft keys
), rebooted, installed the 2.1.5-beta4, rebooted, imported my config,
set debug-level to 'decode' and tataaaa, it worked!

Well, Windows-TCP/IP is somewhat a mircacle to me ( had to reinstall XP
on two boxes because of problems with it ... and upgrade/uninstall of a
'professional' VPN-client using the 'Deterministic Network Enhancer' -
one with Cisco and one with CheckPoint ), the reboots seem to be
necessary ... sometimes.

As so see, i've got some experiance with VPN products, both from the
client and the gateway side and i have to say, your solution is at eye
level with the client-stuff of these vendors!

Welldone, i'm happy that i found your solution :-).

Cheers
Klaus
-- 
Mit freundlichen Grüssen / best regards

Klaus Strebel, Dipl.-Inform. (FH), mailto:klaus.strebel at gmx.net

/"\
\ /     ASCII RIBBON CAMPAIGN
 X        AGAINST HTML MAIL
/ \

More information about the vpn-help mailing list