[Vpn-help] Beta's and Alpha's with Zywall 70

Tim Tekaev tim at tekaev.com
Fri May 15 08:13:29 CDT 2009 

Hi, guys,
i can't make any version of this vpn client to connect to zywall 70. though
i've read the manual on zywall+shrew client configuration, still no success.
Zywall just logs "IKE Packet Retransmit" and the shrew-client finally
disconnects :-(

-------------------------------------
thanx in advance, Tim Tekaev

Never take life seriously. Nobody gets out alive anyway
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20090515/42e018af/attachment-0001.html>
-------------- next part --------------
09/05/15 16:52:33 ## : IKE Daemon, ver 2.1.0
09/05/15 16:52:33 ## : Copyright 2008 Shrew Soft Inc.
09/05/15 16:52:33 ## : This product linked OpenSSL 0.9.8h 28 May 2008
09/05/15 16:52:33 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'
09/05/15 16:52:33 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-decrypt.cap'
09/05/15 16:52:33 ii : rebuilding vnet device list ...
09/05/15 16:52:33 ii : device ROOT\VNET\0000 disabled
09/05/15 16:52:33 ii : pfkey process thread begin ...
09/05/15 16:52:33 ii : network process thread begin ...
09/05/15 16:52:33 ii : ipc server process thread begin ...
09/05/15 16:52:57 ii : ipc client process thread begin ...
09/05/15 16:52:57 <A : peer config add message
09/05/15 16:52:57 DB : peer added ( obj count = 1 )
09/05/15 16:52:57 ii : local address 192.168.2.170 selected for peer
09/05/15 16:52:57 DB : tunnel added ( obj count = 1 )
09/05/15 16:52:57 <A : proposal config message
09/05/15 16:52:57 <A : proposal config message
09/05/15 16:52:57 <A : client config message
09/05/15 16:52:57 <A : xauth username message
09/05/15 16:52:57 <A : xauth password message
09/05/15 16:52:57 <A : local id 'tim.autotaganka.ru' message
09/05/15 16:52:57 <A : remote id '89.208.95.14' message
09/05/15 16:52:57 <A : preshared key message
09/05/15 16:52:57 <A : remote resource message
09/05/15 16:52:57 <A : peer tunnel enable message
09/05/15 16:52:57 DB : new phase1 ( ISAKMP initiator )
09/05/15 16:52:57 DB : exchange type is aggressive
09/05/15 16:52:57 DB : 192.168.2.170:500 <-> 89.208.95.14:500
09/05/15 16:52:57 DB : d6e55c18de57708d:0000000000000000
09/05/15 16:52:57 DB : phase1 added ( obj count = 1 )
09/05/15 16:52:57 >> : security association payload
09/05/15 16:52:57 >> : - proposal #1 payload 
09/05/15 16:52:57 >> : -- transform #1 payload 
09/05/15 16:52:57 >> : -- transform #2 payload 
09/05/15 16:52:57 >> : -- transform #3 payload 
09/05/15 16:52:57 >> : -- transform #4 payload 
09/05/15 16:52:57 >> : -- transform #5 payload 
09/05/15 16:52:57 >> : -- transform #6 payload 
09/05/15 16:52:57 >> : -- transform #7 payload 
09/05/15 16:52:57 >> : -- transform #8 payload 
09/05/15 16:52:57 >> : -- transform #9 payload 
09/05/15 16:52:57 >> : -- transform #10 payload 
09/05/15 16:52:57 >> : -- transform #11 payload 
09/05/15 16:52:57 >> : -- transform #12 payload 
09/05/15 16:52:57 >> : -- transform #13 payload 
09/05/15 16:52:57 >> : -- transform #14 payload 
09/05/15 16:52:57 >> : -- transform #15 payload 
09/05/15 16:52:57 >> : -- transform #16 payload 
09/05/15 16:52:57 >> : -- transform #17 payload 
09/05/15 16:52:57 >> : -- transform #18 payload 
09/05/15 16:52:57 >> : key exchange payload
09/05/15 16:52:57 >> : nonce payload
09/05/15 16:52:57 >> : identification payload
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local supports XAUTH
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local supports nat-t ( draft v00 )
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local supports nat-t ( draft v01 )
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local supports nat-t ( draft v02 )
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local supports nat-t ( draft v03 )
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local supports nat-t ( rfc )
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local supports FRAGMENTATION
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local supports DPDv1
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local is SHREW SOFT compatible
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local is NETSCREEN compatible
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local is SIDEWINDER compatible
09/05/15 16:52:57 >> : vendor id payload
09/05/15 16:52:57 ii : local is CISCO UNITY compatible
09/05/15 16:52:57 >= : cookies d6e55c18de57708d:0000000000000000
09/05/15 16:52:57 >= : message 00000000
09/05/15 16:52:57 -> : send IKE packet 192.168.2.170:500 -> 89.208.95.14:500 ( 1194 bytes )
09/05/15 16:52:57 DB : phase1 resend event scheduled ( ref count = 2 )
09/05/15 16:52:58 <- : recv IKE packet 89.208.95.14:500 -> 192.168.2.170:500 ( 400 bytes )
09/05/15 16:52:58 DB : phase1 found
09/05/15 16:52:58 ii : processing phase1 packet ( 400 bytes )
09/05/15 16:52:58 =< : cookies d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:52:58 =< : message 00000000
09/05/15 16:52:58 << : security association payload
09/05/15 16:52:58 << : - propsal #1 payload 
09/05/15 16:52:58 << : -- transform #1 payload 
09/05/15 16:52:58 ii : unmatched isakmp proposal/transform
09/05/15 16:52:58 ii : key length ( 128 != 256 )
09/05/15 16:52:58 ii : unmatched isakmp proposal/transform
09/05/15 16:52:58 ii : key length ( 128 != 256 )
09/05/15 16:52:58 ii : unmatched isakmp proposal/transform
09/05/15 16:52:58 ii : key length ( 128 != 192 )
09/05/15 16:52:58 ii : unmatched isakmp proposal/transform
09/05/15 16:52:58 ii : key length ( 128 != 192 )
09/05/15 16:52:58 !! : peer violates RFC, transform number mismatch ( 1 != 5 )
09/05/15 16:52:58 ii : matched isakmp proposal #1 transform #1
09/05/15 16:52:58 ii : - transform    = ike
09/05/15 16:52:58 ii : - cipher type  = aes
09/05/15 16:52:58 ii : - key length   = 128 bits
09/05/15 16:52:58 ii : - hash type    = md5
09/05/15 16:52:58 ii : - dh group     = modp-1024
09/05/15 16:52:58 ii : - auth type    = xauth-initiator-psk
09/05/15 16:52:58 ii : - life seconds = 86400
09/05/15 16:52:58 ii : - life kbytes  = 0
09/05/15 16:52:58 << : key exchange payload
09/05/15 16:52:58 << : nonce payload
09/05/15 16:52:58 << : identification payload
09/05/15 16:52:58 ii : phase1 id match ( natt prevents ip match )
09/05/15 16:52:58 ii : received = ipv4-host 89.208.95.14
09/05/15 16:52:58 << : hash payload
09/05/15 16:52:58 << : vendor id payload
09/05/15 16:52:58 ii : peer supports nat-t ( rfc )
09/05/15 16:52:58 << : vendor id payload
09/05/15 16:52:58 ii : peer supports nat-t ( draft v00 )
09/05/15 16:52:58 << : vendor id payload
09/05/15 16:52:58 ii : peer supports DPDv1
09/05/15 16:52:58 << : vendor id payload
09/05/15 16:52:58 ii : peer is ZYWALL compatible
09/05/15 16:52:58 << : nat discovery payload
09/05/15 16:52:58 << : nat discovery payload
09/05/15 16:52:58 ii : nat discovery - local address is translated
09/05/15 16:52:58 ii : switching to src nat-t udp port 4500
09/05/15 16:52:58 ii : switching to dst nat-t udp port 4500
09/05/15 16:52:58 == : DH shared secret ( 128 bytes )
09/05/15 16:52:58 == : SETKEYID ( 16 bytes )
09/05/15 16:52:58 == : SETKEYID_d ( 16 bytes )
09/05/15 16:52:58 == : SETKEYID_a ( 16 bytes )
09/05/15 16:52:58 == : SETKEYID_e ( 16 bytes )
09/05/15 16:52:58 == : cipher key ( 16 bytes )
09/05/15 16:52:58 == : cipher iv ( 16 bytes )
09/05/15 16:52:58 == : phase1 hash_i ( computed ) ( 16 bytes )
09/05/15 16:52:58 >> : hash payload
09/05/15 16:52:58 >> : nat discovery payload
09/05/15 16:52:58 >> : nat discovery payload
09/05/15 16:52:58 >= : cookies d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:52:58 >= : message 00000000
09/05/15 16:52:58 >= : encrypt iv ( 16 bytes )
09/05/15 16:52:58 == : encrypt packet ( 88 bytes )
09/05/15 16:52:58 == : stored iv ( 16 bytes )
09/05/15 16:52:58 DB : phase1 resend event canceled ( ref count = 1 )
09/05/15 16:52:58 -> : send NAT-T:IKE packet 192.168.2.170:4500 -> 89.208.95.14:4500 ( 124 bytes )
09/05/15 16:52:58 == : phase1 hash_r ( computed ) ( 16 bytes )
09/05/15 16:52:58 == : phase1 hash_r ( received ) ( 16 bytes )
09/05/15 16:52:58 ii : phase1 sa established
09/05/15 16:52:58 ii : 89.208.95.14:4500 <-> 192.168.2.170:4500
09/05/15 16:52:58 ii : d6e55c18de57708d:1dbe34de10d6298
09/05/15 16:52:58 ii : sending peer INITIAL-CONTACT notification
09/05/15 16:52:58 ii : - 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:52:58 ii : - isakmp spi = d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:52:58 ii : - data size 0
09/05/15 16:52:58 >> : hash payload
09/05/15 16:52:58 >> : notification payload
09/05/15 16:52:58 == : new informational hash ( 16 bytes )
09/05/15 16:52:58 == : new informational iv ( 16 bytes )
09/05/15 16:52:58 >= : cookies d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:52:58 >= : message 6b23d91b
09/05/15 16:52:58 >= : encrypt iv ( 16 bytes )
09/05/15 16:52:58 == : encrypt packet ( 76 bytes )
09/05/15 16:52:58 == : stored iv ( 16 bytes )
09/05/15 16:52:58 -> : send NAT-T:IKE packet 192.168.2.170:4500 -> 89.208.95.14:4500 ( 108 bytes )
09/05/15 16:52:58 DB : phase2 not found
09/05/15 16:53:02 <- : recv IKE packet 89.208.95.14:500 -> 192.168.2.170:500 ( 400 bytes )
09/05/15 16:53:02 DB : phase1 found
09/05/15 16:53:02 ww : initiator port values should only float once per session
09/05/15 16:53:02 ii : processing phase1 packet ( 400 bytes )
09/05/15 16:53:02 !! : phase1 packet ignored, resending last packet ( phase1 already mature )
09/05/15 16:53:02 -> : resend 1 phase1 packet(s) 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:10 <- : recv IKE packet 89.208.95.14:500 -> 192.168.2.170:500 ( 400 bytes )
09/05/15 16:53:10 DB : phase1 found
09/05/15 16:53:10 ww : initiator port values should only float once per session
09/05/15 16:53:10 ii : processing phase1 packet ( 400 bytes )
09/05/15 16:53:10 !! : phase1 packet ignored, resending last packet ( phase1 already mature )
09/05/15 16:53:10 -> : resend 1 phase1 packet(s) 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:13 DB : phase1 found
09/05/15 16:53:13 ii : sending peer DPDV1-R-U-THERE notification
09/05/15 16:53:13 ii : - 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:13 ii : - isakmp spi = d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:13 ii : - data size 4
09/05/15 16:53:13 >> : hash payload
09/05/15 16:53:13 >> : notification payload
09/05/15 16:53:13 == : new informational hash ( 16 bytes )
09/05/15 16:53:13 == : new informational iv ( 16 bytes )
09/05/15 16:53:13 >= : cookies d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:13 >= : message 00f59669
09/05/15 16:53:13 >= : encrypt iv ( 16 bytes )
09/05/15 16:53:13 == : encrypt packet ( 80 bytes )
09/05/15 16:53:13 == : stored iv ( 16 bytes )
09/05/15 16:53:13 -> : send NAT-T:IKE packet 192.168.2.170:4500 -> 89.208.95.14:4500 ( 124 bytes )
09/05/15 16:53:13 ii : DPD ARE-YOU-THERE sequence 0f72b774 requested
09/05/15 16:53:13 DB : phase1 found
09/05/15 16:53:13 -> : send NAT-T:KEEP-ALIVE packet 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:26 <- : recv IKE packet 89.208.95.14:500 -> 192.168.2.170:500 ( 400 bytes )
09/05/15 16:53:26 DB : phase1 found
09/05/15 16:53:26 ww : initiator port values should only float once per session
09/05/15 16:53:26 ii : processing phase1 packet ( 400 bytes )
09/05/15 16:53:26 !! : phase1 packet ignored, resending last packet ( phase1 already mature )
09/05/15 16:53:26 -> : resend 1 phase1 packet(s) 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:28 DB : phase1 found
09/05/15 16:53:28 -> : send NAT-T:KEEP-ALIVE packet 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:28 DB : phase1 found
09/05/15 16:53:28 ii : next tunnel DPD retry in 4 secs for peer 89.208.95.14:4500
09/05/15 16:53:28 ii : sending peer DPDV1-R-U-THERE notification
09/05/15 16:53:28 ii : - 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:28 ii : - isakmp spi = d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:28 ii : - data size 4
09/05/15 16:53:28 >> : hash payload
09/05/15 16:53:28 >> : notification payload
09/05/15 16:53:28 == : new informational hash ( 16 bytes )
09/05/15 16:53:28 == : new informational iv ( 16 bytes )
09/05/15 16:53:28 >= : cookies d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:28 >= : message 5a0759a4
09/05/15 16:53:28 >= : encrypt iv ( 16 bytes )
09/05/15 16:53:28 == : encrypt packet ( 80 bytes )
09/05/15 16:53:28 == : stored iv ( 16 bytes )
09/05/15 16:53:28 -> : send NAT-T:IKE packet 192.168.2.170:4500 -> 89.208.95.14:4500 ( 124 bytes )
09/05/15 16:53:28 ii : DPD ARE-YOU-THERE sequence 0f72b775 requested
09/05/15 16:53:32 DB : phase1 found
09/05/15 16:53:32 ii : next tunnel DPD retry in 3 secs for peer 89.208.95.14:4500
09/05/15 16:53:32 ii : sending peer DPDV1-R-U-THERE notification
09/05/15 16:53:32 ii : - 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:32 ii : - isakmp spi = d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:32 ii : - data size 4
09/05/15 16:53:32 >> : hash payload
09/05/15 16:53:32 >> : notification payload
09/05/15 16:53:32 == : new informational hash ( 16 bytes )
09/05/15 16:53:32 == : new informational iv ( 16 bytes )
09/05/15 16:53:32 >= : cookies d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:32 >= : message 1bd69e7e
09/05/15 16:53:32 >= : encrypt iv ( 16 bytes )
09/05/15 16:53:32 == : encrypt packet ( 80 bytes )
09/05/15 16:53:32 == : stored iv ( 16 bytes )
09/05/15 16:53:32 -> : send NAT-T:IKE packet 192.168.2.170:4500 -> 89.208.95.14:4500 ( 124 bytes )
09/05/15 16:53:32 ii : DPD ARE-YOU-THERE sequence 0f72b776 requested
09/05/15 16:53:35 DB : phase1 found
09/05/15 16:53:35 ii : next tunnel DPD retry in 2 secs for peer 89.208.95.14:4500
09/05/15 16:53:35 ii : sending peer DPDV1-R-U-THERE notification
09/05/15 16:53:35 ii : - 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:35 ii : - isakmp spi = d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:35 ii : - data size 4
09/05/15 16:53:35 >> : hash payload
09/05/15 16:53:35 >> : notification payload
09/05/15 16:53:35 == : new informational hash ( 16 bytes )
09/05/15 16:53:35 == : new informational iv ( 16 bytes )
09/05/15 16:53:35 >= : cookies d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:35 >= : message bae285e5
09/05/15 16:53:35 >= : encrypt iv ( 16 bytes )
09/05/15 16:53:35 == : encrypt packet ( 80 bytes )
09/05/15 16:53:35 == : stored iv ( 16 bytes )
09/05/15 16:53:35 -> : send NAT-T:IKE packet 192.168.2.170:4500 -> 89.208.95.14:4500 ( 124 bytes )
09/05/15 16:53:35 ii : DPD ARE-YOU-THERE sequence 0f72b777 requested
09/05/15 16:53:37 DB : phase1 found
09/05/15 16:53:37 ii : next tunnel DPD retry in 1 secs for peer 89.208.95.14:4500
09/05/15 16:53:37 ii : sending peer DPDV1-R-U-THERE notification
09/05/15 16:53:37 ii : - 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:37 ii : - isakmp spi = d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:37 ii : - data size 4
09/05/15 16:53:37 >> : hash payload
09/05/15 16:53:37 >> : notification payload
09/05/15 16:53:37 == : new informational hash ( 16 bytes )
09/05/15 16:53:37 == : new informational iv ( 16 bytes )
09/05/15 16:53:37 >= : cookies d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:37 >= : message 6b234b87
09/05/15 16:53:37 >= : encrypt iv ( 16 bytes )
09/05/15 16:53:37 == : encrypt packet ( 80 bytes )
09/05/15 16:53:37 == : stored iv ( 16 bytes )
09/05/15 16:53:37 -> : send NAT-T:IKE packet 192.168.2.170:4500 -> 89.208.95.14:4500 ( 124 bytes )
09/05/15 16:53:37 ii : DPD ARE-YOU-THERE sequence 0f72b778 requested
09/05/15 16:53:38 !! : tunnel DPD timeout for peer 89.208.95.14:4500
09/05/15 16:53:38 DB : policy not found
09/05/15 16:53:38 DB : policy not found
09/05/15 16:53:38 DB : tunnel natt event canceled ( ref count = 3 )
09/05/15 16:53:38 DB : tunnel stats event canceled ( ref count = 2 )
09/05/15 16:53:38 DB : removing tunnel config references
09/05/15 16:53:38 DB : removing tunnel phase2 references
09/05/15 16:53:38 DB : removing tunnel phase1 references
09/05/15 16:53:38 DB : phase1 soft event canceled ( ref count = 3 )
09/05/15 16:53:38 DB : phase1 hard event canceled ( ref count = 2 )
09/05/15 16:53:38 DB : phase1 dead event canceled ( ref count = 1 )
09/05/15 16:53:38 ii : sending peer DELETE message
09/05/15 16:53:38 ii : - 192.168.2.170:4500 -> 89.208.95.14:4500
09/05/15 16:53:38 ii : - isakmp spi = d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:38 ii : - data size 0
09/05/15 16:53:38 >> : hash payload
09/05/15 16:53:38 >> : delete payload
09/05/15 16:53:38 == : new informational hash ( 16 bytes )
09/05/15 16:53:38 == : new informational iv ( 16 bytes )
09/05/15 16:53:38 >= : cookies d6e55c18de57708d:01dbe34de10d6298
09/05/15 16:53:38 >= : message 7ed9a912
09/05/15 16:53:38 >= : encrypt iv ( 16 bytes )
09/05/15 16:53:38 == : encrypt packet ( 76 bytes )
09/05/15 16:53:38 == : stored iv ( 16 bytes )
09/05/15 16:53:38 -> : send NAT-T:IKE packet 192.168.2.170:4500 -> 89.208.95.14:4500 ( 108 bytes )
09/05/15 16:53:38 ii : phase1 removal before expire time
09/05/15 16:53:38 DB : phase1 deleted ( obj count = 0 )
09/05/15 16:53:38 DB : tunnel deleted ( obj count = 0 )
09/05/15 16:53:38 DB : removing all peer tunnel refrences
09/05/15 16:53:38 DB : peer deleted ( obj count = 0 )
09/05/15 16:53:38 ii : ipc client process thread exit ...

More information about the vpn-help mailing list