[vpn-help] Unsubscribe

Simon Edelhaus edelhas at gmail.com
Thu Mar 28 18:21:03 CDT 2013 


---ttfn
Simon Edelhaus
Boston MA 2013

On Mar 28, 2013, at 6:06 PM, "Zweerde, Marcel van de" <mvandezweerde at Alescon.nl> wrote:

> Hello,
> 
> After changing to client version 2.2.0 rc1(Netgear router support and
> without the new algo's) and lowering the clients phase 1&2 lifetimes so
> that the client renews before the Netscreen does the connection is
> pretty stable but there are still some disconnects:
> 
> If anyone has an idea....thanks for your time!
> 
> The latest logged disconnect:
> 
> Remote client ip    : 192.168.2.106 (virtualXP on win7)
> Netscreen        : 1.2.3.4 (well, something like that.)
> Ip pool            : 192.168.253
> 
> -snip-
> 13/03/28 20:11:32 -> : send NAT-T:IKE packet 192.168.2.106:4500 ->
> 1.2.3.4:4500 ( 124 bytes )
> 13/03/28 20:11:32 ii : DPD ARE-YOU-THERE sequence 332b8556 requested
> 13/03/28 20:11:32 <- : recv NAT-T:IKE packet 1.2.3.4:4500 ->
> 192.168.2.106:4500 ( 92 bytes )
> 13/03/28 20:11:32 DB : phase1 found
> 13/03/28 20:11:32 ii : processing informational packet ( 92 bytes )
> 13/03/28 20:11:32 == : new informational iv ( 16 bytes )
> 13/03/28 20:11:32 =< : cookies 1e8058afeadeebec:ca7cd6a5585003b7
> 13/03/28 20:11:32 =< : message 0e8fb8d3
> 13/03/28 20:11:32 =< : decrypt iv ( 16 bytes )
> 13/03/28 20:11:32 == : decrypt packet ( 92 bytes )
> 13/03/28 20:11:32 <= : trimmed packet padding ( 12 bytes )
> 13/03/28 20:11:32 <= : stored iv ( 16 bytes )
> 13/03/28 20:11:32 << : hash payload
> 13/03/28 20:11:32 << : notification payload
> 13/03/28 20:11:32 == : informational hash_i ( computed ) ( 16 bytes )
> 13/03/28 20:11:32 == : informational hash_c ( received ) ( 16 bytes )
> 13/03/28 20:11:32 ii : informational hash verified
> 13/03/28 20:11:32 ii : received peer DPDV1-R-U-THERE-ACK notification
> 13/03/28 20:11:32 ii : - 1.2.3.4:4500 -> 192.168.2.106:4500
> 13/03/28 20:11:32 ii : - isakmp spi = 1e8058afeadeebec:ca7cd6a5585003b7
> 13/03/28 20:11:32 ii : - data size 4
> 13/03/28 20:11:32 ii : DPD ARE-YOU-THERE-ACK sequence 332b8556 accepted
> 13/03/28 20:11:32 ii : next tunnel DPD request in 15 secs for peer
> 1.2.3.4:4500
> 13/03/28 20:11:46 DB : phase1 found
> 13/03/28 20:11:46 -> : send NAT-T:KEEP-ALIVE packet 192.168.2.106:4500
> -> 1.2.3.4:4500
> 13/03/28 20:11:46 !! : get_vfwd - failed to obtain valid route ( dest
> 1.2.3.4 )
> 13/03/28 20:11:46 !! : no arp entry for dst : 1.2.3.4
> 13/03/28 20:11:47 DB : phase1 found
> 13/03/28 20:11:47 ii : sending peer DPDV1-R-U-THERE notification
> 13/03/28 20:11:47 ii : - 192.168.2.106:4500 -> 1.2.3.4:4500
> 13/03/28 20:11:47 ii : - isakmp spi = 1e8058afeadeebec:ca7cd6a5585003b7
> 13/03/28 20:11:47 ii : - data size 4
> 13/03/28 20:11:47 >> : hash payload
> 13/03/28 20:11:47 >> : notification payload
> 13/03/28 20:11:47 == : new informational hash ( 16 bytes )
> 13/03/28 20:11:47 == : new informational iv ( 16 bytes )
> 13/03/28 20:11:47 >= : cookies 1e8058afeadeebec:ca7cd6a5585003b7
> 13/03/28 20:11:47 >= : message 116ccc5a
> 13/03/28 20:11:47 >= : encrypt iv ( 16 bytes )
> 13/03/28 20:11:47 == : encrypt packet ( 80 bytes )
> 13/03/28 20:11:47 == : stored iv ( 16 bytes )
> 13/03/28 20:11:47 -> : send NAT-T:IKE packet 192.168.2.106:4500 ->
> 1.2.3.4:4500 ( 124 bytes )
> 13/03/28 20:11:47 !! : get_vfwd - failed to obtain valid route ( dest
> 1.2.3.4 )
> 13/03/28 20:11:47 !! : no arp entry for dst : 1.2.3.4
> 13/03/28 20:11:47 ii : DPD ARE-YOU-THERE sequence 332b8557 requested
> 13/03/28 20:11:47 DB : phase1 soft event canceled ( ref count = 3 )
> 13/03/28 20:11:47 DB : phase1 hard event canceled ( ref count = 2 )
> 13/03/28 20:11:47 DB : phase1 dead event canceled ( ref count = 1 )
> 13/03/28 20:11:47 ii : sending peer DELETE message
> 13/03/28 20:11:47 ii : - 192.168.2.106:4500 -> 1.2.3.4:4500
> 13/03/28 20:11:47 ii : - isakmp spi = 1e8058afeadeebec:ca7cd6a5585003b7
> 13/03/28 20:11:47 ii : - data size 0
> 13/03/28 20:11:47 >> : hash payload
> 13/03/28 20:11:47 >> : delete payload
> 13/03/28 20:11:47 == : new informational hash ( 16 bytes )
> 13/03/28 20:11:47 == : new informational iv ( 16 bytes )
> 13/03/28 20:11:47 >= : cookies 1e8058afeadeebec:ca7cd6a5585003b7
> 13/03/28 20:11:47 >= : message 7254ea5c
> 13/03/28 20:11:47 >= : encrypt iv ( 16 bytes )
> 13/03/28 20:11:47 == : encrypt packet ( 76 bytes )
> 13/03/28 20:11:47 == : stored iv ( 16 bytes )
> 13/03/28 20:11:47 -> : send NAT-T:IKE packet 192.168.2.106:4500 ->
> 1.2.3.4:4500 ( 108 bytes )
> 13/03/28 20:11:47 !! : get_vfwd - failed to obtain valid route ( dest
> 1.2.3.4 )
> 13/03/28 20:11:47 !! : no arp entry for dst : 1.2.3.4
> 13/03/28 20:11:47 DB : config deleted ( obj count = 0 )
> 13/03/28 20:11:47 ii : phase1 removal before expire time
> 13/03/28 20:11:47 DB : phase1 deleted ( obj count = 0 )
> 13/03/28 20:11:47 DB : policy found
> 13/03/28 20:11:47 ii : removing IPSEC INBOUND policy ANY:172.16.1.0/24:*
> -> ANY:192.168.253.122:*
> 13/03/28 20:11:47 K> : send pfkey X_SPDDELETE2 UNSPEC message
> 13/03/28 20:11:47 K< : recv pfkey X_SPDDELETE2 UNSPEC message
> 13/03/28 20:11:47 DB : policy found
> 13/03/28 20:11:47 ii : removing IPSEC OUTBOUND policy
> ANY:192.168.253.122:* -> ANY:172.16.1.0/24:*
> 13/03/28 20:11:47 K> : send pfkey X_SPDDELETE2 UNSPEC message
> 13/03/28 20:11:47 ii : removed IPSEC policy route for
> ANY:172.16.1.0/24:*
> 13/03/28 20:11:47 DB : policy found
> 13/03/28 20:11:47 ii : removing NONE INBOUND policy ANY:1.2.3.4:* ->
> ANY:192.168.2.106:*
> 13/03/28 20:11:47 K> : send pfkey X_SPDDELETE2 UNSPEC message
> 13/03/28 20:11:47 DB : policy found
> 13/03/28 20:11:47 ii : removing NONE OUTBOUND policy ANY:192.168.2.106:*
> -> ANY:1.2.3.4:*
> 13/03/28 20:11:47 K> : send pfkey X_SPDDELETE2 UNSPEC message
> 13/03/28 20:11:47 !! : failed to remove NONE policy route for
> ANY:1.2.3.4:*
> 13/03/28 20:11:47 DB : policy found
> 13/03/28 20:11:47 DB : policy deleted ( obj count = 9 )
> 13/03/28 20:11:47 K< : recv pfkey X_SPDDELETE2 UNSPEC message
> 13/03/28 20:11:47 DB : policy found
> 13/03/28 20:11:47 DB : policy deleted ( obj count = 8 )
> 13/03/28 20:11:47 K< : recv pfkey X_SPDDELETE2 UNSPEC message
> 13/03/28 20:11:47 DB : policy found
> 13/03/28 20:11:47 DB : policy deleted ( obj count = 7 )
> 13/03/28 20:11:47 K< : recv pfkey X_SPDDELETE2 UNSPEC message
> 13/03/28 20:11:47 DB : policy found
> 13/03/28 20:11:47 DB : policy deleted ( obj count = 6 )
> 13/03/28 20:11:47 ii : disable adapter ROOT\VNET\0000
> 13/03/28 20:11:47 DB : tunnel dpd event canceled ( ref count = 4 )
> 13/03/28 20:11:47 DB : tunnel natt event canceled ( ref count = 3 )
> 13/03/28 20:11:47 DB : tunnel stats event canceled ( ref count = 2 )
> 13/03/28 20:11:47 DB : removing tunnel config references
> 13/03/28 20:11:47 DB : removing tunnel phase2 references
> 13/03/28 20:11:47 DB : phase2 soft event canceled ( ref count = 2 )
> 13/03/28 20:11:47 DB : phase2 hard event canceled ( ref count = 1 )
> 13/03/28 20:11:47 DB : phase1 not found
> 13/03/28 20:11:47 K> : send pfkey DELETE ESP message
> 13/03/28 20:11:47 K> : send pfkey DELETE ESP message
> 13/03/28 20:11:47 ii : phase2 removal before expire time
> 13/03/28 20:11:47 DB : phase2 deleted ( obj count = 0 )
> 13/03/28 20:11:47 DB : removing tunnel phase1 references
> 13/03/28 20:11:47 DB : tunnel deleted ( obj count = 0 )
> 13/03/28 20:11:47 DB : removing all peer tunnel references
> 13/03/28 20:11:47 DB : peer deleted ( obj count = 0 )
> 13/03/28 20:11:47 ii : ipc client process thread exit ...
> 13/03/28 20:11:47 K< : recv pfkey DELETE ESP message
> 13/03/28 20:11:47 K< : recv pfkey DELETE ESP message
> -snip-
> 
> 
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help

More information about the vpn-help mailing list