[vpn-help] Problem establishing tunnel using Fedora 6: resend limit exceeded for phase1 exchange

Rob Ratcliff rratcliff at ticom-geo.com
Wed Apr 28 06:27:05 CDT 2010 

Stefan,

Thanks for the response. I shouldn't be using any firewall (at least 
that was my goal), but here is the output from iptables just in case:

iptables -vnL

Chain INPUT (policy ACCEPT 6 packets, 1124 bytes)
 pkts bytes target     prot opt in     out     source               
destination        

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination        

Chain OUTPUT (policy ACCEPT 4 packets, 881 bytes)
 pkts bytes target     prot opt in     out     source               
destination        

Thanks,

Rob


Stefan Bauer wrote:
> Am 24.04.2010 15:28, Rob Ratcliff schrieb:
>   
>> 10/04/24 06:55:45 DB : exchange type is aggressive
>> 10/04/24 06:55:45 ii : local supports nat-t ( draft v00 )
>> 10/04/24 06:55:45 >> : vendor id payload
>> 10/04/24 06:55:45 ii : local supports nat-t ( draft v01 )
>> 10/04/24 06:55:45 >> : vendor id payload
>> 10/04/24 06:55:45 ii : local supports nat-t ( draft v02 )
>> 10/04/24 06:55:45 >> : vendor id payload
>> 10/04/24 06:55:45 ii : local supports nat-t ( draft v03 )
>> 10/04/24 06:55:45 >> : vendor id payload
>> 10/04/24 06:55:45 ii : local supports nat-t ( rfc )
>> 10/04/24 06:55:45 -> : send IKE packet 192.168.1.103:500 ->
>> xx.xxx.xxx.xx:500 ( 533 bytes )
>> 10/04/24 06:55:45 DB : phase1 resend event scheduled ( ref count = 2 )
>> 10/04/24 06:55:45 ii : opened tap device tap0
>> 10/04/24 06:55:55 -> : resend 1 phase1 packet(s) 192.168.1.103:500 ->
>> xx.xxx.xxx.xx:500
>> 10/04/24 06:56:05 -> : resend 1 phase1 packet(s) 192.168.1.103:500 ->
>> xx.xxx.xxx.xx:500
>> 10/04/24 06:56:15 -> : resend 1 phase1 packet(s) 192.168.1.103:500 ->
>> xx.xxx.xxx.xx:500
>> 10/04/24 06:56:25 ii : resend limit exceeded for phase1 exchange
>> 10/04/24 06:56:25 ii : phase1 removal before expire time
>>     
>
>
> Rob,
>
> not even the initial port change to 4500 udp (nat-t) is done
> correctly. Are you sure, your machine is not running a firewall?
> What's the output of "iptables -vnL" ?
>
> Stefan
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100428/b7e25b00/attachment-0002.html>

More information about the vpn-help mailing list