[Vpn-help] Connection to Linksys BEFVP41

Matthew Grooms mgrooms at shrew.net
Mon Feb 23 00:28:26 CST 2009 

Gabor Boros wrote:
> Now I tried from local and the result is same.
> See below for the log.
> 
> Gabor
> 

Gabor,

This is what I was referring to, the client trying to initiate the 
phase2 exchange ...

> 09/02/20 14:35:44 ii : calling init phase2 for nailed policy
> 09/02/20 14:35:44 DB : policy found
> 09/02/20 14:35:44 DB : policy found
> 09/02/20 14:35:44 DB : tunnel found
> 09/02/20 14:35:44 DB : new phase2 ( IPSEC initiator )
> 09/02/20 14:35:44 DB : phase2 added ( obj count = 1 )
> 09/02/20 14:35:44 K> : send pfkey GETSPI ESP message
> 09/02/20 14:35:44 K< : recv pfkey GETSPI ESP message
> 09/02/20 14:35:44 DB : phase2 found
> 09/02/20 14:35:44 ii : updated spi for 1 ipsec-esp proposal
> 09/02/20 14:35:44 DB : phase1 found
> 09/02/20 14:35:44 >> : hash payload
> 09/02/20 14:35:44 >> : security association payload
> 09/02/20 14:35:44 >> : - proposal #1 payload
> 09/02/20 14:35:44 >> : -- transform #1 payload
> 09/02/20 14:35:44 >> : nonce payload
> 09/02/20 14:35:44 >> : key exchange payload
> 09/02/20 14:35:44 >> : identification payload
> 09/02/20 14:35:44 >> : identification payload
> 09/02/20 14:35:44 == : phase2 hash_i ( input ) ( 244 bytes )
> 09/02/20 14:35:44 == : phase2 hash_i ( computed ) ( 20 bytes )
> 09/02/20 14:35:44 == : new phase2 iv ( 8 bytes )
> 09/02/20 14:35:44 >= : cookies 71dacf50aa118fa4:2b932664220f8425
> 09/02/20 14:35:44 >= : message f184f74c
> 09/02/20 14:35:44 >= : encrypt iv ( 8 bytes )
> 09/02/20 14:35:44 == : encrypt packet ( 292 bytes )
> 09/02/20 14:35:44 == : stored iv ( 8 bytes )
> 09/02/20 14:35:44 -> : send IKE packet 192.168.2.28:500 -> 
> 192.168.2.251:500 ( 320 bytes )

I just fixed the constant resend problem shown below ...

> 09/02/20 14:35:44 DB : phase2 resend event scheduled ( ref count = 2 )
> 09/02/20 14:35:49 -> : resend 1 phase2 packet(s) 192.168.2.28:500 -> 
> 192.168.2.251:500
> 09/02/20 14:35:54 -> : resend 1 phase2 packet(s) 192.168.2.28:500 -> 
> 192.168.2.251:500
> 09/02/20 14:35:59 -> : resend 1 phase2 packet(s) 192.168.2.28:500 -> 
> 192.168.2.251:500
> 09/02/20 14:36:04 -> : resend 1 phase2 packet(s) 192.168.2.28:500 -> 
> 192.168.2.251:500
> 09/02/20 14:36:09 -> : resend 1 phase2 packet(s) 192.168.2.28:500 -> 
> 192.168.2.251:500
> 09/02/20 14:36:14 -> : resend 1 phase2 packet(s) 192.168.2.28:500 -> 
> 192.168.2.251:500
> 09/02/20 14:36:19 -> : resend 1 phase2 packet(s) 192.168.2.28:500 -> 
> 192.168.2.251:500
> 09/02/20 14:36:24 -> : resend 1 phase2 packet(s) 192.168.2.28:500 -> 
> 192.168.2.251:500
> 

For some reason the gateway doesn't like the phase2 proposal or the IDs 
being sent. Without seeing the gateway log output, its difficult to tell 
why its not responding.

-Matthew

More information about the vpn-help mailing list