[vpn-help] Resend limit exceeded for config exchange
David Park
djp22 at caa.columbia.edu
Wed Mar 17 20:08:47 CDT 2010
I appear to be hung up on the config exchange phase when connecting. After
I get that message I just see an endless string of keep-alive messages. Can
anyone make sense of this log? Thanks!
10/03/17 21:04:42 ## : IKE Daemon, ver 2.1.5
10/03/17 21:04:42 ## : Copyright 2009 Shrew Soft Inc.
10/03/17 21:04:42 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/03/17 21:04:42 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
10/03/17 21:04:42 ii : rebuilding vnet device list ...
10/03/17 21:04:42 ii : device ROOT\VNET\0000 disabled
10/03/17 21:04:42 ii : network process thread begin ...
10/03/17 21:04:42 ii : pfkey process thread begin ...
10/03/17 21:04:42 ii : ipc server process thread begin ...
10/03/17 21:05:00 ii : ipc client process thread begin ...
10/03/17 21:05:00 <A : peer config add message
10/03/17 21:05:00 DB : peer added ( obj count = 1 )
10/03/17 21:05:00 ii : local address 192.168.1.100 selected for peer
10/03/17 21:05:01 DB : tunnel added ( obj count = 1 )
10/03/17 21:05:01 <A : proposal config message
10/03/17 21:05:01 <A : proposal config message
10/03/17 21:05:01 <A : client config message
10/03/17 21:05:01 <A : local id 'fairchoicesystems_vpn' message
10/03/17 21:05:01 <A : preshared key message
10/03/17 21:05:01 <A : peer tunnel enable message
10/03/17 21:05:01 DB : new phase1 ( ISAKMP initiator )
10/03/17 21:05:01 DB : exchange type is aggressive
10/03/17 21:05:01 DB : 192.168.1.100:500 <-> 64.27.67.101:500
10/03/17 21:05:01 DB : 7aa2529dd44ce7c7:0000000000000000
10/03/17 21:05:01 DB : phase1 added ( obj count = 1 )
10/03/17 21:05:01 >> : security association payload
10/03/17 21:05:01 >> : - proposal #1 payload
10/03/17 21:05:01 >> : -- transform #1 payload
10/03/17 21:05:01 >> : -- transform #2 payload
10/03/17 21:05:01 >> : -- transform #3 payload
10/03/17 21:05:01 >> : -- transform #4 payload
10/03/17 21:05:01 >> : -- transform #5 payload
10/03/17 21:05:01 >> : -- transform #6 payload
10/03/17 21:05:01 >> : -- transform #7 payload
10/03/17 21:05:01 >> : -- transform #8 payload
10/03/17 21:05:01 >> : -- transform #9 payload
10/03/17 21:05:01 >> : key exchange payload
10/03/17 21:05:01 >> : nonce payload
10/03/17 21:05:01 >> : identification payload
10/03/17 21:05:01 >> : vendor id payload
10/03/17 21:05:01 ii : local supports nat-t ( draft v00 )
10/03/17 21:05:01 >> : vendor id payload
10/03/17 21:05:01 ii : local supports nat-t ( draft v01 )
10/03/17 21:05:01 >> : vendor id payload
10/03/17 21:05:01 ii : local supports nat-t ( draft v02 )
10/03/17 21:05:01 >> : vendor id payload
10/03/17 21:05:01 ii : local supports nat-t ( draft v03 )
10/03/17 21:05:01 >> : vendor id payload
10/03/17 21:05:01 ii : local supports nat-t ( rfc )
10/03/17 21:05:01 >> : vendor id payload
10/03/17 21:05:01 ii : local is SHREW SOFT compatible
10/03/17 21:05:01 >> : vendor id payload
10/03/17 21:05:01 ii : local is NETSCREEN compatible
10/03/17 21:05:01 >> : vendor id payload
10/03/17 21:05:01 ii : local is SIDEWINDER compatible
10/03/17 21:05:01 >> : vendor id payload
10/03/17 21:05:01 ii : local is CISCO UNITY compatible
10/03/17 21:05:01 >= : cookies 7aa2529dd44ce7c7:0000000000000000
10/03/17 21:05:01 >= : message 00000000
10/03/17 21:05:01 -> : send IKE packet 192.168.1.100:500 ->
64.27.67.101:500( 793 bytes )
10/03/17 21:05:01 DB : phase1 resend event scheduled ( ref count = 2 )
10/03/17 21:05:01 <- : recv IKE packet 64.27.67.101:500 ->
192.168.1.100:500( 440 bytes )
10/03/17 21:05:01 DB : phase1 found
10/03/17 21:05:01 ii : processing phase1 packet ( 440 bytes )
10/03/17 21:05:01 =< : cookies 7aa2529dd44ce7c7:ecbb8a2118f81f12
10/03/17 21:05:01 =< : message 00000000
10/03/17 21:05:01 << : security association payload
10/03/17 21:05:01 << : - propsal #1 payload
10/03/17 21:05:01 << : -- transform #7 payload
10/03/17 21:05:01 ii : unmatched isakmp proposal/transform
10/03/17 21:05:01 ii : cipher type ( 3des != aes )
10/03/17 21:05:01 ii : unmatched isakmp proposal/transform
10/03/17 21:05:01 ii : cipher type ( 3des != aes )
10/03/17 21:05:01 ii : unmatched isakmp proposal/transform
10/03/17 21:05:01 ii : cipher type ( 3des != aes )
10/03/17 21:05:01 ii : unmatched isakmp proposal/transform
10/03/17 21:05:01 ii : cipher type ( 3des != blowfish )
10/03/17 21:05:01 ii : unmatched isakmp proposal/transform
10/03/17 21:05:01 ii : cipher type ( 3des != blowfish )
10/03/17 21:05:01 ii : unmatched isakmp proposal/transform
10/03/17 21:05:01 ii : cipher type ( 3des != blowfish )
10/03/17 21:05:01 ii : matched isakmp proposal #1 transform #7
10/03/17 21:05:01 ii : - transform = ike
10/03/17 21:05:01 ii : - cipher type = 3des
10/03/17 21:05:01 ii : - key length = default
10/03/17 21:05:01 ii : - hash type = sha1
10/03/17 21:05:01 ii : - dh group = modp-1024
10/03/17 21:05:01 ii : - auth type = psk
10/03/17 21:05:01 ii : - life seconds = 86400
10/03/17 21:05:01 ii : - life kbytes = 0
10/03/17 21:05:01 << : key exchange payload
10/03/17 21:05:01 << : nonce payload
10/03/17 21:05:01 << : identification payload
10/03/17 21:05:01 ii : phase1 id target is any
10/03/17 21:05:01 ii : phase1 id match
10/03/17 21:05:01 ii : received = ipv4-host 64.27.67.101
10/03/17 21:05:01 << : hash payload
10/03/17 21:05:01 << : vendor id payload
10/03/17 21:05:01 ii : peer is CISCO UNITY compatible
10/03/17 21:05:01 << : vendor id payload
10/03/17 21:05:01 ii : peer supports XAUTH
10/03/17 21:05:01 << : vendor id payload
10/03/17 21:05:01 ii : peer supports DPDv1
10/03/17 21:05:01 << : vendor id payload
10/03/17 21:05:01 ii : peer supports nat-t ( draft v02 )
10/03/17 21:05:01 << : nat discovery payload
10/03/17 21:05:01 << : nat discovery payload
10/03/17 21:05:01 << : vendor id payload
10/03/17 21:05:01 ii : unknown vendor id ( 20 bytes )
10/03/17 21:05:01 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
10/03/17 21:05:01 << : vendor id payload
10/03/17 21:05:01 ii : unknown vendor id ( 16 bytes )
10/03/17 21:05:01 0x : 1f07f70e aa6514d3 b0fa9654 2a500100
10/03/17 21:05:01 ii : nat discovery - local address is translated
10/03/17 21:05:01 ii : switching to src nat-t udp port 4500
10/03/17 21:05:01 ii : switching to dst nat-t udp port 4500
10/03/17 21:05:01 == : DH shared secret ( 128 bytes )
10/03/17 21:05:01 == : SETKEYID ( 20 bytes )
10/03/17 21:05:01 == : SETKEYID_d ( 20 bytes )
10/03/17 21:05:01 == : SETKEYID_a ( 20 bytes )
10/03/17 21:05:01 == : SETKEYID_e ( 20 bytes )
10/03/17 21:05:01 == : cipher key ( 40 bytes )
10/03/17 21:05:01 == : cipher iv ( 8 bytes )
10/03/17 21:05:01 == : phase1 hash_i ( computed ) ( 20 bytes )
10/03/17 21:05:01 >> : hash payload
10/03/17 21:05:01 >> : nat discovery payload
10/03/17 21:05:01 >> : nat discovery payload
10/03/17 21:05:01 >= : cookies 7aa2529dd44ce7c7:ecbb8a2118f81f12
10/03/17 21:05:01 >= : message 00000000
10/03/17 21:05:01 >= : encrypt iv ( 8 bytes )
10/03/17 21:05:01 == : encrypt packet ( 100 bytes )
10/03/17 21:05:01 == : stored iv ( 8 bytes )
10/03/17 21:05:01 DB : phase1 resend event canceled ( ref count = 1 )
10/03/17 21:05:01 -> : send NAT-T:IKE packet 192.168.1.100:4500 ->
64.27.67.101:4500 ( 132 bytes )
10/03/17 21:05:01 == : phase1 hash_r ( computed ) ( 20 bytes )
10/03/17 21:05:01 == : phase1 hash_r ( received ) ( 20 bytes )
10/03/17 21:05:01 ii : phase1 sa established
10/03/17 21:05:01 ii : 64.27.67.101:4500 <-> 192.168.1.100:4500
10/03/17 21:05:01 ii : 7aa2529dd44ce7c7:ecbb8a2118f81f12
10/03/17 21:05:01 ii : sending peer INITIAL-CONTACT notification
10/03/17 21:05:01 ii : - 192.168.1.100:4500 -> 64.27.67.101:4500
10/03/17 21:05:01 ii : - isakmp spi = 7aa2529dd44ce7c7:ecbb8a2118f81f12
10/03/17 21:05:01 ii : - data size 0
10/03/17 21:05:01 >> : hash payload
10/03/17 21:05:01 >> : notification payload
10/03/17 21:05:01 == : new informational hash ( 20 bytes )
10/03/17 21:05:01 == : new informational iv ( 8 bytes )
10/03/17 21:05:01 >= : cookies 7aa2529dd44ce7c7:ecbb8a2118f81f12
10/03/17 21:05:01 >= : message 26a05d07
10/03/17 21:05:01 >= : encrypt iv ( 8 bytes )
10/03/17 21:05:01 == : encrypt packet ( 80 bytes )
10/03/17 21:05:01 == : stored iv ( 8 bytes )
10/03/17 21:05:01 -> : send NAT-T:IKE packet 192.168.1.100:4500 ->
64.27.67.101:4500 ( 116 bytes )
10/03/17 21:05:01 DB : config added ( obj count = 1 )
10/03/17 21:05:01 ii : building config attribute list
10/03/17 21:05:01 ii : - IP4 Address
10/03/17 21:05:01 ii : - Address Expiry
10/03/17 21:05:01 ii : - IP4 Netamask
10/03/17 21:05:01 ii : - IP4 DNS Server
10/03/17 21:05:01 ii : - IP4 WINS Server
10/03/17 21:05:01 ii : - DNS Suffix
10/03/17 21:05:01 ii : - Split DNS Domain
10/03/17 21:05:01 ii : - IP4 Split Network Include
10/03/17 21:05:01 ii : - IP4 Split Network Exclude
10/03/17 21:05:01 == : new config iv ( 8 bytes )
10/03/17 21:05:01 ii : sending config pull request
10/03/17 21:05:01 >> : hash payload
10/03/17 21:05:01 >> : attribute payload
10/03/17 21:05:01 == : new configure hash ( 20 bytes )
10/03/17 21:05:01 >= : cookies 7aa2529dd44ce7c7:ecbb8a2118f81f12
10/03/17 21:05:01 >= : message 31f3a894
10/03/17 21:05:01 >= : encrypt iv ( 8 bytes )
10/03/17 21:05:01 == : encrypt packet ( 96 bytes )
10/03/17 21:05:01 == : stored iv ( 8 bytes )
10/03/17 21:05:01 -> : send NAT-T:IKE packet 192.168.1.100:4500 ->
64.27.67.101:4500 ( 132 bytes )
10/03/17 21:05:01 DB : config resend event scheduled ( ref count = 2 )
10/03/17 21:05:01 DB : phase2 not found
10/03/17 21:05:06 -> : resend 1 config packet(s) 192.168.1.100:4500 ->
64.27.67.101:4500
10/03/17 21:05:11 -> : resend 1 config packet(s) 192.168.1.100:4500 ->
64.27.67.101:4500
10/03/17 21:05:16 DB : phase1 found
10/03/17 21:05:16 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.100:4500 ->
64.27.67.101:4500
10/03/17 21:05:16 -> : resend 1 config packet(s) 192.168.1.100:4500 ->
64.27.67.101:4500
10/03/17 21:05:21 ii : resend limit exceeded for config exchange
10/03/17 21:05:21 DB : config deleted ( obj count = 0 )
10/03/17 21:05:31 DB : phase1 found
10/03/17 21:05:31 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.100:4500 ->
64.27.67.101:4500
10/03/17 21:05:46 DB : phase1 found
10/03/17 21:05:46 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.100:4500 ->
64.27.67.101:4500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100317/cb01cb9a/attachment-0001.html>
More information about the vpn-help
mailing list