[vpn-help] Fwd: invalid message from gateway

Libor Arndt libor.arndt at email.cz
Thu Mar 4 01:59:37 CST 2010 

Hi Stefan,

many thanks for the reply.
Certificate is definitely not broken. I use it with Cisco client on 32 bit  
Vista.
Problem may be importing.
I don not understand why I have to import server certificate, client and  
private key and if it's correct or not.
In npc client I imported the same certificate only once and it worked from  
the start.

I reimported the pcf file and invalid message problem persists, but log is  
different:


10/03/04 08:43:58 ## : IKE Daemon, ver 2.1.6
10/03/04 08:43:58 ## : Copyright 2009 Shrew Soft Inc.
10/03/04 08:43:58 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/03/04 08:43:58 ii : opened 'C:\Program Files\ShrewSoft\VPN  
Client\debug\iked.log'
10/03/04 08:43:58 ii : rebuilding vnet device list ...
10/03/04 08:43:58 ii : device ROOT\VNET\0000 disabled
10/03/04 08:43:58 ii : network process thread begin ...
10/03/04 08:43:58 ii : pfkey process thread begin ...
10/03/04 08:43:58 ii : ipc server process thread begin ...
10/03/04 08:44:33 ii : ipc client process thread begin ...
10/03/04 08:44:33 <A : peer config add message
10/03/04 08:44:33 <A : proposal config message
10/03/04 08:44:33 <A : proposal config message
10/03/04 08:44:33 <A : client config message
10/03/04 08:44:33 <A : xauth username message
10/03/04 08:44:33 <A : xauth password message
10/03/04 08:44:33 <A : remote cert 'C:\Users\Libor Arndt\Documents\Shrew  
Soft VPN\certs\gncs_new.pfx' message
10/03/04 08:44:33 !! : 'C:\Users\Libor Arndt\Documents\Shrew Soft  
VPN\certs\gncs_new.pfx' load failed, requesting password
10/03/04 08:44:41 <A : file password
10/03/04 08:44:41 <A : remote cert 'C:\Users\Libor Arndt\Documents\Shrew  
Soft VPN\certs\gncs_new.pfx' message
10/03/04 08:44:41 <A : local cert 'C:\Users\Libor Arndt\Documents\Shrew  
Soft VPN\certs\gncs_new.pfx' message
10/03/04 08:44:41 <A : local key 'C:\Users\Libor Arndt\Documents\Shrew  
Soft VPN\certs\gncs_new.pfx' message
10/03/04 08:44:41 <A : peer tunnel enable message
10/03/04 08:44:41 ii : local supports XAUTH
10/03/04 08:44:41 ii : local supports nat-t ( draft v00 )
10/03/04 08:44:41 ii : local supports nat-t ( draft v01 )
10/03/04 08:44:41 ii : local supports nat-t ( draft v02 )
10/03/04 08:44:41 ii : local supports nat-t ( draft v03 )
10/03/04 08:44:41 ii : local supports nat-t ( rfc )
10/03/04 08:44:41 ii : local supports DPDv1
10/03/04 08:44:41 ii : local is SHREW SOFT compatible
10/03/04 08:44:41 ii : local is NETSCREEN compatible
10/03/04 08:44:41 ii : local is SIDEWINDER compatible
10/03/04 08:44:41 ii : local is CISCO UNITY compatible
10/03/04 08:44:41 >= : cookies c89db27fd0a150f4:0000000000000000
10/03/04 08:44:41 >= : message 00000000
10/03/04 08:44:41 ii : processing phase1 packet ( 1472 bytes )
10/03/04 08:44:41 =< : cookies c89db27fd0a150f4:d4fbd4db89f645e1
10/03/04 08:44:41 =< : message 00000000
10/03/04 08:44:41 ii : matched isakmp proposal #1 transform #13
10/03/04 08:44:41 ii : - transform    = ike
10/03/04 08:44:41 ii : - cipher type  = 3des
10/03/04 08:44:41 ii : - key length   = default
10/03/04 08:44:41 ii : - hash type    = md5
10/03/04 08:44:41 ii : - dh group     = modp-1024
10/03/04 08:44:41 ii : - auth type    = xauth-initiator-rsa
10/03/04 08:44:41 ii : - life seconds = 86400
10/03/04 08:44:41 ii : - life kbytes  = 0
10/03/04 08:44:41 ii : phase1 id target is any
10/03/04 08:44:41 ii : phase1 id match
10/03/04 08:44:41 ii : received = asn1-dn C=CZ,ST=Czech  
Republic,L=Prague,O=Radiomobil a.s.,OU=IT Security,CN=vpngw2.t-mobile.cz
10/03/04 08:44:41 !! : unprocessed payload data
10/03/04 08:44:41 !! : unprocessed payload data
10/03/04 08:44:41 !! : unhandled phase1 payload 'unknown' ( 48 )
10/03/04 08:44:41 !! : unprocessed payload data
10/03/04 08:44:41 ii : phase1 removal before expire time
10/03/04 08:44:41 ww : ike packet from 62.141.6.250 ignored, unknown  
phase1 sa for peer
10/03/04 08:44:41 ww : 8201010058d64d45:bdff0578d7a2c435
10/03/04 08:44:41 ww : ike packet from 62.141.6.250 ignored, unknown  
phase1 sa for peer
10/03/04 08:44:41 ww : c89db27fd0a150f4:d4fbd4db89f645e1
10/03/04 08:44:41 DB : removing tunnel config references
10/03/04 08:44:41 DB : removing tunnel phase2 references
10/03/04 08:44:41 DB : removing tunnel phase1 references
10/03/04 08:44:41 DB : removing all peer tunnel refrences
10/03/04 08:44:41 ii : ipc client process thread exit ...

Thanks for any help.

Libor
(I'm inserting log wit INFORMATIONAL level to avoid long posts, if DEBUG  
level is preferred, let me know, please )

More information about the vpn-help mailing list