[vpn-help] Linux-Fritzbox-VPN-problem: no packet transmission although tunnel is enabled

Kevin VPN kvpn at live.com
Thu Nov 14 22:02:26 CST 2013 

On 08/27/2013 12:39 PM, hp hpf wrote:
> in the meantime I think, it's a bug in the shrew software: the client in
> some (unforeseeable) cases isn't able to bring up the tunnel.
>
> I've spend this afternoon with trying different IPsec-configurations. Result
>
> - ipsec-tools with daemon racoon works fine
> - openswan with pluto daemon works fine
> - shrew client qikea with shrew daemon iked hangs during tunnel bringup
>
>
> multiple switching between these 3 configurations always yields the above
> result.
>
> But : after booting the laptop all three configurations work fine, the
> shrew-problem disappeared!!!
>
> The iked-log-file indicates a timeout when the problem occurs
>
> 13/08/27 17:54:01 -> : send IKE packet 192.168.179.20:500 ->
> 178.X.XX.XX:500 ( 540 bytes )
> 13/08/27 17:54:01 DB : phase1 resend event scheduled ( ref count = 2 )
> 13/08/27 17:54:11 -> : resend 1 phase1 packet(s) [0/2] 192.168.179.20:500->
> 178.2.28.85:500
> 13/08/27 17:54:21 -> : resend 1 phase1 packet(s) [1/2] 192.168.179.20:500->
> 178.2.28.85:500
> 13/08/27 17:54:31 -> : resend 1 phase1 packet(s) [2/2] 192.168.179.20:500->
> 178.2.28.85:500
> 13/08/27 17:54:42 ii : resend limit exceeded for phase1 exchange
> 13/08/27 17:54:42 ii : phase1 removal before expire time
> 13/08/27 17:54:42 DB : phase1 deleted ( obj count = 0 )
>
> But the peer side is obviously ok since it cooperates with racoon/openswan
>
> Does anybody know how to file a bug report in this case? I've found a
> description an the shre-homepage for collecting symptoms ut no link to send
> it.
>

Hi Hans-Peter,

Is the any chance that the racoon daemon is listing on port 500 and is 
intercepting the return packets destined for Shrew?  Can you run a 
packet sniffer (like wireshark or tcpdump) to see if there are return 
packets arriving at your machine?

Another thing you can do with the packet sniffer is compare the 
ipsec-tools packets to the shrew packets to see if there's some obvious 
difference between them.

When you've collected the symptoms and anonymized the logs, post them to 
the mailing list so we can look at it.

More information about the vpn-help mailing list