[vpn-help] Can't ping/ssh over vpn [Shrew Soft ver 2.1.5 on Ubuntu 10.04]
Gaurav
gaurav.knangla at gmail.com
Thu Apr 29 03:44:25 CDT 2010
Hi All,
I've raised this issue earlier. I couldn't resolve it, so I'd like to raise
it once again with all the debugging info in one place.
Hope it helps; I so don't want to want run a Windows VM just for VPN access.
*Original post:*
*
*
I've been using the Shrew Soft client for years on Windows without any
problems.
I switched to Ubuntu 10.04 once and for all recently; but ran into issues
with a .pcf imported that worked flawlessly on Windows 7 recently.
Imported the sane .pcf into the Shrew Soft ver 2.1.5 on Ubuntu 10.04,
managed to connect as well but just couldn't ping/ssh my remote machines
over vpn.
I've tried possible workarounds/tweaks/fixes, the little that I could dig up
around this but things didn't workout.
Any suggestions?
Prints/logs follow.
*Connection prints:*
config loaded for site 'xxxxxxxxxx.pcf'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
user authentication error
tunnel disabled
detached from key daemon ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
user authentication error
tunnel disabled
detached from key daemon ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
*Logs:*
desktop:~$ cat /var/log/iked.log
10/04/28 00:36:01 ## : IKE Daemon, ver 2.1.5
10/04/28 00:36:01 ## : Copyright 2009 Shrew Soft Inc.
10/04/28 00:36:01 ## : This product linked OpenSSL 0.9.8k 25 Mar 2009
10/04/28 00:36:01 K! : recv X_SPDDUMP message failure ( errno = 2 )
10/04/28 00:41:19 !! : invalid private netmask, defaulting to class c
10/04/28 00:41:19 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:41:26 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:42:18 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:46:48 !! : invalid private netmask, defaulting to class c
10/04/28 00:46:48 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:46:57 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:51:32 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:53:19 !! : invalid private netmask, defaulting to class c
10/04/28 00:53:19 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:53:19 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:53:26 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:54:31 !! : invalid private netmask, defaulting to class c
10/04/28 00:54:37 !! : invalid private netmask, defaulting to class c
10/04/28 00:55:01 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:55:07 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:55:07 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:55:22 !! : invalid private netmask, defaulting to class c
10/04/28 00:55:22 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:55:22 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:55:28 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:56:42 !! : invalid private netmask, defaulting to class c
10/04/28 00:56:52 !! : invalid private netmask, defaulting to class c
10/04/28 00:57:12 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:57:22 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 00:58:12 !! : invalid private netmask, defaulting to class c
10/04/28 00:58:12 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 00:58:12 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:00:33 !! : invalid private netmask, defaulting to class c
10/04/28 01:00:33 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:00:34 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:00:38 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:02:46 !! : invalid private netmask, defaulting to class c
10/04/28 01:02:46 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:02:46 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:02:56 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:05:04 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 01:05:04 K! : unhandled pfkey message type EXPIRE ( 8 )
10/04/28 01:05:16 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:05:17 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:05:43 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:05:48 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:17:59 !! : invalid private netmask, defaulting to class c
10/04/28 01:17:59 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:18:11 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:22:33 !! : invalid private netmask, defaulting to class c
10/04/28 01:22:33 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:22:46 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
10/04/28 01:22:52 !! : peer violates RFC, transform number mismatch ( 1 !=
17 )
*/sbin/ifconfig output:*
desktop:~$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:1f:d0:d2:d2:a4
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21f:d0ff:fed2:d2a4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7026 errors:0 dropped:0 overruns:0 frame:0
TX packets:6401 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6469445 (6.4 MB) TX bytes:1176183 (1.1 MB)
Interrupt:27
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1100 (1.1 KB) TX bytes:1100 (1.1 KB)
tap0 Link encap:Ethernet HWaddr f2:47:0e:c8:b6:99
inet addr:192.168.20.141 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::f047:eff:fec8:b699/64 Scope:Link
UP BROADCAST RUNNING MTU:1380 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vmnet1 Link encap:Ethernet HWaddr 00:50:56:c0:00:01
inet addr:192.168.184.1 Bcast:192.168.184.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vmnet8 Link encap:Ethernet HWaddr 00:50:56:c0:00:08
inet addr:192.168.111.1 Bcast:192.168.111.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
*/sbin/route output:*
desktop:~$ /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
172.17.48.31 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
10.8.50.232 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
172.17.48.3 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
172.17.48.32 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
172.17.48.22 192.168.20.141 255.255.255.255 UGH 0 0 0 tap0
10.10.7.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
10.10.20.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
192.168.20.0 * 255.255.255.0 U 0 0 0 tap0
10.10.2.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
10.10.19.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
192.168.1.0 * 255.255.255.0 U 1 0 0 eth0
10.155.114.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
172.17.20.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
10.10.12.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
192.168.184.0 * 255.255.255.0 U 0 0 0
vmnet1
192.168.111.0 * 255.255.255.0 U 0 0 0
vmnet8
10.10.10.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
10.10.9.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
10.10.75.0 192.168.20.141 255.255.255.0 UG 0 0 0 tap0
10.10.96.0 192.168.20.141 255.255.252.0 UG 0 0 0 tap0
172.17.144.0 192.168.20.141 255.255.240.0 UG 0 0 0 tap0
172.17.128.0 192.168.20.141 255.255.240.0 UG 0 0 0 tap0
172.17.0.0 192.168.20.141 255.255.240.0 UG 0 0 0 tap0
172.17.32.0 192.168.20.141 255.255.240.0 UG 0 0 0 tap0
172.25.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
172.31.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
172.18.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
172.16.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
link-local * 255.255.0.0 U 1000 0 0 eth0
192.168.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
10.201.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
10.202.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
10.203.0.0 192.168.20.141 255.255.0.0 UG 0 0 0 tap0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
*client configuration file :*
desktop:~$ cat file.pcf
[main]
Description=
Host=xxx-xxxxxxx.xxxxxxxxxx.com
AuthType=1
GroupName=xxxxx-xxxxxxx
GroupPwd=
enc_GroupPwd=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
EnableISPConnect=0
ISPConnectType=0
ISPConnect=test
ISPPhonebook=C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Connections\Pbk\rasphone.pbk
ISPCommand=
Username=xxxxxx.xxxxxx
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
PeerTimeout=90
EnableLocalLAN=0
Gaurav
pgp.mit.edu - PubkeyID:0x1bf31eef13ee431e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100429/221a8b2f/attachment-0001.html>
More information about the vpn-help
mailing list