[Vpn-help] Cisco VPN 3000 and Shrew 2.1.5-rc-4(2) issue
Mathieu Ploton
mploton at gmail.com
Fri Nov 27 03:25:00 CST 2009
Hi again,
I've just tried the 1.4 Stable version and I have exactly the same problem.
Regards,
Mathieu
On Fri, Nov 27, 2009 at 8:21 AM, Mathieu Ploton <mploton at gmail.com> wrote:
> Just to get back to my original post, do you advice me to try some other
> versions of Shrew or something else ?
>
> My aim is definitely to find a solution for remote access to my VPN3000
> Gateway from a Windows 7 64bits station. The cisco ipsec client is hardly
> compatible with windows 7 and not at all 64 bits compatible.
>
> Best regards,
>
> MP
>
>
> On Fri, Nov 27, 2009 at 7:51 AM, Charles Buckley <ceb at mauto.com> wrote:
>
>> I would be compelled to wonder, just how flexible and/or universal this
>> SSL client installation feature from Cisco is. I bought the Netgear FVS336G
>> because the marketing literature suggested a VPN connection “anywhere,
>> anytime” was possible. To my horror upon receiving the unit, I discover
>> it’s only good for 32-bit Windows clients. 64-bit doesn’t work, and in the
>> latest releases of the firmware, even Macintosh is not supported.
>>
>>
>>
>> So I’m back fiddling with IPSec clients. I don’t mind – this is the way
>> I discovered the Shrew enterprise, but it’s a lot of additional hassle in an
>> already over-busy day. Given the way Netgear seem to approach software, I
>> wonder if some sort of OEM cooperation between Netgear and Shrewsoft would
>> make sense.
>>
>>
>>
>> Charles
>>
>>
>> ------------------------------
>>
>> *From:* vpn-help-bounces at lists.shrew.net [mailto:
>> vpn-help-bounces at lists.shrew.net] *On Behalf Of *Frank Pikelner
>> *Sent:* Friday, November 27, 2009 12:16 AM
>> *To:* Mathieu Ploton
>> *Cc:* Daniel Sabanes Bove; vpn-help at lists.shrew.net
>> *Subject:* Re: [Vpn-help] Cisco VPN 3000 and Shrew 2.1.5-rc-4(2) issue
>>
>>
>>
>> This is a bit off topic, but the Cisco 3000 has the ability to dynamically
>> install a VPN client on Windows platforms following a successful
>> authentication over SSL. We've used this successfully in the past.
>>
>>
>>
>>
>> Frank Pikelner
>>
>>
>> On 2009-11-26, at 4:00 PM, "Mathieu Ploton" <mploton at gmail.com> wrote:
>>
>> Thank you, I will try to downgrade to see what's going on.
>>
>>
>>
>> Mathieu
>>
>> On Thu, Nov 26, 2009 at 8:43 PM, Daniel Sabanes Bove <<daniel.sabanesbove at gmx.net>
>> daniel.sabanesbove at gmx.net> wrote:
>>
>> Hi,
>>
>> I have experienced exactly the same problem since 2.1.5 rc-3, as a user
>> wanting to VPN to my university (so I cannot change the concentrator
>> config). Matthew wanted to analyze the problem, but unfortunately I got
>> no response from him since August or so ... I am suspecting that is has
>> something to do with the dead peer detection protocol (dpd).
>>
>> Daniel
>>
>>
>> > From: Mathieu Ploton < <mploton at gmail.com>mploton at gmail.com>
>> > Subject: [Vpn-help] Cisco VPN 3000 and Shrew 2.1.5-rc-4(2) issue
>> > To: <vpn-help at lists.shrew.net>vpn-help at lists.shrew.net
>> > Message-ID:
>> > < <fcc0fade0911260656g319e9a6ax45e43ebbafc8300 at mail.gmail.com>
>> fcc0fade0911260656g319e9a6ax45e43ebbafc8300 at mail.gmail.com>
>> > Content-Type: text/plain; charset="iso-8859-1"
>>
>> >
>> > Hello,
>> >
>> >
>> >
>> > One of my user want to connect to the VPN3000 Concentrator with a
>> windows 7
>> > 64b station.
>> >
>> >
>> > I'm trying to import the cisco vpn profile to
>> > *Shrew*vpn-client-2.1.5-rc-4(2) in order to make it work in Windows 7
>> > 64b.
>> >
>> >
>> >
>> > The import goes well and I'm able to connect but a few sec after the
>> > connection, I get this message :
>> >
>> >
>> >
>> > network device configured
>> > tunnel enabled
>> > *session terminated by gateway*
>> > tunnel disabled
>> > detached from key daemon ...
>> >
>> >
>> >
>> > - *My concentrator is a VPN 3000 and the log does not say much :*
>> >
>> >
>> >
>> > 3758 11/24/2009 12:11:13.710 SEV=4 IKE/52 RPT=19713 remote address
>> > Group [vg-clients] User [toto]
>> > User (toto) authenticated.
>> >
>> > 3759 11/24/2009 12:11:13.720 SEV=4 IKE/149 RPT=46
>> > Hardware client security attribute SECURE UNIT was enabled but not
>> requeste
>> >
>> >
>> >
>> > - *Here is the log from shrew* :
>> >
>> >
>> >
>> > 09/11/24 12:12:18 ii : device ROOT\VNET\0000 disabled
>> > 09/11/24 12:12:18 ii : network process thread begin ...
>> > 09/11/24 12:12:18 ii : pfkey process thread begin ...
>> > 09/11/24 12:12:18 ii : ipc server process thread begin ...
>> > 09/11/24 12:12:19 ii : ipc client process thread begin ...
>> > 09/11/24 12:12:19 <A : peer config add message
>> > 09/11/24 12:12:19 DB : peer added ( obj count = 1 )
>> > 09/11/24 12:12:19 ii : local address 172.16.60.12 selected for peer
>> > 09/11/24 12:12:20 DB : tunnel added ( obj count = 1 )
>> > 09/11/24 12:12:20 <A : proposal config message
>> > 09/11/24 12:12:20 <A : proposal config message
>> > 09/11/24 12:12:20 <A : client config message
>> > 09/11/24 12:12:20 <A : xauth username message
>> > 09/11/24 12:12:20 <A : xauth password message
>> > 09/11/24 12:12:20 <A : local id 'vg-domain' message
>> > 09/11/24 12:12:20 <A : preshared key message
>> > 09/11/24 12:12:20 <A : peer tunnel enable message
>> > 09/11/24 12:12:20 DB : new phase1 ( ISAKMP initiator )
>> > 09/11/24 12:12:20 DB : exchange type is aggressive
>> > 09/11/24 12:12:20 DB : 172.16.60.12:500 <-> public_ip_gateway:500
>> > 09/11/24 12:12:20 DB : 56e1b7cb81389699:0000000000000000
>> > 09/11/24 12:12:20 DB : phase1 added ( obj count = 1 )
>> > 09/11/24 12:12:20 >> : security association payload
>> > 09/11/24 12:12:20 >> : - proposal #1 payload
>> > 09/11/24 12:12:20 >> : -- transform #1 payload
>> > 09/11/24 12:12:20 >> : -- transform #2 payload
>> > 09/11/24 12:12:20 >> : -- transform #3 payload
>> > 09/11/24 12:12:20 >> : -- transform #4 payload
>> > 09/11/24 12:12:20 >> : -- transform #5 payload
>> > 09/11/24 12:12:20 >> : -- transform #6 payload
>> > 09/11/24 12:12:20 >> : -- transform #7 payload
>> > 09/11/24 12:12:20 >> : -- transform #8 payload
>> > 09/11/24 12:12:20 >> : -- transform #9 payload
>> > 09/11/24 12:12:20 >> : -- transform #10 payload
>> > 09/11/24 12:12:20 >> : -- transform #11 payload
>> > 09/11/24 12:12:20 >> : -- transform #12 payload
>> > 09/11/24 12:12:20 >> : -- transform #13 payload
>> > 09/11/24 12:12:20 >> : -- transform #14 payload
>> > 09/11/24 12:12:20 >> : -- transform #15 payload
>> > 09/11/24 12:12:20 >> : -- transform #16 payload
>> > 09/11/24 12:12:20 >> : -- transform #17 payload
>> > 09/11/24 12:12:20 >> : -- transform #18 payload
>> > 09/11/24 12:12:20 >> : key exchange payload
>> > 09/11/24 12:12:20 >> : nonce payload
>> > 09/11/24 12:12:20 >> : identification payload
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local supports XAUTH
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local supports nat-t ( draft v00 )
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local supports nat-t ( draft v01 )
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local supports nat-t ( draft v02 )
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local supports nat-t ( draft v03 )
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local supports nat-t ( rfc )
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local supports DPDv1
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local is SHREW SOFT compatible
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local is NETSCREEN compatible
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local is SIDEWINDER compatible
>> > 09/11/24 12:12:20 >> : vendor id payload
>> > 09/11/24 12:12:20 ii : local is CISCO UNITY compatible
>> > 09/11/24 12:12:20 >= : cookies 56e1b7cb81389699:0000000000000000
>> > 09/11/24 12:12:20 >= : message 00000000
>> > 09/11/24 12:12:20 -> : send IKE packet 172.16.60.12:500 ->
>> > public_ip_gateway:500 ( 1161 bytes )
>> > 09/11/24 12:12:20 DB : phase1 resend event scheduled ( ref count = 2 )
>> > 09/11/24 12:12:20 <- : recv IKE packet public_ip_gateway:500 ->
>> > 172.16.60.12:500 ( 460 bytes )
>> > 09/11/24 12:12:20 DB : phase1 found
>> > 09/11/24 12:12:20 ii : processing phase1 packet ( 460 bytes )
>> > 09/11/24 12:12:20 =< : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:20 =< : message 00000000
>> > 09/11/24 12:12:20 << : security association payload
>> > 09/11/24 12:12:20 << : - propsal #1 payload
>> > 09/11/24 12:12:20 << : -- transform #14 payload
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != aes )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != aes )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != aes )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != aes )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != aes )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != aes )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != blowfish )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != blowfish )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != blowfish )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != blowfish )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != blowfish )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : cipher type ( 3des != blowfish )
>> > 09/11/24 12:12:20 ii : unmatched isakmp proposal/transform
>> > 09/11/24 12:12:20 ii : hash type ( hmac-sha != hmac-md5 )
>> > 09/11/24 12:12:20 ii : matched isakmp proposal #1 transform #14
>> > 09/11/24 12:12:20 ii : - transform = ike
>> > 09/11/24 12:12:20 ii : - cipher type = 3des
>> > 09/11/24 12:12:20 ii : - key length = default
>> > 09/11/24 12:12:20 ii : - hash type = sha1
>> > 09/11/24 12:12:20 ii : - dh group = modp-1024
>> > 09/11/24 12:12:20 ii : - auth type = xauth-initiator-psk
>> > 09/11/24 12:12:20 ii : - life seconds = 86400
>> > 09/11/24 12:12:20 ii : - life kbytes = 0
>> > 09/11/24 12:12:20 << : key exchange payload
>> > 09/11/24 12:12:20 << : nonce payload
>> > 09/11/24 12:12:20 << : identification payload
>> > 09/11/24 12:12:20 ii : phase1 id target is any
>> > 09/11/24 12:12:20 ii : phase1 id match
>> > 09/11/24 12:12:20 ii : received = ipv4-host public_ip_gateway
>> > 09/11/24 12:12:20 << : hash payload
>> > 09/11/24 12:12:20 << : vendor id payload
>> > 09/11/24 12:12:20 ii : peer is CISCO UNITY compatible
>> > 09/11/24 12:12:20 << : vendor id payload
>> > 09/11/24 12:12:20 ii : peer supports XAUTH
>> > 09/11/24 12:12:20 << : vendor id payload
>> > 09/11/24 12:12:20 ii : peer supports DPDv1
>> > 09/11/24 12:12:20 << : vendor id payload
>> > 09/11/24 12:12:20 ii : peer supports nat-t ( draft v02 )
>> > 09/11/24 12:12:20 << : nat discovery payload
>> > 09/11/24 12:12:20 << : nat discovery payload
>> > 09/11/24 12:12:20 << : vendor id payload
>> > 09/11/24 12:12:20 ii : unknown vendor id ( 20 bytes )
>> > 09/11/24 12:12:20 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
>> > 09/11/24 12:12:20 << : vendor id payload
>> > 09/11/24 12:12:20 ii : unknown vendor id ( 16 bytes )
>> > 09/11/24 12:12:20 0x : 0a514e9c de6fc185 4ba3f52b 64aeb625
>> > 09/11/24 12:12:20 << : vendor id payload
>> > 09/11/24 12:12:20 ii : unknown vendor id ( 16 bytes )
>> > 09/11/24 12:12:20 0x : 1f07f70e aa6514d3 b0fa9654 2a500401
>> > 09/11/24 12:12:20 ii : nat discovery - local address is translated
>> > 09/11/24 12:12:20 ii : switching to src nat-t udp port 4500
>> > 09/11/24 12:12:20 ii : switching to dst nat-t udp port 4500
>> > 09/11/24 12:12:20 == : DH shared secret ( 128 bytes )
>> > 09/11/24 12:12:20 == : SETKEYID ( 20 bytes )
>> > 09/11/24 12:12:20 == : SETKEYID_d ( 20 bytes )
>> > 09/11/24 12:12:20 == : SETKEYID_a ( 20 bytes )
>> > 09/11/24 12:12:20 == : SETKEYID_e ( 20 bytes )
>> > 09/11/24 12:12:20 == : cipher key ( 40 bytes )
>> > 09/11/24 12:12:20 == : cipher iv ( 8 bytes )
>> > 09/11/24 12:12:20 == : phase1 hash_i ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:20 >> : hash payload
>> > 09/11/24 12:12:20 >> : nat discovery payload
>> > 09/11/24 12:12:20 >> : nat discovery payload
>> > 09/11/24 12:12:20 >= : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:20 >= : message 00000000
>> > 09/11/24 12:12:20 >= : encrypt iv ( 8 bytes )
>> > 09/11/24 12:12:20 == : encrypt packet ( 100 bytes )
>> > 09/11/24 12:12:20 == : stored iv ( 8 bytes )
>> > 09/11/24 12:12:20 DB : phase1 resend event canceled ( ref count = 1 )
>> > 09/11/24 12:12:20 -> : send NAT-T:IKE packet 172.16.60.12:4500 ->
>> > public_ip_gateway:4500 ( 132 bytes )
>> > 09/11/24 12:12:20 == : phase1 hash_r ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:20 == : phase1 hash_r ( received ) ( 20 bytes )
>> > 09/11/24 12:12:20 ii : phase1 sa established
>> > 09/11/24 12:12:20 ii : public_ip_gateway:4500 <-> 172.16.60.12:4500
>> > 09/11/24 12:12:20 ii : 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:20 ii : sending peer INITIAL-CONTACT notification
>> > 09/11/24 12:12:20 ii : - 172.16.60.12:4500 -> public_ip_gateway:4500
>> > 09/11/24 12:12:20 ii : - isakmp spi = 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:20 ii : - data size 0
>> > 09/11/24 12:12:20 >> : hash payload
>> > 09/11/24 12:12:20 >> : notification payload
>> > 09/11/24 12:12:20 == : new informational hash ( 20 bytes )
>> > 09/11/24 12:12:20 == : new informational iv ( 8 bytes )
>> > 09/11/24 12:12:20 >= : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:20 >= : message 7606f5a3
>> > 09/11/24 12:12:20 >= : encrypt iv ( 8 bytes )
>> > 09/11/24 12:12:20 == : encrypt packet ( 80 bytes )
>> > 09/11/24 12:12:20 == : stored iv ( 8 bytes )
>> > 09/11/24 12:12:20 -> : send NAT-T:IKE packet 172.16.60.12:4500 ->
>> > public_ip_gateway:4500 ( 116 bytes )
>> > 09/11/24 12:12:20 DB : phase2 not found
>> > 09/11/24 12:12:20 <- : recv NAT-T:IKE packet public_ip_gateway:4500 ->
>> > 172.16.60.12:4500 ( 116 bytes )
>> > 09/11/24 12:12:20 DB : phase1 found
>> > 09/11/24 12:12:20 ii : processing config packet ( 116 bytes )
>> > 09/11/24 12:12:20 DB : config not found
>> > 09/11/24 12:12:20 DB : config added ( obj count = 1 )
>> > 09/11/24 12:12:20 == : new config iv ( 8 bytes )
>> > 09/11/24 12:12:20 =< : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:20 =< : message 0181be70
>> > 09/11/24 12:12:20 =< : decrypt iv ( 8 bytes )
>> > 09/11/24 12:12:20 == : decrypt packet ( 116 bytes )
>> > 09/11/24 12:12:20 <= : stored iv ( 8 bytes )
>> > 09/11/24 12:12:20 << : hash payload
>> > 09/11/24 12:12:20 << : attribute payload
>> > 09/11/24 12:12:20 == : configure hash_i ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:20 == : configure hash_c ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:20 ii : configure hash verified
>> > 09/11/24 12:12:20 ii : - xauth authentication type
>> > 09/11/24 12:12:20 ii : - xauth username
>> > 09/11/24 12:12:20 !! : warning, unhandled xauth attribute 16526
>> > 09/11/24 12:12:20 ii : - xauth password
>> > 09/11/24 12:12:20 ii : received basic xauth request - Enter Username,
>> > Password and Domain.
>> > 09/11/24 12:12:20 ii : - standard xauth username
>> > 09/11/24 12:12:20 ii : - standard xauth password
>> > 09/11/24 12:12:20 ii : sending xauth response for mathieu.ploton
>> > 09/11/24 12:12:20 >> : hash payload
>> > 09/11/24 12:12:20 >> : attribute payload
>> > 09/11/24 12:12:20 == : new configure hash ( 20 bytes )
>> > 09/11/24 12:12:20 >= : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:20 >= : message 0181be70
>> > 09/11/24 12:12:20 >= : encrypt iv ( 8 bytes )
>> > 09/11/24 12:12:20 == : encrypt packet ( 95 bytes )
>> > 09/11/24 12:12:20 == : stored iv ( 8 bytes )
>> > 09/11/24 12:12:20 -> : send NAT-T:IKE packet 172.16.60.12:4500 ->
>> > public_ip_gateway:4500 ( 132 bytes )
>> > 09/11/24 12:12:20 DB : config resend event scheduled ( ref count = 2 )
>> > 09/11/24 12:12:22 <- : recv NAT-T:IKE packet public_ip_gateway:4500 ->
>> > 172.16.60.12:4500 ( 68 bytes )
>> > 09/11/24 12:12:22 DB : phase1 found
>> > 09/11/24 12:12:22 ii : processing config packet ( 68 bytes )
>> > 09/11/24 12:12:22 DB : config found
>> > 09/11/24 12:12:22 == : new config iv ( 8 bytes )
>> > 09/11/24 12:12:22 =< : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:22 =< : message 28b9cd9c
>> > 09/11/24 12:12:22 =< : decrypt iv ( 8 bytes )
>> > 09/11/24 12:12:22 == : decrypt packet ( 68 bytes )
>> > 09/11/24 12:12:22 <= : trimmed packet padding ( 4 bytes )
>> > 09/11/24 12:12:22 <= : stored iv ( 8 bytes )
>> > 09/11/24 12:12:22 << : hash payload
>> > 09/11/24 12:12:22 << : attribute payload
>> > 09/11/24 12:12:22 == : configure hash_i ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:22 == : configure hash_c ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:22 ii : configure hash verified
>> > 09/11/24 12:12:22 ii : received xauth result -
>> > 09/11/24 12:12:22 ii : user mathieu.ploton authentication succeeded
>> > 09/11/24 12:12:22 ii : sending xauth acknowledge
>> > 09/11/24 12:12:22 >> : hash payload
>> > 09/11/24 12:12:22 >> : attribute payload
>> > 09/11/24 12:12:22 == : new configure hash ( 20 bytes )
>> > 09/11/24 12:12:22 >= : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:22 >= : message 28b9cd9c
>> > 09/11/24 12:12:22 >= : encrypt iv ( 8 bytes )
>> > 09/11/24 12:12:22 == : encrypt packet ( 60 bytes )
>> > 09/11/24 12:12:22 == : stored iv ( 8 bytes )
>> > 09/11/24 12:12:22 DB : config resend event canceled ( ref count = 1 )
>> > 09/11/24 12:12:22 -> : send NAT-T:IKE packet 172.16.60.12:4500 ->
>> > public_ip_gateway:4500 ( 92 bytes )
>> > 09/11/24 12:12:22 DB : config resend event scheduled ( ref count = 2 )
>> > 09/11/24 12:12:22 ii : building config attribute list
>> > 09/11/24 12:12:22 ii : - IP4 Address
>> > 09/11/24 12:12:22 ii : - Address Expiry
>> > 09/11/24 12:12:22 ii : - IP4 Netamask
>> > 09/11/24 12:12:22 ii : - IP4 DNS Server
>> > 09/11/24 12:12:22 ii : - IP4 WINS Server
>> > 09/11/24 12:12:22 ii : - DNS Suffix
>> > 09/11/24 12:12:22 ii : - IP4 Split Network Include
>> > 09/11/24 12:12:22 ii : - IP4 Split Network Exclude
>> > 09/11/24 12:12:22 ii : - Login Banner
>> > 09/11/24 12:12:22 ii : - PFS Group
>> > 09/11/24 12:12:22 ii : - Save Password
>> > 09/11/24 12:12:22 == : new config iv ( 8 bytes )
>> > 09/11/24 12:12:22 ii : sending config pull request
>> > 09/11/24 12:12:22 >> : hash payload
>> > 09/11/24 12:12:22 >> : attribute payload
>> > 09/11/24 12:12:22 == : new configure hash ( 20 bytes )
>> > 09/11/24 12:12:22 >= : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:22 >= : message 2be9d912
>> > 09/11/24 12:12:22 >= : encrypt iv ( 8 bytes )
>> > 09/11/24 12:12:22 == : encrypt packet ( 104 bytes )
>> > 09/11/24 12:12:22 == : stored iv ( 8 bytes )
>> > 09/11/24 12:12:22 DB : config resend event canceled ( ref count = 1 )
>> > 09/11/24 12:12:22 -> : send NAT-T:IKE packet 172.16.60.12:4500 ->
>> > public_ip_gateway:4500 ( 140 bytes )
>> > 09/11/24 12:12:22 DB : config resend event scheduled ( ref count = 2 )
>> > 09/11/24 12:12:22 <- : recv NAT-T:IKE packet public_ip_gateway:4500 ->
>> > 172.16.60.12:4500 ( 252 bytes )
>> > 09/11/24 12:12:22 DB : phase1 found
>> > 09/11/24 12:12:22 ii : processing config packet ( 252 bytes )
>> > 09/11/24 12:12:22 DB : config found
>> > 09/11/24 12:12:22 =< : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:22 =< : message 2be9d912
>> > 09/11/24 12:12:22 =< : decrypt iv ( 8 bytes )
>> > 09/11/24 12:12:22 == : decrypt packet ( 252 bytes )
>> > 09/11/24 12:12:22 <= : trimmed packet padding ( 4 bytes )
>> > 09/11/24 12:12:22 <= : stored iv ( 8 bytes )
>> > 09/11/24 12:12:22 << : hash payload
>> > 09/11/24 12:12:22 << : attribute payload
>> > 09/11/24 12:12:22 == : configure hash_i ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:22 == : configure hash_c ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:22 ii : configure hash verified
>> > 09/11/24 12:12:22 ii : received config pull response
>> > 09/11/24 12:12:22 ii : - IP4 Address = 192.168.3.1
>> > 09/11/24 12:12:22 ii : - IP4 DNS Server = 172.21.10.10
>> > 09/11/24 12:12:22 ii : - IP4 DNS Server = 172.24.10.31
>> > 09/11/24 12:12:22 ii : - IP4 WINS Server = 172.21.10.10
>> > 09/11/24 12:12:22 ii : - IP4 WINS Server = 172.24.10.31
>> > 09/11/24 12:12:22 ii : - Login Banner = Welcome in the ...
>> > 09/11/24 12:12:22 ii : - Save Password = 0
>> > 09/11/24 12:12:22 ii : - PFS Group = 1
>> > 09/11/24 12:12:22 DB : config resend event canceled ( ref count = 1 )
>> > 09/11/24 12:12:22 !! : invalid private netmask, defaulting to class c
>> > 09/11/24 12:12:26 ii : VNET adapter MTU is 1500
>> > 09/11/24 12:12:26 ii : enabled adapter ROOT\VNET\0000
>> > 09/11/24 12:12:26 ii : creating NONE INBOUND policy
>> ANY:public_ip_gateway:*
>> > -> ANY:172.16.60.12:*
>> > 09/11/24 12:12:26 DB : policy added ( obj count = 1 )
>> > 09/11/24 12:12:26 K> : send pfkey X_SPDADD UNSPEC message
>> > 09/11/24 12:12:26 ii : creating NONE OUTBOUND policy ANY:172.16.60.12:*
>> ->
>> > ANY:public_ip_gateway:*
>> > 09/11/24 12:12:26 K< : recv pfkey X_SPDADD UNSPEC message
>> > 09/11/24 12:12:26 DB : policy found
>> > 09/11/24 12:12:26 ii : created NONE policy route for
>> public_ip_gateway/32
>> > 09/11/24 12:12:26 DB : policy added ( obj count = 2 )
>> > 09/11/24 12:12:26 K> : send pfkey X_SPDADD UNSPEC message
>> > 09/11/24 12:12:26 ii : creating IPSEC INBOUND policy ANY:0.0.0.0/0:* ->
>> > ANY:192.168.1.1:*
>> > 09/11/24 12:12:26 DB : policy added ( obj count = 3 )
>> > 09/11/24 12:12:26 K> : send pfkey X_SPDADD UNSPEC message
>> > 09/11/24 12:12:26 ii : creating IPSEC OUTBOUND policy ANY:192.168.1.1:*
>> ->
>> > ANY:0.0.0.0/0:*
>> > 09/11/24 12:12:26 K< : recv pfkey X_SPDADD UNSPEC message
>> > 09/11/24 12:12:26 DB : policy found
>> > 09/11/24 12:12:26 ii : calling init phase2 for nailed policy
>> > 09/11/24 12:12:26 DB : policy found
>> > 09/11/24 12:12:26 DB : policy not found
>> > 09/11/24 12:12:26 !! : unable to locate inbound policy for init phase2
>> > 09/11/24 12:12:26 ii : calling init phase2 for initial policy
>> > 09/11/24 12:12:26 DB : policy found
>> > 09/11/24 12:12:26 DB : policy not found
>> > 09/11/24 12:12:26 !! : unable to locate inbound policy for init phase2
>> > 09/11/24 12:12:26 K< : recv pfkey X_SPDADD UNSPEC message
>> > 09/11/24 12:12:26 DB : policy found
>> > 09/11/24 12:12:29 ii : created IPSEC policy route for 0.0.0.0
>> > 09/11/24 12:12:29 DB : policy added ( obj count = 4 )
>> > 09/11/24 12:12:29 K> : send pfkey X_SPDADD UNSPEC message
>> > 09/11/24 12:12:29 ii : split DNS is disabled
>> > 09/11/24 12:12:29 K< : recv pfkey X_SPDADD UNSPEC message
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 ii : calling init phase2 for nailed policy
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 DB : tunnel found
>> > 09/11/24 12:12:29 DB : new phase2 ( IPSEC initiator )
>> > 09/11/24 12:12:29 DB : phase2 added ( obj count = 1 )
>> > 09/11/24 12:12:29 K> : send pfkey GETSPI ESP message
>> > 09/11/24 12:12:29 K< : recv pfkey ACQUIRE UNSPEC message
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 ii : ignoring init phase2 by acquire, tunnel is nailed
>> > 09/11/24 12:12:29 K< : recv pfkey GETSPI ESP message
>> > 09/11/24 12:12:29 DB : phase2 found
>> > 09/11/24 12:12:29 ii : updated spi for 1 ipsec-esp proposal
>> > 09/11/24 12:12:29 DB : phase1 found
>> > 09/11/24 12:12:29 >> : hash payload
>> > 09/11/24 12:12:29 >> : security association payload
>> > 09/11/24 12:12:29 >> : - proposal #1 payload
>> > 09/11/24 12:12:29 >> : -- transform #1 payload
>> > 09/11/24 12:12:29 >> : -- transform #2 payload
>> > 09/11/24 12:12:29 >> : -- transform #3 payload
>> > 09/11/24 12:12:29 >> : -- transform #4 payload
>> > 09/11/24 12:12:29 >> : -- transform #5 payload
>> > 09/11/24 12:12:29 >> : -- transform #6 payload
>> > 09/11/24 12:12:29 >> : -- transform #7 payload
>> > 09/11/24 12:12:29 >> : -- transform #8 payload
>> > 09/11/24 12:12:29 >> : -- transform #9 payload
>> > 09/11/24 12:12:29 >> : -- transform #10 payload
>> > 09/11/24 12:12:29 >> : -- transform #11 payload
>> > 09/11/24 12:12:29 >> : -- transform #12 payload
>> > 09/11/24 12:12:29 >> : -- transform #13 payload
>> > 09/11/24 12:12:29 >> : -- transform #14 payload
>> > 09/11/24 12:12:29 >> : -- transform #15 payload
>> > 09/11/24 12:12:29 >> : -- transform #16 payload
>> > 09/11/24 12:12:29 >> : -- transform #17 payload
>> > 09/11/24 12:12:29 >> : -- transform #18 payload
>> > 09/11/24 12:12:29 >> : nonce payload
>> > 09/11/24 12:12:29 >> : key exchange payload
>> > 09/11/24 12:12:29 >> : identification payload
>> > 09/11/24 12:12:29 >> : identification payload
>> > 09/11/24 12:12:29 == : phase2 hash_i ( input ) ( 804 bytes )
>> > 09/11/24 12:12:29 == : phase2 hash_i ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:29 == : new phase2 iv ( 8 bytes )
>> > 09/11/24 12:12:29 >= : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:29 >= : message 68cb6858
>> > 09/11/24 12:12:29 >= : encrypt iv ( 8 bytes )
>> > 09/11/24 12:12:29 == : encrypt packet ( 852 bytes )
>> > 09/11/24 12:12:29 == : stored iv ( 8 bytes )
>> > 09/11/24 12:12:29 -> : send NAT-T:IKE packet 172.16.60.12:4500 ->
>> > public_ip_gateway:4500 ( 884 bytes )
>> > 09/11/24 12:12:29 DB : phase2 resend event scheduled ( ref count = 2 )
>> > 09/11/24 12:12:29 <- : recv NAT-T:IKE packet public_ip_gateway:4500 ->
>> > 172.16.60.12:4500 ( 84 bytes )
>> > 09/11/24 12:12:29 DB : phase1 found
>> > 09/11/24 12:12:29 ii : processing informational packet ( 84 bytes )
>> > 09/11/24 12:12:29 == : new informational iv ( 8 bytes )
>> > 09/11/24 12:12:29 =< : cookies 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:29 =< : message 43d5efde
>> > 09/11/24 12:12:29 =< : decrypt iv ( 8 bytes )
>> > 09/11/24 12:12:29 == : decrypt packet ( 84 bytes )
>> > 09/11/24 12:12:29 <= : trimmed packet padding ( 4 bytes )
>> > 09/11/24 12:12:29 <= : stored iv ( 8 bytes )
>> > 09/11/24 12:12:29 << : hash payload
>> > 09/11/24 12:12:29 << : delete payload
>> > 09/11/24 12:12:29 == : informational hash_i ( computed ) ( 20 bytes )
>> > 09/11/24 12:12:29 == : informational hash_c ( received ) ( 20 bytes )
>> > 09/11/24 12:12:29 ii : informational hash verified
>> > *09/11/24 12:12:29 ii : received peer DELETE message
>> > 09/11/24 12:12:29 ii : - public_ip_gateway:4500 -> 172.16.60.12:4500
>> > 09/11/24 12:12:29 ii : - isakmp spi = 56e1b7cb81389699:ff96e981de6ec185
>> > 09/11/24 12:12:29 DB : phase1 found
>> > 09/11/24 12:12:29 ii : cleanup, marked phase1
>> > 56e1b7cb81389699:ff96e981de6ec185 for removal
>> > 09/11/24 12:12:29 DB : phase1 soft event canceled ( ref count = 4 )
>> > 09/11/24 12:12:29 DB : phase1 hard event canceled ( ref count = 3 )
>> > 09/11/24 12:12:29 DB : phase1 dead event canceled ( ref count = 2 )
>> > 09/11/24 12:12:29 DB : config deleted ( obj count = 0 )
>> > 09/11/24 12:12:29 ii : phase1 removal before expire time
>> > 09/11/24 12:12:29 DB : phase1 not found
>> > 09/11/24 12:12:29 DB : phase1 deleted ( obj count = 0 )
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 ii : removing IPSEC INBOUND policy ANY:0.0.0.0/0:* ->
>> > ANY:192.168.1.1:*
>> > 09/11/24 12:12:29 K> : send pfkey X_SPDDELETE2 UNSPEC message
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 ii : removing IPSEC OUTBOUND policy ANY:192.168.1.1:*
>> ->
>> > ANY:0.0.0.0/0:*
>> > 09/11/24 12:12:29 K> : send pfkey X_SPDDELETE2 UNSPEC message
>> > 09/11/24 12:12:29 K< : recv pfkey X_SPDDELETE2 UNSPEC message
>> > 09/11/24 12:12:29 ii : removed IPSEC policy route for ANY:0.0.0.0/0:*
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 ii : removing NONE INBOUND policy
>> ANY:public_ip_gateway:*
>> > -> ANY:172.16.60.12:*
>> > 09/11/24 12:12:29 K> : send pfkey X_SPDDELETE2 UNSPEC message
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 ii : removing NONE OUTBOUND policy ANY:172.16.60.12:*
>> ->
>> > ANY:public_ip_gateway:*
>> > 09/11/24 12:12:29 K> : send pfkey X_SPDDELETE2 UNSPEC message
>> > 09/11/24 12:12:29 ii : removed NONE policy route for
>> ANY:public_ip_gateway:*
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 DB : policy deleted ( obj count = 3 )
>> > 09/11/24 12:12:29 K< : recv pfkey X_SPDDELETE2 UNSPEC message
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 K< : recv pfkey X_SPDDELETE2 UNSPEC message
>> > 09/11/24 12:12:29 DB : policy found*
>> > 09/11/24 12:12:29 DB : policy deleted ( obj count = 2 )
>> > 09/11/24 12:12:29 ii : disabled adapter ROOT\VNET\0000
>> > 09/11/24 12:12:29 DB : tunnel dpd event canceled ( ref count = 4 )
>> > 09/11/24 12:12:29 DB : tunnel natt event canceled ( ref count = 3 )
>> > 09/11/24 12:12:29 DB : tunnel stats event canceled ( ref count = 2 )
>> > 09/11/24 12:12:29 DB : removing tunnel config references
>> > 09/11/24 12:12:29 DB : removing tunnel phase2 references
>> > 09/11/24 12:12:29 DB : phase2 resend event canceled ( ref count = 1 )
>> > 09/11/24 12:12:29 ii : phase2 removal before expire time
>> > 09/11/24 12:12:29 DB : phase2 deleted ( obj count = 0 )
>> > 09/11/24 12:12:29 DB : removing tunnel phase1 references
>> > 09/11/24 12:12:29 DB : tunnel deleted ( obj count = 0 )
>> > 09/11/24 12:12:29 K< : recv pfkey X_SPDDELETE2 UNSPEC message
>> > 09/11/24 12:12:29 DB : policy found
>> > 09/11/24 12:12:29 DB : policy deleted ( obj count = 1 )
>> > 09/11/24 12:12:29 DB : removing all peer tunnel refrences
>> > 09/11/24 12:12:29 DB : peer deleted ( obj count = 0 )
>> > 09/11/24 12:12:29 ii : ipc client process thread exit ...
>> > 09/11/24 12:12:33 ii : halt signal received, shutting down
>> > 09/11/24 12:12:33 ii : pfkey process thread exit ...
>> > 09/11/24 12:12:33 ii : ipc server process thread exit ...
>> > 09/11/24 12:12:33 ii : network process thread exit ...
>> >
>> >
>> >
>> >
>> >
>> > And the Shrew Profile :
>> >
>> >
>> >
>> > n:version:3
>> > n:network-ike-port:500
>> > n:network-mtu-size:1380
>> > n:client-addr-auto:1
>> > n:network-natt-port:4500
>> > n:network-natt-rate:15
>> > n:network-frag-size:540
>> > n:network-dpd-enable:1
>> > n:network-notify-enable:1
>> > n:client-banner-enable:1
>> > n:phase1-dhgroup:2
>> > n:phase1-life-secs:86400
>> > n:client-dns-used:1
>> > n:client-dns-auto:1
>> > n:client-dns-suffix-auto:1
>> > n:client-splitdns-used:0
>> > n:client-splitdns-auto:0
>> > n:client-wins-used:1
>> > n:client-wins-auto:1
>> > n:phase2-life-secs:3600
>> > n:phase2-life-kbytes:0
>> > n:policy-nailed:1
>> > n:policy-list-auto:1
>> > s:client-saved-username:user
>> > n:phase1-life-kbytes:0
>> > n:vendor-chkpt-enable:0
>> > s:network-host:gateway_ip_adress
>> > s:client-auto-mode:pull
>> > s:client-iface:virtual
>> > s:network-natt-mode:enable
>> > s:network-frag-mode:disable
>> > s:auth-method:mutual-psk-xauth
>> > s:ident-client-type:keyid
>> > s:ident-server-type:any
>> > s:ident-client-data:vg-domain
>> > b:auth-mutual-psk:pass
>> > s:phase1-exchange:aggressive
>> > s:phase1-cipher:auto
>> > s:phase1-hash:auto
>> > s:phase2-transform:auto
>> > s:phase2-hmac:auto
>> > s:ipcomp-transform:disabled
>> > n:phase2-pfsgroup:0
>> >
>> >
>> >
>> > Thank you for your help !
>> >
>>
>>
>>
>> _______________________________________________
>> vpn-help mailing list
>> vpn-help at lists.shrew.net
>> http://lists.shrew.net/mailman/listinfo/vpn-help
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091127/1ea21273/attachment-0002.html>
More information about the vpn-help
mailing list