[vpn-help] VPN to Netgear SRXN3205 broken in 2.1.6beta

Fernando Viñan-Cano ferd352+shrewvpn at gmail.com
Fri Jul 16 05:32:55 CDT 2010


Hi,

I was trying to recreate my VPN settings on my Netgear SRXN3205, which were
lost after I had to reset the router due issues after the latest firmware
upgrade, and having difficulties trying to get ShrewVPN to reconnect.

I originally used v2.1.5 and in trying to get it all working again I
upgraded to v2.1.6b10

Eventually I tracked the connection issues with the router config and
managed to get my PC to connect successfully. However, I was unable to
transmit any data across the VPN no matter what settings I tried - even
created a new connection in the manager.

So I reverted back to v2.1.5, recreated the connection from scratch on the
connection manager (left the router alone) and tried again. Success.
Connected first time and was able to communicate with my remote server.

Seems something has broken things in v2.1.6 or I have configured something
incorrectly, but I'm sure I simply did the same for both versions of
ShrewVPN just ignored the bits that were different in the later version.

I've attached the logs from my router, one from using v2.1.5 and one from
using v2.1.6 - there seems to be a lot more errors during the latter,

Cheers,
Fernando
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100716/020534b4/attachment-0001.html>
-------------- next part --------------
2010 Jul 16 12:15:05 [SRXN3205] [IKE] Remote configuration for identifier "MyVPN.com" found_
2010 Jul 16 12:15:05 [SRXN3205] [IKE] Received request for new phase 1 negotiation: 83.222.56.139[500]<=>195.234.136.64[48736]_
2010 Jul 16 12:15:05 [SRXN3205] [IKE] Beginning Aggressive mode._
2010 Jul 16 12:15:05 [SRXN3205] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_
2010 Jul 16 12:15:05 [SRXN3205] [IKE] Received unknown Vendor ID_
                - Last output repeated 3 times -
2010 Jul 16 12:15:05 [SRXN3205] [IKE] Received Vendor ID: CISCO-UNITY_
2010 Jul 16 12:15:05 [SRXN3205] [IKE] Setting DPD Vendor ID_
2010 Jul 16 12:15:05 [SRXN3205] [IKE] Sending Xauth request to 195.234.136.64[48736]_
2010 Jul 16 12:15:05 [SRXN3205] [IKE] ISAKMP-SA established for 83.222.56.139[500]-195.234.136.64[48736] with spi:d09f61a50a38b4d6:733d6170f0526b93_
2010 Jul 16 12:15:05 [SRXN3205] [IKE] purging spi=243480841._
2010 Jul 16 12:15:06 [SRXN3205] [IKE] Received attribute type "ISAKMP_CFG_REPLY" from 195.234.136.64[48736]_
2010 Jul 16 12:15:06 [SRXN3205] [IKE] Login succeeded for user "username"_
2010 Jul 16 12:15:06 [SRXN3205] [IKE] Received attribute type "ISAKMP_CFG_REQUEST" from 195.234.136.64[48736]_
2010 Jul 16 12:15:06 [SRXN3205] [IKE] 192.168.2.11 IP address is assigned to remote peer 195.234.136.64[48736]_
2010 Jul 16 12:15:06 [SRXN3205] [IKE] Ignored attribute 5_
2010 Jul 16 12:15:06 [SRXN3205] [IKE] Cannot open "/etc/motd"_
2010 Jul 16 12:15:06 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:15:06 [SRXN3205] [IKE] Using IPsec SA configuration: 192.168.1.0/24<->192.168.2.0/24_
2010 Jul 16 12:15:07 [SRXN3205] [IKE] IPsec-SA established: ESP/Tunnel 195.234.136.64->83.222.56.139 with spi=200696902(0xbf66446)_
2010 Jul 16 12:15:07 [SRXN3205] [IKE] IPsec-SA established: ESP/Tunnel 83.222.56.139->195.234.136.64 with spi=2005544513(0x778a2e41)_
-------------- next part --------------
2010 Jul 16 12:01:02 [SRXN3205] [IKE] Remote configuration for identifier "MyVPN.com" found_
2010 Jul 16 12:01:02 [SRXN3205] [IKE] Received request for new phase 1 negotiation: 83.222.56.139[500]<=>195.234.136.64[48607]_
2010 Jul 16 12:01:02 [SRXN3205] [IKE] Beginning Aggressive mode._
2010 Jul 16 12:01:02 [SRXN3205] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_
2010 Jul 16 12:01:02 [SRXN3205] [IKE] Received unknown Vendor ID_
                - Last output repeated 3 times -
2010 Jul 16 12:01:02 [SRXN3205] [IKE] Received Vendor ID: CISCO-UNITY_
2010 Jul 16 12:01:03 [SRXN3205] [IKE] Setting DPD Vendor ID_
2010 Jul 16 12:01:03 [SRXN3205] [IKE] Sending Xauth request to 195.234.136.64[48607]_
2010 Jul 16 12:01:03 [SRXN3205] [IKE] ISAKMP-SA established for 83.222.56.139[500]-195.234.136.64[48607] with spi:96e9f556b53b846e:9eed0752a0161e16_
2010 Jul 16 12:01:03 [SRXN3205] [IKE] Received attribute type "ISAKMP_CFG_REPLY" from 195.234.136.64[48607]_
2010 Jul 16 12:01:03 [SRXN3205] [IKE] Login succeeded for user "username"_
2010 Jul 16 12:01:04 [SRXN3205] [IKE] Received attribute type "ISAKMP_CFG_REQUEST" from 195.234.136.64[48607]_
2010 Jul 16 12:01:04 [SRXN3205] [IKE] 192.168.2.11 IP address is assigned to remote peer 195.234.136.64[48607]_
2010 Jul 16 12:01:04 [SRXN3205] [IKE] Ignored attribute 5_
2010 Jul 16 12:01:07 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:01:07 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_
2010 Jul 16 12:01:12 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:01:12 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_
2010 Jul 16 12:01:17 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:01:17 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_
2010 Jul 16 12:01:22 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:01:22 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_
2010 Jul 16 12:01:28 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:01:28 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_
2010 Jul 16 12:01:33 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:01:33 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_
2010 Jul 16 12:01:36 [SRXN3205] [IKE] no phase2 found for "MyVPN0"_
2010 Jul 16 12:01:36 [SRXN3205] [IKE] IPSec configuration with identifer "MyVPN0" deleted sucessfully_
2010 Jul 16 12:01:36 [SRXN3205] [IKE] no phase2 bounded._
2010 Jul 16 12:01:36 [SRXN3205] [IKE] Sending Informational Exchange: delete payload[]_
2010 Jul 16 12:01:36 [SRXN3205] [IKE] Purged ISAKMP-SA with spi=96e9f556b53b846e:9eed0752a0161e16:a3383522._
2010 Jul 16 12:01:36 [SRXN3205] [IKE] 192.168.2.11 IP address has been released by remote peer._
2010 Jul 16 12:01:36 [SRXN3205] [IKE] an undead schedule has been deleted: 'purge_remote'._
2010 Jul 16 12:01:36 [SRXN3205] [IKE] IKE configuration with identifier "MyVPN" deleted sucessfully_
2010 Jul 16 12:01:36 [SRXN3205] [IKE] ModeCfg configuration with identifier "MyVPN" deleted sucessfully_
2010 Jul 16 12:01:36 [SRXN3205] [IKE] Adding ModeCfg configuration with identifier "MyVPN"_
2010 Jul 16 12:01:36 [SRXN3205] [IKE] Adding IPSec configuration with identifier "MyVPN0"_
2010 Jul 16 12:01:36 [SRXN3205] [IKE] Adding IKE configuration with identifer "MyVPN"_
2010 Jul 16 12:01:47 [SRXN3205] [IKE] Remote configuration for identifier "MyVPN.com" found_
2010 Jul 16 12:01:47 [SRXN3205] [IKE] Received request for new phase 1 negotiation: 83.222.56.139[500]<=>195.234.136.64[48607]_
2010 Jul 16 12:01:47 [SRXN3205] [IKE] Beginning Aggressive mode._
2010 Jul 16 12:01:47 [SRXN3205] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_
2010 Jul 16 12:01:47 [SRXN3205] [IKE] Received unknown Vendor ID_
                - Last output repeated 3 times -
2010 Jul 16 12:01:47 [SRXN3205] [IKE] Received Vendor ID: CISCO-UNITY_
2010 Jul 16 12:01:48 [SRXN3205] [IKE] Setting DPD Vendor ID_
2010 Jul 16 12:01:48 [SRXN3205] [IKE] Sending Xauth request to 195.234.136.64[48607]_
2010 Jul 16 12:01:48 [SRXN3205] [IKE] ISAKMP-SA established for 83.222.56.139[500]-195.234.136.64[48607] with spi:a6f2f70bdf432da9:69732bc0a1b20668_
2010 Jul 16 12:01:48 [SRXN3205] [IKE] Received attribute type "ISAKMP_CFG_REPLY" from 195.234.136.64[48607]_
2010 Jul 16 12:01:48 [SRXN3205] [IKE] Login succeeded for user "username"_
2010 Jul 16 12:01:48 [SRXN3205] [IKE] Received attribute type "ISAKMP_CFG_REQUEST" from 195.234.136.64[48607]_
2010 Jul 16 12:01:48 [SRXN3205] [IKE] 192.168.2.11 IP address is assigned to remote peer 195.234.136.64[48607]_
2010 Jul 16 12:01:48 [SRXN3205] [IKE] Ignored attribute 5_
2010 Jul 16 12:01:53 [SRXN3205] [IKE] Received attribute type "ISAKMP_CFG_REQUEST" from 195.234.136.64[48607]_
2010 Jul 16 12:01:53 [SRXN3205] [IKE] 192.168.2.11 IP address is assigned to remote peer 195.234.136.64[48607]_
2010 Jul 16 12:01:53 [SRXN3205] [IKE] Ignored attribute 5_
2010 Jul 16 12:01:58 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:01:58 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_
2010 Jul 16 12:02:03 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:02:03 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_
2010 Jul 16 12:02:08 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:02:08 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_
2010 Jul 16 12:02:13 [SRXN3205] [IKE] Responding to new phase 2 negotiation: 83.222.56.139[0]<=>195.234.136.64[0]_
2010 Jul 16 12:02:13 [SRXN3205] [IKE] Failed to get IPsec SA configuration for: 0.0.0.0/0<->192.168.2.11/32 from MyVPN.com_


More information about the vpn-help mailing list