[Vpn-help] help connecting to cisco vpn

Gabe Moothart gmoothart at gmail.com
Thu Nov 12 00:18:59 CST 2009 

Hi,
I'm having some trouble connecting to a cisco vpn. The connection seems to
work - I get the login banner, and the vpn clien shows "tunnel enabled", but
after a few seconds it thens shows "session terminated by gateway" and
disconnects.

I've read that this probably indicates a problem with Phase 2 settings, but
I haven't been able to figure out what needs changing. I'm hoping someone in
here will be able to help me out.

The connection output looks like this:

configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
**session terminated by gateway**
tunnel disabled
detached from key daemon ...


And the IKE Service log (at "debug" output level) is below. Sorry for the
length,  but I'm not sure what is important and what isn't. The actual
disconnect happens somewhere near the bottom.


09/11/11 22:09:01 ## : IKE Daemon, ver 2.1.0
09/11/11 22:09:01 ## : Copyright 2008 Shrew Soft Inc.
09/11/11 22:09:01 ## : This product linked OpenSSL 0.9.8h 28 May 2008
09/11/11 22:09:01 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
09/11/11 22:09:01 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
09/11/11 22:09:02 ii : rebuilding vnet device list ...
09/11/11 22:09:02 ii : device ROOT\VNET\0000 disabled
09/11/11 22:09:02 ii : network process thread begin ...
09/11/11 22:09:02 ii : pfkey process thread begin ...
09/11/11 22:09:02 ii : ipc server process thread begin ...
09/11/11 22:09:02 !! : unable to connect to pfkey interface
09/11/11 22:09:02 ii : ipc client process thread begin ...
09/11/11 22:09:02 <A : peer config add message
09/11/11 22:09:02 DB : peer added ( obj count = 1 )
09/11/11 22:09:02 ii : local address 192.168.1.101 selected for peer
09/11/11 22:09:03 DB : tunnel added ( obj count = 1 )
09/11/11 22:09:03 !! : unable to connect to pfkey interface
09/11/11 22:09:03 <A : proposal config message
09/11/11 22:09:03 <A : proposal config message
09/11/11 22:09:03 <A : client config message
09/11/11 22:09:03 <A : xauth username message
09/11/11 22:09:03 <A : xauth password message
09/11/11 22:09:03 <A : local id 'VPNUsers' message
09/11/11 22:09:03 <A : preshared key message
09/11/11 22:09:03 <A : peer tunnel enable message
09/11/11 22:09:03 DB : new phase1 ( ISAKMP initiator )
09/11/11 22:09:03 DB : exchange type is aggressive
09/11/11 22:09:03 DB : 192.168.1.101:500 <-> 69.87.52.87:500
09/11/11 22:09:03 DB : 9a6f028cdc264ed8:0000000000000000
09/11/11 22:09:03 DB : phase1 added ( obj count = 1 )
09/11/11 22:09:03 >> : security association payload
09/11/11 22:09:03 >> : - proposal #1 payload
09/11/11 22:09:03 >> : -- transform #1 payload
09/11/11 22:09:03 >> : -- transform #2 payload
09/11/11 22:09:03 >> : -- transform #3 payload
09/11/11 22:09:03 >> : -- transform #4 payload
09/11/11 22:09:03 >> : -- transform #5 payload
09/11/11 22:09:03 >> : -- transform #6 payload
09/11/11 22:09:03 >> : -- transform #7 payload
09/11/11 22:09:03 >> : -- transform #8 payload
09/11/11 22:09:03 >> : -- transform #9 payload
09/11/11 22:09:03 >> : -- transform #10 payload
09/11/11 22:09:03 >> : -- transform #11 payload
09/11/11 22:09:03 >> : -- transform #12 payload
09/11/11 22:09:03 >> : -- transform #13 payload
09/11/11 22:09:03 >> : -- transform #14 payload
09/11/11 22:09:03 >> : -- transform #15 payload
09/11/11 22:09:03 >> : -- transform #16 payload
09/11/11 22:09:03 >> : -- transform #17 payload
09/11/11 22:09:03 >> : -- transform #18 payload
09/11/11 22:09:03 >> : key exchange payload
09/11/11 22:09:03 >> : nonce payload
09/11/11 22:09:03 >> : identification payload
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports XAUTH
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( draft v00 )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( draft v01 )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( draft v02 )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( draft v03 )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( rfc )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports DPDv1
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local is SHREW SOFT compatible
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local is NETSCREEN compatible
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local is SIDEWINDER compatible
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local is CISCO UNITY compatible
09/11/11 22:09:03 >= : cookies 9a6f028cdc264ed8:0000000000000000
09/11/11 22:09:03 >= : message 00000000
09/11/11 22:09:03 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.87:500( 1160 bytes )
09/11/11 22:09:03 DB : phase1 resend event scheduled ( ref count = 2 )
09/11/11 22:09:03 <- : recv IKE packet 69.87.52.87:500 ->
192.168.1.101:500( 388 bytes )
09/11/11 22:09:03 DB : phase1 found
09/11/11 22:09:03 ii : processing phase1 packet ( 388 bytes )
09/11/11 22:09:03 =< : cookies 9a6f028cdc264ed8:4ba3f4c477841e59
09/11/11 22:09:03 =< : message 00000000
09/11/11 22:09:03 << : security association payload
09/11/11 22:09:03 << : - propsal #1 payload
09/11/11 22:09:03 << : -- transform #13 payload
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : matched isakmp proposal #1 transform #13
09/11/11 22:09:03 ii : - transform    = ike
09/11/11 22:09:03 ii : - cipher type  = 3des
09/11/11 22:09:03 ii : - key length   = default
09/11/11 22:09:03 ii : - hash type    = md5
09/11/11 22:09:03 ii : - dh group     = modp-1024
09/11/11 22:09:03 ii : - auth type    = xauth-initiator-psk
09/11/11 22:09:03 ii : - life seconds = 86400
09/11/11 22:09:03 ii : - life kbytes  = 0
09/11/11 22:09:03 << : key exchange payload
09/11/11 22:09:03 << : nonce payload
09/11/11 22:09:03 << : identification payload
09/11/11 22:09:03 ii : phase1 id target is any
09/11/11 22:09:03 ii : phase1 id match
09/11/11 22:09:03 ii : received = ipv4-host 69.87.52.87
09/11/11 22:09:03 << : hash payload
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : peer is CISCO UNITY compatible
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : peer supports XAUTH
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : peer supports DPDv1
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : unknown vendor id ( 20 bytes )
09/11/11 22:09:03 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : unknown vendor id ( 16 bytes )
09/11/11 22:09:03 0x : be6453d9 77851e59 f3a34cc4 281496d3
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : unknown vendor id ( 16 bytes )
09/11/11 22:09:03 0x : 1f07f70e aa6514d3 b0fa9654 2a500401
09/11/11 22:09:03 ii : nat-t is unsupported by remote peer
09/11/11 22:09:03 == : DH shared secret ( 128 bytes )
09/11/11 22:09:03 == : SETKEYID ( 16 bytes )
09/11/11 22:09:03 == : SETKEYID_d ( 16 bytes )
09/11/11 22:09:03 == : SETKEYID_a ( 16 bytes )
09/11/11 22:09:03 == : SETKEYID_e ( 16 bytes )
09/11/11 22:09:03 == : cipher key ( 32 bytes )
09/11/11 22:09:03 == : cipher iv ( 8 bytes )
09/11/11 22:09:03 == : phase1 hash_i ( computed ) ( 16 bytes )
09/11/11 22:09:03 >> : hash payload
09/11/11 22:09:03 >= : cookies 9a6f028cdc264ed8:4ba3f4c477841e59
09/11/11 22:09:03 >= : message 00000000
09/11/11 22:09:03 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:03 == : encrypt packet ( 48 bytes )
09/11/11 22:09:03 == : stored iv ( 8 bytes )
09/11/11 22:09:03 DB : phase1 resend event canceled ( ref count = 1 )
09/11/11 22:09:03 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.87:500( 80 bytes )
09/11/11 22:09:03 == : phase1 hash_r ( computed ) ( 16 bytes )
09/11/11 22:09:03 == : phase1 hash_r ( received ) ( 16 bytes )
09/11/11 22:09:03 ii : phase1 sa established
09/11/11 22:09:03 ii : 69.87.52.87:500 <-> 192.168.1.101:500
09/11/11 22:09:03 ii : 9a6f028cdc264ed8:4ba3f4c477841e59
09/11/11 22:09:03 ii : sending peer INITIAL-CONTACT notification
09/11/11 22:09:03 ii : - 192.168.1.101:500 -> 69.87.52.87:500
09/11/11 22:09:03 ii : - isakmp spi = 9a6f028cdc264ed8:4ba3f4c477841e59
09/11/11 22:09:03 ii : - data size 0
09/11/11 22:09:03 >> : hash payload
09/11/11 22:09:03 >> : notification payload
09/11/11 22:09:03 == : new informational hash ( 16 bytes )
09/11/11 22:09:03 == : new informational iv ( 8 bytes )
09/11/11 22:09:03 >= : cookies 9a6f028cdc264ed8:4ba3f4c477841e59
09/11/11 22:09:03 >= : message a6183ef6
09/11/11 22:09:03 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:03 == : encrypt packet ( 76 bytes )
09/11/11 22:09:03 == : stored iv ( 8 bytes )
09/11/11 22:09:03 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.87:500( 104 bytes )
09/11/11 22:09:03 DB : phase2 not found
09/11/11 22:09:03 <- : recv IKE packet 69.87.52.87:500 ->
192.168.1.101:500( 84 bytes )
09/11/11 22:09:03 DB : phase1 found
09/11/11 22:09:03 ii : processing informational packet ( 84 bytes )
09/11/11 22:09:03 == : new informational iv ( 8 bytes )
09/11/11 22:09:03 =< : cookies 9a6f028cdc264ed8:4ba3f4c477841e59
09/11/11 22:09:03 =< : message 86302ec5
09/11/11 22:09:03 =< : decrypt iv ( 8 bytes )
09/11/11 22:09:03 == : decrypt packet ( 84 bytes )
09/11/11 22:09:03 <= : trimmed packet padding ( 4 bytes )
09/11/11 22:09:03 <= : stored iv ( 8 bytes )
09/11/11 22:09:03 << : hash payload
09/11/11 22:09:03 << : notification payload
09/11/11 22:09:03 == : informational hash_i ( computed ) ( 16 bytes )
09/11/11 22:09:03 == : informational hash_c ( received ) ( 16 bytes )
09/11/11 22:09:03 ii : informational hash verified
09/11/11 22:09:03 ii : received peer UNITY-LOAD-BALANCE notification
09/11/11 22:09:03 ii : - 69.87.52.87:500 -> 192.168.1.101:500
09/11/11 22:09:03 ii : - isakmp spi = 9a6f028cdc264ed8:4ba3f4c477841e59
09/11/11 22:09:03 ii : - data size 4
09/11/11 22:09:03 ii : UNITY-LOAD-BALANCE requested migration to 69.87.52.85
09/11/11 22:09:03 DB : new phase1 ( ISAKMP initiator )
09/11/11 22:09:03 DB : exchange type is aggressive
09/11/11 22:09:03 DB : 192.168.1.101:500 <-> 69.87.52.87:500
09/11/11 22:09:03 DB : 44eeb8db6224202a:0000000000000000
09/11/11 22:09:03 DB : phase1 added ( obj count = 2 )
09/11/11 22:09:03 DB : phase1 soft event canceled ( ref count = 4 )
09/11/11 22:09:03 DB : phase1 hard event canceled ( ref count = 3 )
09/11/11 22:09:03 DB : phase1 dead event canceled ( ref count = 2 )
09/11/11 22:09:03 ii : sending peer DELETE message
09/11/11 22:09:03 ii : - 192.168.1.101:500 -> 69.87.52.87:500
09/11/11 22:09:03 ii : - isakmp spi = 9a6f028cdc264ed8:4ba3f4c477841e59
09/11/11 22:09:03 ii : - data size 0
09/11/11 22:09:03 >> : hash payload
09/11/11 22:09:03 >> : delete payload
09/11/11 22:09:03 == : new informational hash ( 16 bytes )
09/11/11 22:09:03 == : new informational iv ( 8 bytes )
09/11/11 22:09:03 >= : cookies 9a6f028cdc264ed8:4ba3f4c477841e59
09/11/11 22:09:03 >= : message 32b4dcee
09/11/11 22:09:03 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:03 == : encrypt packet ( 76 bytes )
09/11/11 22:09:03 == : stored iv ( 8 bytes )
09/11/11 22:09:03 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.87:500( 104 bytes )
09/11/11 22:09:03 ii : phase1 removal before expire time
09/11/11 22:09:03 >> : security association payload
09/11/11 22:09:03 >> : - proposal #1 payload
09/11/11 22:09:03 >> : -- transform #1 payload
09/11/11 22:09:03 >> : -- transform #2 payload
09/11/11 22:09:03 >> : -- transform #3 payload
09/11/11 22:09:03 >> : -- transform #4 payload
09/11/11 22:09:03 >> : -- transform #5 payload
09/11/11 22:09:03 >> : -- transform #6 payload
09/11/11 22:09:03 >> : -- transform #7 payload
09/11/11 22:09:03 >> : -- transform #8 payload
09/11/11 22:09:03 >> : -- transform #9 payload
09/11/11 22:09:03 >> : -- transform #10 payload
09/11/11 22:09:03 >> : -- transform #11 payload
09/11/11 22:09:03 >> : -- transform #12 payload
09/11/11 22:09:03 >> : -- transform #13 payload
09/11/11 22:09:03 >> : -- transform #14 payload
09/11/11 22:09:03 >> : -- transform #15 payload
09/11/11 22:09:03 >> : -- transform #16 payload
09/11/11 22:09:03 >> : -- transform #17 payload
09/11/11 22:09:03 >> : -- transform #18 payload
09/11/11 22:09:03 >> : key exchange payload
09/11/11 22:09:03 >> : nonce payload
09/11/11 22:09:03 >> : identification payload
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports XAUTH
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( draft v00 )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( draft v01 )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( draft v02 )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( draft v03 )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports nat-t ( rfc )
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local supports DPDv1
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local is SHREW SOFT compatible
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local is NETSCREEN compatible
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local is SIDEWINDER compatible
09/11/11 22:09:03 >> : vendor id payload
09/11/11 22:09:03 ii : local is CISCO UNITY compatible
09/11/11 22:09:03 >= : cookies 44eeb8db6224202a:0000000000000000
09/11/11 22:09:03 >= : message 00000000
09/11/11 22:09:03 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.85:500( 1160 bytes )
09/11/11 22:09:03 DB : phase1 resend event scheduled ( ref count = 2 )
09/11/11 22:09:03 DB : phase1 deleted ( obj count = 1 )
09/11/11 22:09:03 <- : recv IKE packet 69.87.52.85:500 ->
192.168.1.101:500( 388 bytes )
09/11/11 22:09:03 DB : phase1 found
09/11/11 22:09:03 ii : processing phase1 packet ( 388 bytes )
09/11/11 22:09:03 =< : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:03 =< : message 00000000
09/11/11 22:09:03 << : security association payload
09/11/11 22:09:03 << : - propsal #1 payload
09/11/11 22:09:03 << : -- transform #13 payload
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != aes )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : unmatched isakmp proposal/transform
09/11/11 22:09:03 ii : cipher type ( 3des != blowfish )
09/11/11 22:09:03 ii : matched isakmp proposal #1 transform #13
09/11/11 22:09:03 ii : - transform    = ike
09/11/11 22:09:03 ii : - cipher type  = 3des
09/11/11 22:09:03 ii : - key length   = default
09/11/11 22:09:03 ii : - hash type    = md5
09/11/11 22:09:03 ii : - dh group     = modp-1024
09/11/11 22:09:03 ii : - auth type    = xauth-initiator-psk
09/11/11 22:09:03 ii : - life seconds = 86400
09/11/11 22:09:03 ii : - life kbytes  = 0
09/11/11 22:09:03 << : key exchange payload
09/11/11 22:09:03 << : nonce payload
09/11/11 22:09:03 << : identification payload
09/11/11 22:09:03 ii : phase1 id target is any
09/11/11 22:09:03 ii : phase1 id match
09/11/11 22:09:03 ii : received = ipv4-host 69.87.52.85
09/11/11 22:09:03 << : hash payload
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : peer is CISCO UNITY compatible
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : peer supports XAUTH
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : peer supports DPDv1
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : unknown vendor id ( 20 bytes )
09/11/11 22:09:03 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : unknown vendor id ( 16 bytes )
09/11/11 22:09:03 0x : 97a09cda 7014d7a1 b7a759fc 40d2cd31
09/11/11 22:09:03 << : vendor id payload
09/11/11 22:09:03 ii : unknown vendor id ( 16 bytes )
09/11/11 22:09:03 0x : 1f07f70e aa6514d3 b0fa9654 2a500401
09/11/11 22:09:03 ii : nat-t is unsupported by remote peer
09/11/11 22:09:03 == : DH shared secret ( 128 bytes )
09/11/11 22:09:03 == : SETKEYID ( 16 bytes )
09/11/11 22:09:03 == : SETKEYID_d ( 16 bytes )
09/11/11 22:09:03 == : SETKEYID_a ( 16 bytes )
09/11/11 22:09:03 == : SETKEYID_e ( 16 bytes )
09/11/11 22:09:03 == : cipher key ( 32 bytes )
09/11/11 22:09:03 == : cipher iv ( 8 bytes )
09/11/11 22:09:03 == : phase1 hash_i ( computed ) ( 16 bytes )
09/11/11 22:09:03 >> : hash payload
09/11/11 22:09:03 >= : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:03 >= : message 00000000
09/11/11 22:09:03 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:03 == : encrypt packet ( 48 bytes )
09/11/11 22:09:03 == : stored iv ( 8 bytes )
09/11/11 22:09:03 DB : phase1 resend event canceled ( ref count = 1 )
09/11/11 22:09:03 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.85:500( 80 bytes )
09/11/11 22:09:03 == : phase1 hash_r ( computed ) ( 16 bytes )
09/11/11 22:09:03 == : phase1 hash_r ( received ) ( 16 bytes )
09/11/11 22:09:03 ii : phase1 sa established
09/11/11 22:09:03 ii : 69.87.52.85:500 <-> 192.168.1.101:500
09/11/11 22:09:03 ii : 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:03 ii : sending peer INITIAL-CONTACT notification
09/11/11 22:09:03 ii : - 192.168.1.101:500 -> 69.87.52.85:500
09/11/11 22:09:03 ii : - isakmp spi = 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:03 ii : - data size 0
09/11/11 22:09:03 >> : hash payload
09/11/11 22:09:03 >> : notification payload
09/11/11 22:09:03 == : new informational hash ( 16 bytes )
09/11/11 22:09:03 == : new informational iv ( 8 bytes )
09/11/11 22:09:03 >= : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:03 >= : message 5a0b2cff
09/11/11 22:09:03 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:03 == : encrypt packet ( 76 bytes )
09/11/11 22:09:03 == : stored iv ( 8 bytes )
09/11/11 22:09:03 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.85:500( 104 bytes )
09/11/11 22:09:03 DB : phase2 not found
09/11/11 22:09:03 <- : recv IKE packet 69.87.52.85:500 ->
192.168.1.101:500( 116 bytes )
09/11/11 22:09:03 DB : phase1 found
09/11/11 22:09:03 ii : processing config packet ( 116 bytes )
09/11/11 22:09:03 DB : config not found
09/11/11 22:09:03 DB : config added ( obj count = 1 )
09/11/11 22:09:03 == : new config iv ( 8 bytes )
09/11/11 22:09:03 =< : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:03 =< : message ae44469f
09/11/11 22:09:03 =< : decrypt iv ( 8 bytes )
09/11/11 22:09:03 == : decrypt packet ( 116 bytes )
09/11/11 22:09:03 <= : trimmed packet padding ( 4 bytes )
09/11/11 22:09:03 <= : stored iv ( 8 bytes )
09/11/11 22:09:03 << : hash payload
09/11/11 22:09:03 << : attribute payload
09/11/11 22:09:03 == : configure hash_i ( computed ) ( 16 bytes )
09/11/11 22:09:03 == : configure hash_c ( computed ) ( 16 bytes )
09/11/11 22:09:03 ii : configure hash verified
09/11/11 22:09:03 ii : - xauth authentication type
09/11/11 22:09:03 ii : - xauth username
09/11/11 22:09:03 !! : warning, unhandled xauth attribute 16526
09/11/11 22:09:03 ii : - xauth password
09/11/11 22:09:03 ii : received basic xauth request - Enter Username,
Password and Domain.
09/11/11 22:09:03 ii : - standard xauth username
09/11/11 22:09:03 ii : - standard xauth password
09/11/11 22:09:03 ii : sending xauth response for gmoothart
09/11/11 22:09:03 >> : hash payload
09/11/11 22:09:03 >> : attribute payload
09/11/11 22:09:03 == : new configure hash ( 16 bytes )
09/11/11 22:09:03 >= : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:03 >= : message ae44469f
09/11/11 22:09:03 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:03 == : encrypt packet ( 86 bytes )
09/11/11 22:09:03 == : stored iv ( 8 bytes )
09/11/11 22:09:03 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.85:500( 120 bytes )
09/11/11 22:09:03 DB : config resend event scheduled ( ref count = 2 )
09/11/11 22:09:04 !! : unable to connect to pfkey interface
09/11/11 22:09:04 <- : recv IKE packet 69.87.52.85:500 ->
192.168.1.101:500( 60 bytes )
09/11/11 22:09:04 DB : phase1 found
09/11/11 22:09:04 ii : processing config packet ( 60 bytes )
09/11/11 22:09:04 DB : config found
09/11/11 22:09:04 == : new config iv ( 8 bytes )
09/11/11 22:09:04 =< : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:04 =< : message 8ecd033b
09/11/11 22:09:04 =< : decrypt iv ( 8 bytes )
09/11/11 22:09:04 == : decrypt packet ( 60 bytes )
09/11/11 22:09:04 <= : stored iv ( 8 bytes )
09/11/11 22:09:04 << : hash payload
09/11/11 22:09:04 << : attribute payload
09/11/11 22:09:04 == : configure hash_i ( computed ) ( 16 bytes )
09/11/11 22:09:04 == : configure hash_c ( computed ) ( 16 bytes )
09/11/11 22:09:04 ii : configure hash verified
09/11/11 22:09:04 ii : received xauth result -
09/11/11 22:09:04 ii : user gmoothart authentication succeeded
09/11/11 22:09:04 ii : sending xauth acknowledge
09/11/11 22:09:04 >> : hash payload
09/11/11 22:09:04 >> : attribute payload
09/11/11 22:09:04 == : new configure hash ( 16 bytes )
09/11/11 22:09:04 >= : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:04 >= : message 8ecd033b
09/11/11 22:09:04 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:04 == : encrypt packet ( 56 bytes )
09/11/11 22:09:04 == : stored iv ( 8 bytes )
09/11/11 22:09:04 DB : config resend event canceled ( ref count = 1 )
09/11/11 22:09:04 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.85:500( 88 bytes )
09/11/11 22:09:04 DB : config resend event scheduled ( ref count = 2 )
09/11/11 22:09:04 ii : building config attribute list
09/11/11 22:09:04 ii : - IP4 Address
09/11/11 22:09:04 ii : - Address Expiry
09/11/11 22:09:04 ii : - IP4 Netamask
09/11/11 22:09:04 ii : - IP4 DNS Server
09/11/11 22:09:04 ii : - IP4 WINS Server
09/11/11 22:09:04 ii : - DNS Suffix
09/11/11 22:09:04 ii : - Split DNS Domain
09/11/11 22:09:04 ii : - IP4 Split Network Include
09/11/11 22:09:04 ii : - IP4 Split Network Exclude
09/11/11 22:09:04 ii : - Login Banner
09/11/11 22:09:04 ii : - PFS Group
09/11/11 22:09:04 ii : - Save Password
09/11/11 22:09:04 == : new config iv ( 8 bytes )
09/11/11 22:09:04 ii : sending config pull request
09/11/11 22:09:04 >> : hash payload
09/11/11 22:09:04 >> : attribute payload
09/11/11 22:09:04 == : new configure hash ( 16 bytes )
09/11/11 22:09:04 >= : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:04 >= : message 2a2be3df
09/11/11 22:09:04 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:04 == : encrypt packet ( 104 bytes )
09/11/11 22:09:04 == : stored iv ( 8 bytes )
09/11/11 22:09:04 DB : config resend event canceled ( ref count = 1 )
09/11/11 22:09:04 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.85:500( 136 bytes )
09/11/11 22:09:04 DB : config resend event scheduled ( ref count = 2 )
09/11/11 22:09:04 <- : recv IKE packet 69.87.52.85:500 ->
192.168.1.101:500( 652 bytes )
09/11/11 22:09:04 DB : phase1 found
09/11/11 22:09:04 ii : processing config packet ( 652 bytes )
09/11/11 22:09:04 DB : config found
09/11/11 22:09:04 =< : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:04 =< : message 2a2be3df
09/11/11 22:09:04 =< : decrypt iv ( 8 bytes )
09/11/11 22:09:04 == : decrypt packet ( 652 bytes )
09/11/11 22:09:04 <= : trimmed packet padding ( 5 bytes )
09/11/11 22:09:04 <= : stored iv ( 8 bytes )
09/11/11 22:09:04 << : hash payload
09/11/11 22:09:04 << : attribute payload
09/11/11 22:09:04 == : configure hash_i ( computed ) ( 16 bytes )
09/11/11 22:09:04 == : configure hash_c ( computed ) ( 16 bytes )
09/11/11 22:09:04 ii : configure hash verified
09/11/11 22:09:04 ii : received config pull response
09/11/11 22:09:04 ii : - IP4 Address = 192.168.146.3
09/11/11 22:09:04 ii : - IP4 Netmask = 255.255.254.0
09/11/11 22:09:04 ii : - IP4 DNS Server = 172.17.88.238
09/11/11 22:09:04 ii : - IP4 DNS Server = 172.17.88.239
09/11/11 22:09:04 ii : - IP4 WINS Server = 172.17.88.238
09/11/11 22:09:04 ii : - IP4 WINS Server = 172.17.88.239
09/11/11 22:09:04 ii : - Login Banner = **AUTHORIZED US ...
09/11/11 22:09:04 ii : - Save Password = 0
09/11/11 22:09:04 ii : - DNS Suffix = ana.firstamdata.com
09/11/11 22:09:04 ii : - PFS Group = 0
09/11/11 22:09:04 DB : config resend event canceled ( ref count = 1 )
09/11/11 22:09:04 ii : waiting for vnet to arrive ...
09/11/11 22:09:05 !! : unable to connect to pfkey interface
09/11/11 22:09:05 !! : VNET adapter MTU defaulted to 1500.
09/11/11 22:09:05 ii : enabled adapter ROOT\VNET\0000
09/11/11 22:09:05 ii : creating NONE INBOUND policy ANY:69.87.52.85:* ->
ANY:192.168.1.101:*
09/11/11 22:09:05 DB : policy added ( obj count = 1 )
09/11/11 22:09:05 K> : send pfkey X_SPDADD UNSPEC message
09/11/11 22:09:05 ii : creating NONE OUTBOUND policy ANY:192.168.1.101:* ->
ANY:69.87.52.85:*
09/11/11 22:09:05 ii : created NONE policy route for 69.87.52.85/32
09/11/11 22:09:05 DB : policy added ( obj count = 2 )
09/11/11 22:09:05 K> : send pfkey X_SPDADD UNSPEC message
09/11/11 22:09:05 ii : creating IPSEC INBOUND policy ANY:0.0.0.0/0:* ->
ANY:192.168.146.3:*
09/11/11 22:09:05 DB : policy added ( obj count = 3 )
09/11/11 22:09:05 K> : send pfkey X_SPDADD UNSPEC message
09/11/11 22:09:05 ii : creating IPSEC OUTBOUND policy ANY:192.168.146.3:* ->
ANY:0.0.0.0/0:*
09/11/11 22:09:05 ii : created IPSEC policy route for 0.0.0.0
09/11/11 22:09:05 DB : policy added ( obj count = 4 )
09/11/11 22:09:05 K> : send pfkey X_SPDADD UNSPEC message
09/11/11 22:09:05 ii : split DNS bypassed ( no split domains defined )
09/11/11 22:09:06 !! : unable to connect to pfkey interface
09/11/11 22:09:07 !! : unable to connect to pfkey interface
09/11/11 22:09:08 !! : unable to connect to pfkey interface
09/11/11 22:09:09 !! : unable to connect to pfkey interface
09/11/11 22:09:10 !! : unable to connect to pfkey interface
09/11/11 22:09:11 !! : unable to connect to pfkey interface
09/11/11 22:09:12 !! : unable to connect to pfkey interface
09/11/11 22:09:12 <- : recv IKE packet 69.87.52.85:500 ->
192.168.1.101:500( 652 bytes )
09/11/11 22:09:12 DB : phase1 found
09/11/11 22:09:12 ii : processing config packet ( 652 bytes )
09/11/11 22:09:12 DB : config found
09/11/11 22:09:12 !! : config packet ignored, ( config already mature )
09/11/11 22:09:13 !! : unable to connect to pfkey interface
09/11/11 22:09:14 !! : unable to connect to pfkey interface
09/11/11 22:09:15 !! : unable to connect to pfkey interface
09/11/11 22:09:16 !! : unable to connect to pfkey interface
09/11/11 22:09:17 !! : unable to connect to pfkey interface
09/11/11 22:09:18 !! : unable to connect to pfkey interface
09/11/11 22:09:18 DB : phase1 found
09/11/11 22:09:18 ii : sending peer DPDV1-R-U-THERE notification
09/11/11 22:09:18 ii : - 192.168.1.101:500 -> 69.87.52.85:500
09/11/11 22:09:18 ii : - isakmp spi = 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:18 ii : - data size 4
09/11/11 22:09:18 >> : hash payload
09/11/11 22:09:18 >> : notification payload
09/11/11 22:09:18 == : new informational hash ( 16 bytes )
09/11/11 22:09:18 == : new informational iv ( 8 bytes )
09/11/11 22:09:18 >= : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:18 >= : message 682dfcc0
09/11/11 22:09:18 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:18 == : encrypt packet ( 80 bytes )
09/11/11 22:09:18 == : stored iv ( 8 bytes )
09/11/11 22:09:18 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.85:500( 112 bytes )
09/11/11 22:09:18 ii : DPD ARE-YOU-THERE sequence 2ad37973 requested
09/11/11 22:09:19 !! : unable to connect to pfkey interface
09/11/11 22:09:20 !! : unable to connect to pfkey interface
09/11/11 22:09:20 <- : recv IKE packet 69.87.52.85:500 ->
192.168.1.101:500( 652 bytes )
09/11/11 22:09:20 DB : phase1 found
09/11/11 22:09:20 ii : processing config packet ( 652 bytes )
09/11/11 22:09:20 DB : config found
09/11/11 22:09:20 !! : config packet ignored, ( config already mature )
09/11/11 22:09:21 !! : unable to connect to pfkey interface
09/11/11 22:09:22 !! : unable to connect to pfkey interface
09/11/11 22:09:23 !! : unable to connect to pfkey interface
09/11/11 22:09:24 !! : unable to connect to pfkey interface
09/11/11 22:09:25 !! : unable to connect to pfkey interface
09/11/11 22:09:26 !! : unable to connect to pfkey interface
09/11/11 22:09:27 !! : unable to connect to pfkey interface
09/11/11 22:09:28 !! : unable to connect to pfkey interface
09/11/11 22:09:28 <- : recv IKE packet 69.87.52.85:500 ->
192.168.1.101:500( 652 bytes )
09/11/11 22:09:28 DB : phase1 found
09/11/11 22:09:28 ii : processing config packet ( 652 bytes )
09/11/11 22:09:28 DB : config found
09/11/11 22:09:28 !! : config packet ignored, ( config already mature )
09/11/11 22:09:29 !! : unable to connect to pfkey interface
09/11/11 22:09:30 !! : unable to connect to pfkey interface
09/11/11 22:09:31 !! : unable to connect to pfkey interface
09/11/11 22:09:32 !! : unable to connect to pfkey interface
09/11/11 22:09:33 !! : unable to connect to pfkey interface
09/11/11 22:09:33 DB : phase1 found
09/11/11 22:09:33 ii : next tunnel DPD retry in 4 secs for peer
69.87.52.85:500
09/11/11 22:09:33 ii : sending peer DPDV1-R-U-THERE notification
09/11/11 22:09:33 ii : - 192.168.1.101:500 -> 69.87.52.85:500
09/11/11 22:09:33 ii : - isakmp spi = 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:33 ii : - data size 4
09/11/11 22:09:33 >> : hash payload
09/11/11 22:09:33 >> : notification payload
09/11/11 22:09:33 == : new informational hash ( 16 bytes )
09/11/11 22:09:33 == : new informational iv ( 8 bytes )
09/11/11 22:09:33 >= : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:33 >= : message 7fce5ed7
09/11/11 22:09:33 >= : encrypt iv ( 8 bytes )
09/11/11 22:09:33 == : encrypt packet ( 80 bytes )
09/11/11 22:09:33 == : stored iv ( 8 bytes )
09/11/11 22:09:33 -> : send IKE packet 192.168.1.101:500 ->
69.87.52.85:500( 112 bytes )
09/11/11 22:09:33 ii : DPD ARE-YOU-THERE sequence 2ad37974 requested
09/11/11 22:09:34 !! : unable to connect to pfkey interface
09/11/11 22:09:35 !! : unable to connect to pfkey interface
09/11/11 22:09:36 !! : unable to connect to pfkey interface
09/11/11 22:09:36 <- : recv IKE packet 69.87.52.85:500 ->
192.168.1.101:500( 76 bytes )
09/11/11 22:09:36 DB : phase1 found
09/11/11 22:09:36 ii : processing informational packet ( 76 bytes )
09/11/11 22:09:36 == : new informational iv ( 8 bytes )
09/11/11 22:09:36 =< : cookies 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:36 =< : message 3608d868
09/11/11 22:09:36 =< : decrypt iv ( 8 bytes )
09/11/11 22:09:36 == : decrypt packet ( 76 bytes )
09/11/11 22:09:36 <= : stored iv ( 8 bytes )
09/11/11 22:09:36 << : hash payload
09/11/11 22:09:36 << : delete payload
09/11/11 22:09:36 == : informational hash_i ( computed ) ( 16 bytes )
09/11/11 22:09:36 == : informational hash_c ( received ) ( 16 bytes )
09/11/11 22:09:36 ii : informational hash verified
09/11/11 22:09:36 ii : received peer DELETE message
09/11/11 22:09:36 ii : - 69.87.52.85:500 -> 192.168.1.101:500
09/11/11 22:09:36 ii : - isakmp spi = 44eeb8db6224202a:62673bc77015d7a1
09/11/11 22:09:36 DB : phase1 found
09/11/11 22:09:36 ii : cleanup, marked phase1
44eeb8db6224202a:62673bc77015d7a1 for removal
09/11/11 22:09:36 DB : phase1 soft event canceled ( ref count = 4 )
09/11/11 22:09:36 DB : phase1 hard event canceled ( ref count = 3 )
09/11/11 22:09:36 DB : phase1 dead event canceled ( ref count = 2 )
09/11/11 22:09:36 DB : config deleted ( obj count = 0 )
09/11/11 22:09:36 ii : phase1 removal before expire time
09/11/11 22:09:36 DB : phase1 not found
09/11/11 22:09:36 DB : phase1 deleted ( obj count = 0 )
09/11/11 22:09:36 DB : policy found
09/11/11 22:09:36 ii : removing IPSEC INBOUND policy ANY:0.0.0.0/0:* ->
ANY:192.168.146.3:*
09/11/11 22:09:36 K> : send pfkey X_SPDDELETE2 UNSPEC message
09/11/11 22:09:36 DB : policy found
09/11/11 22:09:36 ii : removing IPSEC OUTBOUND policy ANY:192.168.146.3:* ->
ANY:0.0.0.0/0:*
09/11/11 22:09:36 K> : send pfkey X_SPDDELETE2 UNSPEC message
09/11/11 22:09:36 ii : removed IPSEC policy route for ANY:0.0.0.0/0:*
09/11/11 22:09:36 DB : policy found
09/11/11 22:09:36 ii : removing NONE INBOUND policy ANY:69.87.52.85:* ->
ANY:192.168.1.101:*
09/11/11 22:09:36 K> : send pfkey X_SPDDELETE2 UNSPEC message
09/11/11 22:09:36 DB : policy found
09/11/11 22:09:36 ii : removing NONE OUTBOUND policy ANY:192.168.1.101:* ->
ANY:69.87.52.85:*
09/11/11 22:09:36 K> : send pfkey X_SPDDELETE2 UNSPEC message
09/11/11 22:09:36 ii : removed NONE policy route for ANY:69.87.52.85:*
09/11/11 22:09:36 ii : disabled adapter ROOT\VNET\0000
09/11/11 22:09:36 DB : tunnel dpd event canceled ( ref count = 2 )
09/11/11 22:09:36 DB : tunnel stats event canceled ( ref count = 1 )
09/11/11 22:09:36 DB : removing tunnel config references
09/11/11 22:09:36 DB : removing tunnel phase2 references
09/11/11 22:09:36 DB : removing tunnel phase1 references
09/11/11 22:09:36 DB : tunnel deleted ( obj count = 0 )
09/11/11 22:09:36 DB : removing all peer tunnel refrences
09/11/11 22:09:36 DB : peer deleted ( obj count = 0 )
09/11/11 22:09:36 ii : ipc client process thread exit ...
09/11/11 22:09:37 !! : unable to connect to pfkey interface
09/11/11 22:09:37 ii : halt signal received, shutting down
09/11/11 22:09:37 ii : ipc server process thread exit ...
09/11/11 22:09:37 ii : network process thread exit ...


TIA,
Gabe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091111/29d0af9b/attachment-0001.html>

More information about the vpn-help mailing list