[vpn-help] connections works, but no data goes through
Isaac Perez
Isaac.Perez at orb-data.com
Tue Mar 23 05:47:09 CDT 2010
Hi all,
After installing shrew client in several remote computers, there are two
which doesn't work.
The vpn connection completes successfully (see log above), but pings
error like this: Reply from 192.168.80.1: Destination host unreachable.
Where 192.168.80.1 is the local ip address for the VPN connection.
The VPN is configured as the manual stands for a netgear fvx538.
Same vpn configuration works in several other computers and in a VM in
one of the two failing computers. So it seems to be a OS related issue,
but can't think of what to check.
Any tips of where to look would be really appreciated.
I compared the following log with a working one, and it seems the same
to me:
10/03/23 09:32:09 ## : IKE Daemon, ver 2.1.5
10/03/23 09:32:09 ## : Copyright 2009 Shrew Soft Inc.
10/03/23 09:32:09 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/03/23 09:32:09 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
10/03/23 09:32:09 ii : rebuilding vnet device list ...
10/03/23 09:32:09 ii : device ROOT\VNET\0000 disabled
10/03/23 09:32:09 ii : pfkey process thread begin ...
10/03/23 09:32:09 ii : network process thread begin ...
10/03/23 09:32:09 ii : ipc server process thread begin ...
10/03/23 09:32:16 ii : ipc client process thread begin ...
10/03/23 09:32:16 <A : peer config add message
10/03/23 09:32:16 DB : peer added ( obj count = 1 )
10/03/23 09:32:16 ii : local address 192.168.1.65 selected for peer
10/03/23 09:32:16 DB : tunnel added ( obj count = 1 )
10/03/23 09:32:16 <A : proposal config message
10/03/23 09:32:16 <A : proposal config message
10/03/23 09:32:16 <A : client config message
10/03/23 09:32:16 <A : xauth username message
10/03/23 09:32:16 <A : xauth password message
10/03/23 09:32:16 <A : local id 'client.domain.com' message
10/03/23 09:32:16 <A : preshared key message
10/03/23 09:32:16 <A : remote resource message
10/03/23 09:32:16 <A : peer tunnel enable message
10/03/23 09:32:16 DB : new phase1 ( ISAKMP initiator )
10/03/23 09:32:16 DB : exchange type is aggressive
10/03/23 09:32:16 DB : 192.168.1.65:500 <-> xxx.xxx.xxx.xxx:500
10/03/23 09:32:16 DB : 5b2555d84109b1db:0000000000000000
10/03/23 09:32:16 DB : phase1 added ( obj count = 1 )
10/03/23 09:32:16 >> : security association payload
10/03/23 09:32:16 >> : - proposal #1 payload
10/03/23 09:32:16 >> : -- transform #1 payload
10/03/23 09:32:16 >> : key exchange payload
10/03/23 09:32:16 >> : nonce payload
10/03/23 09:32:16 >> : identification payload
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local supports XAUTH
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local supports nat-t ( draft v00 )
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local supports nat-t ( draft v01 )
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local supports nat-t ( draft v02 )
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local supports nat-t ( draft v03 )
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local supports nat-t ( rfc )
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local supports FRAGMENTATION
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local supports DPDv1
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local is SHREW SOFT compatible
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local is NETSCREEN compatible
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local is SIDEWINDER compatible
10/03/23 09:32:16 >> : vendor id payload
10/03/23 09:32:16 ii : local is CISCO UNITY compatible
10/03/23 09:32:16 >= : cookies 5b2555d84109b1db:0000000000000000
10/03/23 09:32:16 >= : message 00000000
10/03/23 09:32:16 -> : send IKE packet 192.168.1.65:500 ->
xxx.xxx.xxx.xxx:500 ( 533 bytes )
10/03/23 09:32:16 DB : phase1 resend event scheduled ( ref count = 2 )
10/03/23 09:32:17 <- : recv IKE packet xxx.xxx.xxx.xxx:500 ->
192.168.1.65:500 ( 420 bytes )
10/03/23 09:32:17 DB : phase1 found
10/03/23 09:32:17 ii : processing phase1 packet ( 420 bytes )
10/03/23 09:32:17 =< : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 =< : message 00000000
10/03/23 09:32:17 << : security association payload
10/03/23 09:32:17 << : - propsal #1 payload
10/03/23 09:32:17 << : -- transform #1 payload
10/03/23 09:32:17 ii : matched isakmp proposal #1 transform #1
10/03/23 09:32:17 ii : - transform = ike
10/03/23 09:32:17 ii : - cipher type = 3des
10/03/23 09:32:17 ii : - key length = default
10/03/23 09:32:17 ii : - hash type = sha1
10/03/23 09:32:17 ii : - dh group = modp-1024
10/03/23 09:32:17 ii : - auth type = xauth-initiator-psk
10/03/23 09:32:17 ii : - life seconds = 28800
10/03/23 09:32:17 ii : - life kbytes = 0
10/03/23 09:32:17 << : key exchange payload
10/03/23 09:32:17 << : nonce payload
10/03/23 09:32:17 << : identification payload
10/03/23 09:32:17 ii : phase1 id match ( natt prevents ip match )
10/03/23 09:32:17 ii : received = ipv4-host xxx.xxx.xxx.xxx
10/03/23 09:32:17 << : hash payload
10/03/23 09:32:17 << : vendor id payload
10/03/23 09:32:17 ii : unknown vendor id ( 16 bytes )
10/03/23 09:32:17 0x : 09002689 dfd6b712 80a224de c33b81e5
10/03/23 09:32:17 << : vendor id payload
10/03/23 09:32:17 ii : peer is CISCO UNITY compatible
10/03/23 09:32:17 << : vendor id payload
10/03/23 09:32:17 ii : peer is IPSEC-TOOLS compatible
10/03/23 09:32:17 << : vendor id payload
10/03/23 09:32:17 ii : peer supports nat-t ( draft v02 )
10/03/23 09:32:17 << : nat discovery payload
10/03/23 09:32:17 << : nat discovery payload
10/03/23 09:32:17 << : vendor id payload
10/03/23 09:32:17 ii : unknown vendor id ( 16 bytes )
10/03/23 09:32:17 0x : 3b9031dc e4fcf88b 489a9239 63dd0c49
10/03/23 09:32:17 ii : nat discovery - local address is translated
10/03/23 09:32:17 ii : switching to src nat-t udp port 4500
10/03/23 09:32:17 ii : switching to dst nat-t udp port 4500
10/03/23 09:32:17 == : DH shared secret ( 128 bytes )
10/03/23 09:32:17 == : SETKEYID ( 20 bytes )
10/03/23 09:32:17 == : SETKEYID_d ( 20 bytes )
10/03/23 09:32:17 == : SETKEYID_a ( 20 bytes )
10/03/23 09:32:17 == : SETKEYID_e ( 20 bytes )
10/03/23 09:32:17 == : cipher key ( 40 bytes )
10/03/23 09:32:17 == : cipher iv ( 8 bytes )
10/03/23 09:32:17 == : phase1 hash_i ( computed ) ( 20 bytes )
10/03/23 09:32:17 >> : hash payload
10/03/23 09:32:17 >> : nat discovery payload
10/03/23 09:32:17 >> : nat discovery payload
10/03/23 09:32:17 >= : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 >= : message 00000000
10/03/23 09:32:17 >= : encrypt iv ( 8 bytes )
10/03/23 09:32:17 == : encrypt packet ( 100 bytes )
10/03/23 09:32:17 == : stored iv ( 8 bytes )
10/03/23 09:32:17 DB : phase1 resend event canceled ( ref count = 1 )
10/03/23 09:32:17 -> : send NAT-T:IKE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500 ( 132 bytes )
10/03/23 09:32:17 == : phase1 hash_r ( computed ) ( 20 bytes )
10/03/23 09:32:17 == : phase1 hash_r ( received ) ( 20 bytes )
10/03/23 09:32:17 ii : phase1 sa established
10/03/23 09:32:17 ii : xxx.xxx.xxx.xxx:4500 <-> 192.168.1.65:4500
10/03/23 09:32:17 ii : 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 ii : sending peer INITIAL-CONTACT notification
10/03/23 09:32:17 ii : - 192.168.1.65:4500 -> xxx.xxx.xxx.xxx:4500
10/03/23 09:32:17 ii : - isakmp spi = 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 ii : - data size 0
10/03/23 09:32:17 >> : hash payload
10/03/23 09:32:17 >> : notification payload
10/03/23 09:32:17 == : new informational hash ( 20 bytes )
10/03/23 09:32:17 == : new informational iv ( 8 bytes )
10/03/23 09:32:17 >= : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 >= : message 7abaae8d
10/03/23 09:32:17 >= : encrypt iv ( 8 bytes )
10/03/23 09:32:17 == : encrypt packet ( 80 bytes )
10/03/23 09:32:17 == : stored iv ( 8 bytes )
10/03/23 09:32:17 -> : send NAT-T:IKE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500 ( 116 bytes )
10/03/23 09:32:17 DB : phase2 not found
10/03/23 09:32:17 <- : recv NAT-T:IKE packet xxx.xxx.xxx.xxx:4500 ->
192.168.1.65:4500 ( 76 bytes )
10/03/23 09:32:17 DB : phase1 found
10/03/23 09:32:17 ii : processing config packet ( 76 bytes )
10/03/23 09:32:17 DB : config not found
10/03/23 09:32:17 DB : config added ( obj count = 1 )
10/03/23 09:32:17 == : new config iv ( 8 bytes )
10/03/23 09:32:17 =< : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 =< : message c74d7b5f
10/03/23 09:32:17 =< : decrypt iv ( 8 bytes )
10/03/23 09:32:17 == : decrypt packet ( 76 bytes )
10/03/23 09:32:17 <= : trimmed packet padding ( 4 bytes )
10/03/23 09:32:17 <= : stored iv ( 8 bytes )
10/03/23 09:32:17 << : hash payload
10/03/23 09:32:17 << : attribute payload
10/03/23 09:32:17 == : configure hash_i ( computed ) ( 20 bytes )
10/03/23 09:32:17 == : configure hash_c ( computed ) ( 20 bytes )
10/03/23 09:32:17 ii : configure hash verified
10/03/23 09:32:17 ii : - xauth authentication type
10/03/23 09:32:17 ii : - xauth username
10/03/23 09:32:17 ii : - xauth password
10/03/23 09:32:17 ii : received basic xauth request -
10/03/23 09:32:17 ii : - standard xauth username
10/03/23 09:32:17 ii : - standard xauth password
10/03/23 09:32:17 ii : sending xauth response for orbvpn
10/03/23 09:32:17 >> : hash payload
10/03/23 09:32:17 >> : attribute payload
10/03/23 09:32:17 == : new configure hash ( 20 bytes )
10/03/23 09:32:17 >= : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 >= : message c74d7b5f
10/03/23 09:32:17 >= : encrypt iv ( 8 bytes )
10/03/23 09:32:17 == : encrypt packet ( 91 bytes )
10/03/23 09:32:17 == : stored iv ( 8 bytes )
10/03/23 09:32:17 -> : send NAT-T:IKE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500 ( 124 bytes )
10/03/23 09:32:17 DB : config resend event scheduled ( ref count = 2 )
10/03/23 09:32:17 <- : recv NAT-T:IKE packet xxx.xxx.xxx.xxx:4500 ->
192.168.1.65:4500 ( 68 bytes )
10/03/23 09:32:17 DB : phase1 found
10/03/23 09:32:17 ii : processing config packet ( 68 bytes )
10/03/23 09:32:17 DB : config found
10/03/23 09:32:17 == : new config iv ( 8 bytes )
10/03/23 09:32:17 =< : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 =< : message a4ad16a9
10/03/23 09:32:17 =< : decrypt iv ( 8 bytes )
10/03/23 09:32:17 == : decrypt packet ( 68 bytes )
10/03/23 09:32:17 <= : trimmed packet padding ( 4 bytes )
10/03/23 09:32:17 <= : stored iv ( 8 bytes )
10/03/23 09:32:17 << : hash payload
10/03/23 09:32:17 << : attribute payload
10/03/23 09:32:17 == : configure hash_i ( computed ) ( 20 bytes )
10/03/23 09:32:17 == : configure hash_c ( computed ) ( 20 bytes )
10/03/23 09:32:17 ii : configure hash verified
10/03/23 09:32:17 ii : received xauth result -
10/03/23 09:32:17 ii : user orbvpn authentication succeeded
10/03/23 09:32:17 ii : sending xauth acknowledge
10/03/23 09:32:17 >> : hash payload
10/03/23 09:32:17 >> : attribute payload
10/03/23 09:32:17 == : new configure hash ( 20 bytes )
10/03/23 09:32:17 >= : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 >= : message a4ad16a9
10/03/23 09:32:17 >= : encrypt iv ( 8 bytes )
10/03/23 09:32:17 == : encrypt packet ( 60 bytes )
10/03/23 09:32:17 == : stored iv ( 8 bytes )
10/03/23 09:32:17 DB : config resend event canceled ( ref count = 1 )
10/03/23 09:32:17 -> : send NAT-T:IKE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500 ( 92 bytes )
10/03/23 09:32:17 DB : config resend event scheduled ( ref count = 2 )
10/03/23 09:32:17 ii : building config attribute list
10/03/23 09:32:17 ii : - IP4 Address
10/03/23 09:32:17 ii : - Address Expiry
10/03/23 09:32:17 ii : - IP4 Netamask
10/03/23 09:32:17 ii : - Login Banner
10/03/23 09:32:17 ii : - Save Password
10/03/23 09:32:17 == : new config iv ( 8 bytes )
10/03/23 09:32:17 ii : sending config pull request
10/03/23 09:32:17 >> : hash payload
10/03/23 09:32:17 >> : attribute payload
10/03/23 09:32:17 == : new configure hash ( 20 bytes )
10/03/23 09:32:17 >= : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 >= : message eeb14f93
10/03/23 09:32:17 >= : encrypt iv ( 8 bytes )
10/03/23 09:32:17 == : encrypt packet ( 80 bytes )
10/03/23 09:32:17 == : stored iv ( 8 bytes )
10/03/23 09:32:17 DB : config resend event canceled ( ref count = 1 )
10/03/23 09:32:17 -> : send NAT-T:IKE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500 ( 116 bytes )
10/03/23 09:32:17 DB : config resend event scheduled ( ref count = 2 )
10/03/23 09:32:17 <- : recv NAT-T:IKE packet xxx.xxx.xxx.xxx:4500 ->
192.168.1.65:4500 ( 84 bytes )
10/03/23 09:32:17 DB : phase1 found
10/03/23 09:32:17 ii : processing config packet ( 84 bytes )
10/03/23 09:32:17 DB : config found
10/03/23 09:32:17 =< : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 =< : message eeb14f93
10/03/23 09:32:17 =< : decrypt iv ( 8 bytes )
10/03/23 09:32:17 == : decrypt packet ( 84 bytes )
10/03/23 09:32:17 <= : trimmed packet padding ( 4 bytes )
10/03/23 09:32:17 <= : stored iv ( 8 bytes )
10/03/23 09:32:17 << : hash payload
10/03/23 09:32:17 << : attribute payload
10/03/23 09:32:17 == : configure hash_i ( computed ) ( 20 bytes )
10/03/23 09:32:17 == : configure hash_c ( computed ) ( 20 bytes )
10/03/23 09:32:17 ii : configure hash verified
10/03/23 09:32:17 ii : received config pull response
10/03/23 09:32:17 ii : - IP4 Address = 192.168.80.1
10/03/23 09:32:17 ii : - IP4 Netmask = 0.0.0.0
10/03/23 09:32:17 ii : - Save Password = 0
10/03/23 09:32:17 DB : config resend event canceled ( ref count = 1 )
10/03/23 09:32:17 !! : invalid private netmask, defaulting to class c
10/03/23 09:32:17 ii : VNET adapter MTU is 1500
10/03/23 09:32:17 ii : enabled adapter ROOT\VNET\0000
10/03/23 09:32:17 ii : creating IPSEC INBOUND policy
ANY:192.168.40.0/24:* -> ANY:192.168.80.1:*
10/03/23 09:32:17 DB : policy added ( obj count = 1 )
10/03/23 09:32:17 K> : send pfkey X_SPDADD UNSPEC message
10/03/23 09:32:17 ii : creating IPSEC OUTBOUND policy ANY:192.168.80.1:*
-> ANY:192.168.40.0/24:*
10/03/23 09:32:17 K< : recv pfkey X_SPDADD UNSPEC message
10/03/23 09:32:17 DB : policy found
10/03/23 09:32:17 ii : created IPSEC policy route for 192.168.40.0/24
10/03/23 09:32:17 DB : policy added ( obj count = 2 )
10/03/23 09:32:17 K> : send pfkey X_SPDADD UNSPEC message
10/03/23 09:32:17 ii : split DNS is disabled
10/03/23 09:32:17 K< : recv pfkey X_SPDADD UNSPEC message
10/03/23 09:32:17 DB : policy found
10/03/23 09:32:17 ii : calling init phase2 for initial policy
10/03/23 09:32:17 DB : policy found
10/03/23 09:32:17 DB : policy found
10/03/23 09:32:17 DB : tunnel found
10/03/23 09:32:17 DB : new phase2 ( IPSEC initiator )
10/03/23 09:32:17 DB : phase2 added ( obj count = 1 )
10/03/23 09:32:17 K> : send pfkey GETSPI ESP message
10/03/23 09:32:17 K< : recv pfkey GETSPI ESP message
10/03/23 09:32:17 DB : phase2 found
10/03/23 09:32:17 ii : updated spi for 1 ipsec-esp proposal
10/03/23 09:32:17 DB : phase1 found
10/03/23 09:32:17 >> : hash payload
10/03/23 09:32:17 >> : security association payload
10/03/23 09:32:17 >> : - proposal #1 payload
10/03/23 09:32:17 >> : -- transform #1 payload
10/03/23 09:32:17 >> : -- transform #2 payload
10/03/23 09:32:17 >> : -- transform #3 payload
10/03/23 09:32:17 >> : -- transform #4 payload
10/03/23 09:32:17 >> : -- transform #5 payload
10/03/23 09:32:17 >> : -- transform #6 payload
10/03/23 09:32:17 >> : -- transform #7 payload
10/03/23 09:32:17 >> : -- transform #8 payload
10/03/23 09:32:17 >> : -- transform #9 payload
10/03/23 09:32:17 >> : -- transform #10 payload
10/03/23 09:32:17 >> : -- transform #11 payload
10/03/23 09:32:17 >> : -- transform #12 payload
10/03/23 09:32:17 >> : -- transform #13 payload
10/03/23 09:32:17 >> : -- transform #14 payload
10/03/23 09:32:17 >> : -- transform #15 payload
10/03/23 09:32:17 >> : -- transform #16 payload
10/03/23 09:32:17 >> : -- transform #17 payload
10/03/23 09:32:17 >> : -- transform #18 payload
10/03/23 09:32:17 >> : nonce payload
10/03/23 09:32:17 >> : identification payload
10/03/23 09:32:17 >> : identification payload
10/03/23 09:32:17 == : phase2 hash_i ( input ) ( 632 bytes )
10/03/23 09:32:17 == : phase2 hash_i ( computed ) ( 20 bytes )
10/03/23 09:32:17 == : new phase2 iv ( 8 bytes )
10/03/23 09:32:17 >= : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:17 >= : message c2c19d99
10/03/23 09:32:17 >= : encrypt iv ( 8 bytes )
10/03/23 09:32:17 == : encrypt packet ( 680 bytes )
10/03/23 09:32:17 == : stored iv ( 8 bytes )
10/03/23 09:32:17 -> : send NAT-T:IKE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500 ( 716 bytes )
10/03/23 09:32:17 DB : phase2 resend event scheduled ( ref count = 2 )
10/03/23 09:32:22 -> : resend 1 phase2 packet(s) 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500
10/03/23 09:32:23 <- : recv NAT-T:IKE packet xxx.xxx.xxx.xxx:4500 ->
192.168.1.65:4500 ( 156 bytes )
10/03/23 09:32:23 DB : phase1 found
10/03/23 09:32:23 ii : processing phase2 packet ( 156 bytes )
10/03/23 09:32:23 DB : phase2 found
10/03/23 09:32:23 =< : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:23 =< : message c2c19d99
10/03/23 09:32:23 =< : decrypt iv ( 8 bytes )
10/03/23 09:32:23 == : decrypt packet ( 156 bytes )
10/03/23 09:32:23 <= : trimmed packet padding ( 4 bytes )
10/03/23 09:32:23 <= : stored iv ( 8 bytes )
10/03/23 09:32:23 << : hash payload
10/03/23 09:32:23 << : security association payload
10/03/23 09:32:23 << : - propsal #1 payload
10/03/23 09:32:23 << : -- transform #14 payload
10/03/23 09:32:23 << : nonce payload
10/03/23 09:32:23 << : identification payload
10/03/23 09:32:23 << : identification payload
10/03/23 09:32:23 == : phase2 hash_r ( input ) ( 124 bytes )
10/03/23 09:32:23 == : phase2 hash_r ( computed ) ( 20 bytes )
10/03/23 09:32:23 == : phase2 hash_r ( received ) ( 20 bytes )
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-aes )
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-aes )
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-aes )
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-aes )
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-aes )
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-aes )
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-blowfish
)
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-blowfish
)
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-blowfish
)
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-blowfish
)
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-blowfish
)
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : crypto transform type ( esp-3des != esp-blowfish
)
10/03/23 09:32:23 ii : unmatched ipsec-esp proposal/transform
10/03/23 09:32:23 ii : msg auth ( hmac-sha != hmac-md5 )
10/03/23 09:32:23 ii : matched ipsec-esp proposal #1 transform #14
10/03/23 09:32:23 ii : - transform = esp-3des
10/03/23 09:32:23 ii : - key length = default
10/03/23 09:32:23 ii : - encap mode = udp-tunnel ( draft )
10/03/23 09:32:23 ii : - msg auth = hmac-sha
10/03/23 09:32:23 ii : - pfs dh group = none
10/03/23 09:32:23 ii : - life seconds = 3600
10/03/23 09:32:23 ii : - life kbytes = 0
10/03/23 09:32:23 DB : policy found
10/03/23 09:32:23 K> : send pfkey GETSPI ESP message
10/03/23 09:32:23 ii : phase2 ids accepted
10/03/23 09:32:23 ii : - loc ANY:192.168.80.1:* -> ANY:192.168.40.0/24:*
10/03/23 09:32:23 ii : - rmt ANY:192.168.40.0/24:* -> ANY:192.168.80.1:*
10/03/23 09:32:23 ii : phase2 sa established
10/03/23 09:32:23 ii : 192.168.1.65:4500 <-> xxx.xxx.xxx.xxx:4500
10/03/23 09:32:23 == : phase2 hash_p ( input ) ( 41 bytes )
10/03/23 09:32:23 K< : recv pfkey GETSPI ESP message
10/03/23 09:32:23 DB : phase2 found
10/03/23 09:32:23 == : phase2 hash_p ( computed ) ( 20 bytes )
10/03/23 09:32:23 >> : hash payload
10/03/23 09:32:23 >= : cookies 5b2555d84109b1db:3d614231523b28b3
10/03/23 09:32:23 >= : message c2c19d99
10/03/23 09:32:23 >= : encrypt iv ( 8 bytes )
10/03/23 09:32:23 == : encrypt packet ( 52 bytes )
10/03/23 09:32:23 == : stored iv ( 8 bytes )
10/03/23 09:32:23 DB : phase2 resend event canceled ( ref count = 1 )
10/03/23 09:32:23 -> : send NAT-T:IKE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500 ( 84 bytes )
10/03/23 09:32:23 == : spi cipher key data ( 24 bytes )
10/03/23 09:32:23 == : spi hmac key data ( 20 bytes )
10/03/23 09:32:23 K> : send pfkey UPDATE ESP message
10/03/23 09:32:23 == : spi cipher key data ( 24 bytes )
10/03/23 09:32:23 == : spi hmac key data ( 20 bytes )
10/03/23 09:32:23 K> : send pfkey UPDATE ESP message
10/03/23 09:32:23 K< : recv pfkey UPDATE ESP message
10/03/23 09:32:23 K< : recv pfkey UPDATE ESP message
10/03/23 09:32:32 DB : phase1 found
10/03/23 09:32:32 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500
10/03/23 09:32:47 DB : phase1 found
10/03/23 09:32:47 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500
10/03/23 09:33:02 DB : phase1 found
10/03/23 09:33:02 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500
10/03/23 09:33:17 DB : phase1 found
10/03/23 09:33:17 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.65:4500 ->
xxx.xxx.xxx.xxx:4500
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100323/e20007aa/attachment-0001.html>
More information about the vpn-help
mailing list