[vpn-help] Can't connect Shrew with Juniper SSG on Win7 x64

Robbert Kouprie robbert at exx.nl
Tue May 24 15:50:22 CDT 2011 

Hi list,

I am having a problem connecting to a Juniper SSG-5 VPN gateway using
Shrew. The client is Windows 7 x64.

I am using the exact same configuration that _does_ work on a a Windows
XP client.

I have tried with 2.1.7 as well as 2.2.0-beta1, both with the same result.

iked.log output is below. Notice the "vflt device attach failed" message
repeating every second, even before trying to connect.

How can I troubleshoot this further?

Thanks in advance for your help,

Robbert

11/05/24 15:43:17 ## : IKE Daemon, ver 2.2.0
11/05/24 15:43:17 ## : Copyright 2009 Shrew Soft Inc.
11/05/24 15:43:17 ## : This product linked OpenSSL 0.9.8h 28 May 2008
11/05/24 15:43:17 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
11/05/24 15:43:17 ii : rebuilding vnet device list ...
11/05/24 15:43:17 ii : device ROOT\VNET\0000 enabled
11/05/24 15:43:17 ii : disable adapter ROOT\VNET\0000
11/05/24 15:43:17 ii : network process thread begin ...
11/05/24 15:43:17 !! : vflt device attach failed
11/05/24 15:43:17 ii : pfkey process thread begin ...
11/05/24 15:43:17 ii : ipc server process thread begin ...
11/05/24 15:43:18 !! : vflt device attach failed
11/05/24 15:43:19 !! : vflt device attach failed
11/05/24 15:43:20 !! : vflt device attach failed
11/05/24 15:43:21 !! : vflt device attach failed
11/05/24 15:43:22 !! : vflt device attach failed
11/05/24 15:43:23 !! : vflt device attach failed
11/05/24 15:43:24 !! : vflt device attach failed
11/05/24 15:43:25 !! : vflt device attach failed
11/05/24 15:43:26 !! : vflt device attach failed
11/05/24 15:43:27 !! : vflt device attach failed
11/05/24 15:43:28 !! : vflt device attach failed
11/05/24 15:43:29 ii : ipc client process thread begin ...
11/05/24 15:43:29 <A : peer config add message
11/05/24 15:43:29 <A : proposal config message
11/05/24 15:43:29 <A : proposal config message
11/05/24 15:43:29 <A : client config message
11/05/24 15:43:29 <A : xauth username message
11/05/24 15:43:29 <A : xauth password message
11/05/24 15:43:29 <A : local id 'client7.vpngw.com' message
11/05/24 15:43:29 <A : remote id 'vpngw.company.com' message
11/05/24 15:43:29 !! : vflt device attach failed
11/05/24 15:43:29 <A : preshared key message
11/05/24 15:43:29 <A : remote resource message
11/05/24 15:43:29 <A : peer tunnel enable message
11/05/24 15:43:29 DB : peer added ( obj count = 1 )
11/05/24 15:43:29 ii : local address 192.168.1.83 selected for peer
11/05/24 15:43:29 DB : tunnel added ( obj count = 1 )
11/05/24 15:43:29 DB : new phase1 ( ISAKMP initiator )
11/05/24 15:43:29 DB : exchange type is aggressive
11/05/24 15:43:29 DB : 192.168.1.83:500 <-> 1.2.3.4:500
11/05/24 15:43:29 DB : 533cc21511721848:0000000000000000
11/05/24 15:43:29 DB : phase1 added ( obj count = 1 )
11/05/24 15:43:29 >> : security association payload
11/05/24 15:43:29 >> : - proposal #1 payload
11/05/24 15:43:29 >> : -- transform #1 payload
11/05/24 15:43:29 >> : key exchange payload
11/05/24 15:43:29 >> : nonce payload
11/05/24 15:43:29 >> : identification payload
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local supports XAUTH
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local supports nat-t ( draft v00 )
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local supports nat-t ( draft v01 )
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local supports nat-t ( draft v02 )
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local supports nat-t ( draft v03 )
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local supports nat-t ( rfc )
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local supports FRAGMENTATION
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local supports DPDv1
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local is SHREW SOFT compatible
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local is NETSCREEN compatible
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local is SIDEWINDER compatible
11/05/24 15:43:29 >> : vendor id payload
11/05/24 15:43:29 ii : local is CISCO UNITY compatible
11/05/24 15:43:29 >= : cookies 533cc21511721848:0000000000000000
11/05/24 15:43:29 >= : message 00000000
11/05/24 15:43:29 -> : send IKE packet 192.168.1.83:500 -> 1.2.3.4:500 (
557 bytes )
11/05/24 15:43:29 ii : phase1 removal before expire time
11/05/24 15:43:29 DB : phase1 deleted ( obj count = 0 )
11/05/24 15:43:29 DB : policy not found
11/05/24 15:43:29 DB : policy not found
11/05/24 15:43:29 DB : policy not found
11/05/24 15:43:29 DB : policy not found
11/05/24 15:43:29 DB : policy not found
11/05/24 15:43:29 DB : policy not found
11/05/24 15:43:29 DB : removing tunnel config references
11/05/24 15:43:29 DB : removing tunnel phase2 references
11/05/24 15:43:29 DB : removing tunnel phase1 references
11/05/24 15:43:29 DB : tunnel deleted ( obj count = 0 )
11/05/24 15:43:29 DB : removing all peer tunnel refrences
11/05/24 15:43:29 DB : peer deleted ( obj count = 0 )
11/05/24 15:43:29 ii : ipc client process thread exit ...
11/05/24 15:43:30 !! : vflt device attach failed
11/05/24 15:43:31 !! : vflt device attach failed
11/05/24 15:43:32 !! : vflt device attach failed
11/05/24 15:43:33 !! : vflt device attach failed
11/05/24 15:43:34 !! : vflt device attach failed
11/05/24 15:43:35 !! : vflt device attach failed
11/05/24 15:43:36 !! : vflt device attach failed
11/05/24 15:43:37 !! : vflt device attach failed
11/05/24 15:43:38 !! : vflt device attach failed
11/05/24 15:43:39 !! : vflt device attach failed
11/05/24 15:43:40 !! : vflt device attach failed
11/05/24 15:43:41 !! : vflt device attach failed
11/05/24 15:43:42 !! : vflt device attach failed

More information about the vpn-help mailing list