[Vpn-help] Unable to connect to 3rd party gateway

Stefano Pazzaglia spazzaglia at gmail.com
Fri Oct 9 19:33:32 CDT 2009 

Hi everybody,
I'm trying to set up Shrew VPN to connect to an Arkoon IPSec VPN Gateway
with no luck.

This is iked.log:

*09/10/10 02:04:25 ii : ipc client process thread begin ...
09/10/10 02:04:25 <A : peer config add message
09/10/10 02:04:25 DB : peer ref increment ( ref count = 1, obj count = 0 )
09/10/10 02:04:25 DB : peer added ( obj count = 1 )
09/10/10 02:04:25 ii : local address 37.xxx.xxx.xxx:500 selected for peer
09/10/10 02:04:25 DB : peer ref increment ( ref count = 2, obj count = 1 )
09/10/10 02:04:25 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
09/10/10 02:04:25 DB : tunnel added ( obj count = 1 )
09/10/10 02:04:25 <A : proposal config message
09/10/10 02:04:25 <A : proposal config message
09/10/10 02:04:25 <A : proposal config message
09/10/10 02:04:25 <A : client config message
09/10/10 02:04:25 <A : remote cert 'C:\Documents and
Settings\MyUser\Desktop\Chiavi per VPN\CAcert.pem' message
09/10/10 02:04:25 ii : 'C:\Documents and Settings\**MyUser**\Desktop\Chiavi
per VPN\CAcert.pem' loaded
09/10/10 02:04:25 <A : local cert 'C:\Documents and
Settings\**MyUser**\Desktop\Chiavi
per VPN\user.pem' message
09/10/10 02:04:25 ii : 'C:\Documents and Settings\**MyUser**\Desktop\Chiavi
per VPN\user.pem' loaded
09/10/10 02:04:25 <A : local key 'C:\Documents and
Settings\**MyUser**\Desktop\Chiavi
per VPN\private_key.pem' message
09/10/10 02:04:25 !! : 'C:\Documents and Settings\**MyUser**\Desktop\Chiavi
per VPN\**private_key**.pem' load failed, requesting password
09/10/10 02:04:29 <A : file password
09/10/10 02:04:29 <A : local key 'C:\Documents and
Settings\**MyUser**\Desktop\Chiavi
per VPN\**private_key**.pem' message
09/10/10 02:04:29 ii : 'C:\Documents and Settings\**MyUser**\Desktop\Chiavi
per VPN\**private_key**.pem' loaded
09/10/10 02:04:29 <A : remote resource message
09/10/10 02:04:29 <A : peer tunnel enable message
09/10/10 02:04:29 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
09/10/10 02:04:29 DB : new phase1 ( ISAKMP initiator )
09/10/10 02:04:29 DB : exchange type is identity protect
09/10/10 02:04:29 DB : 37.**xxx.xxx.xxx**:500 <-> 89.**xxx.xxx.xxx**:500
09/10/10 02:04:29 DB : 222ca8d59d7b8431:0000000000000000
09/10/10 02:04:29 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
09/10/10 02:04:29 DB : phase1 added ( obj count = 1 )
09/10/10 02:04:29 >> : security association payload
09/10/10 02:04:29 >> : - proposal #1 payload
09/10/10 02:04:29 >> : -- transform #1 payload
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local supports nat-t ( draft v00 )
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local supports nat-t ( draft v01 )
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local supports nat-t ( draft v02 )
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local supports nat-t ( draft v03 )
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local supports nat-t ( rfc )
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local supports FRAGMENTATION
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local supports DPDv1
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local is SHREW SOFT compatible
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local is NETSCREEN compatible
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local is SIDEWINDER compatible
09/10/10 02:04:29 >> : vendor id payload
09/10/10 02:04:29 ii : local is CISCO UNITY compatible
09/10/10 02:04:29 >= : cookies 222ca8d59d7b8431:0000000000000000
09/10/10 02:04:29 >= : message 00000000
09/10/10 02:04:29 -> : send IKE packet 37.**xxx.xxx.xxx**:500 -> 89.**
xxx.xxx.xxx**:500 ( 344 bytes )
09/10/10 02:04:29 DB : phase1 resend event scheduled ( ref count = 2 )
09/10/10 02:04:29 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
09/10/10 02:04:29 DB : tunnel ref increment ( ref count = 3, obj count = 1 )
09/10/10 02:04:30 <- : recv IKE packet 89.**xxx.xxx.xxx**:500 -> 37.**
xxx.xxx.xxx**:500 ( 152 bytes )
09/10/10 02:04:30 DB : phase1 found
09/10/10 02:04:30 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
09/10/10 02:04:30 ii : processing phase1 packet ( 152 bytes )
09/10/10 02:04:30 =< : cookies 222ca8d59d7b8431:9c1a4cb064d48a15
09/10/10 02:04:30 =< : message 00000000
09/10/10 02:04:30 << : security association payload
09/10/10 02:04:30 << : - propsal #1 payload
09/10/10 02:04:30 << : -- transform #1 payload
09/10/10 02:04:30 ii : matched isakmp proposal #1 transform #1
09/10/10 02:04:30 ii : - transform    = ike
09/10/10 02:04:30 ii : - cipher type  = aes
09/10/10 02:04:30 ii : - key length   = 128 bits
09/10/10 02:04:30 ii : - hash type    = md5
09/10/10 02:04:30 ii : - dh group     = modp-1024
09/10/10 02:04:30 ii : - auth type    = sig-rsa
09/10/10 02:04:30 ii : - life seconds = 86400
09/10/10 02:04:30 ii : - life kbytes  = 0
09/10/10 02:04:30 << : vendor id payload
09/10/10 02:04:30 ii : peer supports nat-t ( rfc )
09/10/10 02:04:30 << : vendor id payload
09/10/10 02:04:30 ii : peer supports DPDv1
09/10/10 02:04:30 << : vendor id payload
09/10/10 02:04:30 ii : unknown vendor id ( 19 bytes )
09/10/10 02:04:30 0x : 13006e28 c13e71ec b7deaebb f343b6a0 342e32
09/10/10 02:04:30 >> : key exchange payload
09/10/10 02:04:30 >> : nonce payload
09/10/10 02:04:30 >> : cert request payload
09/10/10 02:04:30 >> : nat discovery payload
09/10/10 02:04:30 >> : nat discovery payload
09/10/10 02:04:30 >= : cookies 222ca8d59d7b8431:9c1a4cb064d48a15
09/10/10 02:04:30 >= : message 00000000
09/10/10 02:04:30 DB : phase1 resend event canceled ( ref count = 1 )
09/10/10 02:04:30 -> : send IKE packet 37.**xxx.xxx.xxx**:500 -> 89.**
xxx.xxx.xxx**:500 ( 257 bytes )
09/10/10 02:04:30 DB : phase1 resend event scheduled ( ref count = 2 )
09/10/10 02:04:30 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
09/10/10 02:04:30 <- : recv IKE packet 89.**xxx.xxx.xxx**:500 -> 37.**
xxx.xxx.xxx**:500 ( 228 bytes )
09/10/10 02:04:30 DB : phase1 found
09/10/10 02:04:30 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
09/10/10 02:04:30 ii : processing phase1 packet ( 228 bytes )
09/10/10 02:04:30 =< : cookies 222ca8d59d7b8431:9c1a4cb064d48a15
09/10/10 02:04:30 =< : message 00000000
09/10/10 02:04:30 << : key exchange payload
09/10/10 02:04:30 << : nonce payload
09/10/10 02:04:30 << : cert request payload
09/10/10 02:04:30 << : nat discovery payload
09/10/10 02:04:30 << : nat discovery payload
09/10/10 02:04:30 ii : disabled nat-t ( no nat detected )
09/10/10 02:04:30 == : DH shared secret ( 128 bytes )
09/10/10 02:04:30 == : SETKEYID ( 16 bytes )
09/10/10 02:04:30 == : SETKEYID_d ( 16 bytes )
09/10/10 02:04:30 == : SETKEYID_a ( 16 bytes )
09/10/10 02:04:30 == : SETKEYID_e ( 16 bytes )
09/10/10 02:04:30 == : cipher key ( 16 bytes )
09/10/10 02:04:30 == : cipher iv ( 16 bytes )
09/10/10 02:04:30 >> : identification payload
09/10/10 02:04:30 >> : certificate payload
09/10/10 02:04:30 == : phase1 hash_i ( computed ) ( 16 bytes )
09/10/10 02:04:30 >> : signature payload
09/10/10 02:04:30 >= : cookies 222ca8d59d7b8431:9c1a4cb064d48a15
09/10/10 02:04:30 >= : message 00000000
09/10/10 02:04:30 >= : encrypt iv ( 16 bytes )
09/10/10 02:04:30 == : encrypt packet ( 787 bytes )
09/10/10 02:04:30 == : stored iv ( 16 bytes )
09/10/10 02:04:30 DB : phase1 resend event canceled ( ref count = 1 )
09/10/10 02:04:30 -> : send IKE packet 37.**xxx.xxx.xxx**:500 -> 89.**
xxx.xxx.xxx**:500 ( 824 bytes )
09/10/10 02:04:30 DB : phase1 ref decrement ( ref count = 0, obj count = 1 )
09/10/10 02:04:35 <- : recv IKE packet 89.**xxx.xxx.xxx**:500 -> 37.**
xxx.xxx.xxx**:500 ( 40 bytes )
09/10/10 02:04:35 DB : phase1 found
09/10/10 02:04:35 DB : phase1 ref increment ( ref count = 1, obj count = 1 )
09/10/10 02:04:35 ii : processing informational packet ( 40 bytes )
09/10/10 02:04:35 == : new informational iv ( 16 bytes )
09/10/10 02:04:35 =< : cookies 222ca8d59d7b8431:9c1a4cb064d48a15
09/10/10 02:04:35 =< : message 00000000
09/10/10 02:04:35 << : notification payload
09/10/10 02:04:35 ii : received peer INVALID-ID-INFORMATION notification
09/10/10 02:04:35 ii : - 89.**xxx.xxx.xxx**:500 -> 37.**xxx.xxx.xxx**:500
09/10/10 02:04:35 ii : - isakmp spi = none
09/10/10 02:04:35 ii : - data size 0
09/10/10 02:04:35 DB : phase1 ref decrement ( ref count = 0, obj count = 1 )
09/10/10 02:04:41 <- : recv IKE packet 89.**xxx.xxx.xxx**:500 -> 37.**
xxx.xxx.xxx**:500 ( 228 bytes )
09/10/10 02:04:41 DB : phase1 found
09/10/10 02:04:41 DB : phase1 ref increment ( ref count = 1, obj count = 1 )
09/10/10 02:04:41 ii : processing phase1 packet ( 228 bytes )
09/10/10 02:04:41 =< : cookies 222ca8d59d7b8431:9c1a4cb064d48a15
09/10/10 02:04:41 =< : message 00000000
09/10/10 02:04:41 << : ignoring duplicate key excahnge payload
09/10/10 02:04:41 !! : unprocessed payload data
09/10/10 02:04:41 << : ignoring duplicate nonce payload
09/10/10 02:04:41 !! : unprocessed payload data
09/10/10 02:04:41 !! : unhandled phase1 payload 'unknown' ( 101 )
09/10/10 02:04:41 !! : unprocessed payload data
09/10/10 02:04:41 ii : sending peer DELETE message
09/10/10 02:04:41 ii : - 37.**xxx.xxx.xxx**:500 -> 89.**xxx.xxx.xxx**:500
09/10/10 02:04:41 ii : - isakmp spi = 222ca8d59d7b8431:9c1a4cb064d48a15
09/10/10 02:04:41 ii : - data size 0
09/10/10 02:04:41 >> : hash payload
09/10/10 02:04:41 >> : delete payload
09/10/10 02:04:41 == : new informational hash ( 16 bytes )
09/10/10 02:04:41 == : new informational iv ( 16 bytes )
09/10/10 02:04:41 >= : cookies 222ca8d59d7b8431:9c1a4cb064d48a15
09/10/10 02:04:41 >= : message d910492b
09/10/10 02:04:41 >= : encrypt iv ( 16 bytes )
09/10/10 02:04:41 == : encrypt packet ( 76 bytes )
09/10/10 02:04:41 == : stored iv ( 16 bytes )
09/10/10 02:04:41 -> : send IKE packet 37.**xxx.xxx.xxx**:500 ->
89.xxx.xxx.xxx:500 ( 104 bytes )
09/10/10 02:04:41 ii : phase1 removal before expire time
09/10/10 02:04:41 DB : phase1 deleted ( obj count = 0 )
09/10/10 02:04:41 DB : tunnel ref decrement ( ref count = 2, obj count = 1 )
09/10/10 02:04:41 DB : policy not found
09/10/10 02:04:41 DB : policy not found
09/10/10 02:04:41 DB : tunnel stats event canceled ( ref count = 1 )
09/10/10 02:04:41 DB : removing tunnel config references
09/10/10 02:04:41 DB : removing tunnel phase2 references
09/10/10 02:04:41 DB : removing tunnel phase1 references
09/10/10 02:04:41 DB : tunnel deleted ( obj count = 0 )
09/10/10 02:04:41 DB : peer ref decrement ( ref count = 1, obj count = 1 )
09/10/10 02:04:41 DB : removing all peer tunnel refrences
09/10/10 02:04:41 DB : peer deleted ( obj count = 0 )
09/10/10 02:04:41 ii : ipc client process thread exit ...


*Ipsec.log instead reports:*

09/10/10 02:03:23 ii : inspecting ARP request ...
09/10/10 02:03:23 DB : policy not found
09/10/10 02:03:23 ii : ignoring ARP request for 37.xxx.xxx.xxx, no policy
found
09/10/10 02:04:44 ii : inspecting ARP request ...
09/10/10 02:04:44 DB : policy not found
09/10/10 02:04:44 ii : ignoring ARP request for 37.xxx.xxx.xxx, no policy
found

*Shrew Soft VPN Access Manager's main window:

*configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
ipcomp proposal configured
client configured
server cert configured
client cert configured
client key configured
bringing up tunnel ...
invalid message from gateway
tunnel disabled
detached from key daemon ...*


Can anybody help me?
Thanks a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091010/26b3a479/attachment-0001.html>

More information about the vpn-help mailing list