[vpn-help] windows OK, linux does not connect

Emre Erenoglu erenoglu at gmail.com
Thu Jan 6 17:47:46 CST 2011


Dear Shrew Users,

I have a strange problem. I'm using Shrew Soft client on my XP successfully,
everything is working fine.

I'm exporting the same configuration to my Linux system, it seems to connect
fine since I get the "tunnel enabled" message and the tap0 interface gets an
address, however, the "security associations"  "established" shows "0" and
after some time "failed" startes to increase. Status shows "connected" and
remote host shows the IP. Transport used is NAT-T / IKE / ESP. Fragmentation
and Dead Peer Detection shows disabled although I enabled them in the
config.

I tried to search internet, saw settings about rp_filter, so I set the
following sysctl values and rebooted.
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0

Still no luck. My iptables is empty, there are no other firewalls on the
system. Do you have any idea why this Phase2 negotiation is failing? I'm
pasting the logs below. Please note that I changed the shown IP addresses by
hand, so don't mind them unless necessary.

ikea window:

config loaded for site '....'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled

Then iked deamon debug output:

parduscorporate emre # iked -F
ii : created ike socket 0.0.0.0:500
ii : created natt socket 0.0.0.0:4500
## : IKE Daemon, ver 2.1.7
## : Copyright 2010 Shrew Soft Inc.
## : This product linked OpenSSL 0.9.8q 2 Dec 2010
ii : opened '/var/log/iked.log'
ii : network process thread begin ...
ii : pfkey process thread begin ...
ii : ipc server process thread begin ...
K< : recv pfkey REGISTER AH message
K< : recv pfkey REGISTER ESP message
K< : recv pfkey REGISTER IPCOMP message
K< : recv pfkey X_SPDDUMP UNSPEC message
DB : policy added ( obj count = 1 )
ii : ipc client process thread begin ...
<A : peer config add message
DB : peer added ( obj count = 1 )
ii : local address 192.168.1.150 selected for peer
DB : tunnel added ( obj count = 1 )
<A : proposal config message
<A : proposal config message
<A : client config message
<A : xauth username message
<A : xauth password message
<A : local id '....' message
<A : preshared key message
<A : peer tunnel enable message
DB : new phase1 ( ISAKMP initiator )
DB : exchange type is aggressive
DB : 192.168.1.150:500 <-> 1.2.1.254:500
DB : 730712a6afb74de7:0000000000000000
DB : phase1 added ( obj count = 1 )
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : -- transform #2 payload
>> : -- transform #3 payload
>> : -- transform #4 payload
>> : -- transform #5 payload
>> : -- transform #6 payload
>> : -- transform #7 payload
>> : -- transform #8 payload
>> : -- transform #9 payload
>> : -- transform #10 payload
>> : -- transform #11 payload
>> : -- transform #12 payload
>> : -- transform #13 payload
>> : -- transform #14 payload
>> : -- transform #15 payload
>> : -- transform #16 payload
>> : -- transform #17 payload
>> : -- transform #18 payload
>> : key exchange payload
>> : nonce payload
>> : identification payload
>> : vendor id payload
ii : local supports XAUTH
>> : vendor id payload
ii : local supports nat-t ( draft v00 )
>> : vendor id payload
ii : local supports nat-t ( draft v01 )
>> : vendor id payload
ii : local supports nat-t ( draft v02 )
>> : vendor id payload
ii : local supports nat-t ( draft v03 )
>> : vendor id payload
ii : local supports nat-t ( rfc )
>> : vendor id payload
ii : local supports FRAGMENTATION
>> : vendor id payload
ii : local supports DPDv1
>> : vendor id payload
ii : local is SHREW SOFT compatible
>> : vendor id payload
ii : local is NETSCREEN compatible
>> : vendor id payload
ii : local is SIDEWINDER compatible
>> : vendor id payload
ii : local is CISCO UNITY compatible
>= : cookies 730712a6afb74de7:0000000000000000
>= : message 00000000
-> : send IKE packet 192.168.1.150:500 -> 1.2.1.254:500 ( 1190 bytes )
DB : phase1 resend event scheduled ( ref count = 2 )
ii : opened tap device tap0
<- : recv IKE packet 1.2.1.254:500 -> 192.168.1.150:500 ( 448 bytes )
DB : phase1 found
ii : processing phase1 packet ( 448 bytes )
=< : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
=< : message 00000000
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #14 payload
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != aes )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != aes )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != aes )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != aes )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != aes )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != aes )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != blowfish )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != blowfish )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != blowfish )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != blowfish )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != blowfish )
ii : unmatched isakmp proposal/transform
ii : cipher type ( 3des != blowfish )
ii : unmatched isakmp proposal/transform
ii : hash type ( hmac-sha != hmac-md5 )
ii : matched isakmp proposal #1 transform #14
ii : - transform    = ike
ii : - cipher type  = 3des
ii : - key length   = default
ii : - hash type    = sha1
ii : - dh group     = modp-1024
ii : - auth type    = xauth-initiator-psk
ii : - life seconds = 86400
ii : - life kbytes  = 0
<< : key exchange payload
<< : nonce payload
<< : identification payload
ii : phase1 id target is any
ii : phase1 id match
ii : received = ipv4-host 1.2.1.254
<< : hash payload
<< : vendor id payload
ii : unknown vendor id ( 24 bytes )
0x : 4c564739 2e302e32 36303a42 5249434b 3a392e30 2e323630
<< : vendor id payload
ii : peer supports XAUTH
<< : vendor id payload
ii : peer supports nat-t ( rfc )
<< : vendor id payload
ii : peer supports nat-t ( draft v03 )
<< : vendor id payload
ii : peer supports nat-t ( draft v02 )
<< : vendor id payload
ii : unknown vendor id ( 16 bytes )
0x : cd604643 35df21f8 7cfdb2fc 68b6a448
<< : nat discovery payload
<< : nat discovery payload
ii : nat discovery - local address is translated
ii : switching to src nat-t udp port 4500
ii : switching to dst nat-t udp port 4500
== : DH shared secret ( 128 bytes )
== : SETKEYID ( 20 bytes )
== : SETKEYID_d ( 20 bytes )
== : SETKEYID_a ( 20 bytes )
== : SETKEYID_e ( 20 bytes )
== : cipher key ( 40 bytes )
== : cipher iv ( 8 bytes )
== : phase1 hash_i ( computed ) ( 20 bytes )
>> : hash payload
>> : nat discovery payload
>> : nat discovery payload
>= : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
>= : message 00000000
>= : encrypt iv ( 8 bytes )
== : encrypt packet ( 100 bytes )
== : stored iv ( 8 bytes )
DB : phase1 resend event canceled ( ref count = 1 )
-> : send NAT-T:IKE packet 192.168.1.150:4500 -> 1.2.1.254:4500 ( 132 bytes
)
== : phase1 hash_r ( computed ) ( 20 bytes )
== : phase1 hash_r ( received ) ( 20 bytes )
ii : phase1 sa established
ii : 1.2.1.2:4500 <-> 192.168.1.150:4500
ii : 730712a6afb74de7:86a0d5e5b4bf35d9
ii : sending peer INITIAL-CONTACT notification
ii : - 192.168.1.150:4500 -> 1.2.1.2:4500
ii : - isakmp spi = 730712a6afb74de7:86a0d5e5b4bf35d9
ii : - data size 0
>> : hash payload
>> : notification payload
== : new informational hash ( 20 bytes )
== : new informational iv ( 8 bytes )
>= : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
>= : message 5f372aba
>= : encrypt iv ( 8 bytes )
== : encrypt packet ( 80 bytes )
== : stored iv ( 8 bytes )
-> : send NAT-T:IKE packet 192.168.1.150:4500 -> 1.2.1.254:4500 ( 116 bytes
)
DB : phase2 not found
<- : recv NAT-T:IKE packet 1.2.1.254:4500 -> 192.168.1.150:4500 ( 76 bytes )
DB : phase1 found
ii : processing config packet ( 76 bytes )
DB : config not found
DB : config added ( obj count = 1 )
== : new config iv ( 8 bytes )
=< : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
=< : message 55a5a265
=< : decrypt iv ( 8 bytes )
== : decrypt packet ( 76 bytes )
<= : trimmed packet padding ( 4 bytes )
<= : stored iv ( 8 bytes )
<< : hash payload
<< : attribute payload
== : configure hash_i ( computed ) ( 20 bytes )
== : configure hash_c ( computed ) ( 20 bytes )
ii : configure hash verified
ii : - xauth authentication type
ii : - xauth username
ii : - xauth password
ii : received basic xauth request -
ii : - standard xauth username
ii : - standard xauth password
ii : sending xauth response for emree
>> : hash payload
>> : attribute payload
== : new configure hash ( 20 bytes )
>= : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
>= : message 55a5a265
>= : encrypt iv ( 8 bytes )
== : encrypt packet ( 85 bytes )
== : stored iv ( 8 bytes )
-> : send NAT-T:IKE packet 192.168.1.150:4500 -> 1.2.1.254:4500 ( 124 bytes
)
DB : config resend event scheduled ( ref count = 2 )
<- : recv NAT-T:IKE packet 1.2.1.254:4500 -> 192.168.1.150:4500 ( 124 bytes
)
DB : phase1 found
ii : processing config packet ( 124 bytes )
DB : config found
== : new config iv ( 8 bytes )
=< : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
=< : message e45dc6eb
=< : decrypt iv ( 8 bytes )
== : decrypt packet ( 124 bytes )
<= : stored iv ( 8 bytes )
<< : hash payload
<< : attribute payload
== : configure hash_i ( computed ) ( 20 bytes )
== : configure hash_c ( computed ) ( 20 bytes )
ii : configure hash verified
ii : received xauth result -
ii : user emre authentication succeeded
ii : sending xauth acknowledge
>> : hash payload
>> : attribute payload
== : new configure hash ( 20 bytes )
>= : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
>= : message e45dc6eb
>= : encrypt iv ( 8 bytes )
== : encrypt packet ( 60 bytes )
== : stored iv ( 8 bytes )
DB : config resend event canceled ( ref count = 1 )
-> : send NAT-T:IKE packet 192.168.1.150:4500 -> 1.2.1.254:4500 ( 92 bytes )
DB : config resend event scheduled ( ref count = 2 )
ii : building config attribute list
ii : - IP4 Address
ii : - Address Expiry
ii : - IP4 Netamask
ii : - IP4 DNS Server
ii : - IP4 Subnet
== : new config iv ( 8 bytes )
ii : sending config pull request
>> : hash payload
>> : attribute payload
== : new configure hash ( 20 bytes )
>= : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
>= : message 516b9f31
>= : encrypt iv ( 8 bytes )
== : encrypt packet ( 80 bytes )
== : stored iv ( 8 bytes )
DB : config resend event canceled ( ref count = 1 )
-> : send NAT-T:IKE packet 192.168.1.150:4500 -> 1.2.1.254:4500 ( 116 bytes
)
DB : config resend event scheduled ( ref count = 2 )
<- : recv NAT-T:IKE packet 1.2.1.254:4500 -> 192.168.1.150:4500 ( 116 bytes
)
DB : phase1 found
ii : processing config packet ( 116 bytes )
DB : config found
=< : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
=< : message 516b9f31
=< : decrypt iv ( 8 bytes )
== : decrypt packet ( 116 bytes )
<= : trimmed packet padding ( 4 bytes )
<= : stored iv ( 8 bytes )
<< : hash payload
<< : attribute payload
== : configure hash_i ( computed ) ( 20 bytes )
== : configure hash_c ( computed ) ( 20 bytes )
ii : configure hash verified
ii : received config pull response
ii : - IP4 Address = 1.2.176.8
ii : - Address Expiry = 0
ii : - IP4 Netmask = 255.255.240.0
ii : - IP4 DNS Server = 1.2.1.13
ii : - IP4 DNS Server = 1.2.1.199
ii : - IP4 Subnet = ANY:0.0.0.0/0:* ( invalid subnet ignored )
DB : config resend event canceled ( ref count = 1 )
ii : configured adapter tap0
ii : generating IPSEC security policies at UNIQUE level
ii : creating NONE INBOUND policy ANY:1.2.1.254:* -> ANY:192.168.1.150:*
DB : policy added ( obj count = 2 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : creating NONE OUTBOUND policy ANY:192.168.1.150:* -> ANY:1.2.1.254:*
ii : created NONE policy route for 1.2.1.254/32
DB : policy added ( obj count = 3 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : creating NONE INBOUND policy ANY:0.0.0.0:* -> ANY:1.2.176.8:*
DB : policy added ( obj count = 4 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating NONE OUTBOUND policy ANY:1.2.176.8:* -> ANY:0.0.0.0:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created NONE policy route for 0.0.0.0/32
DB : policy added ( obj count = 5 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
ii : creating IPSEC INBOUND policy ANY:0.0.0.0/0:* -> ANY:1.2.176.8:*
DB : policy found
DB : policy added ( obj count = 6 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating IPSEC OUTBOUND policy ANY:1.2.176.8:* -> ANY:0.0.0.0/0:*
ii : created IPSEC policy route for 0.0.0.0
DB : policy added ( obj count = 7 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
K< : recv pfkey ACQUIRE ESP message
DB : policy found
DB : policy found
DB : tunnel found
DB : new phase2 ( IPSEC initiator )
DB : phase2 added ( obj count = 1 )
K> : send pfkey GETSPI ESP message
K< : recv pfkey GETSPI ESP message
DB : phase2 found
ii : updated spi for 1 ipsec-esp proposal
DB : phase1 found
>> : hash payload
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : -- transform #2 payload
>> : -- transform #3 payload
>> : -- transform #4 payload
>> : -- transform #5 payload
>> : -- transform #6 payload
>> : -- transform #7 payload
>> : -- transform #8 payload
>> : -- transform #9 payload
>> : -- transform #10 payload
>> : -- transform #11 payload
>> : -- transform #12 payload
>> : -- transform #13 payload
>> : -- transform #14 payload
>> : -- transform #15 payload
>> : -- transform #16 payload
>> : -- transform #17 payload
>> : -- transform #18 payload
>> : nonce payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( input ) ( 632 bytes )
== : phase2 hash_i ( computed ) ( 20 bytes )
== : new phase2 iv ( 8 bytes )
>= : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
>= : message 3e77a6a5
>= : encrypt iv ( 8 bytes )
== : encrypt packet ( 680 bytes )
== : stored iv ( 8 bytes )
-> : send NAT-T:IKE packet 192.168.1.150:4500 -> 1.2.1.254:4500 ( 716 bytes
)
DB : phase2 resend event scheduled ( ref count = 2 )
-> : resend 1 phase2 packet(s) 192.168.1.150:4500 -> 1.2.1.254:4500
DB : phase1 found
-> : send NAT-T:KEEP-ALIVE packet 192.168.1.150:4500 -> 1.2.1.254:4500
-> : resend 1 phase2 packet(s) 192.168.1.150:4500 -> 1.2.1.254:4500
DB : phase1 found
-> : send NAT-T:KEEP-ALIVE packet 192.168.1.150:4500 -> 1.2.1.254:4500
K! : unhandled pfkey message type EXPIRE ( 8 )
-> : resend 1 phase2 packet(s) 192.168.1.150:4500 -> 1.2.1.254:4500
K< : recv pfkey ACQUIRE ESP message
DB : policy found
DB : policy found
DB : tunnel found
DB : new phase2 ( IPSEC initiator )
DB : phase2 added ( obj count = 2 )
K> : send pfkey GETSPI ESP message
K< : recv pfkey GETSPI ESP message
DB : phase2 found
ii : updated spi for 1 ipsec-esp proposal
DB : phase1 found
>> : hash payload
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : -- transform #2 payload
>> : -- transform #3 payload
>> : -- transform #4 payload
>> : -- transform #5 payload
>> : -- transform #6 payload
>> : -- transform #7 payload
>> : -- transform #8 payload
>> : -- transform #9 payload
>> : -- transform #10 payload
>> : -- transform #11 payload
>> : -- transform #12 payload
>> : -- transform #13 payload
>> : -- transform #14 payload
>> : -- transform #15 payload
>> : -- transform #16 payload
>> : -- transform #17 payload
>> : -- transform #18 payload
>> : nonce payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( input ) ( 632 bytes )
== : phase2 hash_i ( computed ) ( 20 bytes )
== : new phase2 iv ( 8 bytes )
>= : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
>= : message b7c572db
>= : encrypt iv ( 8 bytes )
== : encrypt packet ( 680 bytes )
== : stored iv ( 8 bytes )
-> : send NAT-T:IKE packet 192.168.1.150:4500 -> 1.2.1.254:4500 ( 716 bytes
)
DB : phase2 resend event scheduled ( ref count = 2 )
ii : resend limit exceeded for phase2 exchange
ii : phase2 removal before expire time
DB : phase2 deleted ( obj count = 1 )
-> : resend 1 phase2 packet(s) 192.168.1.150:4500 -> 1.2.1.254:4500
DB : phase1 found
-> : send NAT-T:KEEP-ALIVE packet 192.168.1.150:4500 -> 1.2.1.254:4500
-> : resend 1 phase2 packet(s) 192.168.1.150:4500 -> 1.2.1.254:4500
DB : phase1 found
-> : send NAT-T:KEEP-ALIVE packet 192.168.1.150:4500 -> 1.2.1.254:4500
K! : unhandled pfkey message type EXPIRE ( 8 )
-> : resend 1 phase2 packet(s) 192.168.1.150:4500 -> 1.2.1.254:4500
K< : recv pfkey ACQUIRE ESP message
DB : policy found
DB : policy found
DB : tunnel found
DB : new phase2 ( IPSEC initiator )
DB : phase2 added ( obj count = 2 )
K> : send pfkey GETSPI ESP message
K< : recv pfkey GETSPI ESP message
DB : phase2 found
ii : updated spi for 1 ipsec-esp proposal
DB : phase1 found
>> : hash payload
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : -- transform #2 payload
>> : -- transform #3 payload
>> : -- transform #4 payload
>> : -- transform #5 payload
>> : -- transform #6 payload
>> : -- transform #7 payload
>> : -- transform #8 payload
>> : -- transform #9 payload
>> : -- transform #10 payload
>> : -- transform #11 payload
>> : -- transform #12 payload
>> : -- transform #13 payload
>> : -- transform #14 payload
>> : -- transform #15 payload
>> : -- transform #16 payload
>> : -- transform #17 payload
>> : -- transform #18 payload
>> : nonce payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( input ) ( 632 bytes )
== : phase2 hash_i ( computed ) ( 20 bytes )
== : new phase2 iv ( 8 bytes )
>= : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
>= : message ef5c61e7
>= : encrypt iv ( 8 bytes )
== : encrypt packet ( 680 bytes )
== : stored iv ( 8 bytes )
-> : send NAT-T:IKE packet 192.168.1.150:4500 -> 1.2.1.254:4500 ( 716 bytes
)
DB : phase2 resend event scheduled ( ref count = 2 )
ii : resend limit exceeded for phase2 exchange
ii : phase2 removal before expire time
DB : phase2 deleted ( obj count = 1 )
-> : resend 1 phase2 packet(s) 192.168.1.150:4500 -> 1.2.1.254:4500
DB : phase1 found
-> : send NAT-T:KEEP-ALIVE packet 192.168.1.150:4500 -> 1.2.1.254:4500
<A : peer tunnel disable message
DB : policy found
ii : removing IPSEC INBOUND policy ANY:0.0.0.0/0:* -> ANY:1.2.176.8:*
K> : send pfkey X_SPDDELETE2 UNSPEC message
DB : policy found
ii : removing IPSEC OUTBOUND policy ANY:1.2.176.8:* -> ANY:10.0.0.0/0:*
K> : send pfkey X_SPDDELETE2 UNSPEC message
ii : removed IPSEC policy route for ANY:0.0.0.0/0:*
DB : policy found
ii : removing NONE INBOUND policy ANY:1.2.1.254:* -> ANY:192.168.1.150:*
K> : send pfkey X_SPDDELETE2 UNSPEC message
DB : policy found
ii : removing NONE OUTBOUND policy ANY:192.168.1.150:* -> ANY:1.2.1.254:*
K< : recv pfkey X_SPDDELETE2 UNSPEC message
K> : send pfkey X_SPDDELETE2 UNSPEC message
ii : removed NONE policy route for ANY:1.2.1.254:*
DB : policy found
ii : removing NONE INBOUND policy ANY:0.0.0.0:* -> ANY:1.2.176.8:*
K> : send pfkey X_SPDDELETE2 UNSPEC message
DB : policy found
ii : removing NONE OUTBOUND policy ANY:1.2.176.8:* -> ANY:0.0.0.0:*
K> : send pfkey X_SPDDELETE2 UNSPEC message
ii : removed NONE policy route for ANY:0.0.0.0:*
DB : policy found
DB : policy deleted ( obj count = 6 )
K< : recv pfkey X_SPDDELETE2 UNSPEC message
DB : policy found
DB : policy deleted ( obj count = 5 )
K< : recv pfkey X_SPDDELETE2 UNSPEC message
DB : policy found
DB : policy deleted ( obj count = 4 )
K< : recv pfkey X_SPDDELETE2 UNSPEC message
DB : policy found
DB : policy deleted ( obj count = 3 )
K< : recv pfkey X_SPDDELETE2 UNSPEC message
DB : policy found
DB : policy deleted ( obj count = 2 )
K< : recv pfkey X_SPDDELETE2 UNSPEC message
DB : policy found
DB : policy deleted ( obj count = 1 )
ii : closed tap device tap0
DB : tunnel natt event canceled ( ref count = 5 )
DB : tunnel stats event canceled ( ref count = 4 )
DB : removing tunnel config references
DB : config deleted ( obj count = 0 )
DB : removing tunnel phase2 references
DB : phase2 resend event canceled ( ref count = 1 )
ii : phase2 removal before expire time
DB : phase2 deleted ( obj count = 0 )
DB : removing tunnel phase1 references
DB : phase1 soft event canceled ( ref count = 3 )
DB : phase1 hard event canceled ( ref count = 2 )
DB : phase1 dead event canceled ( ref count = 1 )
ii : sending peer DELETE message
ii : - 192.168.1.150:4500 -> 1.2.1.254:4500
ii : - isakmp spi = 730712a6afb74de7:86a0d5e5b4bf35d9
ii : - data size 0
>> : hash payload
>> : delete payload
== : new informational hash ( 20 bytes )
== : new informational iv ( 8 bytes )
>= : cookies 730712a6afb74de7:86a0d5e5b4bf35d9
>= : message bb0f0801
>= : encrypt iv ( 8 bytes )
== : encrypt packet ( 80 bytes )
== : stored iv ( 8 bytes )
-> : send NAT-T:IKE packet 192.168.1.150:4500 -> 1.2.1.254:4500 ( 116 bytes
)
ii : phase1 removal before expire time
DB : phase1 deleted ( obj count = 0 )
DB : tunnel deleted ( obj count = 0 )
DB : removing all peer tunnel refrences
DB : peer deleted ( obj count = 0 )
ii : ipc client process thread exit ...
K! : unhandled pfkey message type EXPIRE ( 8 )

I really apprecaite to understand and fix why the same configuration works
OK in XP and not in Linux.

Thanks and Best Regards,

Emre Erenoglu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110107/7913142d/attachment-0001.html>


More information about the vpn-help mailing list