[vpn-help] negotiation timeout

Alan Johnson alan.johnson at charter.net
Fri May 3 02:09:56 CDT 2013 

Windows 7 Starter (32bits of course) - Wireless connection ( No Virtual 
WiFi that I can find )

Was attempting to setup the IPsec Road Warrior/Mobile Client How-to

http://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

and failing (Client A).  I decided to see how it would work against the 
Cisco at another client.  We will call them Client B.

I imported the Client B .pcf and receive the exact same messages 
(mostly) in the trace utility.

The cisco vpn client that I use has ZERO issues connecting to Client B.  
Shrewsoft times out.

I realize that the settings for Client A and Client B are very 
different, but I can not get Client A firewall to even acknowledge that 
it is receiving requests.  So I decided to try against known-working vpn 
server.  no joy.

Shrewsoft reports:
config loaded for site 'nccc.pcf'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
negotiation timout occurred
tunnel disabled
detached from key daemon


The trace utility reports:

13/05/03 02:52:54 ## : IKE Daemon, ver 2.2.0
13/05/03 02:52:54 ## : Copyright 2013 Shrew Soft Inc.
13/05/03 02:52:54 ## : This product linked OpenSSL 1.0.1c 10 May 2012
13/05/03 02:52:54 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client\debug\iked.log'
13/05/03 02:52:54 ii : rebuilding vnet device list ...
13/05/03 02:52:54 ii : device ROOT\VNET\0000 disabled
13/05/03 02:52:54 ii : network process thread begin ...
13/05/03 02:52:54 ii : pfkey process thread begin ...
13/05/03 02:52:54 ii : ipc server process thread begin ...
13/05/03 02:53:03 ii : ipc client process thread begin ...
13/05/03 02:53:03 <A : peer config add message
13/05/03 02:53:03 <A : proposal config message
13/05/03 02:53:03 <A : proposal config message
13/05/03 02:53:03 <A : client config message
13/05/03 02:53:03 <A : xauth username message
13/05/03 02:53:03 <A : xauth password message
13/05/03 02:53:03 <A : local id 'Nccc-Remote-AccessVPN' message
13/05/03 02:53:03 <A : preshared key message
13/05/03 02:53:03 <A : peer tunnel enable message
13/05/03 02:53:03 DB : peer ref increment ( ref count = 1, obj count = 0 )
13/05/03 02:53:03 DB : peer added ( obj count = 1 )
13/05/03 02:53:03 ii : local address 192.168.1.100 selected for peer
13/05/03 02:53:03 DB : peer ref increment ( ref count = 2, obj count = 1 )
13/05/03 02:53:03 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
13/05/03 02:53:03 DB : tunnel added ( obj count = 1 )
13/05/03 02:53:03 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
13/05/03 02:53:03 DB : new phase1 ( ISAKMP initiator )
13/05/03 02:53:03 DB : exchange type is aggressive
13/05/03 02:53:03 DB : 192.168.1.100:500 <-> 209.115.50.18:500
13/05/03 02:53:03 DB : 394279e043e2d7a4:0000000000000000
13/05/03 02:53:03 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
13/05/03 02:53:03 DB : phase1 added ( obj count = 1 )
13/05/03 02:53:03 >> : security association payload
13/05/03 02:53:03 >> : - proposal #1 payload
13/05/03 02:53:03 >> : -- transform #1 payload
13/05/03 02:53:03 >> : -- transform #2 payload
13/05/03 02:53:03 >> : -- transform #3 payload
13/05/03 02:53:03 >> : -- transform #4 payload
13/05/03 02:53:03 >> : -- transform #5 payload
13/05/03 02:53:03 >> : -- transform #6 payload
13/05/03 02:53:03 >> : -- transform #7 payload
13/05/03 02:53:03 >> : -- transform #8 payload
13/05/03 02:53:03 >> : -- transform #9 payload
13/05/03 02:53:03 >> : -- transform #10 payload
13/05/03 02:53:03 >> : -- transform #11 payload
13/05/03 02:53:03 >> : -- transform #12 payload
13/05/03 02:53:03 >> : -- transform #13 payload
13/05/03 02:53:03 >> : -- transform #14 payload
13/05/03 02:53:03 >> : -- transform #15 payload
13/05/03 02:53:03 >> : -- transform #16 payload
13/05/03 02:53:03 >> : -- transform #17 payload
13/05/03 02:53:03 >> : -- transform #18 payload
13/05/03 02:53:03 >> : key exchange payload
13/05/03 02:53:03 >> : nonce payload
13/05/03 02:53:03 >> : identification payload
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local supports XAUTH
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local supports nat-t ( draft v00 )
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local supports nat-t ( draft v01 )
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local supports nat-t ( draft v02 )
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local supports nat-t ( draft v03 )
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local supports nat-t ( rfc )
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local supports DPDv1
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local is SHREW SOFT compatible
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local is NETSCREEN compatible
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local is SIDEWINDER compatible
13/05/03 02:53:03 >> : vendor id payload
13/05/03 02:53:03 ii : local is CISCO UNITY compatible
13/05/03 02:53:03 >= : cookies 394279e043e2d7a4:0000000000000000
13/05/03 02:53:03 >= : message 00000000
13/05/03 02:53:03 -> : send IKE packet 192.168.1.100:500 -> 
209.115.50.18:500 ( 1193 bytes )
13/05/03 02:53:03 DB : phase1 resend event scheduled ( ref count = 2 )
13/05/03 02:53:03 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
13/05/03 02:53:08 -> : resend 1 phase1 packet(s) [0/2] 192.168.1.100:500 
-> 209.115.50.18:500
13/05/03 02:53:13 -> : resend 1 phase1 packet(s) [1/2] 192.168.1.100:500 
-> 209.115.50.18:500
13/05/03 02:53:18 -> : resend 1 phase1 packet(s) [2/2] 192.168.1.100:500 
-> 209.115.50.18:500
13/05/03 02:53:23 ii : resend limit exceeded for phase1 exchange
13/05/03 02:53:23 ii : phase1 removal before expire time
13/05/03 02:53:23 DB : phase1 deleted ( obj count = 0 )
13/05/03 02:53:23 DB : tunnel ref decrement ( ref count = 1, obj count = 1 )
13/05/03 02:53:23 DB : policy not found
13/05/03 02:53:23 DB : policy not found
13/05/03 02:53:23 DB : policy not found
13/05/03 02:53:23 DB : policy not found
13/05/03 02:53:23 DB : removing tunnel config references
13/05/03 02:53:23 DB : removing tunnel phase2 references
13/05/03 02:53:23 DB : removing tunnel phase1 references
13/05/03 02:53:23 DB : tunnel deleted ( obj count = 0 )
13/05/03 02:53:23 DB : peer ref decrement ( ref count = 1, obj count = 1 )
13/05/03 02:53:23 DB : removing all peer tunnel references
13/05/03 02:53:23 DB : peer deleted ( obj count = 0 )
13/05/03 02:53:23 ii : ipc client process thread exit ...


I hope that the answer is something simple that I'm just not seeing.    
Would love to get this working for Client A.

Thanks

Alan

More information about the vpn-help mailing list