[vpn-help] Continuing issues connecting to Watchguard XTM from Shew on Ubuntu

tom+shrew at falkensweb.com tom+shrew at falkensweb.com
Fri Mar 30 05:08:38 CDT 2012 

Recap: I'm using the last-known-good version 2.1.5, have set rp_filter and have 
no firewall ports forwarded.

I've now got the Watchguard logs from an attempt of using Shrew from a clean 
reboot, and it all seems to work apart from one little error that gets no 
google hits, so I get past phase 1 and 2, I think, of the IPsec connection?

I was hoping someone would be able to decipher what was up. Error marked ****. 
82.70.x.y is my ADSL routers public IP. 193.133.a.b is the Watchguard. I note 
in some of the log messages the IP is backwards, is that normal ?

Diagnostic      2012-03-29 19:31:16     Phase 1 completed as responder
pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     Starting XAUTH REQUEST to
82.70.x.y, mess_id:0xba30db27 pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     Process INFO_EXCHANGE : Invalid
payload 206 pri=3,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     Cannot process the inform message
from 82.70.x.y:40468 to 193.133.a.b cookies i:cce053bf bb88862f
r:5586ffc7 bcdb61b1 pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     Received XAUTH REPLY from
82.70.x.y, mess_id:0xba30db27 pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     Received XAUTH REPLY from
82.70.x.y, mess_id:0xba30db27 pri=4,proc_id=iked,msg_id=,tag_id=1002
Event   2012-03-29 19:31:16     ADM auth MUVPN user [tchiverton at Firebox-DB]
from y.x.70.82 Accepted, disp=0, pri=6, policy=, protocol=, src_ip=,
src_port=0, dst_ip=, dst_port=0, src_ip_nat=, dst_ip_nat=, tag_id=8002
Event   2012-03-29 19:31:16     ADM auth MUVPN user [tchiverton at Firebox-DB]
from y.x.70.82 Accepted pri=6,proc_id=admd,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     User [tchiverton] is a member of
group[0] ipsec-users pri=4,proc_id=iked,msg_id=,tag_id=1002
Event   2012-03-29 19:31:16     IPSec VPN user tchiverton at Firebox-DB from
82.70.x.y logged in assigned virtual IP is 192.168.1.234, disp=0, pri=6,
policy=, protocol=, src_ip=, src_port=0, dst_ip=, dst_port=0, src_ip_nat=,
dst_ip_nat=, tag_id=8002
Event   2012-03-29 19:31:16     IPSec VPN user tchiverton at Firebox-DB from
82.70.x.y logged in assigned virtual IP is 192.168.1.234
pri=6,proc_id=sessiond,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     Unsupported dispatch of event: 8
pri=3,proc_id=dhcp-relay,msg_id=,tag_id=1002
Event   2012-03-29 19:31:16     nwapi_movpn_route_mode: ENTER
pri=4,proc_id=iked,msg_id=,tag_id=1002
Event   2012-03-29 19:31:16     nwapi_route_lookup: netlink did not return a
gateway address pri=6,proc_id=iked,msg_id=,tag_id=1002
Event   2012-03-29 19:31:16     nwapi_movpn_route_mode: EXIT
pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16      Sending XAUTH CFG SET to
82.70.x.y, mess_id:0xba30db27 pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     unsupported STATUS request -
/toSessionClient/createNotify pri=3,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     Received XAUTH REPLY from
82.70.x.y, mess_id:0xba30db27 pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     Received XAUTH REPLY from
82.70.x.y, mess_id:0xba30db27 pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     xauth_get_payload: got zero attrLen
in cfg hdr pri=3,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     xauth_check_ack: Received Packet
with invalid attrCount 0 pri=3,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16     Received XAUTH REPLY from
82.70.x.y, mess_id:0x3b96373b pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:31:16      Sending XAUTH REPLY to 82.70.x.y,
mess_id:0x3b96373b pri=4,proc_id=iked,msg_id=,tag_id=1002
Event   2012-03-29 19:32:10     nwapi_movpn_route_mode: ENTER
pri=4,proc_id=iked,msg_id=,tag_id=1002
Event   2012-03-29 19:32:11     nwapi_route_lookup: netlink did not return a
gateway address pri=6,proc_id=iked,msg_id=,tag_id=1002  			***************
Event   2012-03-29 19:32:11     IPSec VPN user tchiverton at Firebox-DB from
82.70.x.y logged out assigned virtual IP is 192.168.1.234, disp=0, pri=6,
policy=, protocol=, src_ip=, src_port=0, dst_ip=, dst_port=0, src_ip_nat=,
dst_ip_nat=, tag_id=8002
Event   2012-03-29 19:32:11     IPSec VPN user tchiverton at Firebox-DB from
82.70.x.y logged out assigned virtual IP is 192.168.1.234
pri=6,proc_id=sessiond,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:32:11     Unsupported dispatch of event: 8
pri=3,proc_id=dhcp-relay,msg_id=,tag_id=1002
Event   2012-03-29 19:32:11     nwapi_movpn_route_mode: EXIT
pri=4,proc_id=iked,msg_id=,tag_id=1002
Diagnostic      2012-03-29 19:32:11     xt_session: Deleted session for
192.168.1.234  id 236 pri=4,proc_id=kernel,msg_id=,tag_id=1002
Traffic 2012-03-29 19:32:11     Denied, disp=2, pri=4,
-- 
Tom
'The more you speak about yourself, the more likely you are to lie.'
	    Zimmerman

More information about the vpn-help mailing list