[vpn-help] Header verification failed

Sat Apr 13 14:25:52 CDT 2013

On 21-03-2013 02:11, Kevin VPN wrote:
 > My guess would be that the Shrew client configuration settings are not
 > correct for your strongSwan gateway.

Here's the VPN Trace for the connection. My guess is that the right side 
is using IKEv2 while Shrew only supports IKEv1.

13/04/13 20:15:28 ## : IKE Daemon, ver 2.2.0
13/04/13 20:15:28 ## : Copyright 2012 Shrew Soft Inc.
13/04/13 20:15:28 ## : This product linked OpenSSL 1.0.1c 10 May 2012
13/04/13 20:15:28 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client\debug\iked.log'
13/04/13 20:15:28 ii : rebuilding vnet device list ...
13/04/13 20:15:28 ii : device ROOT\VNET\0000 disabled
13/04/13 20:15:28 ii : network process thread begin ...
13/04/13 20:15:28 ii : pfkey process thread begin ...
13/04/13 20:15:28 ii : ipc server process thread begin ...
13/04/13 20:16:02 ii : ipc client process thread begin ...
13/04/13 20:16:02 <A : peer config add message
13/04/13 20:16:02 <A : proposal config message
13/04/13 20:16:02 <A : proposal config message
13/04/13 20:16:02 <A : client config message
13/04/13 20:16:02 <A : remote id 'vpn.example.com' message
13/04/13 20:16:02 <A : remote certificate data message
13/04/13 20:16:02 !! : remote certificate read failed, requesting password
13/04/13 20:16:10 <A : file password
13/04/13 20:16:10 <A : remote certificate data message
13/04/13 20:16:10 !! : remote certificate read failed, requesting password
13/04/13 20:16:14 <A : file password
13/04/13 20:16:14 <A : remote certificate data message
13/04/13 20:16:14 ii : remote certificate read complete ( 861 bytes )
13/04/13 20:16:14 <A : local certificate data message
13/04/13 20:16:14 ii : local certificate read complete ( 789 bytes )
13/04/13 20:16:14 <A : local key data message
13/04/13 20:16:14 ii : local key read complete ( 1190 bytes )
13/04/13 20:16:14 <A : peer tunnel enable message
13/04/13 20:16:14 DB : peer added ( obj count = 1 )
13/04/13 20:16:14 ii : local address 192.168.0.100 selected for peer
13/04/13 20:16:14 DB : tunnel added ( obj count = 1 )
13/04/13 20:16:14 DB : new phase1 ( ISAKMP initiator )
13/04/13 20:16:14 DB : exchange type is identity protect
13/04/13 20:16:14 DB : 192.168.0.100:500 <-> 63.254.211.50:500
13/04/13 20:16:14 DB : 29155b207637a5a9:0000000000000000
13/04/13 20:16:14 DB : phase1 added ( obj count = 1 )
13/04/13 20:16:14 >> : security association payload
13/04/13 20:16:14 >> : - proposal #1 payload
13/04/13 20:16:14 >> : -- transform #1 payload
13/04/13 20:16:14 >> : -- transform #2 payload
13/04/13 20:16:14 >> : -- transform #3 payload
13/04/13 20:16:14 >> : -- transform #4 payload
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local supports nat-t ( draft v00 )
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local supports nat-t ( draft v01 )
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local supports nat-t ( draft v02 )
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local supports nat-t ( draft v03 )
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local supports nat-t ( rfc )
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local supports DPDv1
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local is SHREW SOFT compatible
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local is NETSCREEN compatible
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local is SIDEWINDER compatible
13/04/13 20:16:14 >> : vendor id payload
13/04/13 20:16:14 ii : local is CISCO UNITY compatible
13/04/13 20:16:14 >= : cookies 29155b207637a5a9:0000000000000000
13/04/13 20:16:14 >= : message 00000000
13/04/13 20:16:14 -> : send IKE packet 192.168.0.100:500 -> 
63.254.211.50:500 ( 460 bytes )
13/04/13 20:16:14 DB : phase1 resend event scheduled ( ref count = 2 )
13/04/13 20:16:19 -> : resend 1 phase1 packet(s) [0/2] 192.168.0.100:500 
-> 63.254.211.50:500
13/04/13 20:16:24 -> : resend 1 phase1 packet(s) [1/2] 192.168.0.100:500 
-> 63.254.211.50:500
13/04/13 20:16:29 -> : resend 1 phase1 packet(s) [2/2] 192.168.0.100:500 
-> 63.254.211.50:500
13/04/13 20:16:34 ii : resend limit exceeded for phase1 exchange
13/04/13 20:16:34 ii : phase1 removal before expire time
13/04/13 20:16:34 DB : phase1 deleted ( obj count = 0 )
13/04/13 20:16:34 DB : policy not found
13/04/13 20:16:34 DB : policy not found
13/04/13 20:16:34 DB : policy not found
13/04/13 20:16:34 DB : policy not found
13/04/13 20:16:34 DB : removing tunnel config references
13/04/13 20:16:34 DB : removing tunnel phase2 references
13/04/13 20:16:34 DB : removing tunnel phase1 references
13/04/13 20:16:34 DB : tunnel deleted ( obj count = 0 )
13/04/13 20:16:34 DB : removing all peer tunnel references
13/04/13 20:16:34 DB : peer deleted ( obj count = 0 )
13/04/13 20:16:34 ii : ipc client process thread exit ...

Thanks,
Tiago