[vpn-help] Fwd: invalid message from gateway

Libor Arndt libor.arndt at email.cz
Sat Feb 27 06:30:17 CST 2010


Hello,

I set debug level in registry and got the log output, so again:


I succesfully imported a pcf profile with 2.1.6 beta.
I imported certificate (the same pfx file for server, client and private
key, I hope it's ok).
Unfortunately I got invalid message from gateway

IPSEC.log:

10/02/27 13:16:52 ## : IPSEC Daemon, ver 2.1.6
10/02/27 13:16:52 ## : Copyright 2009 Shrew Soft Inc.
10/02/27 13:16:52 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/02/27 13:16:52 ## : This product linked zlib v1.2.3
10/02/27 13:16:52 ii : network send process thread begin ...
10/02/27 13:16:52 ii : network recv process thread begin ...
10/02/27 13:16:52 ii : pfkey server process thread begin ...
10/02/27 13:16:52 ii : vflt recv device attached
10/02/27 13:16:52 ii : vflt send device attached
10/02/27 13:16:53 ii : pfkey client process thread begin ...
10/02/27 13:16:53 ii : pfkey client process thread begin ...
10/02/27 13:16:56 ii : inspecting ARP request ...
10/02/27 13:16:56 !! : ARP packet has invalid header
10/02/27 13:17:30 ii : inspecting ARP request ...
10/02/27 13:17:48 ii : inspecting ARP request ...
10/02/27 13:18:05 ii : inspecting ARP request ...

IKED.log:


10/02/27 13:16:47 ## : IKE Daemon, ver 2.1.6
10/02/27 13:16:47 ## : Copyright 2009 Shrew Soft Inc.
10/02/27 13:16:47 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/02/27 13:16:47 ii : opened 'C:\Program Files\ShrewSoft\VPN  
Client\debug\iked.log'
10/02/27 13:16:47 ii : rebuilding vnet device list ...
10/02/27 13:16:47 ii : device ROOT\VNET\0000 disabled
10/02/27 13:16:47 ii : network process thread begin ...
10/02/27 13:16:47 ii : pfkey process thread begin ...
10/02/27 13:16:47 ii : ipc server process thread begin ...
10/02/27 13:16:52 !! : unable to connect to pfkey interface
10/02/27 13:17:15 ii : ipc client process thread begin ...
10/02/27 13:17:15 <A : peer config add message
10/02/27 13:17:15 <A : proposal config message
10/02/27 13:17:15 <A : proposal config message
10/02/27 13:17:15 <A : client config message
10/02/27 13:17:15 <A : xauth username message
10/02/27 13:17:15 <A : xauth password message
10/02/27 13:17:15 <A : remote cert 'D:\certifikaty gncs\gncs_new.pfx'  
message
10/02/27 13:17:15 !! : 'D:\certifikaty gncs\gncs_new.pfx' load failed,  
requesting password
10/02/27 13:17:30 <A : file password
10/02/27 13:17:30 <A : remote cert 'D:\certifikaty gncs\gncs_new.pfx'  
message
10/02/27 13:17:30 <A : local cert 'D:\certifikaty gncs\gncs_new.pfx'  
message
10/02/27 13:17:30 <A : local key 'D:\certifikaty gncs\gncs_new.pfx' message
10/02/27 13:17:30 <A : peer tunnel enable message
10/02/27 13:17:30 ii : local supports XAUTH
10/02/27 13:17:30 ii : local supports nat-t ( draft v00 )
10/02/27 13:17:30 ii : local supports nat-t ( draft v01 )
10/02/27 13:17:30 ii : local supports nat-t ( draft v02 )
10/02/27 13:17:30 ii : local supports nat-t ( draft v03 )
10/02/27 13:17:30 ii : local supports nat-t ( rfc )
10/02/27 13:17:30 ii : local supports DPDv1
10/02/27 13:17:30 ii : local is SHREW SOFT compatible
10/02/27 13:17:30 ii : local is NETSCREEN compatible
10/02/27 13:17:30 ii : local is SIDEWINDER compatible
10/02/27 13:17:30 ii : local is CISCO UNITY compatible
10/02/27 13:17:30 >= : cookies dd5895241fbc3554:0000000000000000
10/02/27 13:17:30 >= : message 00000000
10/02/27 13:17:30 ii : processing phase1 packet ( 128 bytes )
10/02/27 13:17:30 =< : cookies dd5895241fbc3554:d3aab0972360e1c8
10/02/27 13:17:30 =< : message 00000000
10/02/27 13:17:30 ii : matched isakmp proposal #1 transform #68
10/02/27 13:17:30 ii : - transform    = ike
10/02/27 13:17:30 ii : - cipher type  = 3des
10/02/27 13:17:30 ii : - key length   = default
10/02/27 13:17:30 ii : - hash type    = sha1
10/02/27 13:17:30 ii : - dh group     = modp-1536
10/02/27 13:17:30 ii : - auth type    = xauth-initiator-rsa
10/02/27 13:17:30 ii : - life seconds = 86400
10/02/27 13:17:30 ii : - life kbytes  = 0
10/02/27 13:17:30 ii : peer supports nat-t ( draft v02 )
10/02/27 13:17:30 >= : cookies dd5895241fbc3554:d3aab0972360e1c8
10/02/27 13:17:30 >= : message 00000000
10/02/27 13:17:30 ii : processing phase1 packet ( 1472 bytes )
10/02/27 13:17:30 =< : cookies dd5895241fbc3554:d3aab0972360e1c8
10/02/27 13:17:30 =< : message 00000000
10/02/27 13:17:30 !! : unprocessed payload data
10/02/27 13:17:30 !! : invalid certificate request size ( 42028 > 4096 )
10/02/27 13:17:30 !! : unprocessed payload data
10/02/27 13:17:30 ii : phase1 removal before expire time
10/02/27 13:17:30 ww : ike packet from 62.141.6.250 ignored, unknown  
phase1 sa for peer
10/02/27 13:17:30 ww : dd5895241fbc3554:d3aab0972360e1c8
10/02/27 13:17:30 DB : removing tunnel config references
10/02/27 13:17:30 DB : removing tunnel phase2 references
10/02/27 13:17:30 DB : removing tunnel phase1 references
10/02/27 13:17:30 DB : removing all peer tunnel refrences
10/02/27 13:17:30 ii : ipc client process thread exit ...



thanks in advance for any advice.

Libor Arndt




More information about the vpn-help mailing list