[vpn-help] duplicate xauth request, authentication failed
Fraser Fisher
frasercfisher at gmail.com
Thu Apr 25 23:30:53 CDT 2013
I'm using version 2.2.0 Shrewsoft VPN client.
Windows 7 OS.
I'm importing cisco vpn client .pcf files and trying to connect using
Shrewsoft VPN client.
It works fine for most of my customers.
But there is one main customer which I am not able to connect.
The error is user authentication error.
Any help would be appreciated very much!
Thanks
Fraser Fisher
What I see in VPN client
config loaded for site '1. US Broadband (Primary).pcf'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
user authentication error
tunnel disabled
detached from key daemon
What I see from trace attached
IKE trace (Noticed: duplicate xauth request, authentication failed)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130425/f005f908/attachment-0001.html>
-------------- next part --------------
IKE trace (Noticed: duplicate xauth request, authentication failed)
13/04/25 10:43:08 ## : IKE Daemon, ver 2.2.0
13/04/25 10:43:08 ## : Copyright 2013 Shrew Soft Inc.
13/04/25 10:43:08 ## : This product linked OpenSSL 1.0.1c 10 May 2012
13/04/25 10:43:08 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'
13/04/25 10:43:08 ii : rebuilding vnet device list ...
13/04/25 10:43:08 ii : device ROOT\VNET\0000 disabled
13/04/25 10:43:08 ii : network process thread begin ...
13/04/25 10:43:08 ii : pfkey process thread begin ...
13/04/25 10:43:08 ii : ipc server process thread begin ...
13/04/25 10:43:39 ii : ipc client process thread begin ...
13/04/25 10:43:39 <A : peer config add message
13/04/25 10:43:39 <A : proposal config message
13/04/25 10:43:39 <A : proposal config message
13/04/25 10:43:39 <A : client config message
13/04/25 10:43:39 <A : xauth username message
13/04/25 10:43:39 <A : xauth password message
13/04/25 10:43:39 <A : local id 'VPN_bband' message
13/04/25 10:43:39 <A : preshared key message
13/04/25 10:43:39 <A : peer tunnel enable message
13/04/25 10:43:39 DB : peer added ( obj count = 1 )
13/04/25 10:43:39 ii : local address 192.168.1.64 selected for peer
13/04/25 10:43:39 DB : tunnel added ( obj count = 1 )
13/04/25 10:43:39 DB : new phase1 ( ISAKMP initiator )
13/04/25 10:43:39 DB : exchange type is aggressive
13/04/25 10:43:39 DB : 192.168.1.64:500 <-> 162.116.191.133:500
13/04/25 10:43:39 DB : e55d275b3f0ce260:0000000000000000
13/04/25 10:43:39 DB : phase1 added ( obj count = 1 )
13/04/25 10:43:39 >> : security association payload
13/04/25 10:43:39 >> : - proposal #1 payload
13/04/25 10:43:39 >> : -- transform #1 payload
13/04/25 10:43:39 >> : -- transform #2 payload
13/04/25 10:43:39 >> : -- transform #3 payload
13/04/25 10:43:39 >> : -- transform #4 payload
13/04/25 10:43:39 >> : -- transform #5 payload
13/04/25 10:43:39 >> : -- transform #6 payload
13/04/25 10:43:39 >> : -- transform #7 payload
13/04/25 10:43:39 >> : -- transform #8 payload
13/04/25 10:43:39 >> : -- transform #9 payload
13/04/25 10:43:39 >> : -- transform #10 payload
13/04/25 10:43:39 >> : -- transform #11 payload
13/04/25 10:43:39 >> : -- transform #12 payload
13/04/25 10:43:39 >> : -- transform #13 payload
13/04/25 10:43:39 >> : -- transform #14 payload
13/04/25 10:43:39 >> : -- transform #15 payload
13/04/25 10:43:39 >> : -- transform #16 payload
13/04/25 10:43:39 >> : -- transform #17 payload
13/04/25 10:43:39 >> : -- transform #18 payload
13/04/25 10:43:39 >> : key exchange payload
13/04/25 10:43:39 >> : nonce payload
13/04/25 10:43:39 >> : identification payload
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local supports XAUTH
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local supports nat-t ( draft v00 )
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local supports nat-t ( draft v01 )
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local supports nat-t ( draft v02 )
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local supports nat-t ( draft v03 )
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local supports nat-t ( rfc )
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local supports FRAGMENTATION
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local is SHREW SOFT compatible
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local is NETSCREEN compatible
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local is SIDEWINDER compatible
13/04/25 10:43:39 >> : vendor id payload
13/04/25 10:43:39 ii : local is CISCO UNITY compatible
13/04/25 10:43:39 >= : cookies e55d275b3f0ce260:0000000000000000
13/04/25 10:43:39 >= : message 00000000
13/04/25 10:43:39 -> : send IKE packet 192.168.1.64:500 -> 162.116.191.133:500 ( 1165 bytes )
13/04/25 10:43:39 DB : phase1 resend event scheduled ( ref count = 2 )
13/04/25 10:43:39 <- : recv IKE packet 162.116.191.133:500 -> 192.168.1.64:500 ( 440 bytes )
13/04/25 10:43:39 DB : phase1 found
13/04/25 10:43:39 ii : processing phase1 packet ( 440 bytes )
13/04/25 10:43:39 =< : cookies e55d275b3f0ce260:0166e93a6bc78ba4
13/04/25 10:43:39 =< : message 00000000
13/04/25 10:43:39 << : security association payload
13/04/25 10:43:39 << : - propsal #1 payload
13/04/25 10:43:39 << : -- transform #14 payload
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != aes )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != aes )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != aes )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != aes )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != aes )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != aes )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:39 ii : unmatched isakmp proposal/transform
13/04/25 10:43:39 ii : hash type ( hmac-sha1 != hmac-md5 )
13/04/25 10:43:39 ii : matched isakmp proposal #1 transform #14
13/04/25 10:43:39 ii : - transform = ike
13/04/25 10:43:39 ii : - cipher type = 3des
13/04/25 10:43:39 ii : - key length = default
13/04/25 10:43:39 ii : - hash type = sha1
13/04/25 10:43:39 ii : - dh group = group2 ( modp-1024 )
13/04/25 10:43:39 ii : - auth type = xauth-initiator-psk
13/04/25 10:43:39 ii : - life seconds = 86400
13/04/25 10:43:39 ii : - life kbytes = 0
13/04/25 10:43:39 << : key exchange payload
13/04/25 10:43:39 << : nonce payload
13/04/25 10:43:39 << : identification payload
13/04/25 10:43:39 ii : phase1 id target is any
13/04/25 10:43:39 ii : phase1 id match
13/04/25 10:43:39 ii : received = ipv4-host 162.116.191.133
13/04/25 10:43:39 << : hash payload
13/04/25 10:43:39 << : vendor id payload
13/04/25 10:43:39 ii : peer is CISCO UNITY compatible
13/04/25 10:43:39 << : vendor id payload
13/04/25 10:43:39 ii : peer supports XAUTH
13/04/25 10:43:39 << : vendor id payload
13/04/25 10:43:39 ii : peer supports DPDv1
13/04/25 10:43:39 << : vendor id payload
13/04/25 10:43:39 ii : peer supports nat-t ( draft v02 )
13/04/25 10:43:39 << : nat discovery payload
13/04/25 10:43:39 << : nat discovery payload
13/04/25 10:43:39 << : vendor id payload
13/04/25 10:43:39 ii : unknown vendor id ( 20 bytes )
13/04/25 10:43:39 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
13/04/25 10:43:39 << : vendor id payload
13/04/25 10:43:39 ii : unknown vendor id ( 16 bytes )
13/04/25 10:43:39 0x : 1f07f70e aa6514d3 b0fa9654 2a500100
13/04/25 10:43:39 ii : nat discovery - local address is translated
13/04/25 10:43:39 ii : switching to src nat-t udp port 4500
13/04/25 10:43:39 ii : switching to dst nat-t udp port 4500
13/04/25 10:43:39 == : DH shared secret ( 128 bytes )
13/04/25 10:43:39 == : SETKEYID ( 20 bytes )
13/04/25 10:43:39 == : SETKEYID_d ( 20 bytes )
13/04/25 10:43:39 == : SETKEYID_a ( 20 bytes )
13/04/25 10:43:39 == : SETKEYID_e ( 20 bytes )
13/04/25 10:43:39 == : cipher key ( 40 bytes )
13/04/25 10:43:39 == : cipher iv ( 8 bytes )
13/04/25 10:43:39 == : phase1 hash_i ( computed ) ( 20 bytes )
13/04/25 10:43:39 >> : hash payload
13/04/25 10:43:39 >> : nat discovery payload
13/04/25 10:43:39 >> : nat discovery payload
13/04/25 10:43:39 >= : cookies e55d275b3f0ce260:0166e93a6bc78ba4
13/04/25 10:43:39 >= : message 00000000
13/04/25 10:43:39 >= : encrypt iv ( 8 bytes )
13/04/25 10:43:39 == : encrypt packet ( 100 bytes )
13/04/25 10:43:39 == : stored iv ( 8 bytes )
13/04/25 10:43:39 DB : phase1 resend event canceled ( ref count = 1 )
13/04/25 10:43:39 -> : send NAT-T:IKE packet 192.168.1.64:4500 -> 162.116.191.133:4500 ( 132 bytes )
13/04/25 10:43:39 == : phase1 hash_r ( computed ) ( 20 bytes )
13/04/25 10:43:39 == : phase1 hash_r ( received ) ( 20 bytes )
13/04/25 10:43:39 ii : phase1 sa established
13/04/25 10:43:39 ii : 162.116.191.133:4500 <-> 192.168.1.64:4500
13/04/25 10:43:39 ii : e55d275b3f0ce260:166e93a6bc78ba4
13/04/25 10:43:39 ii : sending peer INITIAL-CONTACT notification
13/04/25 10:43:39 ii : - 192.168.1.64:4500 -> 162.116.191.133:4500
13/04/25 10:43:39 ii : - isakmp spi = e55d275b3f0ce260:0166e93a6bc78ba4
13/04/25 10:43:39 ii : - data size 0
13/04/25 10:43:39 >> : hash payload
13/04/25 10:43:39 >> : notification payload
13/04/25 10:43:39 == : new informational hash ( 20 bytes )
13/04/25 10:43:39 == : new informational iv ( 8 bytes )
13/04/25 10:43:39 >= : cookies e55d275b3f0ce260:0166e93a6bc78ba4
13/04/25 10:43:39 >= : message a6e8a03f
13/04/25 10:43:39 >= : encrypt iv ( 8 bytes )
13/04/25 10:43:39 == : encrypt packet ( 80 bytes )
13/04/25 10:43:39 == : stored iv ( 8 bytes )
13/04/25 10:43:39 -> : send NAT-T:IKE packet 192.168.1.64:4500 -> 162.116.191.133:4500 ( 116 bytes )
13/04/25 10:43:39 DB : phase2 not found
13/04/25 10:43:40 <- : recv NAT-T:IKE packet 162.116.191.133:4500 -> 192.168.1.64:4500 ( 84 bytes )
13/04/25 10:43:40 DB : phase1 found
13/04/25 10:43:40 ii : processing informational packet ( 84 bytes )
13/04/25 10:43:40 == : new informational iv ( 8 bytes )
13/04/25 10:43:40 =< : cookies e55d275b3f0ce260:0166e93a6bc78ba4
13/04/25 10:43:40 =< : message 2041c52b
13/04/25 10:43:40 =< : decrypt iv ( 8 bytes )
13/04/25 10:43:40 == : decrypt packet ( 84 bytes )
13/04/25 10:43:40 <= : stored iv ( 8 bytes )
13/04/25 10:43:40 << : hash payload
13/04/25 10:43:40 << : notification payload
13/04/25 10:43:40 == : informational hash_i ( computed ) ( 20 bytes )
13/04/25 10:43:40 == : informational hash_c ( received ) ( 20 bytes )
13/04/25 10:43:40 ii : informational hash verified
13/04/25 10:43:40 ii : received peer UNITY-LOAD-BALANCE notification
13/04/25 10:43:40 ii : - 162.116.191.133:4500 -> 192.168.1.64:4500
13/04/25 10:43:40 ii : - isakmp spi = e55d275b3f0ce260:0166e93a6bc78ba4
13/04/25 10:43:40 ii : - data size 4
13/04/25 10:43:40 ii : UNITY-LOAD-BALANCE requested migration to 162.116.191.131
13/04/25 10:43:40 DB : new phase1 ( ISAKMP initiator )
13/04/25 10:43:40 DB : exchange type is aggressive
13/04/25 10:43:40 DB : 192.168.1.64:4500 <-> 162.116.191.133:4500
13/04/25 10:43:40 DB : ce0c1fdc50373801:0000000000000000
13/04/25 10:43:40 DB : phase1 added ( obj count = 2 )
13/04/25 10:43:40 DB : phase1 soft event canceled ( ref count = 4 )
13/04/25 10:43:40 DB : phase1 hard event canceled ( ref count = 3 )
13/04/25 10:43:40 DB : phase1 dead event canceled ( ref count = 2 )
13/04/25 10:43:40 ii : sending peer DELETE message
13/04/25 10:43:40 ii : - 192.168.1.64:4500 -> 162.116.191.133:4500
13/04/25 10:43:40 ii : - isakmp spi = e55d275b3f0ce260:0166e93a6bc78ba4
13/04/25 10:43:40 ii : - data size 0
13/04/25 10:43:40 >> : hash payload
13/04/25 10:43:40 >> : delete payload
13/04/25 10:43:40 == : new informational hash ( 20 bytes )
13/04/25 10:43:40 == : new informational iv ( 8 bytes )
13/04/25 10:43:40 >= : cookies e55d275b3f0ce260:0166e93a6bc78ba4
13/04/25 10:43:40 >= : message aa793bce
13/04/25 10:43:40 >= : encrypt iv ( 8 bytes )
13/04/25 10:43:40 == : encrypt packet ( 80 bytes )
13/04/25 10:43:40 == : stored iv ( 8 bytes )
13/04/25 10:43:40 -> : send NAT-T:IKE packet 192.168.1.64:4500 -> 162.116.191.133:4500 ( 116 bytes )
13/04/25 10:43:40 ii : phase1 removal before expire time
13/04/25 10:43:40 >> : security association payload
13/04/25 10:43:40 >> : - proposal #1 payload
13/04/25 10:43:40 >> : -- transform #1 payload
13/04/25 10:43:40 >> : -- transform #2 payload
13/04/25 10:43:40 >> : -- transform #3 payload
13/04/25 10:43:40 >> : -- transform #4 payload
13/04/25 10:43:40 >> : -- transform #5 payload
13/04/25 10:43:40 >> : -- transform #6 payload
13/04/25 10:43:40 >> : -- transform #7 payload
13/04/25 10:43:40 >> : -- transform #8 payload
13/04/25 10:43:40 >> : -- transform #9 payload
13/04/25 10:43:40 >> : -- transform #10 payload
13/04/25 10:43:40 >> : -- transform #11 payload
13/04/25 10:43:40 >> : -- transform #12 payload
13/04/25 10:43:40 >> : -- transform #13 payload
13/04/25 10:43:40 >> : -- transform #14 payload
13/04/25 10:43:40 >> : -- transform #15 payload
13/04/25 10:43:40 >> : -- transform #16 payload
13/04/25 10:43:40 >> : -- transform #17 payload
13/04/25 10:43:40 >> : -- transform #18 payload
13/04/25 10:43:40 >> : key exchange payload
13/04/25 10:43:40 >> : nonce payload
13/04/25 10:43:40 >> : identification payload
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local supports XAUTH
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local supports nat-t ( draft v00 )
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local supports nat-t ( draft v01 )
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local supports nat-t ( draft v02 )
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local supports nat-t ( draft v03 )
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local supports nat-t ( rfc )
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local supports FRAGMENTATION
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local is SHREW SOFT compatible
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local is NETSCREEN compatible
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local is SIDEWINDER compatible
13/04/25 10:43:40 >> : vendor id payload
13/04/25 10:43:40 ii : local is CISCO UNITY compatible
13/04/25 10:43:40 >= : cookies ce0c1fdc50373801:0000000000000000
13/04/25 10:43:40 >= : message 00000000
13/04/25 10:43:40 -> : send IKE packet 192.168.1.64:500 -> 162.116.191.131:500 ( 1165 bytes )
13/04/25 10:43:40 DB : phase1 resend event scheduled ( ref count = 2 )
13/04/25 10:43:40 DB : phase1 deleted ( obj count = 1 )
13/04/25 10:43:40 <- : recv IKE packet 162.116.191.131:500 -> 192.168.1.64:500 ( 440 bytes )
13/04/25 10:43:40 DB : phase1 found
13/04/25 10:43:40 ii : processing phase1 packet ( 440 bytes )
13/04/25 10:43:40 =< : cookies ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:40 =< : message 00000000
13/04/25 10:43:40 << : security association payload
13/04/25 10:43:40 << : - propsal #1 payload
13/04/25 10:43:40 << : -- transform #14 payload
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != aes )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != aes )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != aes )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != aes )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != aes )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != aes )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : cipher type ( 3des != blowfish )
13/04/25 10:43:40 ii : unmatched isakmp proposal/transform
13/04/25 10:43:40 ii : hash type ( hmac-sha1 != hmac-md5 )
13/04/25 10:43:40 ii : matched isakmp proposal #1 transform #14
13/04/25 10:43:40 ii : - transform = ike
13/04/25 10:43:40 ii : - cipher type = 3des
13/04/25 10:43:40 ii : - key length = default
13/04/25 10:43:40 ii : - hash type = sha1
13/04/25 10:43:40 ii : - dh group = group2 ( modp-1024 )
13/04/25 10:43:40 ii : - auth type = xauth-initiator-psk
13/04/25 10:43:40 ii : - life seconds = 86400
13/04/25 10:43:40 ii : - life kbytes = 0
13/04/25 10:43:40 << : key exchange payload
13/04/25 10:43:40 << : nonce payload
13/04/25 10:43:40 << : identification payload
13/04/25 10:43:40 ii : phase1 id target is any
13/04/25 10:43:40 ii : phase1 id match
13/04/25 10:43:40 ii : received = ipv4-host 162.116.191.131
13/04/25 10:43:40 << : hash payload
13/04/25 10:43:40 << : vendor id payload
13/04/25 10:43:40 ii : peer is CISCO UNITY compatible
13/04/25 10:43:40 << : vendor id payload
13/04/25 10:43:40 ii : peer supports XAUTH
13/04/25 10:43:40 << : vendor id payload
13/04/25 10:43:40 ii : peer supports DPDv1
13/04/25 10:43:40 << : vendor id payload
13/04/25 10:43:40 ii : peer supports nat-t ( draft v02 )
13/04/25 10:43:40 << : nat discovery payload
13/04/25 10:43:40 << : nat discovery payload
13/04/25 10:43:40 << : vendor id payload
13/04/25 10:43:40 ii : unknown vendor id ( 20 bytes )
13/04/25 10:43:40 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
13/04/25 10:43:40 << : vendor id payload
13/04/25 10:43:40 ii : unknown vendor id ( 16 bytes )
13/04/25 10:43:40 0x : 1f07f70e aa6514d3 b0fa9654 2a500100
13/04/25 10:43:40 ii : nat discovery - local address is translated
13/04/25 10:43:40 ii : switching to src nat-t udp port 4500
13/04/25 10:43:40 ii : switching to dst nat-t udp port 4500
13/04/25 10:43:40 == : DH shared secret ( 128 bytes )
13/04/25 10:43:40 == : SETKEYID ( 20 bytes )
13/04/25 10:43:40 == : SETKEYID_d ( 20 bytes )
13/04/25 10:43:40 == : SETKEYID_a ( 20 bytes )
13/04/25 10:43:40 == : SETKEYID_e ( 20 bytes )
13/04/25 10:43:40 == : cipher key ( 40 bytes )
13/04/25 10:43:40 == : cipher iv ( 8 bytes )
13/04/25 10:43:40 == : phase1 hash_i ( computed ) ( 20 bytes )
13/04/25 10:43:40 >> : hash payload
13/04/25 10:43:40 >> : nat discovery payload
13/04/25 10:43:40 >> : nat discovery payload
13/04/25 10:43:40 >= : cookies ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:40 >= : message 00000000
13/04/25 10:43:40 >= : encrypt iv ( 8 bytes )
13/04/25 10:43:40 == : encrypt packet ( 100 bytes )
13/04/25 10:43:40 == : stored iv ( 8 bytes )
13/04/25 10:43:40 DB : phase1 resend event canceled ( ref count = 1 )
13/04/25 10:43:40 -> : send NAT-T:IKE packet 192.168.1.64:4500 -> 162.116.191.131:4500 ( 132 bytes )
13/04/25 10:43:40 == : phase1 hash_r ( computed ) ( 20 bytes )
13/04/25 10:43:40 == : phase1 hash_r ( received ) ( 20 bytes )
13/04/25 10:43:40 ii : phase1 sa established
13/04/25 10:43:40 ii : 162.116.191.131:4500 <-> 192.168.1.64:4500
13/04/25 10:43:40 ii : ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:40 ii : sending peer INITIAL-CONTACT notification
13/04/25 10:43:40 ii : - 192.168.1.64:4500 -> 162.116.191.131:4500
13/04/25 10:43:40 ii : - isakmp spi = ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:40 ii : - data size 0
13/04/25 10:43:40 >> : hash payload
13/04/25 10:43:40 >> : notification payload
13/04/25 10:43:40 == : new informational hash ( 20 bytes )
13/04/25 10:43:40 == : new informational iv ( 8 bytes )
13/04/25 10:43:40 >= : cookies ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:40 >= : message 5891382d
13/04/25 10:43:40 >= : encrypt iv ( 8 bytes )
13/04/25 10:43:40 == : encrypt packet ( 80 bytes )
13/04/25 10:43:40 == : stored iv ( 8 bytes )
13/04/25 10:43:40 -> : send NAT-T:IKE packet 192.168.1.64:4500 -> 162.116.191.131:4500 ( 116 bytes )
13/04/25 10:43:40 DB : phase2 not found
13/04/25 10:43:40 <- : recv NAT-T:IKE packet 162.116.191.131:4500 -> 192.168.1.64:4500 ( 76 bytes )
13/04/25 10:43:40 DB : phase1 found
13/04/25 10:43:40 ii : processing config packet ( 76 bytes )
13/04/25 10:43:40 DB : config not found
13/04/25 10:43:40 DB : config added ( obj count = 1 )
13/04/25 10:43:40 == : new config iv ( 8 bytes )
13/04/25 10:43:40 =< : cookies ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:40 =< : message 6cddf12b
13/04/25 10:43:40 =< : decrypt iv ( 8 bytes )
13/04/25 10:43:40 == : decrypt packet ( 76 bytes )
13/04/25 10:43:40 <= : stored iv ( 8 bytes )
13/04/25 10:43:40 << : hash payload
13/04/25 10:43:40 << : attribute payload
13/04/25 10:43:40 == : configure hash_i ( computed ) ( 20 bytes )
13/04/25 10:43:40 == : configure hash_c ( computed ) ( 20 bytes )
13/04/25 10:43:40 ii : configure hash verified
13/04/25 10:43:40 ii : - xauth authentication type
13/04/25 10:43:40 ii : - xauth username
13/04/25 10:43:40 ww : unhandled xauth attribute 32136
13/04/25 10:43:40 ii : - xauth passcode
13/04/25 10:43:40 ii : received basic xauth request -
13/04/25 10:43:40 ii : - standard xauth username
13/04/25 10:43:40 ii : - standard xauth passcode
13/04/25 10:43:40 ii : sending xauth response for fisher_fraser
13/04/25 10:43:40 >> : hash payload
13/04/25 10:43:40 >> : attribute payload
13/04/25 10:43:40 == : new configure hash ( 20 bytes )
13/04/25 10:43:40 >= : cookies ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:40 >= : message 6cddf12b
13/04/25 10:43:40 >= : encrypt iv ( 8 bytes )
13/04/25 10:43:40 == : encrypt packet ( 95 bytes )
13/04/25 10:43:40 == : stored iv ( 8 bytes )
13/04/25 10:43:40 -> : send NAT-T:IKE packet 192.168.1.64:4500 -> 162.116.191.131:4500 ( 132 bytes )
13/04/25 10:43:40 DB : config resend event scheduled ( ref count = 2 )
13/04/25 10:43:42 <- : recv NAT-T:IKE packet 162.116.191.131:4500 -> 192.168.1.64:4500 ( 100 bytes )
13/04/25 10:43:42 DB : phase1 found
13/04/25 10:43:42 ii : processing config packet ( 100 bytes )
13/04/25 10:43:42 DB : config found
13/04/25 10:43:42 == : new config iv ( 8 bytes )
13/04/25 10:43:42 =< : cookies ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:42 =< : message 01ef15f0
13/04/25 10:43:42 =< : decrypt iv ( 8 bytes )
13/04/25 10:43:42 == : decrypt packet ( 100 bytes )
13/04/25 10:43:42 <= : trimmed packet padding ( 3 bytes )
13/04/25 10:43:42 <= : stored iv ( 8 bytes )
13/04/25 10:43:42 << : hash payload
13/04/25 10:43:42 << : attribute payload
13/04/25 10:43:42 == : configure hash_i ( computed ) ( 20 bytes )
13/04/25 10:43:42 == : configure hash_c ( computed ) ( 20 bytes )
13/04/25 10:43:42 ii : configure hash verified
13/04/25 10:43:42 !! : duplicate xauth request, authentication failed
13/04/25 10:43:42 DB : phase1 soft event canceled ( ref count = 3 )
13/04/25 10:43:42 DB : phase1 hard event canceled ( ref count = 2 )
13/04/25 10:43:42 DB : phase1 dead event canceled ( ref count = 1 )
13/04/25 10:43:42 ii : sending peer DELETE message
13/04/25 10:43:42 ii : - 192.168.1.64:4500 -> 162.116.191.131:4500
13/04/25 10:43:42 ii : - isakmp spi = ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:42 ii : - data size 0
13/04/25 10:43:42 >> : hash payload
13/04/25 10:43:42 >> : delete payload
13/04/25 10:43:42 == : new informational hash ( 20 bytes )
13/04/25 10:43:42 == : new informational iv ( 8 bytes )
13/04/25 10:43:42 >= : cookies ce0c1fdc50373801:33df84b9e0a6868b
13/04/25 10:43:42 >= : message 386549a3
13/04/25 10:43:42 >= : encrypt iv ( 8 bytes )
13/04/25 10:43:42 == : encrypt packet ( 80 bytes )
13/04/25 10:43:42 == : stored iv ( 8 bytes )
13/04/25 10:43:42 -> : send NAT-T:IKE packet 192.168.1.64:4500 -> 162.116.191.131:4500 ( 116 bytes )
13/04/25 10:43:42 DB : config resend event canceled ( ref count = 1 )
13/04/25 10:43:42 DB : config deleted ( obj count = 0 )
13/04/25 10:43:42 ii : phase1 removal before expire time
13/04/25 10:43:42 DB : phase1 deleted ( obj count = 0 )
13/04/25 10:43:42 DB : policy not found
13/04/25 10:43:42 DB : policy not found
13/04/25 10:43:42 DB : policy not found
13/04/25 10:43:42 DB : policy not found
13/04/25 10:43:42 DB : tunnel natt event canceled ( ref count = 1 )
13/04/25 10:43:42 DB : removing tunnel config references
13/04/25 10:43:42 DB : removing tunnel phase2 references
13/04/25 10:43:42 DB : removing tunnel phase1 references
13/04/25 10:43:42 DB : tunnel deleted ( obj count = 0 )
13/04/25 10:43:42 DB : removing all peer tunnel references
13/04/25 10:43:42 DB : peer deleted ( obj count = 0 )
13/04/25 10:43:42 ii : ipc client process thread exit ...
More information about the vpn-help
mailing list