[vpn-help] Session terminated by gateway (connection previously worked)
The Shorts
kmshorts at att.net
Sat Jan 29 07:57:19 CST 2011
I am using vpn client ver 2.1.7 on Windows 7 64 bit. After initial
installation I was able to connect several times but a few weeks later tried
connecting and now get error "Session terminated by gateway tunnel
disabled." I am attaching debug. I have tried changing PFS Exchange to group
2 but I get the same error.
11/01/29 08:52:46 ## : IKE Daemon, ver 2.1.7
11/01/29 08:52:46 ## : Copyright 2010 Shrew Soft Inc.
11/01/29 08:52:46 ## : This product linked OpenSSL 0.9.8h 28 May 2008
11/01/29 08:52:46 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
11/01/29 08:52:46 ii : rebuilding vnet device list ...
11/01/29 08:52:46 ii : device ROOT\VNET\0000 disabled
11/01/29 08:52:46 ii : network process thread begin ...
11/01/29 08:52:46 ii : pfkey process thread begin ...
11/01/29 08:52:46 ii : ipc server process thread begin ...
11/01/29 08:53:24 ii : ipc client process thread begin ...
11/01/29 08:53:24 <A : peer config add message
11/01/29 08:53:24 DB : peer ref increment ( ref count = 1, obj count = 0 )
11/01/29 08:53:24 DB : peer added ( obj count = 1 )
11/01/29 08:53:24 ii : local address 192.168.1.68 selected for peer
11/01/29 08:53:24 DB : peer ref increment ( ref count = 2, obj count = 1 )
11/01/29 08:53:24 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
11/01/29 08:53:24 DB : tunnel added ( obj count = 1 )
11/01/29 08:53:24 <A : proposal config message
11/01/29 08:53:24 <A : proposal config message
11/01/29 08:53:24 <A : client config message
11/01/29 08:53:24 <A : xauth username message
11/01/29 08:53:24 <A : xauth password message
11/01/29 08:53:24 <A : local id 'Sikorsky-USA-Broadband' message
11/01/29 08:53:24 <A : preshared key message
11/01/29 08:53:24 <A : peer tunnel enable message
11/01/29 08:53:24 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
11/01/29 08:53:24 DB : new phase1 ( ISAKMP initiator )
11/01/29 08:53:24 DB : exchange type is aggressive
11/01/29 08:53:24 DB : 192.168.1.68:500 <-> 192.249.51.138:500
11/01/29 08:53:24 DB : 7b306e8b06e11035:0000000000000000
11/01/29 08:53:24 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
11/01/29 08:53:24 DB : phase1 added ( obj count = 1 )
11/01/29 08:53:24 >> : security association payload
11/01/29 08:53:24 >> : - proposal #1 payload
11/01/29 08:53:24 >> : -- transform #1 payload
11/01/29 08:53:24 >> : -- transform #2 payload
11/01/29 08:53:24 >> : -- transform #3 payload
11/01/29 08:53:24 >> : -- transform #4 payload
11/01/29 08:53:24 >> : -- transform #5 payload
11/01/29 08:53:24 >> : -- transform #6 payload
11/01/29 08:53:24 >> : -- transform #7 payload
11/01/29 08:53:24 >> : -- transform #8 payload
11/01/29 08:53:24 >> : -- transform #9 payload
11/01/29 08:53:24 >> : -- transform #10 payload
11/01/29 08:53:24 >> : -- transform #11 payload
11/01/29 08:53:24 >> : -- transform #12 payload
11/01/29 08:53:24 >> : -- transform #13 payload
11/01/29 08:53:24 >> : -- transform #14 payload
11/01/29 08:53:24 >> : -- transform #15 payload
11/01/29 08:53:24 >> : -- transform #16 payload
11/01/29 08:53:24 >> : -- transform #17 payload
11/01/29 08:53:24 >> : -- transform #18 payload
11/01/29 08:53:24 >> : key exchange payload
11/01/29 08:53:24 >> : nonce payload
11/01/29 08:53:24 >> : identification payload
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local supports XAUTH
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local supports nat-t ( draft v00 )
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local supports nat-t ( draft v01 )
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local supports nat-t ( draft v02 )
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local supports nat-t ( draft v03 )
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local supports nat-t ( rfc )
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local supports DPDv1
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local is SHREW SOFT compatible
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local is NETSCREEN compatible
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local is SIDEWINDER compatible
11/01/29 08:53:24 >> : vendor id payload
11/01/29 08:53:24 ii : local is CISCO UNITY compatible
11/01/29 08:53:24 >= : cookies 7b306e8b06e11035:0000000000000000
11/01/29 08:53:24 >= : message 00000000
11/01/29 08:53:24 -> : send IKE packet 192.168.1.68:500 ->
192.249.51.138:500 ( 1174 bytes )
11/01/29 08:53:24 DB : phase1 resend event scheduled ( ref count = 2 )
11/01/29 08:53:24 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
11/01/29 08:53:24 DB : tunnel ref increment ( ref count = 3, obj count = 1 )
11/01/29 08:53:24 <- : recv IKE packet 192.249.51.138:500 ->
192.168.1.68:500 ( 428 bytes )
11/01/29 08:53:24 DB : phase1 found
11/01/29 08:53:24 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
11/01/29 08:53:24 ii : processing phase1 packet ( 428 bytes )
11/01/29 08:53:24 =< : cookies 7b306e8b06e11035:57fdfbb36702f549
11/01/29 08:53:24 =< : message 00000000
11/01/29 08:53:24 << : security association payload
11/01/29 08:53:24 << : - propsal #1 payload
11/01/29 08:53:24 << : -- transform #13 payload
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != aes )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != aes )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != aes )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != aes )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != aes )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != aes )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != blowfish )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != blowfish )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != blowfish )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != blowfish )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != blowfish )
11/01/29 08:53:24 ii : unmatched isakmp proposal/transform
11/01/29 08:53:24 ii : cipher type ( 3des != blowfish )
11/01/29 08:53:24 ii : matched isakmp proposal #1 transform #13
11/01/29 08:53:24 ii : - transform = ike
11/01/29 08:53:24 ii : - cipher type = 3des
11/01/29 08:53:24 ii : - key length = default
11/01/29 08:53:24 ii : - hash type = md5
11/01/29 08:53:24 ii : - dh group = modp-1024
11/01/29 08:53:24 ii : - auth type = xauth-initiator-psk
11/01/29 08:53:24 ii : - life seconds = 86400
11/01/29 08:53:24 ii : - life kbytes = 0
11/01/29 08:53:24 << : key exchange payload
11/01/29 08:53:24 << : nonce payload
11/01/29 08:53:24 << : identification payload
11/01/29 08:53:24 ii : phase1 id target is any
11/01/29 08:53:24 ii : phase1 id match
11/01/29 08:53:24 ii : received = ipv4-host 192.249.51.138
11/01/29 08:53:24 << : hash payload
11/01/29 08:53:24 << : vendor id payload
11/01/29 08:53:24 ii : peer is CISCO UNITY compatible
11/01/29 08:53:24 << : vendor id payload
11/01/29 08:53:24 ii : peer supports XAUTH
11/01/29 08:53:24 << : vendor id payload
11/01/29 08:53:24 ii : peer supports DPDv1
11/01/29 08:53:24 << : vendor id payload
11/01/29 08:53:24 ii : peer supports nat-t ( draft v02 )
11/01/29 08:53:24 << : nat discovery payload
11/01/29 08:53:24 << : nat discovery payload
11/01/29 08:53:24 << : vendor id payload
11/01/29 08:53:24 ii : unknown vendor id ( 20 bytes )
11/01/29 08:53:24 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
11/01/29 08:53:24 << : vendor id payload
11/01/29 08:53:24 ii : unknown vendor id ( 16 bytes )
11/01/29 08:53:24 0x : 1f07f70e aa6514d3 b0fa9654 2a500100
11/01/29 08:53:24 ii : nat discovery - local address is translated
11/01/29 08:53:24 ii : switching to src nat-t udp port 4500
11/01/29 08:53:24 ii : switching to dst nat-t udp port 4500
11/01/29 08:53:24 == : DH shared secret ( 128 bytes )
11/01/29 08:53:24 == : SETKEYID ( 16 bytes )
11/01/29 08:53:24 == : SETKEYID_d ( 16 bytes )
11/01/29 08:53:24 == : SETKEYID_a ( 16 bytes )
11/01/29 08:53:24 == : SETKEYID_e ( 16 bytes )
11/01/29 08:53:24 == : cipher key ( 32 bytes )
11/01/29 08:53:24 == : cipher iv ( 8 bytes )
11/01/29 08:53:24 == : phase1 hash_i ( computed ) ( 16 bytes )
11/01/29 08:53:24 >> : hash payload
11/01/29 08:53:24 >> : nat discovery payload
11/01/29 08:53:24 >> : nat discovery payload
11/01/29 08:53:24 >= : cookies 7b306e8b06e11035:57fdfbb36702f549
11/01/29 08:53:24 >= : message 00000000
11/01/29 08:53:24 >= : encrypt iv ( 8 bytes )
11/01/29 08:53:24 == : encrypt packet ( 88 bytes )
11/01/29 08:53:24 == : stored iv ( 8 bytes )
11/01/29 08:53:24 DB : phase1 resend event canceled ( ref count = 1 )
11/01/29 08:53:24 -> : send NAT-T:IKE packet 192.168.1.68:4500 ->
192.249.51.138:4500 ( 124 bytes )
11/01/29 08:53:24 == : phase1 hash_r ( computed ) ( 16 bytes )
11/01/29 08:53:24 == : phase1 hash_r ( received ) ( 16 bytes )
11/01/29 08:53:24 ii : phase1 sa established
11/01/29 08:53:24 ii : 192.249.51.138:4500 <-> 192.168.1.68:4500
11/01/29 08:53:24 ii : 7b306e8b6e11035:57fdfbb36702f549
11/01/29 08:53:24 ii : sending peer INITIAL-CONTACT notification
11/01/29 08:53:24 ii : - 192.168.1.68:4500 -> 192.249.51.138:4500
11/01/29 08:53:24 ii : - isakmp spi = 7b306e8b06e11035:57fdfbb36702f549
11/01/29 08:53:24 ii : - data size 0
11/01/29 08:53:24 >> : hash payload
11/01/29 08:53:24 >> : notification payload
11/01/29 08:53:24 == : new informational hash ( 16 bytes )
11/01/29 08:53:24 == : new informational iv ( 8 bytes )
11/01/29 08:53:24 >= : cookies 7b306e8b06e11035:57fdfbb36702f549
11/01/29 08:53:24 >= : message c7d4caae
11/01/29 08:53:24 >= : encrypt iv ( 8 bytes )
11/01/29 08:53:24 == : encrypt packet ( 76 bytes )
11/01/29 08:53:24 == : stored iv ( 8 bytes )
11/01/29 08:53:24 -> : send NAT-T:IKE packet 192.168.1.68:4500 ->
192.249.51.138:4500 ( 108 bytes )
11/01/29 08:53:24 DB : tunnel ref increment ( ref count = 4, obj count = 1 )
11/01/29 08:53:24 DB : tunnel ref increment ( ref count = 5, obj count = 1 )
11/01/29 08:53:24 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
11/01/29 08:53:24 DB : phase1 ref increment ( ref count = 3, obj count = 1 )
11/01/29 08:53:24 DB : phase1 ref increment ( ref count = 4, obj count = 1 )
11/01/29 08:53:24 DB : phase2 not found
11/01/29 08:53:24 DB : phase1 ref decrement ( ref count = 3, obj count = 1 )
11/01/29 08:53:24 <- : recv NAT-T:IKE packet 192.249.51.138:4500 ->
192.168.1.68:4500 ( 76 bytes )
11/01/29 08:53:24 DB : phase1 found
11/01/29 08:53:24 DB : phase1 ref increment ( ref count = 4, obj count = 1 )
11/01/29 08:53:24 ii : processing informational packet ( 76 bytes )
11/01/29 08:53:24 == : new informational iv ( 8 bytes )
11/01/29 08:53:24 =< : cookies 7b306e8b06e11035:57fdfbb36702f549
11/01/29 08:53:24 =< : message 81521e0b
11/01/29 08:53:24 =< : decrypt iv ( 8 bytes )
11/01/29 08:53:24 == : decrypt packet ( 76 bytes )
11/01/29 08:53:24 <= : stored iv ( 8 bytes )
11/01/29 08:53:24 << : hash payload
11/01/29 08:53:24 << : delete payload
11/01/29 08:53:24 == : informational hash_i ( computed ) ( 16 bytes )
11/01/29 08:53:24 == : informational hash_c ( received ) ( 16 bytes )
11/01/29 08:53:24 ii : informational hash verified
11/01/29 08:53:24 ii : received peer DELETE message
11/01/29 08:53:24 ii : - 192.249.51.138:4500 -> 192.168.1.68:4500
11/01/29 08:53:24 ii : - isakmp spi = 7b306e8b06e11035:57fdfbb36702f549
11/01/29 08:53:24 DB : phase1 found
11/01/29 08:53:24 DB : phase1 ref increment ( ref count = 5, obj count = 1 )
11/01/29 08:53:24 ii : cleanup, marked phase1
7b306e8b06e11035:57fdfbb36702f549 for removal
11/01/29 08:53:24 DB : phase1 soft event canceled ( ref count = 4 )
11/01/29 08:53:24 DB : phase1 hard event canceled ( ref count = 3 )
11/01/29 08:53:24 DB : phase1 dead event canceled ( ref count = 2 )
11/01/29 08:53:24 ii : phase1 removal before expire time
11/01/29 08:53:24 DB : phase1 not found
11/01/29 08:53:24 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
11/01/29 08:53:24 DB : phase1 deleted ( obj count = 0 )
11/01/29 08:53:24 DB : tunnel ref decrement ( ref count = 4, obj count = 1 )
11/01/29 08:53:24 DB : policy not found
11/01/29 08:53:24 DB : policy not found
11/01/29 08:53:24 DB : policy not found
11/01/29 08:53:24 DB : policy not found
11/01/29 08:53:24 DB : tunnel dpd event canceled ( ref count = 3 )
11/01/29 08:53:24 DB : tunnel natt event canceled ( ref count = 2 )
11/01/29 08:53:24 DB : tunnel stats event canceled ( ref count = 1 )
11/01/29 08:53:24 DB : removing tunnel config references
11/01/29 08:53:24 DB : removing tunnel phase2 references
11/01/29 08:53:24 DB : removing tunnel phase1 references
11/01/29 08:53:24 DB : tunnel deleted ( obj count = 0 )
11/01/29 08:53:24 DB : peer ref decrement ( ref count = 1, obj count = 1 )
11/01/29 08:53:24 DB : removing all peer tunnel refrences
11/01/29 08:53:24 DB : peer deleted ( obj count = 0 )
11/01/29 08:53:24 ii : ipc client process thread exit ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110129/52f8b820/attachment-0001.html>
More information about the vpn-help
mailing list