[vpn-help] VPN connection problem with Comet Labs RF30

Nicolas Croiset (VDL) ncroiset at vdl.fr
Wed Dec 23 02:07:30 CST 2009 

Hello everybody,

I currently use the latest stable release of shrew and I want to 
implement authentification.

When I launch an authentification I obtain these IKE logs :

09/12/23 08:54:58 ## : IKE Daemon, ver 2.1.5
09/12/23 08:54:58 ## : Copyright 2009 Shrew Soft Inc.
09/12/23 08:54:58 ## : This product linked OpenSSL 0.9.8h 28 May 2008
09/12/23 08:54:58 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client\debug\iked.log'
09/12/23 08:54:58 ii : rebuilding vnet device list ...
09/12/23 08:54:58 ii : device ROOT\VNET\0000 disabled
09/12/23 08:54:58 ii : network process thread begin ...
09/12/23 08:54:58 ii : pfkey process thread begin ...
09/12/23 08:54:58 ii : ipc server process thread begin ...
09/12/23 08:55:11 ii : ipc client process thread begin ...
09/12/23 08:55:11 <A : peer config add message
09/12/23 08:55:11 DB : peer ref increment ( ref count = 1, obj count = 0 )
09/12/23 08:55:11 DB : peer added ( obj count = 1 )
09/12/23 08:55:11 ii : local address 192.168.1.105 selected for peer
09/12/23 08:55:11 DB : peer ref increment ( ref count = 2, obj count = 1 )
09/12/23 08:55:11 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
09/12/23 08:55:11 DB : tunnel added ( obj count = 1 )
09/12/23 08:55:11 <A : proposal config message
09/12/23 08:55:11 <A : proposal config message
09/12/23 08:55:11 <A : client config message
09/12/23 08:55:11 <A : local id 'localid' message
09/12/23 08:55:11 <A : remote id 'remoteid' message
09/12/23 08:55:11 <A : preshared key message
09/12/23 08:55:11 <A : peer tunnel enable message
09/12/23 08:55:11 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
09/12/23 08:55:11 DB : new phase1 ( ISAKMP initiator )
09/12/23 08:55:11 DB : exchange type is aggressive
09/12/23 08:55:11 DB : 192.168.1.105:500 <-> 192.168.1.128:500
09/12/23 08:55:11 DB : cc571b23516dfb9d:0000000000000000
09/12/23 08:55:11 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
09/12/23 08:55:11 DB : phase1 added ( obj count = 1 )
09/12/23 08:55:11 >> : security association payload
09/12/23 08:55:11 >> : - proposal #1 payload
09/12/23 08:55:11 >> : -- transform #1 payload
09/12/23 08:55:11 >> : key exchange payload
09/12/23 08:55:11 >> : nonce payload
09/12/23 08:55:11 >> : identification payload
09/12/23 08:55:11 >> : vendor id payload
09/12/23 08:55:11 ii : local supports FRAGMENTATION
09/12/23 08:55:11 >> : vendor id payload
09/12/23 08:55:11 ii : local supports DPDv1
09/12/23 08:55:11 >> : vendor id payload
09/12/23 08:55:11 ii : local is SHREW SOFT compatible
09/12/23 08:55:11 >> : vendor id payload
09/12/23 08:55:11 ii : local is NETSCREEN compatible
09/12/23 08:55:11 >> : vendor id payload
09/12/23 08:55:11 ii : local is SIDEWINDER compatible
09/12/23 08:55:11 >> : vendor id payload
09/12/23 08:55:11 ii : local is CISCO UNITY compatible
09/12/23 08:55:11 >= : cookies cc571b23516dfb9d:0000000000000000
09/12/23 08:55:11 >= : message 00000000
09/12/23 08:55:11 -> : send IKE packet 192.168.1.105:500 -> 
192.168.1.128:500 ( 412 bytes )
09/12/23 08:55:11 DB : phase1 resend event scheduled ( ref count = 2 )
09/12/23 08:55:11 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
09/12/23 08:55:11 DB : tunnel ref increment ( ref count = 3, obj count = 1 )
09/12/23 08:55:11 <- : recv IKE packet 192.168.1.128:500 -> 
192.168.1.105:500 ( 276 bytes )
09/12/23 08:55:11 DB : phase1 found
09/12/23 08:55:11 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
09/12/23 08:55:11 ii : processing phase1 packet ( 276 bytes )
09/12/23 08:55:11 =< : cookies cc571b23516dfb9d:74d8f47e80c8c24c
09/12/23 08:55:11 =< : message 00000000
09/12/23 08:55:11 << : security association payload
09/12/23 08:55:11 << : - propsal #1 payload
09/12/23 08:55:11 << : -- transform #1 payload
09/12/23 08:55:11 ii : matched isakmp proposal #1 transform #1
09/12/23 08:55:11 ii : - transform    = ike
09/12/23 08:55:11 ii : - cipher type  = 3des
09/12/23 08:55:11 ii : - key length   = default
09/12/23 08:55:11 ii : - hash type    = sha1
09/12/23 08:55:11 ii : - dh group     = modp-1024
09/12/23 08:55:11 ii : - auth type    = psk
09/12/23 08:55:11 ii : - life seconds = 86400
09/12/23 08:55:11 ii : - life kbytes  = 0
09/12/23 08:55:11 << : key exchange payload
09/12/23 08:55:11 << : nonce payload
09/12/23 08:55:11 << : identification payload
09/12/23 08:55:11 ii : phase1 id match
09/12/23 08:55:11 ii : received = fqdn localid
09/12/23 08:55:11 << : hash payload
09/12/23 08:55:11 ii : nat-t is disabled locally
09/12/23 08:55:11 == : DH shared secret ( 128 bytes )
09/12/23 08:55:11 == : SETKEYID ( 20 bytes )
09/12/23 08:55:11 == : SETKEYID_d ( 20 bytes )
09/12/23 08:55:11 == : SETKEYID_a ( 20 bytes )
09/12/23 08:55:11 == : SETKEYID_e ( 20 bytes )
09/12/23 08:55:11 == : cipher key ( 40 bytes )
09/12/23 08:55:11 == : cipher iv ( 8 bytes )
09/12/23 08:55:11 == : phase1 hash_i ( computed ) ( 20 bytes )
09/12/23 08:55:11 >> : hash payload
09/12/23 08:55:11 >= : cookies cc571b23516dfb9d:74d8f47e80c8c24c
09/12/23 08:55:11 >= : message 00000000
09/12/23 08:55:11 >= : encrypt iv ( 8 bytes )
09/12/23 08:55:11 == : encrypt packet ( 52 bytes )
09/12/23 08:55:11 == : stored iv ( 8 bytes )
09/12/23 08:55:11 DB : phase1 resend event canceled ( ref count = 1 )
09/12/23 08:55:11 -> : send IKE packet 192.168.1.105:500 -> 
192.168.1.128:500 ( 80 bytes )
09/12/23 08:55:11 == : phase1 hash_r ( computed ) ( 20 bytes )
09/12/23 08:55:11 == : phase1 hash_r ( received ) ( 20 bytes )
09/12/23 08:55:11 ii : phase1 sa established
09/12/23 08:55:11 ii : 192.168.1.128:500 <-> 192.168.1.105:500
09/12/23 08:55:11 ii : cc571b23516dfb9d:74d8f47e80c8c24c
09/12/23 08:55:11 ii : sending peer INITIAL-CONTACT notification
09/12/23 08:55:11 ii : - 192.168.1.105:500 -> 192.168.1.128:500
09/12/23 08:55:11 ii : - isakmp spi = cc571b23516dfb9d:74d8f47e80c8c24c
09/12/23 08:55:11 ii : - data size 0
09/12/23 08:55:11 >> : hash payload
09/12/23 08:55:11 >> : notification payload
09/12/23 08:55:11 == : new informational hash ( 20 bytes )
09/12/23 08:55:11 == : new informational iv ( 8 bytes )
09/12/23 08:55:11 >= : cookies cc571b23516dfb9d:74d8f47e80c8c24c
09/12/23 08:55:11 >= : message 574f873d
09/12/23 08:55:11 >= : encrypt iv ( 8 bytes )
09/12/23 08:55:11 == : encrypt packet ( 80 bytes )
09/12/23 08:55:11 == : stored iv ( 8 bytes )
09/12/23 08:55:11 -> : send IKE packet 192.168.1.105:500 -> 
192.168.1.128:500 ( 112 bytes )
09/12/23 08:55:11 DB : tunnel ref increment ( ref count = 4, obj count = 1 )
09/12/23 08:55:11 DB : config ref increment ( ref count = 1, obj count = 0 )
09/12/23 08:55:11 DB : config added ( obj count = 1 )
09/12/23 08:55:11 ii : building config attribute list
09/12/23 08:55:11 ii : - IP4 Address
09/12/23 08:55:11 ii : - Address Expiry
09/12/23 08:55:11 ii : - IP4 Netamask
09/12/23 08:55:11 ii : - IP4 DNS Server
09/12/23 08:55:11 ii : - IP4 Subnet
09/12/23 08:55:11 == : new config iv ( 8 bytes )
09/12/23 08:55:11 ii : sending config pull request
09/12/23 08:55:11 >> : hash payload
09/12/23 08:55:11 >> : attribute payload
09/12/23 08:55:11 == : new configure hash ( 20 bytes )
09/12/23 08:55:11 >= : cookies cc571b23516dfb9d:74d8f47e80c8c24c
09/12/23 08:55:11 >= : message 671df311
09/12/23 08:55:11 >= : encrypt iv ( 8 bytes )
09/12/23 08:55:11 == : encrypt packet ( 80 bytes )
09/12/23 08:55:11 == : stored iv ( 8 bytes )
09/12/23 08:55:11 -> : send IKE packet 192.168.1.105:500 -> 
192.168.1.128:500 ( 112 bytes )
09/12/23 08:55:11 DB : config resend event scheduled ( ref count = 2 )
09/12/23 08:55:11 DB : config ref decrement ( ref count = 1, obj count = 1 )
09/12/23 08:55:11 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
09/12/23 08:55:11 DB : phase1 ref increment ( ref count = 3, obj count = 1 )
09/12/23 08:55:11 DB : phase1 ref increment ( ref count = 4, obj count = 1 )
09/12/23 08:55:11 DB : phase2 not found
09/12/23 08:55:11 DB : phase1 ref decrement ( ref count = 3, obj count = 1 )
09/12/23 08:55:16 -> : resend 1 config packet(s) 192.168.1.105:500 -> 
192.168.1.128:500
09/12/23 08:55:21 -> : resend 1 config packet(s) 192.168.1.105:500 -> 
192.168.1.128:500
09/12/23 08:55:26 -> : resend 1 config packet(s) 192.168.1.105:500 -> 
192.168.1.128:500
09/12/23 08:55:31 ii : resend limit exceeded for config exchange
09/12/23 08:55:31 DB : config deleted ( obj count = 0 )
09/12/23 08:55:31 DB : tunnel ref decrement ( ref count = 3, obj count = 1 )

---------------

I think the main problem is here : 09/12/23 08:55:11 DB : phase2 not found

Then the connection is pending. The only way is the cancel button.

Thanks for your help.

Bye.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091223/10c81a00/attachment-0001.html>

More information about the vpn-help mailing list