[vpn-help] DNS Issues
Gary Gwin
ggwin at cafesoft.com
Tue Apr 13 18:19:04 CDT 2010
Hi,
I'm able to connect and get the "tunnel enabled" message using Shrew
2.1.5 with:
Windows 7 Home Premium 64 bit
NETGEAR ProSafe VPN Firewall FVS338 firmware: 3.0.5-24
I've configured using the Netgear router example. However, there's no
network after connecting. I get this error message in the DNS trace log:
10/04/13 16:24:50 !! : get_fwd - failed to obtain local interface
10/04/13 16:24:50 !! : no arp entry for dst : 192.168.0.1
Full trace logs are found below.
Any thoughts?
Thanks,
Gary
DNS trace log:
10/04/13 16:13:14 ## : DNS Transparent Proxy Daemon, ver 2.1.5
10/04/13 16:13:14 ## : Copyright 2009 Shrew Soft Inc.
10/04/13 16:13:14 ii : ipc server process thread begin ...
10/04/13 16:13:14 ii : network process thread begin ...
10/04/13 16:13:14 ii : opened vflt device
10/04/13 16:24:50 !! : get_fwd - failed to obtain local interface
10/04/13 16:24:50 !! : no arp entry for dst : 192.168.0.1
IPSec trace log shows this message:
10/04/13 16:24:54 ii : added sa divert rule for 45.56.209.106->192.168.1.104
IKE Service trace log;
10/04/13 16:13:14 ## : IKE Daemon, ver 2.1.5
10/04/13 16:13:14 ## : Copyright 2009 Shrew Soft Inc.
10/04/13 16:13:14 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/04/13 16:13:14 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
10/04/13 16:13:14 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
10/04/13 16:13:14 ii : rebuilding vnet device list ...
10/04/13 16:13:14 ii : device ROOT\VNET\0000 disabled
10/04/13 16:13:14 ii : device ROOT\VNET\0001 disabled
10/04/13 16:13:14 ii : pfkey process thread begin ...
10/04/13 16:13:14 !! : unable to connect to pfkey interface
10/04/13 16:13:14 ii : network process thread begin ...
10/04/13 16:13:14 ii : ipc server process thread begin ...
10/04/13 16:16:11 ii : ipc client process thread begin ...
10/04/13 16:16:11 <A : peer config add message
10/04/13 16:16:11 <A : proposal config message
10/04/13 16:16:11 <A : proposal config message
10/04/13 16:16:11 <A : client config message
10/04/13 16:16:11 <A : xauth username message
10/04/13 16:16:11 <A : xauth password message
10/04/13 16:16:11 <A : local id 'client.domain.com' message
10/04/13 16:16:11 <A : preshared key message
10/04/13 16:16:11 <A : remote resource message
10/04/13 16:16:11 <A : peer tunnel enable message
10/04/13 16:16:11 ii : local supports XAUTH
10/04/13 16:16:11 ii : local supports nat-t ( draft v00 )
10/04/13 16:16:11 ii : local supports nat-t ( draft v01 )
10/04/13 16:16:11 ii : local supports nat-t ( draft v02 )
10/04/13 16:16:11 ii : local supports nat-t ( draft v03 )
10/04/13 16:16:11 ii : local supports nat-t ( rfc )
10/04/13 16:16:11 ii : local supports FRAGMENTATION
10/04/13 16:16:11 ii : local is SHREW SOFT compatible
10/04/13 16:16:11 ii : local is NETSCREEN compatible
10/04/13 16:16:11 ii : local is SIDEWINDER compatible
10/04/13 16:16:11 ii : local is CISCO UNITY compatible
10/04/13 16:16:11 >= : cookies 2f08528a54fb6d8c:0000000000000000
10/04/13 16:16:11 >= : message 00000000
10/04/13 16:16:12 ii : processing phase1 packet ( 420 bytes )
10/04/13 16:16:12 =< : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:12 =< : message 00000000
10/04/13 16:16:12 ii : matched isakmp proposal #1 transform #14
10/04/13 16:16:12 ii : - transform = ike
10/04/13 16:16:12 ii : - cipher type = 3des
10/04/13 16:16:12 ii : - key length = default
10/04/13 16:16:12 ii : - hash type = sha1
10/04/13 16:16:12 ii : - dh group = modp-1024
10/04/13 16:16:12 ii : - auth type = xauth-initiator-psk
10/04/13 16:16:12 ii : - life seconds = 86400
10/04/13 16:16:12 ii : - life kbytes = 0
10/04/13 16:16:12 ii : phase1 id match ( natt prevents ip match )
10/04/13 16:16:12 ii : received = ipv4-host 45.56.209.106
10/04/13 16:16:12 ii : peer is CISCO UNITY compatible
10/04/13 16:16:12 ii : peer is IPSEC-TOOLS compatible
10/04/13 16:16:12 ii : peer supports nat-t ( draft v02 )
10/04/13 16:16:12 ii : nat discovery - local address is translated
10/04/13 16:16:12 ii : switching to src nat-t udp port 4500
10/04/13 16:16:12 ii : switching to dst nat-t udp port 4500
10/04/13 16:16:12 >= : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:12 >= : message 00000000
10/04/13 16:16:12 ii : phase1 sa established
10/04/13 16:16:12 ii : 45.56.209.106:4500 <-> 192.168.1.104:4500
10/04/13 16:16:12 ii : 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:12 ii : sending peer INITIAL-CONTACT notification
10/04/13 16:16:12 ii : - 192.168.1.104:4500 -> 45.56.209.106:4500
10/04/13 16:16:12 ii : - isakmp spi = 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:12 ii : - data size 0
10/04/13 16:16:12 >= : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:12 >= : message a13bd21c
10/04/13 16:16:13 ii : processing config packet ( 76 bytes )
10/04/13 16:16:13 =< : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:13 =< : message b00fd17c
10/04/13 16:16:13 ii : - xauth authentication type
10/04/13 16:16:13 ii : - xauth username
10/04/13 16:16:13 ii : - xauth password
10/04/13 16:16:13 ii : received basic xauth request -
10/04/13 16:16:13 ii : - standard xauth username
10/04/13 16:16:13 ii : - standard xauth password
10/04/13 16:16:13 ii : sending xauth response for gary
10/04/13 16:16:13 >= : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:13 >= : message b00fd17c
10/04/13 16:16:13 ii : processing config packet ( 68 bytes )
10/04/13 16:16:13 =< : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:13 =< : message da7182bd
10/04/13 16:16:13 ii : received xauth result -
10/04/13 16:16:13 ii : user gary authentication succeeded
10/04/13 16:16:13 ii : sending xauth acknowledge
10/04/13 16:16:13 >= : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:13 >= : message da7182bd
10/04/13 16:16:13 ii : building config attribute list
10/04/13 16:16:13 ii : sending config pull request
10/04/13 16:16:13 >= : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:13 >= : message 21ed5828
10/04/13 16:16:13 ii : processing config packet ( 84 bytes )
10/04/13 16:16:13 =< : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:13 =< : message 21ed5828
10/04/13 16:16:13 ii : received config pull response
10/04/13 16:16:13 !! : invalid private netmask, defaulting to class c
10/04/13 16:16:13 ii : waiting for vnet to arrive ...
10/04/13 16:16:14 !! : VNET adapter MTU defaulted to 1500.
10/04/13 16:16:14 ii : creating IPSEC INBOUND policy
ANY:192.168.0.0/24:* -> ANY:192.168.0.240:*
10/04/13 16:16:14 ii : creating IPSEC OUTBOUND policy
ANY:192.168.0.240:* -> ANY:192.168.0.0/24:*
10/04/13 16:16:19 !! : failed to create IPSEC policy route for
192.168.0.0/24
10/04/13 16:16:19 ii : split DNS bypassed ( no split domains defined )
10/04/13 16:16:19 >= : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:19 >= : message cc444724
10/04/13 16:16:20 ii : processing phase2 packet ( 156 bytes )
10/04/13 16:16:20 =< : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:20 =< : message cc444724
10/04/13 16:16:20 ii : matched ipsec-esp proposal #1 transform #2
10/04/13 16:16:20 ii : - transform = esp-3des
10/04/13 16:16:20 ii : - key length = default
10/04/13 16:16:20 ii : - encap mode = udp-tunnel ( draft )
10/04/13 16:16:20 ii : - msg auth = hmac-sha
10/04/13 16:16:20 ii : - pfs dh group = none
10/04/13 16:16:20 ii : - life seconds = 3600
10/04/13 16:16:20 ii : - life kbytes = 0
10/04/13 16:16:20 ii : phase2 ids accepted
10/04/13 16:16:20 ii : - loc ANY:192.168.0.240:* -> ANY:192.168.0.0/24:*
10/04/13 16:16:20 ii : - rmt ANY:192.168.0.0/24:* -> ANY:192.168.0.240:*
10/04/13 16:16:20 ii : phase2 sa established
10/04/13 16:16:20 ii : 192.168.1.104:4500 <-> 45.56.209.106:4500
10/04/13 16:16:20 >= : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:16:20 >= : message cc444724
10/04/13 16:17:03 <A : peer tunnel disable message
10/04/13 16:17:03 ii : removing IPSEC INBOUND policy
ANY:192.168.0.0/24:* -> ANY:192.168.0.240:*
10/04/13 16:17:03 ii : removing IPSEC OUTBOUND policy
ANY:192.168.0.240:* -> ANY:192.168.0.0/24:*
10/04/13 16:17:04 DB : removing tunnel config references
10/04/13 16:17:04 DB : removing tunnel phase2 references
10/04/13 16:17:04 ii : sending peer DELETE message
10/04/13 16:17:04 ii : - 192.168.1.104:4500 -> 45.56.209.106:4500
10/04/13 16:17:04 ii : - ipsec-esp spi = 0x85091999
10/04/13 16:17:04 ii : - data size 0
10/04/13 16:17:04 >= : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:17:04 >= : message 024c0707
10/04/13 16:17:04 ii : phase2 removal before expire time
10/04/13 16:17:04 DB : removing tunnel phase1 references
10/04/13 16:17:04 ii : sending peer DELETE message
10/04/13 16:17:04 ii : - 192.168.1.104:4500 -> 45.56.209.106:4500
10/04/13 16:17:04 ii : - isakmp spi = 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:17:04 ii : - data size 0
10/04/13 16:17:04 >= : cookies 2f08528a54fb6d8c:a1763b865f848422
10/04/13 16:17:04 >= : message 02e71f4e
10/04/13 16:17:04 ii : phase1 removal before expire time
10/04/13 16:17:04 DB : removing all peer tunnel refrences
10/04/13 16:17:04 ii : ipc client process thread exit ...
10/04/13 16:24:47 ii : ipc client process thread begin ...
10/04/13 16:24:47 <A : peer config add message
10/04/13 16:24:48 <A : proposal config message
10/04/13 16:24:48 <A : proposal config message
10/04/13 16:24:48 <A : client config message
10/04/13 16:24:48 <A : xauth username message
10/04/13 16:24:48 <A : xauth password message
10/04/13 16:24:48 <A : local id 'client.domain.com' message
10/04/13 16:24:48 <A : preshared key message
10/04/13 16:24:48 <A : remote resource message
10/04/13 16:24:48 <A : peer tunnel enable message
10/04/13 16:24:48 ii : local supports XAUTH
10/04/13 16:24:48 ii : local supports nat-t ( draft v00 )
10/04/13 16:24:48 ii : local supports nat-t ( draft v01 )
10/04/13 16:24:48 ii : local supports nat-t ( draft v02 )
10/04/13 16:24:48 ii : local supports nat-t ( draft v03 )
10/04/13 16:24:48 ii : local supports nat-t ( rfc )
10/04/13 16:24:48 ii : local supports FRAGMENTATION
10/04/13 16:24:48 ii : local is SHREW SOFT compatible
10/04/13 16:24:48 ii : local is NETSCREEN compatible
10/04/13 16:24:48 ii : local is SIDEWINDER compatible
10/04/13 16:24:48 ii : local is CISCO UNITY compatible
10/04/13 16:24:48 >= : cookies bf9da4033774838a:0000000000000000
10/04/13 16:24:48 >= : message 00000000
10/04/13 16:24:49 ii : processing phase1 packet ( 420 bytes )
10/04/13 16:24:49 =< : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:49 =< : message 00000000
10/04/13 16:24:49 ii : matched isakmp proposal #1 transform #14
10/04/13 16:24:49 ii : - transform = ike
10/04/13 16:24:49 ii : - cipher type = 3des
10/04/13 16:24:49 ii : - key length = default
10/04/13 16:24:49 ii : - hash type = sha1
10/04/13 16:24:49 ii : - dh group = modp-1024
10/04/13 16:24:49 ii : - auth type = xauth-initiator-psk
10/04/13 16:24:49 ii : - life seconds = 86400
10/04/13 16:24:49 ii : - life kbytes = 0
10/04/13 16:24:49 ii : phase1 id match ( natt prevents ip match )
10/04/13 16:24:49 ii : received = ipv4-host 45.56.209.106
10/04/13 16:24:49 ii : peer is CISCO UNITY compatible
10/04/13 16:24:49 ii : peer is IPSEC-TOOLS compatible
10/04/13 16:24:49 ii : peer supports nat-t ( draft v02 )
10/04/13 16:24:49 ii : nat discovery - local address is translated
10/04/13 16:24:49 ii : switching to src nat-t udp port 4500
10/04/13 16:24:49 ii : switching to dst nat-t udp port 4500
10/04/13 16:24:49 >= : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:49 >= : message 00000000
10/04/13 16:24:49 ii : phase1 sa established
10/04/13 16:24:49 ii : 45.56.209.106:4500 <-> 192.168.1.104:4500
10/04/13 16:24:49 ii : bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:49 ii : sending peer INITIAL-CONTACT notification
10/04/13 16:24:49 ii : - 192.168.1.104:4500 -> 45.56.209.106:4500
10/04/13 16:24:49 ii : - isakmp spi = bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:49 ii : - data size 0
10/04/13 16:24:49 >= : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:49 >= : message ee492227
10/04/13 16:24:50 ii : processing config packet ( 76 bytes )
10/04/13 16:24:50 =< : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:50 =< : message c0d069ef
10/04/13 16:24:50 ii : - xauth authentication type
10/04/13 16:24:50 ii : - xauth username
10/04/13 16:24:50 ii : - xauth password
10/04/13 16:24:50 ii : received basic xauth request -
10/04/13 16:24:50 ii : - standard xauth username
10/04/13 16:24:50 ii : - standard xauth password
10/04/13 16:24:50 ii : sending xauth response for gary
10/04/13 16:24:50 >= : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:50 >= : message c0d069ef
10/04/13 16:24:50 ii : processing config packet ( 68 bytes )
10/04/13 16:24:50 =< : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:50 =< : message c861446b
10/04/13 16:24:50 ii : received xauth result -
10/04/13 16:24:50 ii : user gary authentication succeeded
10/04/13 16:24:50 ii : sending xauth acknowledge
10/04/13 16:24:50 >= : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:50 >= : message c861446b
10/04/13 16:24:50 ii : building config attribute list
10/04/13 16:24:50 ii : sending config pull request
10/04/13 16:24:50 >= : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:50 >= : message ed0485eb
10/04/13 16:24:50 ii : processing config packet ( 84 bytes )
10/04/13 16:24:50 =< : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:50 =< : message ed0485eb
10/04/13 16:24:50 ii : received config pull response
10/04/13 16:24:50 !! : invalid private netmask, defaulting to class c
10/04/13 16:24:50 ii : creating IPSEC INBOUND policy
ANY:192.168.0.0/24:* -> ANY:192.168.0.240:*
10/04/13 16:24:50 ii : creating IPSEC OUTBOUND policy
ANY:192.168.0.240:* -> ANY:192.168.0.0/24:*
10/04/13 16:24:50 ii : created IPSEC policy route for 192.168.0.0/24
10/04/13 16:24:50 ii : split DNS bypassed ( no split domains defined )
10/04/13 16:24:50 >= : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:50 >= : message 5ae02808
10/04/13 16:24:54 >= : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:54 >= : message 0eb44466
10/04/13 16:24:54 ii : processing phase2 packet ( 292 bytes )
10/04/13 16:24:54 =< : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:54 =< : message 0eb44466
10/04/13 16:24:54 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 16:24:54 ii : - transform = esp-3des
10/04/13 16:24:54 ii : - key length = default
10/04/13 16:24:54 ii : - encap mode = udp-tunnel ( draft )
10/04/13 16:24:54 ii : - msg auth = hmac-sha
10/04/13 16:24:54 ii : - pfs dh group = modp-1024
10/04/13 16:24:54 ii : - life seconds = 3600
10/04/13 16:24:54 ii : - life kbytes = 0
10/04/13 16:24:54 ii : phase2 ids accepted
10/04/13 16:24:54 ii : - loc ANY:192.168.0.240:* -> ANY:192.168.0.0/24:*
10/04/13 16:24:54 ii : - rmt ANY:192.168.0.0/24:* -> ANY:192.168.0.240:*
10/04/13 16:24:54 ii : phase2 sa established
10/04/13 16:24:54 ii : 192.168.1.104:4500 <-> 66.66.666.106:4500
10/04/13 16:24:54 >= : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:54 >= : message 0eb44466
10/04/13 16:24:55 -> : resend 1 phase2 packet(s) 192.168.1.104:4500 ->
66.66.666.106:4500
10/04/13 16:24:56 ii : processing phase2 packet ( 292 bytes )
10/04/13 16:24:56 =< : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:56 =< : message 5ae02808
10/04/13 16:24:56 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 16:24:56 ii : - transform = esp-3des
10/04/13 16:24:56 ii : - key length = default
10/04/13 16:24:56 ii : - encap mode = udp-tunnel ( draft )
10/04/13 16:24:56 ii : - msg auth = hmac-sha
10/04/13 16:24:56 ii : - pfs dh group = modp-1024
10/04/13 16:24:56 ii : - life seconds = 3600
10/04/13 16:24:56 ii : - life kbytes = 0
10/04/13 16:24:56 ii : phase2 ids accepted
10/04/13 16:24:56 ii : - loc ANY:192.168.0.240:* -> ANY:192.168.0.0/24:*
10/04/13 16:24:56 ii : - rmt ANY:192.168.0.0/24:* -> ANY:192.168.0.240:*
10/04/13 16:24:56 ii : phase2 sa established
10/04/13 16:24:56 ii : 192.168.1.104:4500 <-> 66.66.666.106:4500
10/04/13 16:24:56 >= : cookies bf9da4033774838a:c17776b6f69438e9
10/04/13 16:24:56 >= : message 5ae02808
More information about the vpn-help
mailing list