[vpn-help] Windows Client 2.1.7 and Linksys BEFSX41

[kevin vpn]

On Wed, 20 Apr 2011 12:53:29 +0200
"Alexander Coers" <Alexander.Coers at gmx.de> wrote:

> Hello all,
> 
> does anyone tested this config and can help me?
> 
> The thing is, I can connect to the router, the status is "tunnel
> enabled". If I start to ping a client inside the 192.168.6.0 network,
> the client starts negotiating again, but nothing happens (e.g. I get
> no answer from the pinged device). With VPN Trace I can see (in
> Security Associations), that the tunnel always stays in LARVAL state.
> 
...
> ADVANCED SETTINGS
> Phase 1:
> Mode: Main mode
> Proposal 1:
> Encryption: DES
> Authentication: MD5
> Group 768 Bit
> Key Lifetime: 3600 seconds
> (Note: Following three additional proposals are also proposed in Main
> mode: DES/MD5/768, 3DES/SHA/1024 and 3DES/MD5/1024.)
> 
> Phase 2:
> Enccryption: DES
> Authentication: MD5
> PFS: On
> Group: 768 Bit
> Key Lifetime: 3600 seconds
> ------------------------------------------------------------------
> 
...
> Phase1:
> Main, auto, des, md5, 3600s, 0kbytes.
> Phase2:
> esp-des,md5,group1, disabled, 3600s, 0kbytes
> Policy:
> Unique, nothing checked, include 192.168.6.0 / 255.255.255.0
> ------------------------------------------------------------------
> 
> IKE Service Log
> 
...
> 11/04/20 12:47:58 ii : phase1 sa established
...
> 11/04/20 12:48:10 -> : resend 1 phase2 packet(s) 2.200.38.165:500
> -> 62.226.82.189:500 
> 11/04/20 12:48:15 -> : resend 1 phase2 packet(s) 2.200.38.165:500 
> -> > 62.226.82.189:500 
> 11/04/20 12:48:20 -> : resend 1 phase2 packet(s) 2.200.38.165:500 
> -> 62.226.82.189:500 
...
> 12:48:25 ii : resend limit exceeded for phase2 exchange

Hi Alexander,

The connection is failing in the phase2 exchange process.  You'll need
to double-check your settings on the gateway and in the client.
Posting the log from the gateway could help us debug things for you.

You could try disabling PFS to simplify things a little bit.