[vpn-help] v2.1.7 and 2.2.0 on win2008r2 , iked does not see answer from server

Forster Martin Martin.Forster at kuenz.com
Tue Mar 6 08:30:17 CST 2012


Hi Alexis,

yes i checked the firewall.
Im also not sure if the client is compatible.
At least it works on win7 x64, and that is not that far away from w2k8r2.

I have installed the original cisco client, and the vpn works.

I have also set up another win2008r2 vm, to test it.
Same results, so I think it's a compatibility thing.

I really wanted the shrew vpn for its multivendor compatibility.


Regards

Martin

From: prolag at gmail.com [mailto:prolag at gmail.com] On Behalf Of Alexis La Goutte
Sent: Monday, March 05, 2012 8:44 AM
To: Forster Martin
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] v2.1.7 and 2.2.0 on win2008r2 , iked does not see answer from server

Hi Martin,

Did your check your firewall ?

But.. I not sure if Shrew VPN are compatible with Windows 2008 R2...
VPN Client is not provided to be installed on a server...

Regards,
On Thu, Mar 1, 2012 at 2:35 PM, Martin Forster <martin.forster at kuenz.com<mailto:martin.forster at kuenz.com>> wrote:
Hi,

i have installed v.2.1.7, and 2.2.0.
With both clients same behaviour:
12/03/01 14:22:54 ii : ipc client process thread begin ...
12/03/01 14:22:54 <A : peer config add message
12/03/01 14:22:54 <A : proposal config message
12/03/01 14:22:54 <A : proposal config message
12/03/01 14:22:54 <A : client config message
12/03/01 14:22:54 <A : xauth username message
12/03/01 14:22:54 <A : xauth password message
12/03/01 14:22:54 <A : local id 'HUPACVpN3' message
12/03/01 14:22:54 <A : preshared key message
12/03/01 14:22:54 <A : peer tunnel enable message
12/03/01 14:22:54 DB : peer ref increment ( ref count = 1, obj count = 0 )
12/03/01 14:22:54 DB : peer added ( obj count = 1 )
12/03/01 14:22:54 ii : local address 10.100.100.10 selected for peer
12/03/01 14:22:54 DB : peer ref increment ( ref count = 2, obj count = 1 )
12/03/01 14:22:54 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
12/03/01 14:22:54 DB : tunnel added ( obj count = 1 )
12/03/01 14:22:54 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
12/03/01 14:22:54 DB : new phase1 ( ISAKMP initiator )
12/03/01 14:22:54 DB : exchange type is aggressive
12/03/01 14:22:54 DB : 10.100.100.10:500<http://10.100.100.10:500> <-> xxx.xxx.xxx.xxx:500
12/03/01 14:22:54 DB : 778f93a865273a24:0000000000000000
12/03/01 14:22:54 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
12/03/01 14:22:54 DB : phase1 added ( obj count = 1 )
12/03/01 14:22:54 >> : security association payload
12/03/01 14:22:54 >> : - proposal #1 payload
12/03/01 14:22:54 >> : -- transform #1 payload
12/03/01 14:22:54 >> : -- transform #2 payload
12/03/01 14:22:54 >> : -- transform #3 payload
12/03/01 14:22:54 >> : -- transform #4 payload
12/03/01 14:22:54 >> : -- transform #5 payload
12/03/01 14:22:54 >> : -- transform #6 payload
12/03/01 14:22:54 >> : -- transform #7 payload
12/03/01 14:22:54 >> : -- transform #8 payload
12/03/01 14:22:54 >> : -- transform #9 payload
12/03/01 14:22:54 >> : -- transform #10 payload
12/03/01 14:22:54 >> : -- transform #11 payload
12/03/01 14:22:54 >> : -- transform #12 payload
12/03/01 14:22:54 >> : -- transform #13 payload
12/03/01 14:22:54 >> : -- transform #14 payload
12/03/01 14:22:54 >> : -- transform #15 payload
12/03/01 14:22:54 >> : -- transform #16 payload
12/03/01 14:22:54 >> : -- transform #17 payload
12/03/01 14:22:54 >> : -- transform #18 payload
12/03/01 14:22:54 >> : key exchange payload
12/03/01 14:22:54 >> : nonce payload
12/03/01 14:22:54 >> : identification payload
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local supports XAUTH
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local supports nat-t ( draft v00 )
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local supports nat-t ( draft v01 )
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local supports nat-t ( draft v02 )
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local supports nat-t ( draft v03 )
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local supports nat-t ( rfc )
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local supports DPDv1
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local is SHREW SOFT compatible
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local is NETSCREEN compatible
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local is SIDEWINDER compatible
12/03/01 14:22:54 >> : vendor id payload
12/03/01 14:22:54 ii : local is CISCO UNITY compatible
12/03/01 14:22:54 >= : cookies 778f93a865273a24:0000000000000000
12/03/01 14:22:54 >= : message 00000000
12/03/01 14:22:54 -> : send IKE packet 10.100.100.10:500<http://10.100.100.10:500> ->
xxx.xxx.xxx.xxx:500 ( 1181 bytes )
12/03/01 14:22:54 0x : 4500049d b3bb0000 4011ffa4 0a64640a c207927a 01f401f4
04898150 778f93a8
12/03/01 14:22:54 0x : 65273a24 00000000 00000000 01100400 00000000 00000481
040002cc 00000001
12/03/01 14:22:54 0x : 00000001 000002c0 01010012 03000028 01010000 80010007
800e0100 80020001
12/03/01 14:22:54 0x : 80040002 8003fde9 800b0001 000c0004 00015180 03000028
02010000 80010007
12/03/01 14:22:54 0x : 800e0100 80020002 80040002 8003fde9 800b0001 000c0004
00015180 03000028
12/03/01 14:22:54 0x : 03010000 80010007 800e00c0 80020001 80040002 8003fde9
800b0001 000c0004
12/03/01 14:22:54 0x : 00015180 03000028 04010000 80010007 800e00c0 80020002
80040002 8003fde9
12/03/01 14:22:54 0x : 800b0001 000c0004 00015180 03000028 05010000 80010007
800e0080 80020001
12/03/01 14:22:54 0x : 80040002 8003fde9 800b0001 000c0004 00015180 03000028
06010000 80010007
12/03/01 14:22:54 0x : 800e0080 80020002 80040002 8003fde9 800b0001 000c0004
00015180 03000028
12/03/01 14:22:54 0x : 07010000 80010003 800e0100 80020001 80040002 8003fde9
800b0001 000c0004
12/03/01 14:22:54 0x : 00015180 03000028 08010000 80010003 800e0100 80020002
80040002 8003fde9
12/03/01 14:22:54 0x : 800b0001 000c0004 00015180 03000028 09010000 80010003
800e00c0 80020001
12/03/01 14:22:54 0x : 80040002 8003fde9 800b0001 000c0004 00015180 03000028
0a010000 80010003
12/03/01 14:22:54 0x : 800e00c0 80020002 80040002 8003fde9 800b0001 000c0004
00015180 03000028
12/03/01 14:22:54 0x : 0b010000 80010003 800e0080 80020001 80040002 8003fde9
800b0001 000c0004
12/03/01 14:22:54 0x : 00015180 03000028 0c010000 80010003 800e0080 80020002
80040002 8003fde9
12/03/01 14:22:54 0x : 800b0001 000c0004 00015180 03000024 0d010000 80010005
80020001 80040002
12/03/01 14:22:54 0x : 8003fde9 800b0001 000c0004 00015180 03000024 0e010000
80010005 80020002
12/03/01 14:22:54 0x : 80040002 8003fde9 800b0001 000c0004 00015180 03000024
0f010000 80010006
12/03/01 14:22:54 0x : 80020001 80040002 8003fde9 800b0001 000c0004 00015180
03000024 10010000
12/03/01 14:22:54 0x : 80010006 80020002 80040002 8003fde9 800b0001 000c0004
00015180 03000024
12/03/01 14:22:54 0x : 11010000 80010001 80020001 80040002 8003fde9 800b0001
000c0004 00015180
12/03/01 14:22:54 0x : 00000024 12010000 80010001 80020002 80040002 8003fde9
800b0001 000c0004
12/03/01 14:22:54 0x : 00015180 0a000084 a302a404 a53063e5 153bb1a9 fe116be4
988f6761 0128a403
12/03/01 14:22:54 0x : 63a2e383 7798b4ba 6c128583 77827215 7a406ec3 f83aff33
213779e0 84fca97d
12/03/01 14:22:54 0x : 18fc323c 58f86e70 6c037cb6 de4e4fc7 65d86b3c 6c71b76a
68f10500 5229a711
12/03/01 14:22:54 0x : 017851c3 936fc362 95070bb2 85588aa9 f5ae9016 06ac426f
ac0f4895 d4cf033c
12/03/01 14:22:54 0x : 3cd7d527 225251bd 05000018 0235f4d4 a48095f1 36cd70d5
ebc533cd cea43320
12/03/01 14:22:54 0x : 0d000011 0b000000 48555041 4356704e 330d0000 0c090026
89dfd6b7 120d0000
12/03/01 14:22:54 0x : 14448515 2d18b6bb cd0be8a8 469579dd cc0d0000 1416f6ca
16e4a406 6d83821a
12/03/01 14:22:54 0x : 0f0aeaa8 620d0000 1490cb80 913ebb69 6e086381 b5ec427b
1f0d0000 147d9419
12/03/01 14:22:54 0x : a65310ca 6f2c179d 9215529d 560d0000 144a131c 81070358
455c5728 f20e9545
12/03/01 14:22:54 0x : 2f0d0000 14afcad7 1368a1f1 c96b8696 fc775701 000d0000
143b9031 dce4fcf8
12/03/01 14:22:54 0x : 8b489a92 3963dd0c 490d0000 14f14b94 b7bff1fe f02773b8
c49feded 260d0000
12/03/01 14:22:54 0x : 18166f93 2d55eb64 d8e4df4f d37e2313 f0d0fd84 510d0000
148404ad f9cda057
12/03/01 14:22:54 0x : 60b2ca29 2e4bff53 7b000000 1412f5f2 8c457168 a9702d9f
e274cc01 00
12/03/01 14:22:54 DB : phase1 resend event scheduled ( ref count = 2 )
12/03/01 14:22:54 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
12/03/01 14:22:59 -> : resend 1 phase1 packet(s) [0/2] 10.100.100.10:500<http://10.100.100.10:500> ->
xxx.xxx.xxx.xxx:500
12/03/01 14:23:04 -> : resend 1 phase1 packet(s) [1/2] 10.100.100.10:500<http://10.100.100.10:500> ->
xxx.xxx.xxx.xxx:500
12/03/01 14:23:09 -> : resend 1 phase1 packet(s) [2/2] 10.100.100.10:500<http://10.100.100.10:500> ->
xxx.xxx.xxx.xxx:500
12/03/01 14:23:14 ii : resend limit exceeded for phase1 exchange


I have verified with a 2nd machine, that answer packets from the vpn server
are coming.
I dont see those packets on the client, even when i enable capture packets in
the trace utility the file stays at 0 bytes.

The client is a virtual machine on ESXi 4.1

Any Hints?
Martin Forster

_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net<mailto:vpn-help at lists.shrew.net>
http://lists.shrew.net/mailman/listinfo/vpn-help

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20120306/492aaac1/attachment-0002.html>


More information about the vpn-help mailing list